search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.56k stars 4.9k forks source link

Invalid Domain with CloudFlare DNS #1980

Closed zhiqunq closed 5 years ago

zhiqunq commented 5 years ago

Please help me. I don't know what the problem is. The following errors have been made all the time.

[Fri Dec 21 00:31:48 MST 2018] invalid domain
[Fri Dec 21 00:31:48 MST 2018] Error add txt for domain:_acme-challenge.fakedomain.net

Steps to reproduce

# export CF_Key=xxx CF_Email=3111111111@xxx.com 
# acme.sh --issue --dns dns_cf -d \*.fakedomain.net --debug 2

Debug log

[Fri Dec 21 00:31:40 MST 2018] Lets find script dir.
[Fri Dec 21 00:31:40 MST 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Dec 21 00:31:40 MST 2018] _script='/root/.acme.sh/acme.sh'
[Fri Dec 21 00:31:40 MST 2018] _script_home='/root/.acme.sh'
[Fri Dec 21 00:31:40 MST 2018] Using config home:/root/.acme.sh
[Fri Dec 21 00:31:40 MST 2018] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.0
[Fri Dec 21 00:31:40 MST 2018] _main_domain='*.fakedomain.net'
[Fri Dec 21 00:31:40 MST 2018] _alt_domains='no'
[Fri Dec 21 00:31:40 MST 2018] Using config home:/root/.acme.sh
[Fri Dec 21 00:31:40 MST 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Dec 21 00:31:40 MST 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri Dec 21 00:31:40 MST 2018] DOMAIN_PATH='/root/.acme.sh/*.fakedomain.net'
[Fri Dec 21 00:31:40 MST 2018] 'dns_cf' does not contain 'dns'
[Fri Dec 21 00:31:40 MST 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 21 00:31:40 MST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 21 00:31:40 MST 2018] GET
[Fri Dec 21 00:31:40 MST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri Dec 21 00:31:40 MST 2018] timeout=
[Fri Dec 21 00:31:40 MST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.iVoTGFBlTP  -g '
[Fri Dec 21 00:31:41 MST 2018] ret='0'
[Fri Dec 21 00:31:41 MST 2018] response='{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "qScd1vOcz3A": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri Dec 21 00:31:41 MST 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri Dec 21 00:31:41 MST 2018] ACME_NEW_AUTHZ
[Fri Dec 21 00:31:41 MST 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Dec 21 00:31:41 MST 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri Dec 21 00:31:41 MST 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri Dec 21 00:31:41 MST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Fri Dec 21 00:31:41 MST 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Dec 21 00:31:41 MST 2018] ACME_VERSION='2'
[Fri Dec 21 00:31:41 MST 2018] Le_NextRenewTime
[Fri Dec 21 00:31:41 MST 2018] _on_before_issue
[Fri Dec 21 00:31:41 MST 2018] _chk_main_domain='*.fakedomain.net'
[Fri Dec 21 00:31:41 MST 2018] _chk_alt_domains
[Fri Dec 21 00:31:41 MST 2018] 'dns_cf' does not contain 'no'
[Fri Dec 21 00:31:41 MST 2018] Le_LocalAddress
[Fri Dec 21 00:31:41 MST 2018] d='*.fakedomain.net'
[Fri Dec 21 00:31:41 MST 2018] Check for domain='*.fakedomain.net'
[Fri Dec 21 00:31:41 MST 2018] _currentRoot='dns_cf'
[Fri Dec 21 00:31:41 MST 2018] d
[Fri Dec 21 00:31:41 MST 2018] 'dns_cf' does not contain 'apache'
[Fri Dec 21 00:31:41 MST 2018] _saved_account_key_hash='BDbMykNU7fMNzoCeAfkC9eWOhb3RBgVf4uFzgnwcRJM='
[Fri Dec 21 00:31:41 MST 2018] _saved_account_key_hash is not changed, skip register account.
[Fri Dec 21 00:31:41 MST 2018] Read key length:
[Fri Dec 21 00:31:41 MST 2018] _createcsr
[Fri Dec 21 00:31:41 MST 2018] domain='*.fakedomain.net'
[Fri Dec 21 00:31:41 MST 2018] domainlist
[Fri Dec 21 00:31:41 MST 2018] csrkey='/root/.acme.sh/*.fakedomain.net/*.fakedomain.net.key'
[Fri Dec 21 00:31:41 MST 2018] csr='/root/.acme.sh/*.fakedomain.net/*.fakedomain.net.csr'
[Fri Dec 21 00:31:41 MST 2018] csrconf='/root/.acme.sh/*.fakedomain.net/*.fakedomain.net.csr.conf'
[Fri Dec 21 00:31:41 MST 2018] Single domain='*.fakedomain.net'
[Fri Dec 21 00:31:41 MST 2018] _is_idn_d='*.fakedomain.net'
[Fri Dec 21 00:31:41 MST 2018] _idn_temp
[Fri Dec 21 00:31:41 MST 2018] _csr_cn='*.fakedomain.net'
[Fri Dec 21 00:31:41 MST 2018] Getting domain auth token for each domain
[Fri Dec 21 00:31:41 MST 2018] d
[Fri Dec 21 00:31:41 MST 2018] _identifiers='{"type":"dns","value":"*.fakedomain.net"}'
[Fri Dec 21 00:31:41 MST 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Dec 21 00:31:41 MST 2018] payload='{"identifiers": [{"type":"dns","value":"*.fakedomain.net"}]}'
[Fri Dec 21 00:31:41 MST 2018] RSA key
[Fri Dec 21 00:31:41 MST 2018] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Dec 21 00:31:41 MST 2018] HEAD
[Fri Dec 21 00:31:41 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Dec 21 00:31:41 MST 2018] body
[Fri Dec 21 00:31:41 MST 2018] _postContentType='application/jose+json'
[Fri Dec 21 00:31:41 MST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.nHOOv4CNhz  -g '
[Fri Dec 21 00:31:41 MST 2018] _ret='0'
[Fri Dec 21 00:31:41 MST 2018] _headers='HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: HL-6OhHARFcE7gN2G0L3eGY_xlQ8cBkJfYd0ygUi37w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 20 Dec 2018 16:53:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 20 Dec 2018 16:53:41 GMT
Connection: keep-alive
'
[Fri Dec 21 00:31:41 MST 2018] _CACHED_NONCE='HL-6OhHARFcE7gN2G0L3eGY_xlQ8cBkJfYd0ygUi37w'
[Fri Dec 21 00:31:41 MST 2018] nonce='HL-6OhHARFcE7gN2G0L3eGY_xlQ8cBkJfYd0ygUi37w'
[Fri Dec 21 00:31:41 MST 2018] POST
[Fri Dec 21 00:31:41 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Dec 21 00:31:41 MST 2018] body='{"protected": "eyJub25jZSI6ICJITC02T2hIQVJGY0U3Z04yRzBMM2VHWV94bFE4Y0JrSmZZZDB5Z1VpMzd3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzQ4MDM2Njc0In0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IiouY2h1YW5nc2hlbmdwYXkubmV0In1dfQ", "signature": "ZnTkIpcrNC6YEP8zuK7r_-wtLUxr3bRTfwopwMv5srxCObv7aApaI2hzSTis628MBDCkf1LtR19nSJO3WIwAMN2DNIi3Lm6-8OJb9vVzXLz7XeqMBKSNCEvhGENf1g-6E1__CDka5S9bkzoWf_Khq3UfSkvD2xceI2NHZrcXkL0PT5oWx31QzrFZDqA9CIf_Cm4WEHguNi70B7g4N8pg9l8Vj8DaUFy7_ap_lvhDeqxIXbYQG4A1zKEh4NVFfVJhTBzqM6QmFdLbW5FkMX0x6NFL6q59aNtjze2Wxydw045nc7CohhnFLL_ppqDcDMUoJWgwHSQxz-fWBkUKcpgIFA"}'
[Fri Dec 21 00:31:41 MST 2018] _postContentType='application/jose+json'
[Fri Dec 21 00:31:41 MST 2018] Http already initialized.
[Fri Dec 21 00:31:41 MST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.nHOOv4CNhz  -g '
[Fri Dec 21 00:31:43 MST 2018] _ret='0'
[Fri Dec 21 00:31:43 MST 2018] original='{
  "status": "pending",
  "expires": "2018-12-27T16:53:42.081521209Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.fakedomain.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/48036674/230636827"
}'
[Fri Dec 21 00:31:43 MST 2018] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 379
Boulder-Requester: 48036674
Location: https://acme-v02.api.letsencrypt.org/acme/order/48036674/230636827
Replay-Nonce: rVz4Mg6_4ovYGaavtYvVSvBInZoKt_xBjlcaCKKXwhQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 20 Dec 2018 16:53:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 20 Dec 2018 16:53:43 GMT
Connection: keep-alive
'
[Fri Dec 21 00:31:43 MST 2018] response='{"status":"pending","expires":"2018-12-27T16:53:42.081521209Z","identifiers":[{"type":"dns","value":"*.fakedomain.net"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/48036674/230636827"}'
[Fri Dec 21 00:31:43 MST 2018] code='201'
[Fri Dec 21 00:31:43 MST 2018] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/48036674/230636827'
[Fri Dec 21 00:31:43 MST 2018] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE'
[Fri Dec 21 00:31:43 MST 2018] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE'
[Fri Dec 21 00:31:43 MST 2018] GET
[Fri Dec 21 00:31:43 MST 2018] url='https://acme-v02.api.letsencrypt.org/acme/authz/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE'
[Fri Dec 21 00:31:43 MST 2018] timeout=
[Fri Dec 21 00:31:43 MST 2018] Http already initialized.
[Fri Dec 21 00:31:43 MST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.nHOOv4CNhz  -g '
[Fri Dec 21 00:31:43 MST 2018] ret='0'
[Fri Dec 21 00:31:43 MST 2018] response='{"identifier":{"type":"dns","value":"fakedomain.net"},"status":"pending","expires":"2018-12-27T16:53:42Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082","token":"tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk"}],"wildcard": true}'
[Fri Dec 21 00:31:43 MST 2018] _d='*.fakedomain.net'
[Fri Dec 21 00:31:43 MST 2018] _authorizations_map='*.fakedomain.net,{"identifier":{"type":"dns","value":"fakedomain.net"},"status":"pending","expires":"2018-12-27T16:53:42Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082","token":"tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk"}],"wildcard": true}
'
[Fri Dec 21 00:31:43 MST 2018] d='*.fakedomain.net'
[Fri Dec 21 00:31:43 MST 2018] Getting webroot for domain='*.fakedomain.net'
[Fri Dec 21 00:31:43 MST 2018] _w='dns_cf'
[Fri Dec 21 00:31:43 MST 2018] _currentRoot='dns_cf'
[Fri Dec 21 00:31:43 MST 2018] response='{"identifier":{"type":"dns","value":"fakedomain.net"},"status":"pending","expires":"2018-12-27T16:53:42Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082","token":"tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk"}],"wildcard": true}'
[Fri Dec 21 00:31:43 MST 2018] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082","token":"tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk"'
[Fri Dec 21 00:31:43 MST 2018] token='tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk'
[Fri Dec 21 00:31:43 MST 2018] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082'
[Fri Dec 21 00:31:43 MST 2018] keyauthorization='tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk.zk49ZzdsOIRd0gwcyWOPgCD1xx5qZyYL1Uy5muX-6fg'
[Fri Dec 21 00:31:43 MST 2018] dvlist='*.fakedomain.net#tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk.zk49ZzdsOIRd0gwcyWOPgCD1xx5qZyYL1Uy5muX-6fg#https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082#dns-01#dns_cf'
[Fri Dec 21 00:31:43 MST 2018] d
[Fri Dec 21 00:31:43 MST 2018] vlist='*.fakedomain.net#tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk.zk49ZzdsOIRd0gwcyWOPgCD1xx5qZyYL1Uy5muX-6fg#https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082#dns-01#dns_cf,'
[Fri Dec 21 00:31:43 MST 2018] d='*.fakedomain.net'
[Fri Dec 21 00:31:43 MST 2018] _d_alias
[Fri Dec 21 00:31:43 MST 2018] txtdomain='_acme-challenge.fakedomain.net'
[Fri Dec 21 00:31:43 MST 2018] txt='f-slXcVG9wQtrS_vlK1FdNdw1v4HTkwu-ty-WPuR-K4'
[Fri Dec 21 00:31:43 MST 2018] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Fri Dec 21 00:31:43 MST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Fri Dec 21 00:31:43 MST 2018] First detect the root zone
[Fri Dec 21 00:31:43 MST 2018] _cf_zones='411111111_xxx_com_CF_ZONES_'
[Fri Dec 21 00:31:43 MST 2018] 3111111111_xxx_com_CF_ZONES_ found
[Fri Dec 21 00:31:43 MST 2018] h='fakedomain.net'
[Fri Dec 21 00:31:43 MST 2018] h='net'
[Fri Dec 21 00:31:43 MST 2018] h
[Fri Dec 21 00:31:43 MST 2018] invalid domain
[Fri Dec 21 00:31:43 MST 2018] Error add txt for domain:_acme-challenge.fakedomain.net
[Fri Dec 21 00:31:43 MST 2018] pid
[Fri Dec 21 00:31:43 MST 2018] No need to restore nginx, skip.
[Fri Dec 21 00:31:43 MST 2018] _clearupdns
[Fri Dec 21 00:31:43 MST 2018] skip dns.
[Fri Dec 21 00:31:43 MST 2018] _on_issue_err
[Fri Dec 21 00:31:43 MST 2018] Please add '--debug' or '--log' to check more details.
[Fri Dec 21 00:31:43 MST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Dec 21 00:31:43 MST 2018] _chk_vlist='*.fakedomain.net#tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk.zk49ZzdsOIRd0gwcyWOPgCD1xx5qZyYL1Uy5muX-6fg#https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082#dns-01#dns_cf,'
[Fri Dec 21 00:31:43 MST 2018] start to deactivate authz
[Fri Dec 21 00:31:43 MST 2018] tigger domain validation.
[Fri Dec 21 00:31:43 MST 2018] _t_url='https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082'
[Fri Dec 21 00:31:43 MST 2018] _t_key_authz='tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk.zk49ZzdsOIRd0gwcyWOPgCD1xx5qZyYL1Uy5muX-6fg'
[Fri Dec 21 00:31:43 MST 2018] url='https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082'
[Fri Dec 21 00:31:43 MST 2018] payload='{"keyAuthorization": "tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk.zk49ZzdsOIRd0gwcyWOPgCD1xx5qZyYL1Uy5muX-6fg"}'
[Fri Dec 21 00:31:43 MST 2018] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Fri Dec 21 00:31:43 MST 2018] Use _CACHED_NONCE='rVz4Mg6_4ovYGaavtYvVSvBInZoKt_xBjlcaCKKXwhQ'
[Fri Dec 21 00:31:43 MST 2018] nonce='rVz4Mg6_4ovYGaavtYvVSvBInZoKt_xBjlcaCKKXwhQ'
[Fri Dec 21 00:31:43 MST 2018] POST
[Fri Dec 21 00:31:43 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082'
[Fri Dec 21 00:31:43 MST 2018] body='{"protected": "eyJub25jZSI6ICJyVno0TWc2XzRvdllHYWF2dFl2VlN2QkluWm9LdF94QmpsY2FDS0tYd2hRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvVm5SOXc3UTlEQk5QOXEyYlhKbjZxRC1Ob2w5dXJvb1J1NTl6aUZHdmxIRS8xMDUzODcyNDA4MiIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDgwMzY2NzQifQ", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogInRMV0VhRHB3TEprOU90cExTUWctYW9oejkxQ2ktZ1E0TURVX0ljcVJtWWsuems0OVp6ZHNPSVJkMGd3Y3lXT1BnQ0QxeHg1cVp5WUwxVXk1bXVYLTZmZyJ9", "signature": "JMww0kys-LV7jGiWiB-Oy6TGJMfgoU1ekjkU_QjvcYut5gXSDXlWD_0vz9viMN0Vps-zjDBK6VSxrasCwf1NvdFJ6K8FTuoiSd83SM1onapi9YLeJ7rMr21GqjFvfT7iLlfXik60neQrtHz4pCZMyLWk0p0jIClnErvqGZC1ALakTSrvho87elgBOZ6dL55o0av3S5fvmbr8MLP82zvnOwsptks98gkFE9wcRqXuAI1ANckTLqY9Ho2v2x4IzKmUcfm1nvK4AvtZxRX3bm5G0k8saLTOSUPTSHyv2JU9WXa3SEwyW1tsLt2zvYR979ft_pHiseEhRDi1aT1Hp1LvRg"}'
[Fri Dec 21 00:31:43 MST 2018] _postContentType='application/jose+json'
[Fri Dec 21 00:31:43 MST 2018] Http already initialized.
[Fri Dec 21 00:31:43 MST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.nHOOv4CNhz  -g '
[Fri Dec 21 00:31:44 MST 2018] _ret='0'
[Fri Dec 21 00:31:44 MST 2018] original='{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082",
  "token": "tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk"
}'
[Fri Dec 21 00:31:44 MST 2018] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 223
Boulder-Requester: 48036674
Link: <https://acme-v02.api.letsencrypt.org/acme/authz/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082
Replay-Nonce: ZdoQ9u6BqViOxslOyH0yChw-w2GjuHJmICxtP25097Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 20 Dec 2018 16:53:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 20 Dec 2018 16:53:44 GMT
Connection: keep-alive
'
[Fri Dec 21 00:31:44 MST 2018] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/VnR9w7Q9DBNP9q2bXJn6qD-Nol9urooRu59ziFGvlHE/10538724082","token":"tLWEaDpwLJk9OtpLSQg-aohz91Ci-gQ4MDU_IcqRmYk"}'
[Fri Dec 21 00:31:44 MST 2018] code='200'
[Fri Dec 21 00:31:44 MST 2018] socat doesn't exists.
[Fri Dec 21 00:31:44 MST 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2k-fips  26 Jan 2017
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
KYLE-HILL commented 5 years ago

I think your issue is probably the same as my issue. Note - See how the root domain is not correctly detected https://github.com/Neilpang/acme.sh/issues/1977

My thought is that the cf dns script is not correctly crawling a cloudflare account for root domains if it has multiple CF Zones. In other words if your cf account has multiple cloudflare accounts associated with it like example-home and kyle-example it won’t work but if you only have one (no cf zones) it works fine.

zhiqunq commented 5 years ago

When I change the code to the following way, the script does not report errors.

_.acme.sh/dnsapi/dnscf.sh

_get_root() {

  _cf_zones="$(_readdomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_")"
  _cf_zones=""  # ADD THIS LINE
  _debug2 "_cf_zones" "$_cf_zones"
  if [ -z "$_cf_zones" ]; then
    _debug "$_DOMAIN_CF_ZONES_CACHE_NAME_ is none, so get it."
    if ! _cf_rest GET "zones"; then
      return 1
    fi
    _cf_zones="$response"
    _savedomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_" "$(echo "$_cf_zones" | _base64)"

Hope useful.

phil-r commented 5 years ago

I have the same issue, fix above didn't help

Neilpang commented 5 years ago

@KYLE-HILL Can you explain more please ?

KYLE-HILL commented 5 years ago

@KYLE-HILL Can you explain more please ?

I think there is flawed logic with the zone checking logic specifically:

if [ -z "$_cf_zones" ]; then _debug "$_DOMAIN_CF_ZONES_CACHENAME is none, so get it." if ! _cf_rest GET "zones"; then return 1 fi _cf_zones="$response" _savedomainconf "$_DOMAIN_CF_ZONES_CACHENAME" "$(echo "$_cf_zones" | _base64)" else _debug "$_DOMAIN_CF_ZONES_CACHENAME found" _cf_zones="$(echo "$_cf_zones" | _dbase64)" fi

I think there is a problem with the caching performed to "zones" on the account because the script is incorrectly assuming that all zones are cached. I think this might be an unintended result of the fix for https://github.com/Neilpang/acme.sh/issues/1941 . The script appears to fully function when the following statement is performed: if ! _cf_rest GET "zones"; then return 1 fi _cf_zones="$response"

Notice on my issue https://github.com/Neilpang/acme.sh/issues/1977 as well as https://github.com/Neilpang/acme.sh/issues/1980 the debug text "_CFZONES found" appears within the failed configuration. My working configuration has the debug text "_CFZONES is none, so get it" so this makes me believe that the issue is failing to perform a "GET zones".

Something to note regarding the service account this happens on: The delegated account does not directly control any cloudflare zones/domains. It is merely used for API Usage on Edge Devices to prevent total Cloudflare Account Takeover/Compromise in the event of an API Key Leak. The list for example-home.net itself contains no domains and all domains it is delegated to control are contained within the super admin account kyle-example@gmail.com.

mysteq commented 5 years ago

I presume you either have "-" or "+" in your email address? See also comment in #1977

bardisty commented 5 years ago

It seems the problem lies with bash:

[Tue Jan 29 11:17:08 CST 2019] Good, bash is found, so change the shebang to use bash as preferred.

It works if the shell is set to sh and bash is removed from the system before installing acme.sh. I realized this because acme.sh works fine in its docker image which is alpine and uses sh not bash.

Steps to reproduce

Debug log

[Tue Jan 29 11:22:56 CST 2019] Lets find script dir.
[Tue Jan 29 11:22:56 CST 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
[Tue Jan 29 11:22:56 CST 2019] _script='/root/.acme.sh/acme.sh'
[Tue Jan 29 11:22:56 CST 2019] _script_home='/root/.acme.sh'
[Tue Jan 29 11:22:56 CST 2019] Using config home:/root/.acme.sh
[Tue Jan 29 11:22:56 CST 2019] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.1
[Tue Jan 29 11:22:56 CST 2019] _main_domain='acme.example.com'
[Tue Jan 29 11:22:56 CST 2019] _alt_domains='no'
[Tue Jan 29 11:22:56 CST 2019] Using config home:/root/.acme.sh
[Tue Jan 29 11:22:56 CST 2019] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Tue Jan 29 11:22:56 CST 2019] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Tue Jan 29 11:22:56 CST 2019] DOMAIN_PATH='/root/.acme.sh/acme.example.com'
[Tue Jan 29 11:22:56 CST 2019] 'dns_cf' does not contain 'dns'
[Tue Jan 29 11:22:56 CST 2019] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Tue Jan 29 11:22:56 CST 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Jan 29 11:22:56 CST 2019] GET
[Tue Jan 29 11:22:56 CST 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Jan 29 11:22:56 CST 2019] timeout=
[Tue Jan 29 11:22:56 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.VemVuQuCy4  -g '
[Tue Jan 29 11:22:56 CST 2019] ret='0'
[Tue Jan 29 11:22:57 CST 2019] response='{
  "dFCho_ZQxRw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}'
[Tue Jan 29 11:22:57 CST 2019] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Jan 29 11:22:57 CST 2019] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Jan 29 11:22:57 CST 2019] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Jan 29 11:22:57 CST 2019] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Jan 29 11:22:57 CST 2019] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Jan 29 11:22:57 CST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jan 29 11:22:57 CST 2019] ACME_NEW_NONCE
[Tue Jan 29 11:22:57 CST 2019] ACME_VERSION
[Tue Jan 29 11:22:57 CST 2019] Le_NextRenewTime
[Tue Jan 29 11:22:57 CST 2019] _on_before_issue
[Tue Jan 29 11:22:57 CST 2019] _chk_main_domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _chk_alt_domains
[Tue Jan 29 11:22:57 CST 2019] 'dns_cf' does not contain 'no'
[Tue Jan 29 11:22:57 CST 2019] Le_LocalAddress
[Tue Jan 29 11:22:57 CST 2019] d='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] Check for domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _currentRoot='dns_cf'
[Tue Jan 29 11:22:57 CST 2019] d
[Tue Jan 29 11:22:57 CST 2019] 'dns_cf' does not contain 'apache'
[Tue Jan 29 11:22:57 CST 2019] _saved_account_key_hash='GTiK/vPGmHW+vLHHihjntjD0F59YTK8/ARlTB4bng/Q='
[Tue Jan 29 11:22:57 CST 2019] _saved_account_key_hash is not changed, skip register account.
[Tue Jan 29 11:22:57 CST 2019] Read key length:
[Tue Jan 29 11:22:57 CST 2019] _createcsr
[Tue Jan 29 11:22:57 CST 2019] domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] domainlist
[Tue Jan 29 11:22:57 CST 2019] csrkey='/root/.acme.sh/acme.example.com/acme.example.com.key'
[Tue Jan 29 11:22:57 CST 2019] csr='/root/.acme.sh/acme.example.com/acme.example.com.csr'
[Tue Jan 29 11:22:57 CST 2019] csrconf='/root/.acme.sh/acme.example.com/acme.example.com.csr.conf'
[Tue Jan 29 11:22:57 CST 2019] Single domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _is_idn_d='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _idn_temp
[Tue Jan 29 11:22:57 CST 2019] _csr_cn='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] Getting domain auth token for each domain
[Tue Jan 29 11:22:57 CST 2019] d='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] Getting webroot for domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _w='dns_cf'
[Tue Jan 29 11:22:57 CST 2019] _currentRoot='dns_cf'
[Tue Jan 29 11:22:57 CST 2019] Getting new-authz for domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Jan 29 11:22:57 CST 2019] Try new-authz for the 0 time.
[Tue Jan 29 11:22:57 CST 2019] _is_idn_d='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _idn_temp
[Tue Jan 29 11:22:57 CST 2019] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Jan 29 11:22:57 CST 2019] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.example.com"}}'
[Tue Jan 29 11:22:57 CST 2019] RSA key
[Tue Jan 29 11:22:58 CST 2019] Get nonce with GET. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Tue Jan 29 11:22:58 CST 2019] GET
[Tue Jan 29 11:22:58 CST 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Jan 29 11:22:58 CST 2019] timeout=
[Tue Jan 29 11:22:58 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Qro440x9Js  -g '
[Tue Jan 29 11:22:58 CST 2019] ret='0'
[Tue Jan 29 11:22:58 CST 2019] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: x-MmtgnPIaIBKUx5fVLbnK-lUmPjyHXiKrd7TRVEVTc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 29 Jan 2019 17:22:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Jan 2019 17:22:58 GMT
Connection: keep-alive
'
[Tue Jan 29 11:22:58 CST 2019] _CACHED_NONCE='x-MmtgnPIaIBKUx5fVLbnK-lUmPjyHXiKrd7TRVEVTc'
[Tue Jan 29 11:22:58 CST 2019] nonce='x-MmtgnPIaIBKUx5fVLbnK-lUmPjyHXiKrd7TRVEVTc'
[Tue Jan 29 11:22:58 CST 2019] POST
[Tue Jan 29 11:22:58 CST 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Jan 29 11:22:58 CST 2019] body='{"protected": "eyJub25jZSI6ICJ4LU1tdGduUElhSUJLVXg1ZlZMYm5LLWxVbVBqeUhYaUtyZDdUUlZFVlRjIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ5dHRGa09nR0ZCRlZTSzZ2R3FWdEtOZ2oxRmlCYlc5RXZyeTlZMEZRcFVPU2N6M1Vja1I4ZHRiZ0pkdkhkYzNmdjBWem44NDRDdWRBWVRjVXJSRVVRcnFaNWZvdmtjTnhZQUNxdUxjb1FTbER2X0hXNXpTX1hSTGNwOTNfMzI3NkltMG91RkVlS1BKNjM1blZWUzFWaUVzTXp4Tk5Ld280YU5QM0I0blU2S0JjZVhkVWREaVcwR0p4TE5rbkhscGE2RjJuQi0wTTRmaFVtSzVTNnBvbDlyZjJ2VkV6RWVfYkFobFdJbmQ0SmRsNEFHYzNkaXBvakhGMktvQWllVG43cWJBaENaU3BaZmpiOEVEYlRiRE5IRkNiMEIzekNJcFFrckxKXzl5YWpMWkIxYVd5bWZvY09CSW5iRjhYU2pjemxxdl9SR3R5MzFDTUZQT0dyU0FzdncifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5wbGFndWVmZXN0LmNvbSJ9fQ", "signature": "At4OjhzKMyPZfYgC4GGpUgkKY3jsQ0mx-VcEKy4khuu1UosvVdwM_7GYWW1s65Q7oGHJCze2LjlgnZIbjJhAZaRUltYO_qsQUZxTeLttSTngYGpTP6KvSGLCa0JZw4UZOxUDyMg0YmdfxQiG9LakTJ9uAwntihn2bFVLAhN6SuFu2tgK8Iz6RXqBK1jutHdowcsHD0XgI6Sut7Z7aiHb15MEcFaIn0hCrUFBcR4kSCDjsITG2clb49PJQU9puIFnayXtjNCm_AQDivfHo683JY7mhepqIRjohdhey91TYc89jOXPmm6KYyv7piZoeidbC_rXdpQ2-32NEfcp-iVmuA"}'
[Tue Jan 29 11:22:58 CST 2019] _postContentType='application/jose+json'
[Tue Jan 29 11:22:58 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.et4c4nEqA4  -g '
[Tue Jan 29 11:22:58 CST 2019] _ret='0'
[Tue Jan 29 11:22:58 CST 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "acme.example.com"
  },
  "status": "pending",
  "expires": "2019-02-05T17:22:58Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982",
      "token": "hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962984",
      "token": "JSYNgR8mZBkhZhMGjKP94DK7xYZGPNCt-JE5yS9yvFA"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962988",
      "token": "J71eM6Hq1gbqs0uqrOyWRTAsKMG6-TcJl13l6fYP148"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ],
    [
      2
    ]
  ]
}'
[Tue Jan 29 11:22:58 CST 2019] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 29 Jan 2019 17:22:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1001
Boulder-Requester: 50479457
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE
Replay-Nonce: FdUlB1SQtx2SqyNrgbTLLNaKHBCdQM1EdeHVulEwct4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 29 Jan 2019 17:22:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Jan 2019 17:22:58 GMT
Connection: keep-alive
'
[Tue Jan 29 11:22:58 CST 2019] response='{"identifier":{"type":"dns","value":"acme.example.com"},"status":"pending","expires":"2019-02-05T17:22:58Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982","token":"hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962984","token":"JSYNgR8mZBkhZhMGjKP94DK7xYZGPNCt-JE5yS9yvFA"},{"type":"tls-alpn-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962988","token":"J71eM6Hq1gbqs0uqrOyWRTAsKMG6-TcJl13l6fYP148"}],"combinations":[[0],[1],[2]]}'
[Tue Jan 29 11:22:58 CST 2019] code='201'
[Tue Jan 29 11:22:59 CST 2019] The new-authz request is ok.
[Tue Jan 29 11:22:59 CST 2019] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982","token":"hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk"'
[Tue Jan 29 11:22:59 CST 2019] token='hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk'
[Tue Jan 29 11:22:59 CST 2019] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982'
[Tue Jan 29 11:22:59 CST 2019] keyauthorization='hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg'
[Tue Jan 29 11:22:59 CST 2019] dvlist='acme.example.com#hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg#https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982#dns-01#dns_cf'
[Tue Jan 29 11:22:59 CST 2019] d
[Tue Jan 29 11:22:59 CST 2019] vlist='acme.example.com#hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg#https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982#dns-01#dns_cf,'
[Tue Jan 29 11:22:59 CST 2019] d='acme.example.com'
[Tue Jan 29 11:22:59 CST 2019] _d_alias
[Tue Jan 29 11:22:59 CST 2019] txtdomain='_acme-challenge.acme.example.com'
[Tue Jan 29 11:22:59 CST 2019] txt='ANj1JnK6JF-9TSaBSmN-tLuKYhgeZTRb4sfmruEu_7A'
[Tue Jan 29 11:22:59 CST 2019] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Tue Jan 29 11:22:59 CST 2019] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Tue Jan 29 11:22:59 CST 2019] First detect the root zone
[Tue Jan 29 11:22:59 CST 2019] h='acme.example.com'
[Tue Jan 29 11:22:59 CST 2019] zones?name=acme.example.com
[Tue Jan 29 11:22:59 CST 2019] GET
[Tue Jan 29 11:22:59 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=acme.example.com'
[Tue Jan 29 11:22:59 CST 2019] timeout=
[Tue Jan 29 11:22:59 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.N1ldEGvFCg  -g '
[Tue Jan 29 11:22:59 CST 2019] ret='0'
[Tue Jan 29 11:22:59 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:22:59 CST 2019] h='example.com'
[Tue Jan 29 11:22:59 CST 2019] zones?name=example.com
[Tue Jan 29 11:22:59 CST 2019] GET
[Tue Jan 29 11:22:59 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=example.com'
[Tue Jan 29 11:22:59 CST 2019] timeout=
[Tue Jan 29 11:22:59 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.m5WCdgIKnU  -g '
[Tue Jan 29 11:23:00 CST 2019] ret='0'
[Tue Jan 29 11:23:00 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:00 CST 2019] h='com'
[Tue Jan 29 11:23:00 CST 2019] zones?name=com
[Tue Jan 29 11:23:00 CST 2019] GET
[Tue Jan 29 11:23:00 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=com'
[Tue Jan 29 11:23:00 CST 2019] timeout=
[Tue Jan 29 11:23:00 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.qAdtxtoXQZ  -g '
[Tue Jan 29 11:23:00 CST 2019] ret='0'
[Tue Jan 29 11:23:00 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:00 CST 2019] h
[Tue Jan 29 11:23:00 CST 2019] invalid domain
[Tue Jan 29 11:23:00 CST 2019] Error add txt for domain:_acme-challenge.acme.example.com
[Tue Jan 29 11:23:00 CST 2019] _on_issue_err
[Tue Jan 29 11:23:00 CST 2019] Please add '--debug' or '--log' to check more details.
[Tue Jan 29 11:23:00 CST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Tue Jan 29 11:23:00 CST 2019] _chk_vlist='acme.example.com#hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg#https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982#dns-01#dns_cf,'
[Tue Jan 29 11:23:00 CST 2019] start to deactivate authz
[Tue Jan 29 11:23:00 CST 2019] Trigger domain validation.
[Tue Jan 29 11:23:00 CST 2019] _t_url='https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982'
[Tue Jan 29 11:23:00 CST 2019] _t_key_authz='hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg'
[Tue Jan 29 11:23:00 CST 2019] _t_vtype
[Tue Jan 29 11:23:00 CST 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982'
[Tue Jan 29 11:23:00 CST 2019] payload='{"resource": "challenge", "type": "", "keyAuthorization": "hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg"}'
[Tue Jan 29 11:23:00 CST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Tue Jan 29 11:23:00 CST 2019] Use _CACHED_NONCE='FdUlB1SQtx2SqyNrgbTLLNaKHBCdQM1EdeHVulEwct4'
[Tue Jan 29 11:23:00 CST 2019] nonce='FdUlB1SQtx2SqyNrgbTLLNaKHBCdQM1EdeHVulEwct4'
[Tue Jan 29 11:23:00 CST 2019] POST
[Tue Jan 29 11:23:00 CST 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982'
[Tue Jan 29 11:23:00 CST 2019] body='{"protected": "eyJub25jZSI6ICJGZFVsQjFTUXR4MlNxeU5yZ2JUTExOYUtIQkNkUU0xRWRlSFZ1bEV3Y3Q0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvbzZqNXY0WmZXY1c4UUxaVGFseGFnRjQ2ODdUYzlWbVhTVjNCUE1JM2V1RS8xMjAxNTk2Mjk4MiIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInl0dEZrT2dHRkJGVlNLNnZHcVZ0S05najFGaUJiVzlFdnJ5OVkwRlFwVU9TY3ozVWNrUjhkdGJnSmR2SGRjM2Z2MFZ6bjg0NEN1ZEFZVGNVclJFVVFycVo1Zm92a2NOeFlBQ3F1TGNvUVNsRHZfSFc1elNfWFJMY3A5M18zMjc2SW0wb3VGRWVLUEo2MzVuVlZTMVZpRXNNenhOTkt3bzRhTlAzQjRuVTZLQmNlWGRVZERpVzBHSnhMTmtuSGxwYTZGMm5CLTBNNGZoVW1LNVM2cG9sOXJmMnZWRXpFZV9iQWhsV0luZDRKZGw0QUdjM2RpcG9qSEYyS29BaWVUbjdxYkFoQ1pTcFpmamI4RURiVGJETkhGQ2IwQjN6Q0lwUWtyTEpfOXlhakxaQjFhV3ltZm9jT0JJbmJGOFhTamN6bHF2X1JHdHkzMUNNRlBPR3JTQXN2dyJ9fQ", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAidHlwZSI6ICIiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJoa3REQWlQOGpuMUJ1ZW52VXFTUEN3c0Jqbnp0LWkxV05sbzVVeFZaYmhrLjlCS3lNWE9SX2d6YXk3S3gyVk1IbDdkd2NaLWUtQkZKZHlnWE5QMHVBUWcifQ", "signature": "ki-WxZFDoT5298bw4UF3FyhhDber4OZqtBVcMt9nvX6OWQOCjsC5kxpNGKc4OKh2wfggc1kL2cS1aB6TB5P68BEqkIk5cIJdD81PlhA0tHYeGpPahe-_dAwOOM_zDgPZmQRBPLEaxmF5ap7sd6yjnVLB0OAGUimijiyZBcJsx52BfqMLGwDwzdhllv3XHRQkX8b7OPpRDpxQ2OYinuheR_MmmH1uoO0vYIKP0YiXwA2n7Cpr4mBprVjwFUiS8pVefLxSrFbrbeDNmERJe14XH-t2v_v6G65dttX8AHj-W0bmQtivsLPSys3x9Sb81r9Q61ie_Jx5gj9BpaIJ_LdjaA"}'
[Tue Jan 29 11:23:00 CST 2019] _postContentType='application/jose+json'
[Tue Jan 29 11:23:00 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.fv633CTqtB  -g '
[Tue Jan 29 11:23:01 CST 2019] _ret='0'
[Tue Jan 29 11:23:01 CST 2019] original='{
  "type": "dns-01",
  "status": "pending",
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982",
  "token": "hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk",
  "keyAuthorization": "hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg"
}'
[Tue Jan 29 11:23:01 CST 2019] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 29 Jan 2019 17:23:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 50479457
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982
Replay-Nonce: tkDo--gAkl4n7BeF7Zgh_1uCOD6rE2RUwXH1H9_SOgk
Expires: Tue, 29 Jan 2019 17:23:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Jan 2019 17:23:01 GMT
Connection: keep-alive
'
[Tue Jan 29 11:23:01 CST 2019] response='{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982","token":"hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk","keyAuthorization":"hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg"}'
[Tue Jan 29 11:23:01 CST 2019] code='202'
[Tue Jan 29 11:23:01 CST 2019] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.0j  20 Nov 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>] groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>    groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>   groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>  groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>    groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>   groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface> groups=FD,SOCKET
      ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>    groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>   groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>   groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>  groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>   groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>  groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty   groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>   groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>   groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>  groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>    groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>    groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>    groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>   groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>  groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>  groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
[Tue Jan 29 11:23:01 CST 2019] pid
[Tue Jan 29 11:23:01 CST 2019] No need to restore nginx, skip.
[Tue Jan 29 11:23:01 CST 2019] _clearupdns
[Tue Jan 29 11:23:01 CST 2019] dnsadded='0'
[Tue Jan 29 11:23:01 CST 2019] vlist='acme.example.com#hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg#https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982#dns-01#dns_cf,'
[Tue Jan 29 11:23:01 CST 2019] Removing DNS records.
[Tue Jan 29 11:23:01 CST 2019] txt='ANj1JnK6JF-9TSaBSmN-tLuKYhgeZTRb4sfmruEu_7A'
[Tue Jan 29 11:23:01 CST 2019] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Tue Jan 29 11:23:01 CST 2019] _d_alias
[Tue Jan 29 11:23:01 CST 2019] First detect the root zone
[Tue Jan 29 11:23:01 CST 2019] h='acme.example.com'
[Tue Jan 29 11:23:01 CST 2019] zones?name=acme.example.com
[Tue Jan 29 11:23:01 CST 2019] GET
[Tue Jan 29 11:23:01 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=acme.example.com'
[Tue Jan 29 11:23:01 CST 2019] timeout=
[Tue Jan 29 11:23:01 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.lrZmmz5Gwp  -g '
[Tue Jan 29 11:23:02 CST 2019] ret='0'
[Tue Jan 29 11:23:02 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:02 CST 2019] h='example.com'
[Tue Jan 29 11:23:02 CST 2019] zones?name=example.com
[Tue Jan 29 11:23:02 CST 2019] GET
[Tue Jan 29 11:23:02 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=example.com'
[Tue Jan 29 11:23:02 CST 2019] timeout=
[Tue Jan 29 11:23:02 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.HU9Nh5PdJH  -g '
[Tue Jan 29 11:23:02 CST 2019] ret='0'
[Tue Jan 29 11:23:02 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:02 CST 2019] h='com'
[Tue Jan 29 11:23:02 CST 2019] zones?name=com
[Tue Jan 29 11:23:02 CST 2019] GET
[Tue Jan 29 11:23:02 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=com'
[Tue Jan 29 11:23:02 CST 2019] timeout=
[Tue Jan 29 11:23:02 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.WdRzSljG7B  -g '
[Tue Jan 29 11:23:02 CST 2019] ret='0'
[Tue Jan 29 11:23:02 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:02 CST 2019] h
[Tue Jan 29 11:23:02 CST 2019] invalid domain
[Tue Jan 29 11:23:02 CST 2019] Error removing txt for domain:_acme-challenge.acme.example.com
bmpandrade commented 5 years ago

Hey,

I had the same issue and I've a '+' in the SAVED_CF_EMAIL variable on data/account.conf.

Everything was working good until I upgraded to 2.8.0, once I downgraded to 2.7.9, everything started working again.

MorleyGit commented 5 years ago

I too have the same issue. I don't have a + or - in my email address and I have latest version installed (2.8.0)

My thought is that the cf dns script is not correctly crawling a cloudflare account for root domains if it has multiple CF Zones. In other words if your cf account has multiple cloudflare accounts associated with it like example-home and kyle-example it won’t work but if you only have one (no cf zones) it works fine.

I have no idea if this is the case but I do have multiple domains in my CF account. I have acme.sh installed on another site and that works fine with that CF account but the domain I'm obtaining the certificate for was the first domain registered in that account.

[Sat, Feb 23, 2019 10:10:45 AM] Lets find script dir. [Sat, Feb 23, 2019 10:10:45 AM] SCRIPT='/home/AESIT/.acme.sh/acme.sh' [Sat, Feb 23, 2019 10:10:45 AM] _script='/home/AESIT/.acme.sh/acme.sh' [Sat, Feb 23, 2019 10:10:45 AM] _script_home='/home/AESIT/.acme.sh' [Sat, Feb 23, 2019 10:10:45 AM] Using config home:/home/AESIT/.acme.sh [Sat, Feb 23, 2019 10:10:46 AM] LE_WORKING_DIR='/home/AESIT/.acme.sh' https://github.com/Neilpang/acme.sh v2.8.1 [Sat, Feb 23, 2019 10:10:46 AM] _main_domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:46 AM] _alt_domains='no' [Sat, Feb 23, 2019 10:10:46 AM] Using config home:/home/AESIT/.acme.sh [Sat, Feb 23, 2019 10:10:46 AM] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Sat, Feb 23, 2019 10:10:46 AM] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory' [Sat, Feb 23, 2019 10:10:47 AM] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org' [Sat, Feb 23, 2019 10:10:47 AM] DOMAIN_PATH='/home/AESIT/certificates/.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:47 AM] 'dns_cf' does not contain 'dns' [Sat, Feb 23, 2019 10:10:47 AM] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Sat, Feb 23, 2019 10:10:47 AM] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory [Sat, Feb 23, 2019 10:10:47 AM] GET [Sat, Feb 23, 2019 10:10:48 AM] url='https://acme-staging-v02.api.letsencrypt.org/directory' [Sat, Feb 23, 2019 10:10:48 AM] timeout= [Sat, Feb 23, 2019 10:10:48 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.39qPalNF3Z -g ' [Sat, Feb 23, 2019 10:10:49 AM] ret='0' [Sat, Feb 23, 2019 10:10:49 AM] response='{ "C3Yfub7P3Rs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org/docs/staging-environment/" }, "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert" }' [Sat, Feb 23, 2019 10:10:53 AM] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change' [Sat, Feb 23, 2019 10:10:53 AM] ACME_NEW_AUTHZ [Sat, Feb 23, 2019 10:10:53 AM] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Sat, Feb 23, 2019 10:10:53 AM] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' [Sat, Feb 23, 2019 10:10:54 AM] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert' [Sat, Feb 23, 2019 10:10:54 AM] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Sat, Feb 23, 2019 10:10:54 AM] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Sat, Feb 23, 2019 10:10:54 AM] ACME_VERSION='2' [Sat, Feb 23, 2019 10:10:54 AM] Le_NextRenewTime [Sat, Feb 23, 2019 10:10:57 AM] _on_before_issue [Sat, Feb 23, 2019 10:10:57 AM] _chk_main_domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:57 AM] _chk_alt_domains [Sat, Feb 23, 2019 10:10:58 AM] 'dns_cf' does not contain 'no' [Sat, Feb 23, 2019 10:10:58 AM] Le_LocalAddress [Sat, Feb 23, 2019 10:10:58 AM] d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:58 AM] Check for domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:58 AM] _currentRoot='dns_cf' [Sat, Feb 23, 2019 10:10:59 AM] d [Sat, Feb 23, 2019 10:10:59 AM] 'dns_cf' does not contain 'apache' [Sat, Feb 23, 2019 10:10:59 AM] _saved_account_key_hash='wDqgt+g6J494STsUA+tE2McjeOENdw9xdkd5n3Ro3a8=' [Sat, Feb 23, 2019 10:10:59 AM] _saved_account_key_hash is not changed, skip register account. [Sat, Feb 23, 2019 10:11:00 AM] Read key length: [Sat, Feb 23, 2019 10:11:00 AM] _createcsr [Sat, Feb 23, 2019 10:11:00 AM] domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:00 AM] domainlist [Sat, Feb 23, 2019 10:11:00 AM] csrkey='/home/AESIT/certificates/.myrealdomain.co.uk/.myrealdomain.co.uk.key' [Sat, Feb 23, 2019 10:11:00 AM] csr='/home/AESIT/certificates/.myrealdomain.co.uk/.myrealdomain.co.uk.csr' [Sat, Feb 23, 2019 10:11:00 AM] csrconf='/home/AESIT/certificates/.myrealdomain.co.uk/.myrealdomain.co.uk.csr.conf' [Sat, Feb 23, 2019 10:11:00 AM] Single domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:00 AM] _is_idn_d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:01 AM] _idn_temp [Sat, Feb 23, 2019 10:11:01 AM] _csr_cn='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:01 AM] Getting domain auth token for each domain [Sat, Feb 23, 2019 10:11:02 AM] d [Sat, Feb 23, 2019 10:11:02 AM] _identifiers='{"type":"dns","value":".myrealdomain.co.uk"}' [Sat, Feb 23, 2019 10:11:02 AM] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Sat, Feb 23, 2019 10:11:02 AM] payload='{"identifiers": [{"type":"dns","value":".myrealdomain.co.uk"}]}' [Sat, Feb 23, 2019 10:11:02 AM] RSA key [Sat, Feb 23, 2019 10:11:03 AM] _URGLY_PRINTF [Sat, Feb 23, 2019 10:11:03 AM] xargs [Sat, Feb 23, 2019 10:11:04 AM] _URGLY_PRINTF [Sat, Feb 23, 2019 10:11:04 AM] xargs [Sat, Feb 23, 2019 10:11:04 AM] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Sat, Feb 23, 2019 10:11:04 AM] HEAD [Sat, Feb 23, 2019 10:11:04 AM] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Sat, Feb 23, 2019 10:11:04 AM] body [Sat, Feb 23, 2019 10:11:05 AM] _postContentType='application/jose+json' [Sat, Feb 23, 2019 10:11:05 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:06 AM] _ret='0' [Sat, Feb 23, 2019 10:11:06 AM] _headers='HTTP/1.1 200 OK Server: nginx Replay-Nonce: BgkWPjzSByNqkXHEVbLtLYSnB-ntQxoT0m-aVujSdKI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Content-Length: 0 Expires: Sat, 23 Feb 2019 10:11:06 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 23 Feb 2019 10:11:06 GMT Connection: keep-alive ' [Sat, Feb 23, 2019 10:11:06 AM] _CACHED_NONCE='BgkWPjzSByNqkXHEVbLtLYSnB-ntQxoT0m-aVujSdKI' [Sat, Feb 23, 2019 10:11:07 AM] nonce='BgkWPjzSByNqkXHEVbLtLYSnB-ntQxoT0m-aVujSdKI' [Sat, Feb 23, 2019 10:11:08 AM] POST [Sat, Feb 23, 2019 10:11:08 AM] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Sat, Feb 23, 2019 10:11:08 AM] body='{"protected": "eyJub25jZSI6ICJCZ2tXUGp6U0J5TnFrWEhFVmJMdExZU25CLW50UXhvVDBtLWFWdWpTZEtJIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84MzMxMDI3In0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IiouYWVzZW5ncy5jby51ayJ9XX0", "signature": "CaMebHNoYggQQxQq1Hixo78Sg0y_ZxV8d71sZfD_Oj2aIzyllNYaWm3lm3FLYJkZOGR_kPdBWyAIyfC4HkwFpntB434scJT4lrcUMUbxCcFBb7m3coTPw_mcy01kAFEdmkawsna_Zju8HFEane7qa2GplCVcUeAh2nUjE-CyqqoEfN4fK_6cN6ZmMOhu_AmMB7g586VQJf4mzAn1D4CY2E2aDePKc6rBgHOCNFSZIJ0QNFTeKfeIwn49yD8QodB9JhsfMpx8ZlJ3QIpogo-l1OYTPtli0oL_cGpv0F2CQ6bQOBYqGRSDOM3xzzFTLfPNyrytnU55yE9qJy-l6aIdVg"}' [Sat, Feb 23, 2019 10:11:08 AM] _postContentType='application/jose+json' [Sat, Feb 23, 2019 10:11:08 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:08 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:09 AM] _ret='0' [Sat, Feb 23, 2019 10:11:09 AM] responseHeaders='HTTP/1.1 201 Created Server: nginx Content-Type: application/json Content-Length: 388 Boulder-Requester: 8331027 Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/8331027/24163481 Replay-Nonce: gjxuLxsM42bqZoOo37_Vv_T4wd02UzgKkUTs4Ie6Hh0 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sat, 23 Feb 2019 10:11:09 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 23 Feb 2019 10:11:09 GMT Connection: keep-alive ' [Sat, Feb 23, 2019 10:11:10 AM] code='201' [Sat, Feb 23, 2019 10:11:10 AM] original='{ "status": "pending", "expires": "2019-03-02T10:11:09.431049501Z", "identifiers": [ { "type": "dns", "value": ".myrealdomain.co.uk" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8331027/24163481" }' [Sat, Feb 23, 2019 10:11:10 AM] response='{"status":"pending","expires":"2019-03-02T10:11:09.431049501Z","identifiers":[{"type":"dns","value":".myrealdomain.co.uk"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8331027/24163481"}' [Sat, Feb 23, 2019 10:11:11 AM] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8331027/24163481' [Sat, Feb 23, 2019 10:11:12 AM] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E' [Sat, Feb 23, 2019 10:11:12 AM] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E' [Sat, Feb 23, 2019 10:11:12 AM] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E' [Sat, Feb 23, 2019 10:11:12 AM] payload [Sat, Feb 23, 2019 10:11:12 AM] Use cached jwk for file: /home/AESIT/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key [Sat, Feb 23, 2019 10:11:13 AM] Use _CACHED_NONCE='gjxuLxsM42bqZoOo37_Vv_T4wd02UzgKkUTs4Ie6Hh0' [Sat, Feb 23, 2019 10:11:13 AM] nonce='gjxuLxsM42bqZoOo37_Vv_T4wd02UzgKkUTs4Ie6Hh0' [Sat, Feb 23, 2019 10:11:14 AM] POST [Sat, Feb 23, 2019 10:11:14 AM] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E' [Sat, Feb 23, 2019 10:11:14 AM] body='{"protected": "eyJub25jZSI6ICJnanh1THhzTTQyYnFab09vMzdfVnZfVDR3ZDAyVXpnS2tVVHM0SWU2SGgwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L2tlSm5xVDdFS281b2FrR0pKNXRDR1VPZUMySXB1OU1LYUlVWjMwQ3d2X0UiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODMzMTAyNyJ9", "payload": "", "signature": "PYjSP3Ps-a-Htw_L3MZI74mF9SRcxaAi7o0uf-0efGWB_Hn2EmkHNKmWRDRXHzPJacT00T5HVDwk7YtF4HVRrHIzPFfjmhbqpviPZGboowqlKbKyCEorUWcqbRSO_ye7RGtohevX4ejyjegmkjZVzCQaCWh6UmP-b5T-gogcpKd26uSRcnIDlXopy3HmmU7fT5z7M_sdkqYuk-9OPxueNmwNtcm2pVB30lctAi9nQhziERwee9z_HhCOYOkHObIuHT17Em09fDBbFObXstCtWNpUsGL3wi2RnJ_C54sn2Ra8VqJaQgkYfj825su3Q3pA2hidNYpJbqpXBj3hKrCQ6A"}' [Sat, Feb 23, 2019 10:11:14 AM] _postContentType='application/jose+json' [Sat, Feb 23, 2019 10:11:14 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:15 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:16 AM] _ret='0' [Sat, Feb 23, 2019 10:11:16 AM] responseHeaders='HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 430 Boulder-Requester: 8331027 Replay-Nonce: h_qfiPNCPa7cL3hFQ1lhPKwkK7M6GvbnEdrCZdVt9TM X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sat, 23 Feb 2019 10:11:15 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 23 Feb 2019 10:11:15 GMT Connection: keep-alive ' [Sat, Feb 23, 2019 10:11:16 AM] code='200' [Sat, Feb 23, 2019 10:11:16 AM] original='{ "identifier": { "type": "dns", "value": "myrealdomain.co.uk" }, "status": "pending", "expires": "2019-03-02T10:11:09Z", "challenges": [ { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406", "token": "LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4" } ], "wildcard": true }' [Sat, Feb 23, 2019 10:11:16 AM] response='{"identifier":{"type":"dns","value":"myrealdomain.co.uk"},"status":"pending","expires":"2019-03-02T10:11:09Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}],"wildcard": true}' [Sat, Feb 23, 2019 10:11:17 AM] response='{"identifier":{"type":"dns","value":"myrealdomain.co.uk"},"status":"pending","expires":"2019-03-02T10:11:09Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}],"wildcard": true}' [Sat, Feb 23, 2019 10:11:18 AM] _d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:18 AM] _authorizations_map='.myrealdomain.co.uk,{"identifier":{"type":"dns","value":"myrealdomain.co.uk"},"status":"pending","expires":"2019-03-02T10:11:09Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}],"wildcard": true} ' [Sat, Feb 23, 2019 10:11:18 AM] d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:18 AM] Getting webroot for domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:18 AM] _w='dns_cf' [Sat, Feb 23, 2019 10:11:19 AM] _currentRoot='dns_cf' [Sat, Feb 23, 2019 10:11:19 AM] response='{"identifier":{"type":"dns","value":"myrealdomain.co.uk"},"status":"pending","expires":"2019-03-02T10:11:09Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}],"wildcard": true}' [Sat, Feb 23, 2019 10:11:19 AM] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"' [Sat, Feb 23, 2019 10:11:20 AM] token='LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4' [Sat, Feb 23, 2019 10:11:20 AM] uri='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406' [Sat, Feb 23, 2019 10:11:20 AM] keyauthorization='LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU' [Sat, Feb 23, 2019 10:11:21 AM] dvlist='.myrealdomain.co.uk#LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406#dns-01#dns_cf' [Sat, Feb 23, 2019 10:11:21 AM] d [Sat, Feb 23, 2019 10:11:21 AM] vlist='.myrealdomain.co.uk#LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406#dns-01#dns_cf,' [Sat, Feb 23, 2019 10:11:22 AM] d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:22 AM] _d_alias [Sat, Feb 23, 2019 10:11:23 AM] txtdomain='_acme-challenge.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:23 AM] txt='xZcxY6YR3mWPjhfRJFx0qNPjm3znfQ06aQXO-3OjQvc' [Sat, Feb 23, 2019 10:11:23 AM] d_api='/home/AESIT/.acme.sh/dnsapi/dns_cf.sh' [Sat, Feb 23, 2019 10:11:23 AM] myrealdomain.co.uk,_acme-challenge.myrealdomain.co.uk,,dns_cf,xZcxY6YR3mWPjhfRJFx0qNPjm3znfQ06aQXO-3OjQvc,/home/AESIT/.acme.sh/dnsapi/dns_cf.sh

[Sat, Feb 23, 2019 10:11:23 AM] Found domain api file: /home/AESIT/.acme.sh/dnsapi/dns_cf.sh [Sat, Feb 23, 2019 10:11:25 AM] First detect the root zone [Sat, Feb 23, 2019 10:11:25 AM] h='myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:25 AM] zones?name=myrealdomain.co.uk [Sat, Feb 23, 2019 10:11:26 AM] GET [Sat, Feb 23, 2019 10:11:26 AM] url='https://api.cloudflare.com/client/v4/zones?name=myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:26 AM] timeout= [Sat, Feb 23, 2019 10:11:26 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:27 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:28 AM] ret='0' [Sat, Feb 23, 2019 10:11:28 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}' [Sat, Feb 23, 2019 10:11:28 AM] h='co.uk' [Sat, Feb 23, 2019 10:11:28 AM] zones?name=co.uk [Sat, Feb 23, 2019 10:11:28 AM] GET [Sat, Feb 23, 2019 10:11:29 AM] url='https://api.cloudflare.com/client/v4/zones?name=co.uk' [Sat, Feb 23, 2019 10:11:29 AM] timeout= [Sat, Feb 23, 2019 10:11:29 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:30 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:30 AM] ret='0' [Sat, Feb 23, 2019 10:11:30 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}' [Sat, Feb 23, 2019 10:11:31 AM] h='uk' [Sat, Feb 23, 2019 10:11:31 AM] zones?name=uk [Sat, Feb 23, 2019 10:11:31 AM] GET [Sat, Feb 23, 2019 10:11:31 AM] url='https://api.cloudflare.com/client/v4/zones?name=uk' [Sat, Feb 23, 2019 10:11:32 AM] timeout= [Sat, Feb 23, 2019 10:11:32 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:32 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:33 AM] ret='0' [Sat, Feb 23, 2019 10:11:33 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}' [Sat, Feb 23, 2019 10:11:33 AM] h [Sat, Feb 23, 2019 10:11:33 AM] invalid domain [Sat, Feb 23, 2019 10:11:34 AM] Error add txt for domain:_acme-challenge.myrealdomain.co.uk [Sat, Feb 23, 2019 10:11:34 AM] _on_issue_err [Sat, Feb 23, 2019 10:11:34 AM] Please check log file for more details: /home/AESIT/.acme.sh/acme.sh.log [Sat, Feb 23, 2019 10:11:34 AM] _chk_vlist='*.myrealdomain.co.uk#LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406#dns-01#dns_cf,' [Sat, Feb 23, 2019 10:11:34 AM] start to deactivate authz [Sat, Feb 23, 2019 10:11:35 AM] Trigger domain validation. [Sat, Feb 23, 2019 10:11:35 AM] _t_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406' [Sat, Feb 23, 2019 10:11:35 AM] _t_key_authz='LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU' [Sat, Feb 23, 2019 10:11:35 AM] _t_vtype [Sat, Feb 23, 2019 10:11:35 AM] url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406' [Sat, Feb 23, 2019 10:11:36 AM] payload='{"keyAuthorization": "LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU"}' [Sat, Feb 23, 2019 10:11:36 AM] Use cached jwk for file: /home/AESIT/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key [Sat, Feb 23, 2019 10:11:36 AM] Use _CACHED_NONCE='h_qfiPNCPa7cL3hFQ1lhPKwkK7M6GvbnEdrCZdVt9TM' [Sat, Feb 23, 2019 10:11:36 AM] nonce='h_qfiPNCPa7cL3hFQ1lhPKwkK7M6GvbnEdrCZdVt9TM' [Sat, Feb 23, 2019 10:11:37 AM] POST [Sat, Feb 23, 2019 10:11:38 AM] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406' [Sat, Feb 23, 2019 10:11:38 AM] body='{"protected": "eyJub25jZSI6ICJoX3FmaVBOQ1BhN2NMM2hGUTFsaFBLd2tLN002R3ZibkVkckNaZFZ0OVRNIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsZW5nZS9rZUpucVQ3RUtvNW9ha0dKSjV0Q0dVT2VDMklwdTlNS2FJVVozMEN3dl9FLzI1MjQ1MTQwNiIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84MzMxMDI3In0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIkxJQ2NHeWhiR3lTMVJVREMyYzRKaDQ4bWk5Mk0xNEk1T0pZVTZPaHBKYzQuaG5ZVHNzaDBOTnh2anh5VVNCMFF5dmtQd2RZd2xkU2RCclZyaU9FLTBoVSJ9", "signature": "h-Xc4ifOC-2LKntQ6l5Yz4DaF4H31DEKruaaa6COlpviuUaEm1yjnFBzWJR77yW9g_pufhMr5VB0s_mMFK8lc2CjE0QDYMkyMQ5M96ieCU6Iyd2rs6xzFnWkgz7QGklDibFaVqOdTUiLB2saKNuAhhYSk5or-kDzbBd8QWSc40FO91GI5lIajzwBmIxCcPBuoMVZsys5NAHCurQL_ZLb9GqZBruylsO49v-qfy9YBIs6DZPPJA1m9o4-hnZiYrqLPPzwLJyzKVrCuB_dKIXbGu5ErwhNvZ7t7vB04_wdUDwNDUNoPVj2my4HoscpruFIjMCMEcBPLfMB-rg9hbm4_Q"}' [Sat, Feb 23, 2019 10:11:38 AM] _postContentType='application/jose+json' [Sat, Feb 23, 2019 10:11:38 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:38 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:39 AM] _ret='0' [Sat, Feb 23, 2019 10:11:39 AM] responseHeaders='HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 229 Boulder-Requester: 8331027 Link: https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E;rel="up" Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406 Replay-Nonce: GVP7nOxv2fDarcJn4mBMEjLlXKznefrWhAFEtDtZtro X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sat, 23 Feb 2019 10:11:39 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 23 Feb 2019 10:11:39 GMT Connection: keep-alive ' [Sat, Feb 23, 2019 10:11:39 AM] code='200' [Sat, Feb 23, 2019 10:11:39 AM] original='{ "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406", "token": "LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4" }' [Sat, Feb 23, 2019 10:11:40 AM] response='{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}' [Sat, Feb 23, 2019 10:11:41 AM] Diagnosis versions: openssl:openssl OpenSSL 1.0.2p 14 Aug 2018 apache: apache doesn't exists. nginx: nginx doesn't exists. socat: socat by Gerhard Rieger - see www.dest-unreach.org Usage: socat [options] options: -V print version and feature information to stdout, and exit -h|-? print a help text describing command line options and addresses -hh like -h, plus a list of all common address option names -hhh like -hh, plus a list of all available address option names -d increase verbosity (use up to 4 times; 2 are recommended) -D analyze file descriptors before loop -ly[facility] log to syslog, using facility (default is daemon) -lf log to file -ls log to stderr (default if no other log) -lm[facility] mixed log mode (stderr during initialization, then syslog) -lp set the program name used for logging -lu use microseconds for logging timestamps -lh add hostname to log messages -v verbose data traffic, text -x verbose data traffic, hexadecimal -b set data buffer size (8192) -s sloppy (continue on error) -t wait seconds before closing second channel -T total inactivity timeout in seconds -u unidirectional mode (left to right) -U unidirectional mode (right to left) -g do not check option groups -L try to obtain lock, or fail -W try to obtain lock, or wait -4 prefer IPv4 if version is not explicitly specified -6 prefer IPv6 if version is not explicitly specified bi-address: pipe[,] groups=FD,FIFO

!! single-address: [,] address-head: create: groups=FD,REG,NAMED exec: groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX fd: groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP gopen: groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX ip-datagram:: groups=FD,SOCKET,RANGE,IP4,IP6 ip-recv: groups=FD,SOCKET,RANGE,IP4,IP6 ip-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4,IP6 ip-sendto:: groups=FD,SOCKET,IP4,IP6 ip4-datagram:: groups=FD,SOCKET,RANGE,IP4 ip4-recv: groups=FD,SOCKET,RANGE,IP4 ip4-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4 ip4-sendto:: groups=FD,SOCKET,IP4 ip6-datagram:: groups=FD,SOCKET,RANGE,IP6 ip6-recv: groups=FD,SOCKET,RANGE,IP6 ip6-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP6 ip6-sendto:: groups=FD,SOCKET,IP6 open: groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS openssl:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL openssl-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL pipe: groups=FD,FIFO,NAMED,OPEN proxy::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP pty groups=FD,NAMED,TERMIOS,PTY readline groups=FD,READLINE,TERMIOS socket-connect::: groups=FD,SOCKET,CHILD,RETRY socket-datagram:::: groups=FD,SOCKET,RANGE socket-listen::: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE socket-recv:::: groups=FD,SOCKET,RANGE socket-recvfrom:::: groups=FD,SOCKET,CHILD,RANGE socket-sendto:::: groups=FD,SOCKET socks4::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4 socks4a::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4 stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP system: groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX tcp-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP tcp-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP tcp4-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,TCP tcp4-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP tcp6-connect:: groups=FD,SOCKET,CHILD,RETRY,IP6,TCP tcp6-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP udp-connect:: groups=FD,SOCKET,IP4,IP6,UDP udp-datagram:: groups=FD,SOCKET,RANGE,IP4,IP6,UDP udp-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP udp-recv: groups=FD,SOCKET,RANGE,IP4,IP6,UDP udp-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP udp-sendto:: groups=FD,SOCKET,IP4,IP6,UDP udp4-connect:: groups=FD,SOCKET,IP4,UDP udp4-datagram:: groups=FD,SOCKET,RANGE,IP4,UDP udp4-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP udp4-recv: groups=FD,SOCKET,RANGE,IP4,UDP udp4-recvfrom:: groups=FD,SOCKET,CHILD,RANGE,IP4,UDP udp4-sendto:: groups=FD,SOCKET,IP4,UDP udp6-connect:: groups=FD,SOCKET,IP6,UDP udp6-datagram:: groups=FD,SOCKET,RANGE,IP6,UDP udp6-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP udp6-recv: groups=FD,SOCKET,RANGE,IP6,UDP udp6-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP6,UDP udp6-sendto:: groups=FD,SOCKET,IP6,UDP unix-client: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-connect: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-listen: groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX unix-recv: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-recvfrom: groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX unix-sendto: groups=FD,SOCKET,NAMED,RETRY,UNIX [Sat, Feb 23, 2019 10:11:41 AM] pid [Sat, Feb 23, 2019 10:11:41 AM] No need to restore nginx, skip. [Sat, Feb 23, 2019 10:11:41 AM] _clearupdns [Sat, Feb 23, 2019 10:11:41 AM] dns_entries='myrealdomain.co.uk,_acme-challenge.myrealdomain.co.uk,,dns_cf,xZcxY6YR3mWPjhfRJFx0qNPjm3znfQ06aQXO-3OjQvc,/home/AESIT/.acme.sh/dnsapi/dns_cf.sh ' [Sat, Feb 23, 2019 10:11:41 AM] Removing DNS records. [Sat, Feb 23, 2019 10:11:42 AM] d='myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:42 AM] txtdomain='_acme-challenge.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:42 AM] aliasDomain='_acme-challenge.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:43 AM] txt='xZcxY6YR3mWPjhfRJFx0qNPjm3znfQ06aQXO-3OjQvc' [Sat, Feb 23, 2019 10:11:43 AM] d_api='/home/AESIT/.acme.sh/dnsapi/dns_cf.sh' [Sat, Feb 23, 2019 10:11:43 AM] First detect the root zone [Sat, Feb 23, 2019 10:11:43 AM] h='myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:43 AM] zones?name=myrealdomain.co.uk [Sat, Feb 23, 2019 10:11:44 AM] GET [Sat, Feb 23, 2019 10:11:44 AM] url='https://api.cloudflare.com/client/v4/zones?name=myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:44 AM] timeout= [Sat, Feb 23, 2019 10:11:44 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:44 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:45 AM] ret='0' [Sat, Feb 23, 2019 10:11:45 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}' [Sat, Feb 23, 2019 10:11:45 AM] h='co.uk' [Sat, Feb 23, 2019 10:11:45 AM] zones?name=co.uk [Sat, Feb 23, 2019 10:11:46 AM] GET [Sat, Feb 23, 2019 10:11:46 AM] url='https://api.cloudflare.com/client/v4/zones?name=co.uk' [Sat, Feb 23, 2019 10:11:46 AM] timeout= [Sat, Feb 23, 2019 10:11:46 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:46 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:47 AM] ret='0' [Sat, Feb 23, 2019 10:11:47 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}' [Sat, Feb 23, 2019 10:11:49 AM] h='uk' [Sat, Feb 23, 2019 10:11:49 AM] zones?name=uk [Sat, Feb 23, 2019 10:11:49 AM] GET [Sat, Feb 23, 2019 10:11:50 AM] url='https://api.cloudflare.com/client/v4/zones?name=uk' [Sat, Feb 23, 2019 10:11:50 AM] timeout= [Sat, Feb 23, 2019 10:11:50 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:50 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:51 AM] ret='0' [Sat, Feb 23, 2019 10:11:51 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}' [Sat, Feb 23, 2019 10:11:52 AM] h [Sat, Feb 23, 2019 10:11:52 AM] invalid domain [Sat, Feb 23, 2019 10:11:52 AM] Error removing txt for domain:_acme-challenge.myrealdomain.co.uk