search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.28k stars 4.96k forks source link

"Incorrect TXT record" on gandi.net's LiveDNS for wildcard (previously worked) #2102

Closed tehfink closed 5 years ago

tehfink commented 5 years ago

Steps to reproduce

Previously (in November), I was able to successfully obtain wildcard certificates from gandi.net's LiveDNS API using acme.sh. However, certificate renewal failed, and now the same commands give errors on FreeBSD 11.2:

# su - acme /usr/local/bin/acme.sh --issue --force --dns dns_gandi_livedns -d example -d '*.example' --keylength 4096 --cert-file /usr/local/etc/letsencrypt/example/cert.pem --key-file /usr/local/etc/letsencrypt/example/key.pem --fullchain-file /usr/local/etc/letsencrypt/example/fullchain.pem
[Tue Feb 19 21:04:26 UTC 2019] Multi domain='DNS:example,DNS:*.example'
[Tue Feb 19 21:04:26 UTC 2019] Getting domain auth token for each domain
[Tue Feb 19 21:04:28 UTC 2019] Getting webroot for domain='example'
[Tue Feb 19 21:04:28 UTC 2019] Getting webroot for domain='*.example'
[Tue Feb 19 21:04:28 UTC 2019] Found domain api file: /var/db/acme/.acme.sh/dnsapi/dns_gandi_livedns.sh
[Tue Feb 19 21:04:29 UTC 2019] Add success
[Tue Feb 19 21:04:29 UTC 2019] Found domain api file: /var/db/acme/.acme.sh/dnsapi/dns_gandi_livedns.sh
[Tue Feb 19 21:04:30 UTC 2019] Add success
[Tue Feb 19 21:04:30 UTC 2019] Sleep 90 seconds for the txt records to take effect
[Tue Feb 19 21:06:00 UTC 2019] Verifying: example
[Tue Feb 19 21:06:03 UTC 2019] example:Verify error:Incorrect TXT record 
[Tue Feb 19 21:06:03 UTC 2019] Removing DNS records.
[Tue Feb 19 21:06:04 UTC 2019] Please add '--debug' or '--log' to check more details.
[Tue Feb 19 21:06:04 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

I've also tried with --dnssleep values of 180 & 1800 over the last few days.

Debug log

# /usr/local/bin/acme.sh --version
https://github.com/Neilpang/acme.sh
v2.8.1
# su - acme /usr/local/bin/acme.sh --issue --test --force --dns dns_gandi_livedns -d example -d '*.example' --keylength 4096 --cert-file /usr/local/etc/letsencrypt/example/cert.pem --key-file /usr/local/etc/letsencrypt/example/key.pem --fullchain-file /usr/local/etc/letsencrypt/example/fullchain.pem --staging --debug  2>&1 | tee /tmp/acme.log
[Mon Feb 18 07:55:38 UTC 2019] Lets find script dir.
[Mon Feb 18 07:55:38 UTC 2019] _SCRIPT_='/usr/local/bin/acme.sh'
[Mon Feb 18 07:55:38 UTC 2019] _script='/usr/local/bin/acme.sh'
[Mon Feb 18 07:55:38 UTC 2019] _script_home='/usr/local/bin'
[Mon Feb 18 07:55:38 UTC 2019] Using default home:/var/db/acme/.acme.sh
[Mon Feb 18 07:55:38 UTC 2019] Using config home:/var/db/acme/.acme.sh
https://github.com/Neilpang/acme.sh
v2.8.1
[Mon Feb 18 07:55:38 UTC 2019] _main_domain='example'
[Mon Feb 18 07:55:38 UTC 2019] _alt_domains='*.example'
[Mon Feb 18 07:55:38 UTC 2019] Using config home:/var/db/acme/.acme.sh
[Mon Feb 18 07:55:38 UTC 2019] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Feb 18 07:55:39 UTC 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Feb 18 07:55:39 UTC 2019] DOMAIN_PATH='/var/db/acme/.acme.sh/example'
[Mon Feb 18 07:55:39 UTC 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Feb 18 07:55:39 UTC 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Mon Feb 18 07:55:39 UTC 2019] GET
[Mon Feb 18 07:55:39 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Mon Feb 18 07:55:39 UTC 2019] timeout=
[Mon Feb 18 07:55:39 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:39 UTC 2019] ret='0'
[Mon Feb 18 07:55:39 UTC 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Mon Feb 18 07:55:39 UTC 2019] ACME_NEW_AUTHZ
[Mon Feb 18 07:55:39 UTC 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Feb 18 07:55:39 UTC 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Mon Feb 18 07:55:39 UTC 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Feb 18 07:55:39 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Feb 18 07:55:39 UTC 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Feb 18 07:55:39 UTC 2019] ACME_VERSION='2'
[Mon Feb 18 07:55:39 UTC 2019] Le_NextRenewTime='1546566476'
[Mon Feb 18 07:55:39 UTC 2019] _on_before_issue
[Mon Feb 18 07:55:39 UTC 2019] _chk_main_domain='example'
[Mon Feb 18 07:55:39 UTC 2019] _chk_alt_domains='*.example'
[Mon Feb 18 07:55:39 UTC 2019] Le_LocalAddress
[Mon Feb 18 07:55:39 UTC 2019] d='example'
[Mon Feb 18 07:55:39 UTC 2019] Check for domain='example'
[Mon Feb 18 07:55:39 UTC 2019] _currentRoot='dns_gandi_livedns'
[Mon Feb 18 07:55:39 UTC 2019] d='*.example'
[Mon Feb 18 07:55:39 UTC 2019] Check for domain='*.example'
[Mon Feb 18 07:55:39 UTC 2019] _currentRoot='dns_gandi_livedns'
[Mon Feb 18 07:55:39 UTC 2019] d
[Mon Feb 18 07:55:39 UTC 2019] _saved_account_key_hash is not changed, skip register account.
[Mon Feb 18 07:55:39 UTC 2019] Read key length:4096
[Mon Feb 18 07:55:39 UTC 2019] _createcsr
[Mon Feb 18 07:55:39 UTC 2019] Multi domain='DNS:example,DNS:*.example'
[Mon Feb 18 07:55:39 UTC 2019] Getting domain auth token for each domain
[Mon Feb 18 07:55:39 UTC 2019] d='*.example'
[Mon Feb 18 07:55:39 UTC 2019] d
[Mon Feb 18 07:55:39 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Feb 18 07:55:39 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"example"},{"type":"dns","value":"*.example"}]}'
[Mon Feb 18 07:55:39 UTC 2019] RSA key
[Mon Feb 18 07:55:40 UTC 2019] HEAD
[Mon Feb 18 07:55:40 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Feb 18 07:55:40 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:40 UTC 2019] _ret='0'
[Mon Feb 18 07:55:40 UTC 2019] POST
[Mon Feb 18 07:55:40 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Mon Feb 18 07:55:40 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:40 UTC 2019] _ret='0'
[Mon Feb 18 07:55:41 UTC 2019] code='201'
[Mon Feb 18 07:55:41 UTC 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8271551/23759621'
[Mon Feb 18 07:55:41 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ'
[Mon Feb 18 07:55:41 UTC 2019] payload
[Mon Feb 18 07:55:41 UTC 2019] POST
[Mon Feb 18 07:55:41 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ'
[Mon Feb 18 07:55:41 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:41 UTC 2019] _ret='0'
[Mon Feb 18 07:55:41 UTC 2019] code='200'
[Mon Feb 18 07:55:41 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI'
[Mon Feb 18 07:55:41 UTC 2019] payload
[Mon Feb 18 07:55:41 UTC 2019] POST
[Mon Feb 18 07:55:41 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI'
[Mon Feb 18 07:55:41 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:41 UTC 2019] _ret='0'
[Mon Feb 18 07:55:41 UTC 2019] code='200'
[Mon Feb 18 07:55:41 UTC 2019] d='example'
[Mon Feb 18 07:55:41 UTC 2019] Getting webroot for domain='example'
[Mon Feb 18 07:55:41 UTC 2019] _w='dns_gandi_livedns'
[Mon Feb 18 07:55:41 UTC 2019] _currentRoot='dns_gandi_livedns'
[Mon Feb 18 07:55:41 UTC 2019] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285","token":"Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U"'
[Mon Feb 18 07:55:41 UTC 2019] token='Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U'
[Mon Feb 18 07:55:41 UTC 2019] uri='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285'
[Mon Feb 18 07:55:41 UTC 2019] keyauthorization='Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw'
[Mon Feb 18 07:55:41 UTC 2019] dvlist='example#Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285#dns-01#dns_gandi_livedns'
[Mon Feb 18 07:55:41 UTC 2019] d='*.example'
[Mon Feb 18 07:55:41 UTC 2019] Getting webroot for domain='*.example'
[Mon Feb 18 07:55:41 UTC 2019] _w='dns_gandi_livedns'
[Mon Feb 18 07:55:41 UTC 2019] _currentRoot='dns_gandi_livedns'
[Mon Feb 18 07:55:41 UTC 2019] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ/248493282","token":"wIU-6q7b359DGQpCMGrhwJmBkiBbEvkVRGelMRYLGBE"'
[Mon Feb 18 07:55:41 UTC 2019] token='wIU-6q7b359DGQpCMGrhwJmBkiBbEvkVRGelMRYLGBE'
[Mon Feb 18 07:55:41 UTC 2019] uri='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ/248493282'
[Mon Feb 18 07:55:41 UTC 2019] keyauthorization='wIU-6q7b359DGQpCMGrhwJmBkiBbEvkVRGelMRYLGBE.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw'
[Mon Feb 18 07:55:41 UTC 2019] dvlist='*.example#wIU-6q7b359DGQpCMGrhwJmBkiBbEvkVRGelMRYLGBE.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ/248493282#dns-01#dns_gandi_livedns'
[Mon Feb 18 07:55:41 UTC 2019] d
[Mon Feb 18 07:55:41 UTC 2019] vlist='example#Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285#dns-01#dns_gandi_livedns,*.example#wIU-6q7b359DGQpCMGrhwJmBkiBbEvkVRGelMRYLGBE.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ/248493282#dns-01#dns_gandi_livedns,'
[Mon Feb 18 07:55:41 UTC 2019] d='example'
[Mon Feb 18 07:55:41 UTC 2019] _d_alias
[Mon Feb 18 07:55:41 UTC 2019] txtdomain='_acme-challenge.example'
[Mon Feb 18 07:55:41 UTC 2019] txt='ckUihahTFRRrF8yDVsAYTuEd6oVdl46f2vGVm3cA1IQ'
[Mon Feb 18 07:55:41 UTC 2019] d_api='/var/db/acme/.acme.sh/dnsapi/dns_gandi_livedns.sh'
[Mon Feb 18 07:55:41 UTC 2019] Found domain api file: /var/db/acme/.acme.sh/dnsapi/dns_gandi_livedns.sh
[Mon Feb 18 07:55:41 UTC 2019] First detect the root zone
[Mon Feb 18 07:55:41 UTC 2019] h='example'
[Mon Feb 18 07:55:41 UTC 2019] domains/example
[Mon Feb 18 07:55:41 UTC 2019] GET
[Mon Feb 18 07:55:41 UTC 2019] url='https://dns.api.gandi.net/api/v5/domains/example'
[Mon Feb 18 07:55:41 UTC 2019] timeout=
[Mon Feb 18 07:55:41 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:42 UTC 2019] ret='0'
[Mon Feb 18 07:55:42 UTC 2019] fulldomain='_acme-challenge.example'
[Mon Feb 18 07:55:42 UTC 2019] txtvalue='ckUihahTFRRrF8yDVsAYTuEd6oVdl46f2vGVm3cA1IQ'
[Mon Feb 18 07:55:42 UTC 2019] domain='example'
[Mon Feb 18 07:55:42 UTC 2019] sub_domain='_acme-challenge'
[Mon Feb 18 07:55:42 UTC 2019] domains/example/records/_acme-challenge/TXT
[Mon Feb 18 07:55:42 UTC 2019] data='{"rrset_ttl": 300, "rrset_values":["ckUihahTFRRrF8yDVsAYTuEd6oVdl46f2vGVm3cA1IQ"]}'
[Mon Feb 18 07:55:42 UTC 2019] PUT
[Mon Feb 18 07:55:42 UTC 2019] _post_url='https://dns.api.gandi.net/api/v5/domains/example/records/_acme-challenge/TXT'
[Mon Feb 18 07:55:42 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:42 UTC 2019] _ret='0'
[Mon Feb 18 07:55:42 UTC 2019] Add success
[Mon Feb 18 07:55:42 UTC 2019] d='*.example'
[Mon Feb 18 07:55:42 UTC 2019] _d_alias
[Mon Feb 18 07:55:42 UTC 2019] txtdomain='_acme-challenge.example'
[Mon Feb 18 07:55:42 UTC 2019] txt='R10ss2ZZHMPISD2UJ1X4HSNf2w1SAOCXc2u2s1Nv-OY'
[Mon Feb 18 07:55:42 UTC 2019] d_api='/var/db/acme/.acme.sh/dnsapi/dns_gandi_livedns.sh'
[Mon Feb 18 07:55:42 UTC 2019] Found domain api file: /var/db/acme/.acme.sh/dnsapi/dns_gandi_livedns.sh
[Mon Feb 18 07:55:42 UTC 2019] First detect the root zone
[Mon Feb 18 07:55:42 UTC 2019] h='example'
[Mon Feb 18 07:55:42 UTC 2019] domains/example
[Mon Feb 18 07:55:42 UTC 2019] GET
[Mon Feb 18 07:55:42 UTC 2019] url='https://dns.api.gandi.net/api/v5/domains/example'
[Mon Feb 18 07:55:42 UTC 2019] timeout=
[Mon Feb 18 07:55:42 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:43 UTC 2019] ret='0'
[Mon Feb 18 07:55:43 UTC 2019] fulldomain='_acme-challenge.example'
[Mon Feb 18 07:55:43 UTC 2019] txtvalue='R10ss2ZZHMPISD2UJ1X4HSNf2w1SAOCXc2u2s1Nv-OY'
[Mon Feb 18 07:55:43 UTC 2019] domain='example'
[Mon Feb 18 07:55:43 UTC 2019] sub_domain='_acme-challenge'
[Mon Feb 18 07:55:43 UTC 2019] domains/example/records/_acme-challenge/TXT
[Mon Feb 18 07:55:43 UTC 2019] data='{"rrset_ttl": 300, "rrset_values":["R10ss2ZZHMPISD2UJ1X4HSNf2w1SAOCXc2u2s1Nv-OY"]}'
[Mon Feb 18 07:55:43 UTC 2019] PUT
[Mon Feb 18 07:55:43 UTC 2019] _post_url='https://dns.api.gandi.net/api/v5/domains/example/records/_acme-challenge/TXT'
[Mon Feb 18 07:55:43 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:55:43 UTC 2019] _ret='0'
[Mon Feb 18 07:55:43 UTC 2019] Add success
[Mon Feb 18 07:55:43 UTC 2019] Sleep 90 seconds for the txt records to take effect
[Mon Feb 18 07:57:13 UTC 2019] ok, let's start to verify
[Mon Feb 18 07:57:13 UTC 2019] Verifying: example
[Mon Feb 18 07:57:13 UTC 2019] d='example'
[Mon Feb 18 07:57:13 UTC 2019] keyauthorization='Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw'
[Mon Feb 18 07:57:13 UTC 2019] uri='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285'
[Mon Feb 18 07:57:13 UTC 2019] _currentRoot='dns_gandi_livedns'
[Mon Feb 18 07:57:13 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285'
[Mon Feb 18 07:57:13 UTC 2019] payload='{"keyAuthorization": "Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw"}'
[Mon Feb 18 07:57:13 UTC 2019] POST
[Mon Feb 18 07:57:13 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285'
[Mon Feb 18 07:57:13 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:57:14 UTC 2019] _ret='0'
[Mon Feb 18 07:57:14 UTC 2019] code='200'
[Mon Feb 18 07:57:14 UTC 2019] trigger validation code: 200
[Mon Feb 18 07:57:14 UTC 2019] sleep 2 secs to verify
[Mon Feb 18 07:57:16 UTC 2019] checking
[Mon Feb 18 07:57:16 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285'
[Mon Feb 18 07:57:16 UTC 2019] payload
[Mon Feb 18 07:57:16 UTC 2019] POST
[Mon Feb 18 07:57:16 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285'
[Mon Feb 18 07:57:16 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:57:16 UTC 2019] _ret='0'
[Mon Feb 18 07:57:16 UTC 2019] code='200'
[Mon Feb 18 07:57:16 UTC 2019] example:Verify error:Incorrect TXT record 
[Mon Feb 18 07:57:16 UTC 2019] Skip for removelevel:
[Mon Feb 18 07:57:16 UTC 2019] pid
[Mon Feb 18 07:57:16 UTC 2019] No need to restore nginx, skip.
[Mon Feb 18 07:57:16 UTC 2019] _clearupdns
[Mon Feb 18 07:57:16 UTC 2019] dnsadded='1'
[Mon Feb 18 07:57:16 UTC 2019] vlist='example#Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285#dns-01#dns_gandi_livedns,*.example#wIU-6q7b359DGQpCMGrhwJmBkiBbEvkVRGelMRYLGBE.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ/248493282#dns-01#dns_gandi_livedns,'
[Mon Feb 18 07:57:16 UTC 2019] Removing DNS records.
[Mon Feb 18 07:57:16 UTC 2019] txt='ckUihahTFRRrF8yDVsAYTuEd6oVdl46f2vGVm3cA1IQ'
[Mon Feb 18 07:57:16 UTC 2019] d_api='/var/db/acme/.acme.sh/dnsapi/dns_gandi_livedns.sh'
[Mon Feb 18 07:57:16 UTC 2019] _d_alias
[Mon Feb 18 07:57:16 UTC 2019] First detect the root zone
[Mon Feb 18 07:57:16 UTC 2019] h='example'
[Mon Feb 18 07:57:16 UTC 2019] domains/example
[Mon Feb 18 07:57:16 UTC 2019] GET
[Mon Feb 18 07:57:16 UTC 2019] url='https://dns.api.gandi.net/api/v5/domains/example'
[Mon Feb 18 07:57:16 UTC 2019] timeout=
[Mon Feb 18 07:57:16 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:57:17 UTC 2019] ret='0'
[Mon Feb 18 07:57:17 UTC 2019] fulldomain='_acme-challenge.example'
[Mon Feb 18 07:57:17 UTC 2019] domain='example'
[Mon Feb 18 07:57:17 UTC 2019] sub_domain='_acme-challenge'
[Mon Feb 18 07:57:17 UTC 2019] domains/example/records/_acme-challenge/TXT
[Mon Feb 18 07:57:17 UTC 2019] data
[Mon Feb 18 07:57:17 UTC 2019] DELETE
[Mon Feb 18 07:57:17 UTC 2019] _post_url='https://dns.api.gandi.net/api/v5/domains/example/records/_acme-challenge/TXT'
[Mon Feb 18 07:57:17 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:57:17 UTC 2019] _ret='0'
[Mon Feb 18 07:57:17 UTC 2019] txt='R10ss2ZZHMPISD2UJ1X4HSNf2w1SAOCXc2u2s1Nv-OY'
[Mon Feb 18 07:57:17 UTC 2019] d_api='/var/db/acme/.acme.sh/dnsapi/dns_gandi_livedns.sh'
[Mon Feb 18 07:57:17 UTC 2019] _d_alias
[Mon Feb 18 07:57:17 UTC 2019] First detect the root zone
[Mon Feb 18 07:57:17 UTC 2019] h='example'
[Mon Feb 18 07:57:17 UTC 2019] domains/example
[Mon Feb 18 07:57:17 UTC 2019] GET
[Mon Feb 18 07:57:17 UTC 2019] url='https://dns.api.gandi.net/api/v5/domains/example'
[Mon Feb 18 07:57:17 UTC 2019] timeout=
[Mon Feb 18 07:57:17 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:57:17 UTC 2019] ret='0'
[Mon Feb 18 07:57:17 UTC 2019] fulldomain='_acme-challenge.example'
[Mon Feb 18 07:57:17 UTC 2019] domain='example'
[Mon Feb 18 07:57:17 UTC 2019] sub_domain='_acme-challenge'
[Mon Feb 18 07:57:17 UTC 2019] domains/example/records/_acme-challenge/TXT
[Mon Feb 18 07:57:17 UTC 2019] data
[Mon Feb 18 07:57:17 UTC 2019] DELETE
[Mon Feb 18 07:57:17 UTC 2019] _post_url='https://dns.api.gandi.net/api/v5/domains/example/records/_acme-challenge/TXT'
[Mon Feb 18 07:57:17 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:57:17 UTC 2019] _ret='0'
[Mon Feb 18 07:57:17 UTC 2019] _on_issue_err
[Mon Feb 18 07:57:17 UTC 2019] Please add '--debug' or '--log' to check more details.
[Mon Feb 18 07:57:17 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Mon Feb 18 07:57:17 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285'
[Mon Feb 18 07:57:17 UTC 2019] payload='{"keyAuthorization": "Rr5ufGvBKifVSCZICrQDezh0WUim7MP1yZeBnaNeH2U.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw"}'
[Mon Feb 18 07:57:18 UTC 2019] POST
[Mon Feb 18 07:57:18 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/_36f376xIl4oncpkZ0-BNOZHQjsWVEwZXBEWgw2zBJI/248493285'
[Mon Feb 18 07:57:18 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:57:18 UTC 2019] _ret='0'
[Mon Feb 18 07:57:18 UTC 2019] code='400'
[Mon Feb 18 07:57:18 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ/248493282'
[Mon Feb 18 07:57:18 UTC 2019] payload='{"keyAuthorization": "wIU-6q7b359DGQpCMGrhwJmBkiBbEvkVRGelMRYLGBE.GZidLUg4vDF4P-y9XFibIotSIOBSky6z63rmPBX6bZw"}'
[Mon Feb 18 07:57:18 UTC 2019] POST
[Mon Feb 18 07:57:18 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/BwJB_HHApr1L0eL43E1gB7tbLjaXrqV2DfMzBYvHmxQ/248493282'
[Mon Feb 18 07:57:18 UTC 2019] _CURL='curl -L --silent --dump-header /var/db/acme/.acme.sh/http.header  -g '
[Mon Feb 18 07:57:18 UTC 2019] _ret='0'
[Mon Feb 18 07:57:18 UTC 2019] code='200'
[Mon Feb 18 07:57:18 UTC 2019] Diagnosis versions: 

openssl:openssl
OpenSSL 1.0.2o-freebsd  27 Mar 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]     groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      ip-datagram:<host>:<protocol>     groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>       groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>       groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>      groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>       groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>      groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty       groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>       groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>       groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>        groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>      groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>        groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>        groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>        groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>       groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
Neilpang commented 5 years ago

please try with the latest code, and try again with --debug 2, and do not need to set --dnssleep.

acme.sh --upgrade

acme.sh --issue --test  --debug 2   -d example.com  -d '*.example.com'  --dns dns_gandi_livedns
tehfink commented 5 years ago

Thanks for your help & the quick reply. Running the upgrade command installed v2.8.1, which was the same version as before (see above). However, then running the same command successfully renewed the certificate?? Perhaps there was a connectivity issue with Gandi or Letsencrypt?