search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.43k stars 4.98k forks source link

issue namecom certificate Logging in failed error #2202

Closed fc4soda closed 5 years ago

fc4soda commented 5 years ago

I'm trying to issue a wildcard certificate but not success. I have stoped my nginx container and no other process using port 80 and 443. I also added the machine IP to the Whitelist.

Short error message:

[Mon Apr  1 02:59:00 UTC 2019] Logging in failed.
[Mon Apr  1 02:59:00 UTC 2019] Error add txt for domain:_acme-challenge.example.com
[Mon Apr  1 02:59:00 UTC 2019] Please check log file for more details: /acme.sh/acme.sh.log
[Mon Apr  1 02:59:00 UTC 2019] Removing DNS records.
[Mon Apr  1 02:59:00 UTC 2019] Logging in failed.
[Mon Apr  1 02:59:00 UTC 2019] Error removing txt for domain:_acme-challenge.example.com

Steps to reproduce

My acme.sh config file: docker-compose.yml

docker-compose.yml

version: '3.6'
   acme:
     container_name: acme
     image: neilpang/acme.sh
     volumes:
       - nginxdata-sslkey:/certs
     environment:
       - Namecom_Username="xxa-test"
       - Namecom_Token="xx6"
     command: daemon

Commands to issue a certificate:

docker-compose up -d acme
docker exec acme --issue --dns dns_namecom -d '*.example.com' --debug 2

Environment:

user@debian:~$ docker -v
Docker version 18.09.4, build d14af54

user@debian:~$ docker-compose -v
docker-compose version 1.23.1, build b02f1306

user@debian:~$ hostnamectl 
   Static hostname: debian
         Icon name: computer-vm
           Chassis: vm
        Machine ID: xxx
           Boot ID: xxx
    Virtualization: kvm
  Operating System: Debian GNU/Linux 9 (stretch)
            Kernel: Linux 4.9.0-3-amd64
      Architecture: x86-64

Debug log

/acme.sh/acme.sh.log ``` [Mon Apr 1 05:46:45 UTC 2019] _main_domain='*.example.com' [Mon Apr 1 05:46:45 UTC 2019] _alt_domains='no' [Mon Apr 1 05:46:45 UTC 2019] Using config home:/acme.sh [Mon Apr 1 05:46:45 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon Apr 1 05:46:45 UTC 2019] DOMAIN_PATH='/acme.sh/*.example.com' [Mon Apr 1 05:46:45 UTC 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Mon Apr 1 05:46:45 UTC 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Mon Apr 1 05:46:45 UTC 2019] GET [Mon Apr 1 05:46:45 UTC 2019] url='https://acme-v02.api.letsencrypt.org/directory' [Mon Apr 1 05:46:45 UTC 2019] timeout= [Mon Apr 1 05:46:45 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header --trace-ascii /tmp/tmp.H3oQtBmV06 -g ' [Mon Apr 1 05:46:45 UTC 2019] ret='0' [Mon Apr 1 05:46:45 UTC 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Mon Apr 1 05:46:45 UTC 2019] ACME_NEW_AUTHZ [Mon Apr 1 05:46:45 UTC 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Apr 1 05:46:45 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Mon Apr 1 05:46:45 UTC 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Mon Apr 1 05:46:45 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Mon Apr 1 05:46:45 UTC 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Mon Apr 1 05:46:45 UTC 2019] ACME_VERSION='2' [Mon Apr 1 05:46:45 UTC 2019] Le_NextRenewTime [Mon Apr 1 05:46:45 UTC 2019] _on_before_issue [Mon Apr 1 05:46:45 UTC 2019] _chk_main_domain='*.example.com' [Mon Apr 1 05:46:45 UTC 2019] _chk_alt_domains [Mon Apr 1 05:46:45 UTC 2019] Le_LocalAddress [Mon Apr 1 05:46:45 UTC 2019] d='*.example.com' [Mon Apr 1 05:46:45 UTC 2019] Check for domain='*.example.com' [Mon Apr 1 05:46:45 UTC 2019] _currentRoot='dns_namecom' [Mon Apr 1 05:46:45 UTC 2019] d [Mon Apr 1 05:46:45 UTC 2019] _saved_account_key_hash is not changed, skip register account. [Mon Apr 1 05:46:45 UTC 2019] Read key length: [Mon Apr 1 05:46:45 UTC 2019] _createcsr [Mon Apr 1 05:46:45 UTC 2019] Single domain='*.example.com' [Mon Apr 1 05:46:45 UTC 2019] Getting domain auth token for each domain [Mon Apr 1 05:46:45 UTC 2019] d [Mon Apr 1 05:46:45 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Apr 1 05:46:45 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"*.example.com"}]}' [Mon Apr 1 05:46:45 UTC 2019] RSA key [Mon Apr 1 05:46:46 UTC 2019] HEAD [Mon Apr 1 05:46:46 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Mon Apr 1 05:46:46 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header --trace-ascii /tmp/tmp.8RPNGcb1TJ -g ' [Mon Apr 1 05:46:46 UTC 2019] _ret='0' [Mon Apr 1 05:46:46 UTC 2019] POST [Mon Apr 1 05:46:46 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Apr 1 05:46:46 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header --trace-ascii /tmp/tmp.8RPNGcb1TJ -g ' [Mon Apr 1 05:46:46 UTC 2019] _ret='0' [Mon Apr 1 05:46:46 UTC 2019] code='201' [Mon Apr 1 05:46:46 UTC 2019] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/51262893/380008791' [Mon Apr 1 05:46:46 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz/dYNnAhRUgYhfTBXADtq9mBs5FEfGySpoMYcR9TciCLI' [Mon Apr 1 05:46:46 UTC 2019] payload [Mon Apr 1 05:46:46 UTC 2019] POST [Mon Apr 1 05:46:46 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/dYNnAhRUgYhfTBXADtq9mBs5FEfGySpoMYcR9TciCLI' [Mon Apr 1 05:46:46 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header --trace-ascii /tmp/tmp.8RPNGcb1TJ -g ' [Mon Apr 1 05:46:46 UTC 2019] _ret='0' [Mon Apr 1 05:46:46 UTC 2019] code='200' [Mon Apr 1 05:46:46 UTC 2019] d='*.example.com' [Mon Apr 1 05:46:46 UTC 2019] Getting webroot for domain='*.example.com' [Mon Apr 1 05:46:46 UTC 2019] _w='dns_namecom' [Mon Apr 1 05:46:46 UTC 2019] _currentRoot='dns_namecom' [Mon Apr 1 05:46:46 UTC 2019] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/dYNnAhRUgYhfTBXADtq9mBs5FEfGySpoMYcR9TciCLI [Mon Apr 1 05:46:46 UTC 2019] token='XN9fdCVpoSHPGwPNv0oj8kFJZ9CN22F1nxbeuTiL7wo' [Mon Apr 1 05:46:46 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/dYNnAhRUgYhfTBXADtq9mBs5FEfGySpoMYcR9TciCLI/14263876657' [Mon Apr 1 05:46:46 UTC 2019] keyauthorization='XN9fdCVpoSHPGwPNv0oj8kFJZ9CN22F1nxbeuTiL7wo.r7tZcnvRfPrdcF_wJwfUavue_0RNkjBL6wRJvWeoq_c' [Mon Apr 1 05:46:46 UTC 2019] dvlist='*.example.com#XN9fdCVpoSHPGwPNv0oj8kFJZ9CN22F1nxbeuTiL7wo.r7tZcnvRfPrdcF_wJwfUavue_0RNkjBL6wRJvWeoq_c#https://acme-v02.api.letsencrypt.or [Mon Apr 1 05:46:46 UTC 2019] d [Mon Apr 1 05:46:46 UTC 2019] vlist='*.example.com#XN9fdCVpoSHPGwPNv0oj8kFJZ9CN22F1nxbeuTiL7wo.r7tZcnvRfPrdcF_wJwfUavue_0RNkjBL6wRJvWeoq_c#https://acme-v02.api.letsencrypt.org [Mon Apr 1 05:46:46 UTC 2019] d='*.example.com' [Mon Apr 1 05:46:46 UTC 2019] _d_alias [Mon Apr 1 05:46:46 UTC 2019] txtdomain='_acme-challenge.example.com' [Mon Apr 1 05:46:46 UTC 2019] txt='2sYv4ZO-S9dog7csHkubBgW8a8a83sNLkfaLBDpQ9sA' [Mon Apr 1 05:46:46 UTC 2019] d_api='/root/.acme.sh/dnsapi/dns_namecom.sh' [Mon Apr 1 05:46:46 UTC 2019] Found domain api file: /root/.acme.sh/dnsapi/dns_namecom.sh [Mon Apr 1 05:46:46 UTC 2019] GET [Mon Apr 1 05:46:46 UTC 2019] url='https://api.name.com/v4/hello' [Mon Apr 1 05:46:46 UTC 2019] timeout= [Mon Apr 1 05:46:46 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header --trace-ascii /tmp/tmp.8RPNGcb1TJ -g ' [Mon Apr 1 05:46:46 UTC 2019] ret='0' [Mon Apr 1 05:46:46 UTC 2019] Logging in failed. [Mon Apr 1 05:46:46 UTC 2019] Error add txt for domain:_acme-challenge.example.com [Mon Apr 1 05:46:46 UTC 2019] _on_issue_err [Mon Apr 1 05:46:46 UTC 2019] Please check log file for more details: /acme.sh/acme.sh.log [Mon Apr 1 05:46:46 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/challenge/dYNnAhRUgYhfTBXADtq9mBs5FEfGySpoMYcR9TciCLI/14263876657' [Mon Apr 1 05:46:46 UTC 2019] payload='{"keyAuthorization": "XN9fdCVpoSHPGwPNv0oj8kFJZ9CN22F1nxbeuTiL7wo.r7tZcnvRfPrdcF_wJwfUavue_0RNkjBL6wRJvWeoq_c"}' [Mon Apr 1 05:46:46 UTC 2019] POST [Mon Apr 1 05:46:46 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/dYNnAhRUgYhfTBXADtq9mBs5FEfGySpoMYcR9TciCLI/14263876657' [Mon Apr 1 05:46:46 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header --trace-ascii /tmp/tmp.8RPNGcb1TJ -g ' [Mon Apr 1 05:46:46 UTC 2019] _ret='0' [Mon Apr 1 05:46:46 UTC 2019] code='200' [Mon Apr 1 05:46:46 UTC 2019] Diagnosis versions: openssl:openssl OpenSSL 1.0.2q 20 Nov 2018 apache: apache doesn't exists. nginx: nginx doesn't exists. socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org Usage: socat [options] options: -V print version and feature information to stdout, and exit -h|-? print a help text describing command line options and addresses -hh like -h, plus a list of all common address option names -hhh like -hh, plus a list of all available address option names -d increase verbosity (use up to 4 times; 2 are recommended) -D analyze file descriptors before loop -ly[facility] log to syslog, using facility (default is daemon) -lf log to file -ls log to stderr (default if no other log) -lm[facility] mixed log mode (stderr during initialization, then syslog) -lp set the program name used for logging -lu use microseconds for logging timestamps -lh add hostname to log messages -v verbose data traffic, text -x verbose data traffic, hexadecimal -b set data buffer size (8192) -s sloppy (continue on error) -t wait seconds before closing second channel -T total inactivity timeout in seconds -u unidirectional mode (left to right) -U unidirectional mode (right to left) -g do not check option groups -L try to obtain lock, or fail -W try to obtain lock, or wait -4 prefer IPv4 if version is not explicitly specified -6 prefer IPv6 if version is not explicitly specified bi-address: pipe[,] groups=FD,FIFO !! single-address: [,] address-head: abstract-client: groups=FD,SOCKET,RETRY,UNIX abstract-connect: groups=FD,SOCKET,RETRY,UNIX abstract-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX abstract-recv: groups=FD,SOCKET,RETRY,UNIX abstract-recvfrom: groups=FD,SOCKET,CHILD,RETRY,UNIX abstract-sendto: groups=FD,SOCKET,RETRY,UNIX create: groups=FD,REG,NAMED exec: groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX fd: groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP gopen: groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX interface: groups=FD,SOCKET ip-datagram:: groups=FD,SOCKET,RANGE,IP4,IP6 ip-recv: groups=FD,SOCKET,RANGE,IP4,IP6 ip-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4,IP6 ip-sendto:: groups=FD,SOCKET,IP4,IP6 ip4-datagram:: groups=FD,SOCKET,RANGE,IP4 ip4-recv: groups=FD,SOCKET,RANGE,IP4 ip4-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4 ip4-sendto:: groups=FD,SOCKET,IP4 ip6-datagram:: groups=FD,SOCKET,RANGE,IP6 ip6-recv: groups=FD,SOCKET,RANGE,IP6 ip6-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP6 ip6-sendto:: groups=FD,SOCKET,IP6 open: groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS openssl:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL openssl-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL pipe: groups=FD,FIFO,NAMED,OPEN proxy::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP pty groups=FD,NAMED,TERMIOS,PTY readline groups=FD,READLINE,TERMIOS sctp-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP sctp-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP sctp4-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP sctp4-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP sctp6-connect:: groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP sctp6-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP socket-connect::: groups=FD,SOCKET,CHILD,RETRY socket-datagram:::: groups=FD,SOCKET,RANGE socket-listen::: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE socket-recv:::: groups=FD,SOCKET,RANGE socket-recvfrom:::: groups=FD,SOCKET,CHILD,RANGE socket-sendto:::: groups=FD,SOCKET socks4::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4 socks4a::: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4 stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP system: groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX tcp-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP tcp-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP tcp4-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,TCP tcp4-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP tcp6-connect:: groups=FD,SOCKET,CHILD,RETRY,IP6,TCP tcp6-listen: groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP tun[:/] groups=FD,CHR,NAMED,OPEN,INTERFACE udp-connect:: groups=FD,SOCKET,IP4,IP6,UDP udp-datagram:: groups=FD,SOCKET,RANGE,IP4,IP6,UDP udp-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP udp-recv: groups=FD,SOCKET,RANGE,IP4,IP6,UDP udp-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP udp-sendto:: groups=FD,SOCKET,IP4,IP6,UDP udp4-connect:: groups=FD,SOCKET,IP4,UDP udp4-datagram:: groups=FD,SOCKET,RANGE,IP4,UDP udp4-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP udp4-recv: groups=FD,SOCKET,RANGE,IP4,UDP udp4-recvfrom:: groups=FD,SOCKET,CHILD,RANGE,IP4,UDP udp4-sendto:: groups=FD,SOCKET,IP4,UDP udp6-connect:: groups=FD,SOCKET,IP6,UDP udp6-datagram:: groups=FD,SOCKET,RANGE,IP6,UDP udp6-listen: groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP udp6-recv: groups=FD,SOCKET,RANGE,IP6,UDP udp6-recvfrom: groups=FD,SOCKET,CHILD,RANGE,IP6,UDP udp6-sendto:: groups=FD,SOCKET,IP6,UDP unix-client: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-connect: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-listen: groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX unix-recv: groups=FD,SOCKET,NAMED,RETRY,UNIX unix-recvfrom: groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX unix-sendto: groups=FD,SOCKET,NAMED,RETRY,UNIX [Mon Apr 1 05:46:46 UTC 2019] pid [Mon Apr 1 05:46:46 UTC 2019] No need to restore nginx, skip. [Mon Apr 1 05:46:46 UTC 2019] _clearupdns [Mon Apr 1 05:46:46 UTC 2019] dnsadded='0' [Mon Apr 1 05:46:46 UTC 2019] vlist='*.example.com#XN9fdCVpoSHPGwPNv0oj8kFJZ9CN22F1nxbeuTiL7wo.r7tZcnvRfPrdcF_wJwfUavue_0RNkjBL6wRJvWeoq_c#https://acme-v02.api.letsencrypt.org [Mon Apr 1 05:46:46 UTC 2019] Removing DNS records. [Mon Apr 1 05:46:46 UTC 2019] txt='2sYv4ZO-S9dog7csHkubBgW8a8a83sNLkfaLBDpQ9sA' [Mon Apr 1 05:46:46 UTC 2019] d_api='/root/.acme.sh/dnsapi/dns_namecom.sh' [Mon Apr 1 05:46:46 UTC 2019] _d_alias [Mon Apr 1 05:46:46 UTC 2019] GET [Mon Apr 1 05:46:46 UTC 2019] url='https://api.name.com/v4/hello' [Mon Apr 1 05:46:46 UTC 2019] timeout= [Mon Apr 1 05:46:46 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header --trace-ascii /tmp/tmp.8RPNGcb1TJ -g ' [Mon Apr 1 05:46:47 UTC 2019] ret='0' [Mon Apr 1 05:46:47 UTC 2019] Logging in failed. [Mon Apr 1 05:46:47 UTC 2019] Error removing txt for domain:_acme-challenge.example.com ```
Neilpang commented 5 years ago

I tried my namecom domain, it works well. please read the usage, maybe your username is not correct.

fc4soda commented 5 years ago 
       - Namecom_Username=xxx
       - Namecom_Token=xxx

remove the double quotes resolve my problem.