Closed zhiqunq closed 5 years ago
I think your issue is probably the same as my issue. Note - See how the root domain is not correctly detected https://github.com/Neilpang/acme.sh/issues/1977
My thought is that the cf dns script is not correctly crawling a cloudflare account for root domains if it has multiple CF Zones. In other words if your cf account has multiple cloudflare accounts associated with it like example-home and kyle-example it won’t work but if you only have one (no cf zones) it works fine.
When I change the code to the following way, the script does not report errors.
_.acme.sh/dnsapi/dnscf.sh
_get_root() {
_cf_zones="$(_readdomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_")"
_cf_zones="" # ADD THIS LINE
_debug2 "_cf_zones" "$_cf_zones"
if [ -z "$_cf_zones" ]; then
_debug "$_DOMAIN_CF_ZONES_CACHE_NAME_ is none, so get it."
if ! _cf_rest GET "zones"; then
return 1
fi
_cf_zones="$response"
_savedomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_" "$(echo "$_cf_zones" | _base64)"
Hope useful.
I have the same issue, fix above didn't help
@KYLE-HILL Can you explain more please ?
@KYLE-HILL Can you explain more please ?
I think there is flawed logic with the zone checking logic specifically:
if [ -z "$_cf_zones" ]; then _debug "$_DOMAIN_CF_ZONES_CACHENAME is none, so get it." if ! _cf_rest GET "zones"; then return 1 fi _cf_zones="$response" _savedomainconf "$_DOMAIN_CF_ZONES_CACHENAME" "$(echo "$_cf_zones" | _base64)" else _debug "$_DOMAIN_CF_ZONES_CACHENAME found" _cf_zones="$(echo "$_cf_zones" | _dbase64)" fi
I think there is a problem with the caching performed to "zones" on the account because the script is incorrectly assuming that all zones are cached. I think this might be an unintended result of the fix for https://github.com/Neilpang/acme.sh/issues/1941 . The script appears to fully function when the following statement is performed: if ! _cf_rest GET "zones"; then return 1 fi _cf_zones="$response"
Notice on my issue https://github.com/Neilpang/acme.sh/issues/1977 as well as https://github.com/Neilpang/acme.sh/issues/1980 the debug text "_CFZONES found" appears within the failed configuration. My working configuration has the debug text "_CFZONES is none, so get it" so this makes me believe that the issue is failing to perform a "GET zones".
Something to note regarding the service account this happens on: The delegated account does not directly control any cloudflare zones/domains. It is merely used for API Usage on Edge Devices to prevent total Cloudflare Account Takeover/Compromise in the event of an API Key Leak. The list for example-home.net itself contains no domains and all domains it is delegated to control are contained within the super admin account kyle-example@gmail.com.
I presume you either have "-" or "+" in your email address? See also comment in #1977
It seems the problem lies with bash
:
[Tue Jan 29 11:17:08 CST 2019] Good, bash is found, so change the shebang to use bash as preferred.
It works if the shell is set to sh
and bash
is removed from the system before installing acme.sh. I realized this because acme.sh works fine in its docker image which is alpine and uses sh
not bash
.
curl https://get.acme.sh | sh
export CF_Key=xxx
export CF_Email=xxx@xxx.com
acme.sh --issue --dns dns_cf -d acme.example.com --debug 2
[Tue Jan 29 11:22:56 CST 2019] Lets find script dir.
[Tue Jan 29 11:22:56 CST 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
[Tue Jan 29 11:22:56 CST 2019] _script='/root/.acme.sh/acme.sh'
[Tue Jan 29 11:22:56 CST 2019] _script_home='/root/.acme.sh'
[Tue Jan 29 11:22:56 CST 2019] Using config home:/root/.acme.sh
[Tue Jan 29 11:22:56 CST 2019] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.1
[Tue Jan 29 11:22:56 CST 2019] _main_domain='acme.example.com'
[Tue Jan 29 11:22:56 CST 2019] _alt_domains='no'
[Tue Jan 29 11:22:56 CST 2019] Using config home:/root/.acme.sh
[Tue Jan 29 11:22:56 CST 2019] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Tue Jan 29 11:22:56 CST 2019] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Tue Jan 29 11:22:56 CST 2019] DOMAIN_PATH='/root/.acme.sh/acme.example.com'
[Tue Jan 29 11:22:56 CST 2019] 'dns_cf' does not contain 'dns'
[Tue Jan 29 11:22:56 CST 2019] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Tue Jan 29 11:22:56 CST 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Jan 29 11:22:56 CST 2019] GET
[Tue Jan 29 11:22:56 CST 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Jan 29 11:22:56 CST 2019] timeout=
[Tue Jan 29 11:22:56 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.VemVuQuCy4 -g '
[Tue Jan 29 11:22:56 CST 2019] ret='0'
[Tue Jan 29 11:22:57 CST 2019] response='{
"dFCho_ZQxRw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}'
[Tue Jan 29 11:22:57 CST 2019] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Jan 29 11:22:57 CST 2019] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Jan 29 11:22:57 CST 2019] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Jan 29 11:22:57 CST 2019] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Jan 29 11:22:57 CST 2019] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Jan 29 11:22:57 CST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Jan 29 11:22:57 CST 2019] ACME_NEW_NONCE
[Tue Jan 29 11:22:57 CST 2019] ACME_VERSION
[Tue Jan 29 11:22:57 CST 2019] Le_NextRenewTime
[Tue Jan 29 11:22:57 CST 2019] _on_before_issue
[Tue Jan 29 11:22:57 CST 2019] _chk_main_domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _chk_alt_domains
[Tue Jan 29 11:22:57 CST 2019] 'dns_cf' does not contain 'no'
[Tue Jan 29 11:22:57 CST 2019] Le_LocalAddress
[Tue Jan 29 11:22:57 CST 2019] d='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] Check for domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _currentRoot='dns_cf'
[Tue Jan 29 11:22:57 CST 2019] d
[Tue Jan 29 11:22:57 CST 2019] 'dns_cf' does not contain 'apache'
[Tue Jan 29 11:22:57 CST 2019] _saved_account_key_hash='GTiK/vPGmHW+vLHHihjntjD0F59YTK8/ARlTB4bng/Q='
[Tue Jan 29 11:22:57 CST 2019] _saved_account_key_hash is not changed, skip register account.
[Tue Jan 29 11:22:57 CST 2019] Read key length:
[Tue Jan 29 11:22:57 CST 2019] _createcsr
[Tue Jan 29 11:22:57 CST 2019] domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] domainlist
[Tue Jan 29 11:22:57 CST 2019] csrkey='/root/.acme.sh/acme.example.com/acme.example.com.key'
[Tue Jan 29 11:22:57 CST 2019] csr='/root/.acme.sh/acme.example.com/acme.example.com.csr'
[Tue Jan 29 11:22:57 CST 2019] csrconf='/root/.acme.sh/acme.example.com/acme.example.com.csr.conf'
[Tue Jan 29 11:22:57 CST 2019] Single domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _is_idn_d='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _idn_temp
[Tue Jan 29 11:22:57 CST 2019] _csr_cn='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] Getting domain auth token for each domain
[Tue Jan 29 11:22:57 CST 2019] d='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] Getting webroot for domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _w='dns_cf'
[Tue Jan 29 11:22:57 CST 2019] _currentRoot='dns_cf'
[Tue Jan 29 11:22:57 CST 2019] Getting new-authz for domain='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Jan 29 11:22:57 CST 2019] Try new-authz for the 0 time.
[Tue Jan 29 11:22:57 CST 2019] _is_idn_d='acme.example.com'
[Tue Jan 29 11:22:57 CST 2019] _idn_temp
[Tue Jan 29 11:22:57 CST 2019] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Jan 29 11:22:57 CST 2019] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.example.com"}}'
[Tue Jan 29 11:22:57 CST 2019] RSA key
[Tue Jan 29 11:22:58 CST 2019] Get nonce with GET. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Tue Jan 29 11:22:58 CST 2019] GET
[Tue Jan 29 11:22:58 CST 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Jan 29 11:22:58 CST 2019] timeout=
[Tue Jan 29 11:22:58 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.Qro440x9Js -g '
[Tue Jan 29 11:22:58 CST 2019] ret='0'
[Tue Jan 29 11:22:58 CST 2019] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: x-MmtgnPIaIBKUx5fVLbnK-lUmPjyHXiKrd7TRVEVTc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 29 Jan 2019 17:22:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Jan 2019 17:22:58 GMT
Connection: keep-alive
'
[Tue Jan 29 11:22:58 CST 2019] _CACHED_NONCE='x-MmtgnPIaIBKUx5fVLbnK-lUmPjyHXiKrd7TRVEVTc'
[Tue Jan 29 11:22:58 CST 2019] nonce='x-MmtgnPIaIBKUx5fVLbnK-lUmPjyHXiKrd7TRVEVTc'
[Tue Jan 29 11:22:58 CST 2019] POST
[Tue Jan 29 11:22:58 CST 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Jan 29 11:22:58 CST 2019] body='{"protected": "eyJub25jZSI6ICJ4LU1tdGduUElhSUJLVXg1ZlZMYm5LLWxVbVBqeUhYaUtyZDdUUlZFVlRjIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ5dHRGa09nR0ZCRlZTSzZ2R3FWdEtOZ2oxRmlCYlc5RXZyeTlZMEZRcFVPU2N6M1Vja1I4ZHRiZ0pkdkhkYzNmdjBWem44NDRDdWRBWVRjVXJSRVVRcnFaNWZvdmtjTnhZQUNxdUxjb1FTbER2X0hXNXpTX1hSTGNwOTNfMzI3NkltMG91RkVlS1BKNjM1blZWUzFWaUVzTXp4Tk5Ld280YU5QM0I0blU2S0JjZVhkVWREaVcwR0p4TE5rbkhscGE2RjJuQi0wTTRmaFVtSzVTNnBvbDlyZjJ2VkV6RWVfYkFobFdJbmQ0SmRsNEFHYzNkaXBvakhGMktvQWllVG43cWJBaENaU3BaZmpiOEVEYlRiRE5IRkNiMEIzekNJcFFrckxKXzl5YWpMWkIxYVd5bWZvY09CSW5iRjhYU2pjemxxdl9SR3R5MzFDTUZQT0dyU0FzdncifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5wbGFndWVmZXN0LmNvbSJ9fQ", "signature": "At4OjhzKMyPZfYgC4GGpUgkKY3jsQ0mx-VcEKy4khuu1UosvVdwM_7GYWW1s65Q7oGHJCze2LjlgnZIbjJhAZaRUltYO_qsQUZxTeLttSTngYGpTP6KvSGLCa0JZw4UZOxUDyMg0YmdfxQiG9LakTJ9uAwntihn2bFVLAhN6SuFu2tgK8Iz6RXqBK1jutHdowcsHD0XgI6Sut7Z7aiHb15MEcFaIn0hCrUFBcR4kSCDjsITG2clb49PJQU9puIFnayXtjNCm_AQDivfHo683JY7mhepqIRjohdhey91TYc89jOXPmm6KYyv7piZoeidbC_rXdpQ2-32NEfcp-iVmuA"}'
[Tue Jan 29 11:22:58 CST 2019] _postContentType='application/jose+json'
[Tue Jan 29 11:22:58 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.et4c4nEqA4 -g '
[Tue Jan 29 11:22:58 CST 2019] _ret='0'
[Tue Jan 29 11:22:58 CST 2019] original='{
"identifier": {
"type": "dns",
"value": "acme.example.com"
},
"status": "pending",
"expires": "2019-02-05T17:22:58Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982",
"token": "hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962984",
"token": "JSYNgR8mZBkhZhMGjKP94DK7xYZGPNCt-JE5yS9yvFA"
},
{
"type": "tls-alpn-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962988",
"token": "J71eM6Hq1gbqs0uqrOyWRTAsKMG6-TcJl13l6fYP148"
}
],
"combinations": [
[
0
],
[
1
],
[
2
]
]
}'
[Tue Jan 29 11:22:58 CST 2019] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 29 Jan 2019 17:22:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1001
Boulder-Requester: 50479457
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE
Replay-Nonce: FdUlB1SQtx2SqyNrgbTLLNaKHBCdQM1EdeHVulEwct4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 29 Jan 2019 17:22:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Jan 2019 17:22:58 GMT
Connection: keep-alive
'
[Tue Jan 29 11:22:58 CST 2019] response='{"identifier":{"type":"dns","value":"acme.example.com"},"status":"pending","expires":"2019-02-05T17:22:58Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982","token":"hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962984","token":"JSYNgR8mZBkhZhMGjKP94DK7xYZGPNCt-JE5yS9yvFA"},{"type":"tls-alpn-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962988","token":"J71eM6Hq1gbqs0uqrOyWRTAsKMG6-TcJl13l6fYP148"}],"combinations":[[0],[1],[2]]}'
[Tue Jan 29 11:22:58 CST 2019] code='201'
[Tue Jan 29 11:22:59 CST 2019] The new-authz request is ok.
[Tue Jan 29 11:22:59 CST 2019] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982","token":"hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk"'
[Tue Jan 29 11:22:59 CST 2019] token='hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk'
[Tue Jan 29 11:22:59 CST 2019] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982'
[Tue Jan 29 11:22:59 CST 2019] keyauthorization='hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg'
[Tue Jan 29 11:22:59 CST 2019] dvlist='acme.example.com#hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg#https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982#dns-01#dns_cf'
[Tue Jan 29 11:22:59 CST 2019] d
[Tue Jan 29 11:22:59 CST 2019] vlist='acme.example.com#hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg#https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982#dns-01#dns_cf,'
[Tue Jan 29 11:22:59 CST 2019] d='acme.example.com'
[Tue Jan 29 11:22:59 CST 2019] _d_alias
[Tue Jan 29 11:22:59 CST 2019] txtdomain='_acme-challenge.acme.example.com'
[Tue Jan 29 11:22:59 CST 2019] txt='ANj1JnK6JF-9TSaBSmN-tLuKYhgeZTRb4sfmruEu_7A'
[Tue Jan 29 11:22:59 CST 2019] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Tue Jan 29 11:22:59 CST 2019] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Tue Jan 29 11:22:59 CST 2019] First detect the root zone
[Tue Jan 29 11:22:59 CST 2019] h='acme.example.com'
[Tue Jan 29 11:22:59 CST 2019] zones?name=acme.example.com
[Tue Jan 29 11:22:59 CST 2019] GET
[Tue Jan 29 11:22:59 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=acme.example.com'
[Tue Jan 29 11:22:59 CST 2019] timeout=
[Tue Jan 29 11:22:59 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.N1ldEGvFCg -g '
[Tue Jan 29 11:22:59 CST 2019] ret='0'
[Tue Jan 29 11:22:59 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:22:59 CST 2019] h='example.com'
[Tue Jan 29 11:22:59 CST 2019] zones?name=example.com
[Tue Jan 29 11:22:59 CST 2019] GET
[Tue Jan 29 11:22:59 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=example.com'
[Tue Jan 29 11:22:59 CST 2019] timeout=
[Tue Jan 29 11:22:59 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.m5WCdgIKnU -g '
[Tue Jan 29 11:23:00 CST 2019] ret='0'
[Tue Jan 29 11:23:00 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:00 CST 2019] h='com'
[Tue Jan 29 11:23:00 CST 2019] zones?name=com
[Tue Jan 29 11:23:00 CST 2019] GET
[Tue Jan 29 11:23:00 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=com'
[Tue Jan 29 11:23:00 CST 2019] timeout=
[Tue Jan 29 11:23:00 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.qAdtxtoXQZ -g '
[Tue Jan 29 11:23:00 CST 2019] ret='0'
[Tue Jan 29 11:23:00 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:00 CST 2019] h
[Tue Jan 29 11:23:00 CST 2019] invalid domain
[Tue Jan 29 11:23:00 CST 2019] Error add txt for domain:_acme-challenge.acme.example.com
[Tue Jan 29 11:23:00 CST 2019] _on_issue_err
[Tue Jan 29 11:23:00 CST 2019] Please add '--debug' or '--log' to check more details.
[Tue Jan 29 11:23:00 CST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Tue Jan 29 11:23:00 CST 2019] _chk_vlist='acme.example.com#hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg#https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982#dns-01#dns_cf,'
[Tue Jan 29 11:23:00 CST 2019] start to deactivate authz
[Tue Jan 29 11:23:00 CST 2019] Trigger domain validation.
[Tue Jan 29 11:23:00 CST 2019] _t_url='https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982'
[Tue Jan 29 11:23:00 CST 2019] _t_key_authz='hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg'
[Tue Jan 29 11:23:00 CST 2019] _t_vtype
[Tue Jan 29 11:23:00 CST 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982'
[Tue Jan 29 11:23:00 CST 2019] payload='{"resource": "challenge", "type": "", "keyAuthorization": "hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg"}'
[Tue Jan 29 11:23:00 CST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Tue Jan 29 11:23:00 CST 2019] Use _CACHED_NONCE='FdUlB1SQtx2SqyNrgbTLLNaKHBCdQM1EdeHVulEwct4'
[Tue Jan 29 11:23:00 CST 2019] nonce='FdUlB1SQtx2SqyNrgbTLLNaKHBCdQM1EdeHVulEwct4'
[Tue Jan 29 11:23:00 CST 2019] POST
[Tue Jan 29 11:23:00 CST 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982'
[Tue Jan 29 11:23:00 CST 2019] body='{"protected": "eyJub25jZSI6ICJGZFVsQjFTUXR4MlNxeU5yZ2JUTExOYUtIQkNkUU0xRWRlSFZ1bEV3Y3Q0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvbzZqNXY0WmZXY1c4UUxaVGFseGFnRjQ2ODdUYzlWbVhTVjNCUE1JM2V1RS8xMjAxNTk2Mjk4MiIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInl0dEZrT2dHRkJGVlNLNnZHcVZ0S05najFGaUJiVzlFdnJ5OVkwRlFwVU9TY3ozVWNrUjhkdGJnSmR2SGRjM2Z2MFZ6bjg0NEN1ZEFZVGNVclJFVVFycVo1Zm92a2NOeFlBQ3F1TGNvUVNsRHZfSFc1elNfWFJMY3A5M18zMjc2SW0wb3VGRWVLUEo2MzVuVlZTMVZpRXNNenhOTkt3bzRhTlAzQjRuVTZLQmNlWGRVZERpVzBHSnhMTmtuSGxwYTZGMm5CLTBNNGZoVW1LNVM2cG9sOXJmMnZWRXpFZV9iQWhsV0luZDRKZGw0QUdjM2RpcG9qSEYyS29BaWVUbjdxYkFoQ1pTcFpmamI4RURiVGJETkhGQ2IwQjN6Q0lwUWtyTEpfOXlhakxaQjFhV3ltZm9jT0JJbmJGOFhTamN6bHF2X1JHdHkzMUNNRlBPR3JTQXN2dyJ9fQ", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAidHlwZSI6ICIiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJoa3REQWlQOGpuMUJ1ZW52VXFTUEN3c0Jqbnp0LWkxV05sbzVVeFZaYmhrLjlCS3lNWE9SX2d6YXk3S3gyVk1IbDdkd2NaLWUtQkZKZHlnWE5QMHVBUWcifQ", "signature": "ki-WxZFDoT5298bw4UF3FyhhDber4OZqtBVcMt9nvX6OWQOCjsC5kxpNGKc4OKh2wfggc1kL2cS1aB6TB5P68BEqkIk5cIJdD81PlhA0tHYeGpPahe-_dAwOOM_zDgPZmQRBPLEaxmF5ap7sd6yjnVLB0OAGUimijiyZBcJsx52BfqMLGwDwzdhllv3XHRQkX8b7OPpRDpxQ2OYinuheR_MmmH1uoO0vYIKP0YiXwA2n7Cpr4mBprVjwFUiS8pVefLxSrFbrbeDNmERJe14XH-t2v_v6G65dttX8AHj-W0bmQtivsLPSys3x9Sb81r9Q61ie_Jx5gj9BpaIJ_LdjaA"}'
[Tue Jan 29 11:23:00 CST 2019] _postContentType='application/jose+json'
[Tue Jan 29 11:23:00 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.fv633CTqtB -g '
[Tue Jan 29 11:23:01 CST 2019] _ret='0'
[Tue Jan 29 11:23:01 CST 2019] original='{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982",
"token": "hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk",
"keyAuthorization": "hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg"
}'
[Tue Jan 29 11:23:01 CST 2019] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 29 Jan 2019 17:23:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 50479457
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982
Replay-Nonce: tkDo--gAkl4n7BeF7Zgh_1uCOD6rE2RUwXH1H9_SOgk
Expires: Tue, 29 Jan 2019 17:23:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Jan 2019 17:23:01 GMT
Connection: keep-alive
'
[Tue Jan 29 11:23:01 CST 2019] response='{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982","token":"hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk","keyAuthorization":"hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg"}'
[Tue Jan 29 11:23:01 CST 2019] code='202'
[Tue Jan 29 11:23:01 CST 2019] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0j 20 Nov 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
[Tue Jan 29 11:23:01 CST 2019] pid
[Tue Jan 29 11:23:01 CST 2019] No need to restore nginx, skip.
[Tue Jan 29 11:23:01 CST 2019] _clearupdns
[Tue Jan 29 11:23:01 CST 2019] dnsadded='0'
[Tue Jan 29 11:23:01 CST 2019] vlist='acme.example.com#hktDAiP8jn1BuenvUqSPCwsBjnzt-i1WNlo5UxVZbhk.9BKyMXOR_gzay7Kx2VMHl7dwcZ-e-BFJdygXNP0uAQg#https://acme-v01.api.letsencrypt.org/acme/challenge/o6j5v4ZfWcW8QLZTalxagF4687Tc9VmXSV3BPMI3euE/12015962982#dns-01#dns_cf,'
[Tue Jan 29 11:23:01 CST 2019] Removing DNS records.
[Tue Jan 29 11:23:01 CST 2019] txt='ANj1JnK6JF-9TSaBSmN-tLuKYhgeZTRb4sfmruEu_7A'
[Tue Jan 29 11:23:01 CST 2019] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Tue Jan 29 11:23:01 CST 2019] _d_alias
[Tue Jan 29 11:23:01 CST 2019] First detect the root zone
[Tue Jan 29 11:23:01 CST 2019] h='acme.example.com'
[Tue Jan 29 11:23:01 CST 2019] zones?name=acme.example.com
[Tue Jan 29 11:23:01 CST 2019] GET
[Tue Jan 29 11:23:01 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=acme.example.com'
[Tue Jan 29 11:23:01 CST 2019] timeout=
[Tue Jan 29 11:23:01 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.lrZmmz5Gwp -g '
[Tue Jan 29 11:23:02 CST 2019] ret='0'
[Tue Jan 29 11:23:02 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:02 CST 2019] h='example.com'
[Tue Jan 29 11:23:02 CST 2019] zones?name=example.com
[Tue Jan 29 11:23:02 CST 2019] GET
[Tue Jan 29 11:23:02 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=example.com'
[Tue Jan 29 11:23:02 CST 2019] timeout=
[Tue Jan 29 11:23:02 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.HU9Nh5PdJH -g '
[Tue Jan 29 11:23:02 CST 2019] ret='0'
[Tue Jan 29 11:23:02 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:02 CST 2019] h='com'
[Tue Jan 29 11:23:02 CST 2019] zones?name=com
[Tue Jan 29 11:23:02 CST 2019] GET
[Tue Jan 29 11:23:02 CST 2019] url='https://api.cloudflare.com/client/v4/zones?name=com'
[Tue Jan 29 11:23:02 CST 2019] timeout=
[Tue Jan 29 11:23:02 CST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.WdRzSljG7B -g '
[Tue Jan 29 11:23:02 CST 2019] ret='0'
[Tue Jan 29 11:23:02 CST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Jan 29 11:23:02 CST 2019] h
[Tue Jan 29 11:23:02 CST 2019] invalid domain
[Tue Jan 29 11:23:02 CST 2019] Error removing txt for domain:_acme-challenge.acme.example.com
Hey,
I had the same issue and I've a '+' in the SAVED_CF_EMAIL variable on data/account.conf.
Everything was working good until I upgraded to 2.8.0, once I downgraded to 2.7.9, everything started working again.
I too have the same issue. I don't have a + or - in my email address and I have latest version installed (2.8.0)
My thought is that the cf dns script is not correctly crawling a cloudflare account for root domains if it has multiple CF Zones. In other words if your cf account has multiple cloudflare accounts associated with it like example-home and kyle-example it won’t work but if you only have one (no cf zones) it works fine.
I have no idea if this is the case but I do have multiple domains in my CF account. I have acme.sh installed on another site and that works fine with that CF account but the domain I'm obtaining the certificate for was the first domain registered in that account.
[Sat, Feb 23, 2019 10:10:45 AM] Lets find script dir. [Sat, Feb 23, 2019 10:10:45 AM] SCRIPT='/home/AESIT/.acme.sh/acme.sh' [Sat, Feb 23, 2019 10:10:45 AM] _script='/home/AESIT/.acme.sh/acme.sh' [Sat, Feb 23, 2019 10:10:45 AM] _script_home='/home/AESIT/.acme.sh' [Sat, Feb 23, 2019 10:10:45 AM] Using config home:/home/AESIT/.acme.sh [Sat, Feb 23, 2019 10:10:46 AM] LE_WORKING_DIR='/home/AESIT/.acme.sh' https://github.com/Neilpang/acme.sh v2.8.1 [Sat, Feb 23, 2019 10:10:46 AM] _main_domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:46 AM] _alt_domains='no' [Sat, Feb 23, 2019 10:10:46 AM] Using config home:/home/AESIT/.acme.sh [Sat, Feb 23, 2019 10:10:46 AM] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Sat, Feb 23, 2019 10:10:46 AM] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory' [Sat, Feb 23, 2019 10:10:47 AM] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org' [Sat, Feb 23, 2019 10:10:47 AM] DOMAIN_PATH='/home/AESIT/certificates/.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:47 AM] 'dns_cf' does not contain 'dns' [Sat, Feb 23, 2019 10:10:47 AM] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Sat, Feb 23, 2019 10:10:47 AM] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory [Sat, Feb 23, 2019 10:10:47 AM] GET [Sat, Feb 23, 2019 10:10:48 AM] url='https://acme-staging-v02.api.letsencrypt.org/directory' [Sat, Feb 23, 2019 10:10:48 AM] timeout= [Sat, Feb 23, 2019 10:10:48 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.39qPalNF3Z -g ' [Sat, Feb 23, 2019 10:10:49 AM] ret='0' [Sat, Feb 23, 2019 10:10:49 AM] response='{ "C3Yfub7P3Rs": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org/docs/staging-environment/" }, "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert" }' [Sat, Feb 23, 2019 10:10:53 AM] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change' [Sat, Feb 23, 2019 10:10:53 AM] ACME_NEW_AUTHZ [Sat, Feb 23, 2019 10:10:53 AM] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Sat, Feb 23, 2019 10:10:53 AM] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' [Sat, Feb 23, 2019 10:10:54 AM] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert' [Sat, Feb 23, 2019 10:10:54 AM] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Sat, Feb 23, 2019 10:10:54 AM] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Sat, Feb 23, 2019 10:10:54 AM] ACME_VERSION='2' [Sat, Feb 23, 2019 10:10:54 AM] Le_NextRenewTime [Sat, Feb 23, 2019 10:10:57 AM] _on_before_issue [Sat, Feb 23, 2019 10:10:57 AM] _chk_main_domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:57 AM] _chk_alt_domains [Sat, Feb 23, 2019 10:10:58 AM] 'dns_cf' does not contain 'no' [Sat, Feb 23, 2019 10:10:58 AM] Le_LocalAddress [Sat, Feb 23, 2019 10:10:58 AM] d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:58 AM] Check for domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:10:58 AM] _currentRoot='dns_cf' [Sat, Feb 23, 2019 10:10:59 AM] d [Sat, Feb 23, 2019 10:10:59 AM] 'dns_cf' does not contain 'apache' [Sat, Feb 23, 2019 10:10:59 AM] _saved_account_key_hash='wDqgt+g6J494STsUA+tE2McjeOENdw9xdkd5n3Ro3a8=' [Sat, Feb 23, 2019 10:10:59 AM] _saved_account_key_hash is not changed, skip register account. [Sat, Feb 23, 2019 10:11:00 AM] Read key length: [Sat, Feb 23, 2019 10:11:00 AM] _createcsr [Sat, Feb 23, 2019 10:11:00 AM] domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:00 AM] domainlist [Sat, Feb 23, 2019 10:11:00 AM] csrkey='/home/AESIT/certificates/.myrealdomain.co.uk/.myrealdomain.co.uk.key' [Sat, Feb 23, 2019 10:11:00 AM] csr='/home/AESIT/certificates/.myrealdomain.co.uk/.myrealdomain.co.uk.csr' [Sat, Feb 23, 2019 10:11:00 AM] csrconf='/home/AESIT/certificates/.myrealdomain.co.uk/.myrealdomain.co.uk.csr.conf' [Sat, Feb 23, 2019 10:11:00 AM] Single domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:00 AM] _is_idn_d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:01 AM] _idn_temp [Sat, Feb 23, 2019 10:11:01 AM] _csr_cn='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:01 AM] Getting domain auth token for each domain [Sat, Feb 23, 2019 10:11:02 AM] d [Sat, Feb 23, 2019 10:11:02 AM] _identifiers='{"type":"dns","value":".myrealdomain.co.uk"}' [Sat, Feb 23, 2019 10:11:02 AM] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Sat, Feb 23, 2019 10:11:02 AM] payload='{"identifiers": [{"type":"dns","value":".myrealdomain.co.uk"}]}' [Sat, Feb 23, 2019 10:11:02 AM] RSA key [Sat, Feb 23, 2019 10:11:03 AM] _URGLY_PRINTF [Sat, Feb 23, 2019 10:11:03 AM] xargs [Sat, Feb 23, 2019 10:11:04 AM] _URGLY_PRINTF [Sat, Feb 23, 2019 10:11:04 AM] xargs [Sat, Feb 23, 2019 10:11:04 AM] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Sat, Feb 23, 2019 10:11:04 AM] HEAD [Sat, Feb 23, 2019 10:11:04 AM] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Sat, Feb 23, 2019 10:11:04 AM] body [Sat, Feb 23, 2019 10:11:05 AM] _postContentType='application/jose+json' [Sat, Feb 23, 2019 10:11:05 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:06 AM] _ret='0' [Sat, Feb 23, 2019 10:11:06 AM] _headers='HTTP/1.1 200 OK Server: nginx Replay-Nonce: BgkWPjzSByNqkXHEVbLtLYSnB-ntQxoT0m-aVujSdKI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Content-Length: 0 Expires: Sat, 23 Feb 2019 10:11:06 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 23 Feb 2019 10:11:06 GMT Connection: keep-alive ' [Sat, Feb 23, 2019 10:11:06 AM] _CACHED_NONCE='BgkWPjzSByNqkXHEVbLtLYSnB-ntQxoT0m-aVujSdKI' [Sat, Feb 23, 2019 10:11:07 AM] nonce='BgkWPjzSByNqkXHEVbLtLYSnB-ntQxoT0m-aVujSdKI' [Sat, Feb 23, 2019 10:11:08 AM] POST [Sat, Feb 23, 2019 10:11:08 AM] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Sat, Feb 23, 2019 10:11:08 AM] body='{"protected": "eyJub25jZSI6ICJCZ2tXUGp6U0J5TnFrWEhFVmJMdExZU25CLW50UXhvVDBtLWFWdWpTZEtJIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84MzMxMDI3In0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IiouYWVzZW5ncy5jby51ayJ9XX0", "signature": "CaMebHNoYggQQxQq1Hixo78Sg0y_ZxV8d71sZfD_Oj2aIzyllNYaWm3lm3FLYJkZOGR_kPdBWyAIyfC4HkwFpntB434scJT4lrcUMUbxCcFBb7m3coTPw_mcy01kAFEdmkawsna_Zju8HFEane7qa2GplCVcUeAh2nUjE-CyqqoEfN4fK_6cN6ZmMOhu_AmMB7g586VQJf4mzAn1D4CY2E2aDePKc6rBgHOCNFSZIJ0QNFTeKfeIwn49yD8QodB9JhsfMpx8ZlJ3QIpogo-l1OYTPtli0oL_cGpv0F2CQ6bQOBYqGRSDOM3xzzFTLfPNyrytnU55yE9qJy-l6aIdVg"}' [Sat, Feb 23, 2019 10:11:08 AM] _postContentType='application/jose+json' [Sat, Feb 23, 2019 10:11:08 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:08 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:09 AM] _ret='0' [Sat, Feb 23, 2019 10:11:09 AM] responseHeaders='HTTP/1.1 201 Created Server: nginx Content-Type: application/json Content-Length: 388 Boulder-Requester: 8331027 Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/8331027/24163481 Replay-Nonce: gjxuLxsM42bqZoOo37_Vv_T4wd02UzgKkUTs4Ie6Hh0 X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sat, 23 Feb 2019 10:11:09 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 23 Feb 2019 10:11:09 GMT Connection: keep-alive ' [Sat, Feb 23, 2019 10:11:10 AM] code='201' [Sat, Feb 23, 2019 10:11:10 AM] original='{ "status": "pending", "expires": "2019-03-02T10:11:09.431049501Z", "identifiers": [ { "type": "dns", "value": ".myrealdomain.co.uk" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8331027/24163481" }' [Sat, Feb 23, 2019 10:11:10 AM] response='{"status":"pending","expires":"2019-03-02T10:11:09.431049501Z","identifiers":[{"type":"dns","value":".myrealdomain.co.uk"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8331027/24163481"}' [Sat, Feb 23, 2019 10:11:11 AM] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8331027/24163481' [Sat, Feb 23, 2019 10:11:12 AM] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E' [Sat, Feb 23, 2019 10:11:12 AM] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E' [Sat, Feb 23, 2019 10:11:12 AM] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E' [Sat, Feb 23, 2019 10:11:12 AM] payload [Sat, Feb 23, 2019 10:11:12 AM] Use cached jwk for file: /home/AESIT/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key [Sat, Feb 23, 2019 10:11:13 AM] Use _CACHED_NONCE='gjxuLxsM42bqZoOo37_Vv_T4wd02UzgKkUTs4Ie6Hh0' [Sat, Feb 23, 2019 10:11:13 AM] nonce='gjxuLxsM42bqZoOo37_Vv_T4wd02UzgKkUTs4Ie6Hh0' [Sat, Feb 23, 2019 10:11:14 AM] POST [Sat, Feb 23, 2019 10:11:14 AM] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E' [Sat, Feb 23, 2019 10:11:14 AM] body='{"protected": "eyJub25jZSI6ICJnanh1THhzTTQyYnFab09vMzdfVnZfVDR3ZDAyVXpnS2tVVHM0SWU2SGgwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L2tlSm5xVDdFS281b2FrR0pKNXRDR1VPZUMySXB1OU1LYUlVWjMwQ3d2X0UiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODMzMTAyNyJ9", "payload": "", "signature": "PYjSP3Ps-a-Htw_L3MZI74mF9SRcxaAi7o0uf-0efGWB_Hn2EmkHNKmWRDRXHzPJacT00T5HVDwk7YtF4HVRrHIzPFfjmhbqpviPZGboowqlKbKyCEorUWcqbRSO_ye7RGtohevX4ejyjegmkjZVzCQaCWh6UmP-b5T-gogcpKd26uSRcnIDlXopy3HmmU7fT5z7M_sdkqYuk-9OPxueNmwNtcm2pVB30lctAi9nQhziERwee9z_HhCOYOkHObIuHT17Em09fDBbFObXstCtWNpUsGL3wi2RnJ_C54sn2Ra8VqJaQgkYfj825su3Q3pA2hidNYpJbqpXBj3hKrCQ6A"}' [Sat, Feb 23, 2019 10:11:14 AM] _postContentType='application/jose+json' [Sat, Feb 23, 2019 10:11:14 AM] Http already initialized. [Sat, Feb 23, 2019 10:11:15 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g ' [Sat, Feb 23, 2019 10:11:16 AM] _ret='0' [Sat, Feb 23, 2019 10:11:16 AM] responseHeaders='HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 430 Boulder-Requester: 8331027 Replay-Nonce: h_qfiPNCPa7cL3hFQ1lhPKwkK7M6GvbnEdrCZdVt9TM X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sat, 23 Feb 2019 10:11:15 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 23 Feb 2019 10:11:15 GMT Connection: keep-alive ' [Sat, Feb 23, 2019 10:11:16 AM] code='200' [Sat, Feb 23, 2019 10:11:16 AM] original='{ "identifier": { "type": "dns", "value": "myrealdomain.co.uk" }, "status": "pending", "expires": "2019-03-02T10:11:09Z", "challenges": [ { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406", "token": "LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4" } ], "wildcard": true }' [Sat, Feb 23, 2019 10:11:16 AM] response='{"identifier":{"type":"dns","value":"myrealdomain.co.uk"},"status":"pending","expires":"2019-03-02T10:11:09Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}],"wildcard": true}' [Sat, Feb 23, 2019 10:11:17 AM] response='{"identifier":{"type":"dns","value":"myrealdomain.co.uk"},"status":"pending","expires":"2019-03-02T10:11:09Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}],"wildcard": true}' [Sat, Feb 23, 2019 10:11:18 AM] _d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:18 AM] _authorizations_map='.myrealdomain.co.uk,{"identifier":{"type":"dns","value":"myrealdomain.co.uk"},"status":"pending","expires":"2019-03-02T10:11:09Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}],"wildcard": true} ' [Sat, Feb 23, 2019 10:11:18 AM] d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:18 AM] Getting webroot for domain='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:18 AM] _w='dns_cf' [Sat, Feb 23, 2019 10:11:19 AM] _currentRoot='dns_cf' [Sat, Feb 23, 2019 10:11:19 AM] response='{"identifier":{"type":"dns","value":"myrealdomain.co.uk"},"status":"pending","expires":"2019-03-02T10:11:09Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}],"wildcard": true}' [Sat, Feb 23, 2019 10:11:19 AM] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"' [Sat, Feb 23, 2019 10:11:20 AM] token='LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4' [Sat, Feb 23, 2019 10:11:20 AM] uri='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406' [Sat, Feb 23, 2019 10:11:20 AM] keyauthorization='LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU' [Sat, Feb 23, 2019 10:11:21 AM] dvlist='.myrealdomain.co.uk#LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406#dns-01#dns_cf' [Sat, Feb 23, 2019 10:11:21 AM] d [Sat, Feb 23, 2019 10:11:21 AM] vlist='.myrealdomain.co.uk#LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406#dns-01#dns_cf,' [Sat, Feb 23, 2019 10:11:22 AM] d='.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:22 AM] _d_alias [Sat, Feb 23, 2019 10:11:23 AM] txtdomain='_acme-challenge.myrealdomain.co.uk' [Sat, Feb 23, 2019 10:11:23 AM] txt='xZcxY6YR3mWPjhfRJFx0qNPjm3znfQ06aQXO-3OjQvc' [Sat, Feb 23, 2019 10:11:23 AM] d_api='/home/AESIT/.acme.sh/dnsapi/dns_cf.sh' [Sat, Feb 23, 2019 10:11:23 AM] myrealdomain.co.uk,_acme-challenge.myrealdomain.co.uk,,dns_cf,xZcxY6YR3mWPjhfRJFx0qNPjm3znfQ06aQXO-3OjQvc,/home/AESIT/.acme.sh/dnsapi/dns_cf.sh
[Sat, Feb 23, 2019 10:11:23 AM] Found domain api file: /home/AESIT/.acme.sh/dnsapi/dns_cf.sh
[Sat, Feb 23, 2019 10:11:25 AM] First detect the root zone
[Sat, Feb 23, 2019 10:11:25 AM] h='myrealdomain.co.uk'
[Sat, Feb 23, 2019 10:11:25 AM] zones?name=myrealdomain.co.uk
[Sat, Feb 23, 2019 10:11:26 AM] GET
[Sat, Feb 23, 2019 10:11:26 AM] url='https://api.cloudflare.com/client/v4/zones?name=myrealdomain.co.uk'
[Sat, Feb 23, 2019 10:11:26 AM] timeout=
[Sat, Feb 23, 2019 10:11:26 AM] Http already initialized.
[Sat, Feb 23, 2019 10:11:27 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g '
[Sat, Feb 23, 2019 10:11:28 AM] ret='0'
[Sat, Feb 23, 2019 10:11:28 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Sat, Feb 23, 2019 10:11:28 AM] h='co.uk'
[Sat, Feb 23, 2019 10:11:28 AM] zones?name=co.uk
[Sat, Feb 23, 2019 10:11:28 AM] GET
[Sat, Feb 23, 2019 10:11:29 AM] url='https://api.cloudflare.com/client/v4/zones?name=co.uk'
[Sat, Feb 23, 2019 10:11:29 AM] timeout=
[Sat, Feb 23, 2019 10:11:29 AM] Http already initialized.
[Sat, Feb 23, 2019 10:11:30 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g '
[Sat, Feb 23, 2019 10:11:30 AM] ret='0'
[Sat, Feb 23, 2019 10:11:30 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Sat, Feb 23, 2019 10:11:31 AM] h='uk'
[Sat, Feb 23, 2019 10:11:31 AM] zones?name=uk
[Sat, Feb 23, 2019 10:11:31 AM] GET
[Sat, Feb 23, 2019 10:11:31 AM] url='https://api.cloudflare.com/client/v4/zones?name=uk'
[Sat, Feb 23, 2019 10:11:32 AM] timeout=
[Sat, Feb 23, 2019 10:11:32 AM] Http already initialized.
[Sat, Feb 23, 2019 10:11:32 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g '
[Sat, Feb 23, 2019 10:11:33 AM] ret='0'
[Sat, Feb 23, 2019 10:11:33 AM] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Sat, Feb 23, 2019 10:11:33 AM] h
[Sat, Feb 23, 2019 10:11:33 AM] invalid domain
[Sat, Feb 23, 2019 10:11:34 AM] Error add txt for domain:_acme-challenge.myrealdomain.co.uk
[Sat, Feb 23, 2019 10:11:34 AM] _on_issue_err
[Sat, Feb 23, 2019 10:11:34 AM] Please check log file for more details: /home/AESIT/.acme.sh/acme.sh.log
[Sat, Feb 23, 2019 10:11:34 AM] _chk_vlist='*.myrealdomain.co.uk#LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406#dns-01#dns_cf,'
[Sat, Feb 23, 2019 10:11:34 AM] start to deactivate authz
[Sat, Feb 23, 2019 10:11:35 AM] Trigger domain validation.
[Sat, Feb 23, 2019 10:11:35 AM] _t_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406'
[Sat, Feb 23, 2019 10:11:35 AM] _t_key_authz='LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU'
[Sat, Feb 23, 2019 10:11:35 AM] _t_vtype
[Sat, Feb 23, 2019 10:11:35 AM] url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406'
[Sat, Feb 23, 2019 10:11:36 AM] payload='{"keyAuthorization": "LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4.hnYTssh0NNxvjxyUSB0QyvkPwdYwldSdBrVriOE-0hU"}'
[Sat, Feb 23, 2019 10:11:36 AM] Use cached jwk for file: /home/AESIT/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sat, Feb 23, 2019 10:11:36 AM] Use _CACHED_NONCE='h_qfiPNCPa7cL3hFQ1lhPKwkK7M6GvbnEdrCZdVt9TM'
[Sat, Feb 23, 2019 10:11:36 AM] nonce='h_qfiPNCPa7cL3hFQ1lhPKwkK7M6GvbnEdrCZdVt9TM'
[Sat, Feb 23, 2019 10:11:37 AM] POST
[Sat, Feb 23, 2019 10:11:38 AM] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406'
[Sat, Feb 23, 2019 10:11:38 AM] body='{"protected": "eyJub25jZSI6ICJoX3FmaVBOQ1BhN2NMM2hGUTFsaFBLd2tLN002R3ZibkVkckNaZFZ0OVRNIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsZW5nZS9rZUpucVQ3RUtvNW9ha0dKSjV0Q0dVT2VDMklwdTlNS2FJVVozMEN3dl9FLzI1MjQ1MTQwNiIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84MzMxMDI3In0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIkxJQ2NHeWhiR3lTMVJVREMyYzRKaDQ4bWk5Mk0xNEk1T0pZVTZPaHBKYzQuaG5ZVHNzaDBOTnh2anh5VVNCMFF5dmtQd2RZd2xkU2RCclZyaU9FLTBoVSJ9", "signature": "h-Xc4ifOC-2LKntQ6l5Yz4DaF4H31DEKruaaa6COlpviuUaEm1yjnFBzWJR77yW9g_pufhMr5VB0s_mMFK8lc2CjE0QDYMkyMQ5M96ieCU6Iyd2rs6xzFnWkgz7QGklDibFaVqOdTUiLB2saKNuAhhYSk5or-kDzbBd8QWSc40FO91GI5lIajzwBmIxCcPBuoMVZsys5NAHCurQL_ZLb9GqZBruylsO49v-qfy9YBIs6DZPPJA1m9o4-hnZiYrqLPPzwLJyzKVrCuB_dKIXbGu5ErwhNvZ7t7vB04_wdUDwNDUNoPVj2my4HoscpruFIjMCMEcBPLfMB-rg9hbm4_Q"}'
[Sat, Feb 23, 2019 10:11:38 AM] _postContentType='application/jose+json'
[Sat, Feb 23, 2019 10:11:38 AM] Http already initialized.
[Sat, Feb 23, 2019 10:11:38 AM] _CURL='curl -L --silent --dump-header /home/AESIT/.acme.sh/http.header --trace-ascii /tmp/tmp.CV7nJ9Kz5a -g '
[Sat, Feb 23, 2019 10:11:39 AM] _ret='0'
[Sat, Feb 23, 2019 10:11:39 AM] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 229
Boulder-Requester: 8331027
Link: https://acme-staging-v02.api.letsencrypt.org/acme/authz/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406
Replay-Nonce: GVP7nOxv2fDarcJn4mBMEjLlXKznefrWhAFEtDtZtro
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 23 Feb 2019 10:11:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 23 Feb 2019 10:11:39 GMT
Connection: keep-alive
'
[Sat, Feb 23, 2019 10:11:39 AM] code='200'
[Sat, Feb 23, 2019 10:11:39 AM] original='{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406",
"token": "LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"
}'
[Sat, Feb 23, 2019 10:11:40 AM] response='{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/keJnqT7EKo5oakGJJ5tCGUOeC2Ipu9MKaIUZ30Cwv_E/252451406","token":"LICcGyhbGyS1RUDC2c4Jh48mi92M14I5OJYU6OhpJc4"}'
[Sat, Feb 23, 2019 10:11:41 AM] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2p 14 Aug 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options]
Please help me. I don't know what the problem is. The following errors have been made all the time.
Steps to reproduce
Debug log