search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.59k stars 4.99k forks source link

Wildcard Certificate from my dyndns-hoster to Cloudflare with aliasing #2294

Open XtraLarge opened 5 years ago

XtraLarge commented 5 years ago

Hello,

I've a wildcard domain (all subhosts shows to the same ip) from my dyndns-hoster. For that domain I tried to get a wildcard certificate from letsencrypt, but my dyndns-hoster had no api for letsencrypt. So I've looked for a free DNS hoster with a LetsEncrypt supported API. I've found cloudflare ;)

First I tried do it with certbot, but aliasing to another hoster did bot work. I saw that you described it very good, so I give acme.sh a chance. :) It was also a good idea because you referenced to proxmox that is the base of my host.

OK, so I installed it with the curl installer: "curl https://get.acme.sh | sh"

I also wrote a script to get the certificate:

#!/bin/bash
export CF_Key="xxx GLOBAL API KEY xxx"
export CF_Email="xxx MyEmailAddress xxx"
export LE_WORKING_DIR="/root/.acme.sh"
_acme_script="/root/.acme.sh/acme.sh"
rm /root/.acme.sh/*.log
${_acme_script} --issue --log  --dns dns_cf --test --force --debug --challenge-alias CF_DOMAIN.de' -d DYNDNS_DOMAIN.de'  -d '*.DYNDNS_DOMAIN.de'

I've added a CNAME in the DNS of my DYNDNS_DOMAIN.de Domain:

_acme-challenge.DYNDNS_DOMAIN.de >> _acme-challenge.CF_DOMAIN.de (cname | 60 s)

I did not found a documentation how the destination of the CNAME should treated. Should I create it?, What will be the type? What should be the content? ..... I had no idea! So I've decided to think the script would handle it. :)

.... but I always get this error:

Sun May 26 11:45:54 CEST 2019] get to authz error.
[Sun May 26 11:45:54 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:47:21Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061600","token":"t_BEORgfMGfhhAcbCBwp8TjGw4ylQxga6Ap9nVN8urs"},{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061601","token":"Y-sDw1Z_jU9JOMzkkSXFRN9NWb4rLd0HhgrbPhJ8dLs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061602","token":"YSmQ1GcyQmJKQux4PlSMqO5kkPnVjZguCKcl5CX1YSM"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:48:20Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4/315061874","token":"ShAqOisDX3toUIRYRmCSeBmG3hqWEi77_JjtULMGnmQ"}],"wildcard": true}
'

I recognized that my challenge-alias domain was not shown in the log, but I did not found the reason.

Please help me! ;)

best regards Willi Werres

PS: The debug log of this action is:

[Sun May 26 11:54:37 CEST 2019] _main_domain='DYNDNS_DOMAIN.de'
[Sun May 26 11:54:37 CEST 2019] _alt_domains='*.DYNDNS_DOMAIN.de'
[Sun May 26 11:54:37 CEST 2019] Using config home:/root/.acme.sh
[Sun May 26 11:54:37 CEST 2019] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 11:54:37 CEST 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sun May 26 11:54:37 CEST 2019] DOMAIN_PATH='/root/.acme.sh/DYNDNS_DOMAIN.de'
[Sun May 26 11:54:37 CEST 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 11:54:37 CEST 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 11:54:37 CEST 2019] GET
[Sun May 26 11:54:37 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sun May 26 11:54:37 CEST 2019] timeout=
[Sun May 26 11:54:37 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun May 26 11:54:38 CEST 2019] ret='0'
[Sun May 26 11:54:38 CEST 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Sun May 26 11:54:38 CEST 2019] ACME_NEW_AUTHZ
[Sun May 26 11:54:38 CEST 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 11:54:38 CEST 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Sun May 26 11:54:38 CEST 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun May 26 11:54:38 CEST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun May 26 11:54:38 CEST 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun May 26 11:54:38 CEST 2019] ACME_VERSION='2'
[Sun May 26 11:54:38 CEST 2019] Le_NextRenewTime
[Sun May 26 11:54:38 CEST 2019] _on_before_issue
[Sun May 26 11:54:38 CEST 2019] _chk_main_domain='DYNDNS_DOMAIN.de'
[Sun May 26 11:54:38 CEST 2019] _chk_alt_domains='*.DYNDNS_DOMAIN.de'
[Sun May 26 11:54:38 CEST 2019] Le_LocalAddress
[Sun May 26 11:54:38 CEST 2019] d='DYNDNS_DOMAIN.de'
[Sun May 26 11:54:38 CEST 2019] Check for domain='DYNDNS_DOMAIN.de'
[Sun May 26 11:54:38 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 11:54:38 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Sun May 26 11:54:38 CEST 2019] Check for domain='*.DYNDNS_DOMAIN.de'
[Sun May 26 11:54:38 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 11:54:38 CEST 2019] d
[Sun May 26 11:54:38 CEST 2019] _saved_account_key_hash is not changed, skip register account.
[Sun May 26 11:54:38 CEST 2019] Read key length:
[Sun May 26 11:54:38 CEST 2019] _createcsr
[Sun May 26 11:54:38 CEST 2019] Multi domain='DNS:DYNDNS_DOMAIN.de,DNS:*.DYNDNS_DOMAIN.de'
[Sun May 26 11:54:38 CEST 2019] Getting domain auth token for each domain
[Sun May 26 11:54:38 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Sun May 26 11:54:38 CEST 2019] d
[Sun May 26 11:54:38 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 11:54:38 CEST 2019] payload='{"identifiers": [{"type":"dns","value":"DYNDNS_DOMAIN.de"},{"type":"dns","value":"*.DYNDNS_DOMAIN.de"}]}'
[Sun May 26 11:54:38 CEST 2019] RSA key
[Sun May 26 11:54:38 CEST 2019] HEAD
[Sun May 26 11:54:38 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun May 26 11:54:38 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun May 26 11:54:38 CEST 2019] _ret='0'
[Sun May 26 11:54:38 CEST 2019] POST
[Sun May 26 11:54:38 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 11:54:39 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun May 26 11:54:39 CEST 2019] _ret='0'
[Sun May 26 11:54:39 CEST 2019] code='201'
[Sun May 26 11:54:39 CEST 2019] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/9386927/35223502'
[Sun May 26 11:54:39 CEST 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/35223502'
[Sun May 26 11:54:39 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4'
[Sun May 26 11:54:39 CEST 2019] payload
[Sun May 26 11:54:39 CEST 2019] POST
[Sun May 26 11:54:39 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4'
[Sun May 26 11:54:39 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun May 26 11:54:39 CEST 2019] _ret='0'
[Sun May 26 11:54:39 CEST 2019] code='200'
[Sun May 26 11:54:39 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s'
[Sun May 26 11:54:39 CEST 2019] payload
[Sun May 26 11:54:39 CEST 2019] POST
[Sun May 26 11:54:39 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s'
[Sun May 26 11:54:39 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sun May 26 11:54:40 CEST 2019] _ret='0'
[Sun May 26 11:54:40 CEST 2019] code='200'
[Sun May 26 11:54:40 CEST 2019] d='DYNDNS_DOMAIN.de'
[Sun May 26 11:54:40 CEST 2019] Getting webroot for domain='DYNDNS_DOMAIN.de'
[Sun May 26 11:54:40 CEST 2019] _w='dns_cf'
[Sun May 26 11:54:40 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 11:54:40 CEST 2019] get to authz error.
[Sun May 26 11:54:40 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:47:21Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061600","token":"t_BEORgfMGfhhAcbCBwp8TjGw4ylQxga6Ap9nVN8urs"},{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061601","token":"Y-sDw1Z_jU9JOMzkkSXFRN9NWb4rLd0HhgrbPhJ8dLs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061602","token":"YSmQ1GcyQmJKQux4PlSMqO5kkPnVjZguCKcl5CX1YSM"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:48:20Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4/315061874","token":"ShAqOisDX3toUIRYRmCSeBmG3hqWEi77_JjtULMGnmQ"}],"wildcard": true}
'
[Sun May 26 11:54:40 CEST 2019] pid
[Sun May 26 11:54:40 CEST 2019] No need to restore nginx, skip.
[Sun May 26 11:54:40 CEST 2019] _clearupdns
[Sun May 26 11:54:40 CEST 2019] dns_entries
[Sun May 26 11:54:40 CEST 2019] skip dns.
[Sun May 26 11:54:40 CEST 2019] _on_issue_err
[Sun May 26 11:54:40 CEST 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun May 26 11:54:40 CEST 2019] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.0j  20 Nov 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>] groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>    groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>   groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>  groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>    groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>   groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface> groups=FD,SOCKET
      ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>    groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>   groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>   groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>  groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>   groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>  groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty   groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>   groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>   groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>  groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>    groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>    groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>    groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>   groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>  groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>  groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
Neilpang commented 5 years ago

please try again with --debug 2

XtraLarge commented 5 years ago

... and here is the log with --debug 2 (I've only change my real domain-name to DYNDNS_DOMAIN.de)

[Sun May 26 13:56:30 CEST 2019] _main_domain='DYNDNS_DOMAIN.de'
[Sun May 26 13:56:30 CEST 2019] _alt_domains='*.DYNDNS_DOMAIN.de'
[Sun May 26 13:56:30 CEST 2019] Using config home:/root/.acme.sh
[Sun May 26 13:56:30 CEST 2019] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 13:56:30 CEST 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sun May 26 13:56:30 CEST 2019] DOMAIN_PATH='/root/.acme.sh/DYNDNS_DOMAIN.de'
[Sun May 26 13:56:30 CEST 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 13:56:30 CEST 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 13:56:30 CEST 2019] GET
[Sun May 26 13:56:30 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sun May 26 13:56:30 CEST 2019] timeout=
[Sun May 26 13:56:30 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.NjWcUqes5O  -g '
[Sun May 26 13:56:30 CEST 2019] ret='0'
[Sun May 26 13:56:31 CEST 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Sun May 26 13:56:31 CEST 2019] ACME_NEW_AUTHZ
[Sun May 26 13:56:31 CEST 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 13:56:31 CEST 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Sun May 26 13:56:31 CEST 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun May 26 13:56:31 CEST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun May 26 13:56:31 CEST 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun May 26 13:56:31 CEST 2019] ACME_VERSION='2'
[Sun May 26 13:56:31 CEST 2019] Le_NextRenewTime
[Sun May 26 13:56:31 CEST 2019] _on_before_issue
[Sun May 26 13:56:31 CEST 2019] _chk_main_domain='DYNDNS_DOMAIN.de'
[Sun May 26 13:56:31 CEST 2019] _chk_alt_domains='*.DYNDNS_DOMAIN.de'
[Sun May 26 13:56:31 CEST 2019] Le_LocalAddress
[Sun May 26 13:56:31 CEST 2019] d='DYNDNS_DOMAIN.de'
[Sun May 26 13:56:31 CEST 2019] Check for domain='DYNDNS_DOMAIN.de'
[Sun May 26 13:56:31 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 13:56:31 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Sun May 26 13:56:31 CEST 2019] Check for domain='*.DYNDNS_DOMAIN.de'
[Sun May 26 13:56:31 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 13:56:31 CEST 2019] d
[Sun May 26 13:56:31 CEST 2019] _saved_account_key_hash is not changed, skip register account.
[Sun May 26 13:56:31 CEST 2019] Read key length:
[Sun May 26 13:56:31 CEST 2019] _createcsr
[Sun May 26 13:56:31 CEST 2019] Multi domain='DNS:DYNDNS_DOMAIN.de,DNS:*.DYNDNS_DOMAIN.de'
[Sun May 26 13:56:31 CEST 2019] Getting domain auth token for each domain
[Sun May 26 13:56:31 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Sun May 26 13:56:31 CEST 2019] d
[Sun May 26 13:56:31 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 13:56:31 CEST 2019] payload='{"identifiers": [{"type":"dns","value":"DYNDNS_DOMAIN.de"},{"type":"dns","value":"*.DYNDNS_DOMAIN.de"}]}'
[Sun May 26 13:56:31 CEST 2019] RSA key
[Sun May 26 13:56:31 CEST 2019] HEAD
[Sun May 26 13:56:31 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun May 26 13:56:31 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.urjtgoEh4v  -g '
[Sun May 26 13:56:31 CEST 2019] _ret='0'
[Sun May 26 13:56:31 CEST 2019] POST
[Sun May 26 13:56:31 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 13:56:31 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.urjtgoEh4v  -g '
[Sun May 26 13:56:32 CEST 2019] _ret='0'
[Sun May 26 13:56:32 CEST 2019] code='201'
[Sun May 26 13:56:32 CEST 2019] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/9386927/35223502'
[Sun May 26 13:56:32 CEST 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/35223502'
[Sun May 26 13:56:32 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4'
[Sun May 26 13:56:32 CEST 2019] payload
[Sun May 26 13:56:32 CEST 2019] POST
[Sun May 26 13:56:32 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4'
[Sun May 26 13:56:32 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.urjtgoEh4v  -g '
[Sun May 26 13:56:32 CEST 2019] _ret='0'
[Sun May 26 13:56:32 CEST 2019] code='200'
[Sun May 26 13:56:32 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s'
[Sun May 26 13:56:32 CEST 2019] payload
[Sun May 26 13:56:32 CEST 2019] POST
[Sun May 26 13:56:32 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s'
[Sun May 26 13:56:32 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.urjtgoEh4v  -g '
[Sun May 26 13:56:32 CEST 2019] _ret='0'
[Sun May 26 13:56:32 CEST 2019] code='200'
[Sun May 26 13:56:32 CEST 2019] d='DYNDNS_DOMAIN.de'
[Sun May 26 13:56:32 CEST 2019] Getting webroot for domain='DYNDNS_DOMAIN.de'
[Sun May 26 13:56:32 CEST 2019] _w='dns_cf'
[Sun May 26 13:56:32 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 13:56:32 CEST 2019] get to authz error.
[Sun May 26 13:56:32 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:47:21Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061600","token":"t_BEORgfMGfhhAcbCBwp8TjGw4ylQxga6Ap9nVN8urs"},{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061601","token":"Y-sDw1Z_jU9JOMzkkSXFRN9NWb4rLd0HhgrbPhJ8dLs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061602","token":"YSmQ1GcyQmJKQux4PlSMqO5kkPnVjZguCKcl5CX1YSM"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:48:20Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4/315061874","token":"ShAqOisDX3toUIRYRmCSeBmG3hqWEi77_JjtULMGnmQ"}],"wildcard": true}
'
[Sun May 26 13:56:32 CEST 2019] pid
[Sun May 26 13:56:32 CEST 2019] No need to restore nginx, skip.
[Sun May 26 13:56:32 CEST 2019] _clearupdns
[Sun May 26 13:56:32 CEST 2019] dns_entries
[Sun May 26 13:56:32 CEST 2019] skip dns.
[Sun May 26 13:56:32 CEST 2019] _on_issue_err
[Sun May 26 13:56:32 CEST 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun May 26 13:56:32 CEST 2019] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.0j  20 Nov 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>] groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>    groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>   groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>  groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>    groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>   groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface> groups=FD,SOCKET
      ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>    groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>   groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>   groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>  groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>   groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>  groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty   groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>   groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>   groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>  groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>    groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>    groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>    groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>   groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>  groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>  groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX

PS: Thx a lot for the fast reaction

Neilpang commented 5 years ago

No, it's not the log.

please paste the output on your terminal.

XtraLarge commented 5 years ago

.... and here is the console output of acme.sh --issue --log --dns dns_cf --test --force --debug 2 --challenge-alias 'CF_DOMAIN.de' -d 'DYNDNS_DOMAIN.de' -d '*.DYNDNS_DOMAIN.de':

root@GVM:~/GetWildCardCert# ./GetCert.sh
[Sun May 26 14:02:53 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:53 CEST 2019] _idn_temp
[Sun May 26 14:02:53 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:53 CEST 2019] _idn_temp
[Sun May 26 14:02:53 CEST 2019] Wildcard domain
[Sun May 26 14:02:53 CEST 2019] Lets find script dir.
[Sun May 26 14:02:53 CEST 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun May 26 14:02:53 CEST 2019] _script='/root/.acme.sh/acme.sh'
[Sun May 26 14:02:53 CEST 2019] _script_home='/root/.acme.sh'
[Sun May 26 14:02:53 CEST 2019] Using config home:/root/.acme.sh
[Sun May 26 14:02:53 CEST 2019] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.2
[Sun May 26 14:02:53 CEST 2019] _main_domain='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:53 CEST 2019] _alt_domains='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:53 CEST 2019] Using config home:/root/.acme.sh
[Sun May 26 14:02:53 CEST 2019] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 14:02:53 CEST 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sun May 26 14:02:53 CEST 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Sun May 26 14:02:53 CEST 2019] DOMAIN_PATH='/root/.acme.sh/DYNDNS_DOMAIN.de'
[Sun May 26 14:02:53 CEST 2019] 'dns_cf' does not contain 'dns'
[Sun May 26 14:02:53 CEST 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 14:02:53 CEST 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun May 26 14:02:53 CEST 2019] GET
[Sun May 26 14:02:53 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sun May 26 14:02:53 CEST 2019] timeout=
[Sun May 26 14:02:53 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.OVQQeOnt72  -g '
[Sun May 26 14:02:53 CEST 2019] ret='0'
[Sun May 26 14:02:53 CEST 2019] response='{
  "IutWh83xsGM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sun May 26 14:02:54 CEST 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Sun May 26 14:02:54 CEST 2019] ACME_NEW_AUTHZ
[Sun May 26 14:02:54 CEST 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 14:02:54 CEST 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Sun May 26 14:02:54 CEST 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun May 26 14:02:54 CEST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun May 26 14:02:54 CEST 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun May 26 14:02:54 CEST 2019] ACME_VERSION='2'
[Sun May 26 14:02:54 CEST 2019] Le_NextRenewTime
[Sun May 26 14:02:54 CEST 2019] _on_before_issue
[Sun May 26 14:02:54 CEST 2019] _chk_main_domain='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _chk_alt_domains='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] 'dns_cf' does not contain 'no'
[Sun May 26 14:02:54 CEST 2019] Le_LocalAddress
[Sun May 26 14:02:54 CEST 2019] d='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] Check for domain='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 14:02:54 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] Check for domain='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 14:02:54 CEST 2019] d
[Sun May 26 14:02:54 CEST 2019] 'dns_cf' does not contain 'apache'
[Sun May 26 14:02:54 CEST 2019] _saved_account_key_hash='wPqmjyx73XOGortSY1hAjlhP3Rpl4nj7gbSUv8nBknY='
[Sun May 26 14:02:54 CEST 2019] _saved_account_key_hash is not changed, skip register account.
[Sun May 26 14:02:54 CEST 2019] Read key length:
[Sun May 26 14:02:54 CEST 2019] _createcsr
[Sun May 26 14:02:54 CEST 2019] domain='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] domainlist='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] csrkey='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.key'
[Sun May 26 14:02:54 CEST 2019] csr='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.csr'
[Sun May 26 14:02:54 CEST 2019] csrconf='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.csr.conf'
[Sun May 26 14:02:54 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _idn_temp
[Sun May 26 14:02:54 CEST 2019] domainlist='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _idn_temp
[Sun May 26 14:02:54 CEST 2019] Multi domain='DNS:DYNDNS_DOMAIN.de,DNS:*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _idn_temp
[Sun May 26 14:02:54 CEST 2019] _csr_cn='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] Getting domain auth token for each domain
[Sun May 26 14:02:54 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _idn_temp
[Sun May 26 14:02:54 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:54 CEST 2019] _idn_temp
[Sun May 26 14:02:54 CEST 2019] d
[Sun May 26 14:02:54 CEST 2019] _identifiers='{"type":"dns","value":"DYNDNS_DOMAIN.de"},{"type":"dns","value":"*.DYNDNS_DOMAIN.de"}'
[Sun May 26 14:02:54 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 14:02:54 CEST 2019] payload='{"identifiers": [{"type":"dns","value":"DYNDNS_DOMAIN.de"},{"type":"dns","value":"*.DYNDNS_DOMAIN.de"}]}'
[Sun May 26 14:02:54 CEST 2019] RSA key
[Sun May 26 14:02:54 CEST 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun May 26 14:02:54 CEST 2019] HEAD
[Sun May 26 14:02:54 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sun May 26 14:02:54 CEST 2019] body
[Sun May 26 14:02:54 CEST 2019] _postContentType='application/jose+json'
[Sun May 26 14:02:54 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.0uEHeHbRq6  -g '
[Sun May 26 14:02:54 CEST 2019] _ret='0'
[Sun May 26 14:02:54 CEST 2019] _headers='HTTP/1.1 200 OK
Server: nginx
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 1254Ynbx3GCnLzdF2Szz5e9jjawNSVcrqvuLWmrisRI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Sun, 26 May 2019 12:02:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 26 May 2019 12:02:54 GMT
Connection: keep-alive
'
[Sun May 26 14:02:54 CEST 2019] _CACHED_NONCE='1254Ynbx3GCnLzdF2Szz5e9jjawNSVcrqvuLWmrisRI'
[Sun May 26 14:02:54 CEST 2019] nonce='1254Ynbx3GCnLzdF2Szz5e9jjawNSVcrqvuLWmrisRI'
[Sun May 26 14:02:54 CEST 2019] POST
[Sun May 26 14:02:54 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sun May 26 14:02:54 CEST 2019] body='{"protected": "eyJub25jZSI6ICIxMjU0WW5ieDNHQ25MemRGMlN6ejVlOWpqYXdOU1ZjcnF2dUxXbXJpc1JJIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85Mzg2OTI3In0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IkRlcldlcnJlcy5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5EZXJXZXJyZXMuZGUifV19", "signature": "w3jcS1ZTpzuGuey5JxUnYcu-KbjaPJTTz2LlAugMXB9tgp_XmrVQtZ98bSbpxclkWv2gvjJ9DCimGHElj7ZuzeZRyF2YE39tL506UAOk5vrmF_-V-L5SOm3uyCz-XsBMygLjH7PS2_h9ujSacDtuMEfxWPuiKSWJz2wF4LXeQrqGwDldALdlIdne6Aw6E-FOBtdUXt4SltwJ0VD7oToET2VL2bxWNn9vj0pfja-2xa_PMFKHk7LP0ftJnm5V1lC3-PzuYmP4dmcNAi6uivUnEBc190-82aS-JrEXV9HN9P1s8hrxVDH_nAilKDxGHLfji3gGAUy_KVkpmLqsKDmh-A"}'
[Sun May 26 14:02:54 CEST 2019] _postContentType='application/jose+json'
[Sun May 26 14:02:54 CEST 2019] Http already initialized.
[Sun May 26 14:02:54 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.0uEHeHbRq6  -g '
[Sun May 26 14:02:55 CEST 2019] _ret='0'
[Sun May 26 14:02:55 CEST 2019] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 548
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/9386927/35223502
Replay-Nonce: qZECwhiLiUxgUkjXwZTvc8UPUxT7AhSyf7ObFhBDZ-w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 26 May 2019 12:02:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 26 May 2019 12:02:55 GMT
Connection: keep-alive
'
[Sun May 26 14:02:55 CEST 2019] code='201'
[Sun May 26 14:02:55 CEST 2019] original='{
  "status": "pending",
  "expires": "2019-06-01T16:47:21Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.DYNDNS_DOMAIN.de"
    },
    {
      "type": "dns",
      "value": "DYNDNS_DOMAIN.de"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/35223502"
}'
[Sun May 26 14:02:55 CEST 2019] response='{"status":"pending","expires":"2019-06-01T16:47:21Z","identifiers":[{"type":"dns","value":"*.DYNDNS_DOMAIN.de"},{"type":"dns","value":"DYNDNS_DOMAIN.de"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4","https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/35223502"}'
[Sun May 26 14:02:55 CEST 2019] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/9386927/35223502'
[Sun May 26 14:02:55 CEST 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/35223502'
[Sun May 26 14:02:55 CEST 2019] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4,https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s'
[Sun May 26 14:02:55 CEST 2019] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4'
[Sun May 26 14:02:55 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4'
[Sun May 26 14:02:55 CEST 2019] payload
[Sun May 26 14:02:55 CEST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sun May 26 14:02:55 CEST 2019] Use _CACHED_NONCE='qZECwhiLiUxgUkjXwZTvc8UPUxT7AhSyf7ObFhBDZ-w'
[Sun May 26 14:02:55 CEST 2019] nonce='qZECwhiLiUxgUkjXwZTvc8UPUxT7AhSyf7ObFhBDZ-w'
[Sun May 26 14:02:55 CEST 2019] POST
[Sun May 26 14:02:55 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4'
[Sun May 26 14:02:55 CEST 2019] body='{"protected": "eyJub25jZSI6ICJxWkVDd2hpTGlVeGdVa2pYd1pUdmM4VVBVeFQ3QWhTeWY3T2JGaEJEWi13IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L0c2QW9aRXJXNDBjN0NGNjJBUWdNd0kxNktNLXJJajhMU2ZPQnVHd0hOazQiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTM4NjkyNyJ9", "payload": "", "signature": "pjoDQFMrgqwDSNRNMZl6JBjduE2zdjbjnPc3KeLalEWhDAt8d1zCXivK4fDTKA2P-GP3STqfHYcM1LalgwW6htiKF2rUwjiZM_XVEt1lYtlW2jUxuGZjLmpztstlC5fxYExXf3BaxFuprdiiDCZ6okRRCco5eJBAisM6E5PODgwnyvUgjj6g051HylUbTGKsZYrVWD1iD9OrvZL0K_RXzfY0XSnRwm0p3TOerbIykVF8UyVFqhq_csInF8tnPJVpIAs5vVR3QUuC6v3eHVlgKtXKOKQe7Fd0_NCX8SIwhf2NZHfH_FwUx5mrUUxgjtNvGzgLlnM4BDYa2xmS6Z0tUA"}'
[Sun May 26 14:02:55 CEST 2019] _postContentType='application/jose+json'
[Sun May 26 14:02:55 CEST 2019] Http already initialized.
[Sun May 26 14:02:55 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.0uEHeHbRq6  -g '
[Sun May 26 14:02:55 CEST 2019] _ret='0'
[Sun May 26 14:02:55 CEST 2019] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 429
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: WxUwTEoeH0uxnAX3hlC6Osu2j64ui6-Sg1WEcrXLEGs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 26 May 2019 12:02:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 26 May 2019 12:02:55 GMT
Connection: keep-alive
'
[Sun May 26 14:02:55 CEST 2019] code='200'
[Sun May 26 14:02:55 CEST 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "DYNDNS_DOMAIN.de"
  },
  "status": "pending",
  "expires": "2019-06-01T16:48:20Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4/315061874",
      "token": "ShAqOisDX3toUIRYRmCSeBmG3hqWEi77_JjtULMGnmQ"
    }
  ],
  "wildcard": true
}'
[Sun May 26 14:02:55 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:48:20Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4/315061874","token":"ShAqOisDX3toUIRYRmCSeBmG3hqWEi77_JjtULMGnmQ"}],"wildcard": true}'
[Sun May 26 14:02:55 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:48:20Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4/315061874","token":"ShAqOisDX3toUIRYRmCSeBmG3hqWEi77_JjtULMGnmQ"}],"wildcard": true}'
[Sun May 26 14:02:55 CEST 2019] _d='*.DYNDNS_DOMAIN.de'
[Sun May 26 14:02:55 CEST 2019] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s'
[Sun May 26 14:02:55 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s'
[Sun May 26 14:02:55 CEST 2019] payload
[Sun May 26 14:02:55 CEST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sun May 26 14:02:55 CEST 2019] Use _CACHED_NONCE='WxUwTEoeH0uxnAX3hlC6Osu2j64ui6-Sg1WEcrXLEGs'
[Sun May 26 14:02:55 CEST 2019] nonce='WxUwTEoeH0uxnAX3hlC6Osu2j64ui6-Sg1WEcrXLEGs'
[Sun May 26 14:02:55 CEST 2019] POST
[Sun May 26 14:02:55 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s'
[Sun May 26 14:02:55 CEST 2019] body='{"protected": "eyJub25jZSI6ICJXeFV3VEVvZUgwdXhuQVgzaGxDNk9zdTJqNjR1aTYtU2cxV0VjclhMRUdzIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L09yeXc1SC1QMV92S2hEMm0tLWJMbTdlaE5BNlltaGZ4RHB2cHAyN3JSLXMiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTM4NjkyNyJ9", "payload": "", "signature": "tMMKhsaznrLbE2u1FDxMpIIolioVclp-dNAo5VfGKEuJnWC1wxFuPzdgqCDRMOAN-49QtkX1M8RfYnUAfNdWZIKHZJZrvg_L7zwKGeQ_9--lNsl_UlO59d8wuJapDoucKAwP3jjyveNEoF8rXfaH_M5uDCdI5UmFxWq3aWvAi4t6gTgfguG5GWO2XNxgFvH-xQ4rKB9BXBVteprAiOjjbu7Ke2cUDP1l0o2liVQhx35rTZQOASDjXAVSNWEDapagK6Jvdgfo8Kq9IrH4SfutoCsmsiff0_dTppMqHOsQ3wQn77m-3oxoBtW1NBN8yJDpyRt-LxoRnWSQZ69_t8JPbg"}'
[Sun May 26 14:02:55 CEST 2019] _postContentType='application/jose+json'
[Sun May 26 14:02:55 CEST 2019] Http already initialized.
[Sun May 26 14:02:55 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.0uEHeHbRq6  -g '
[Sun May 26 14:02:55 CEST 2019] _ret='0'
[Sun May 26 14:02:55 CEST 2019] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 925
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: CiqKmkF94n7XRd6xcoQ2IQw4eX64rfo6wjhdVxymZpg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sun, 26 May 2019 12:02:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 26 May 2019 12:02:55 GMT
Connection: keep-alive
'
[Sun May 26 14:02:55 CEST 2019] code='200'
[Sun May 26 14:02:55 CEST 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "DYNDNS_DOMAIN.de"
  },
  "status": "pending",
  "expires": "2019-06-01T16:47:21Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061600",
      "token": "t_BEORgfMGfhhAcbCBwp8TjGw4ylQxga6Ap9nVN8urs"
    },
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061601",
      "token": "Y-sDw1Z_jU9JOMzkkSXFRN9NWb4rLd0HhgrbPhJ8dLs"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061602",
      "token": "YSmQ1GcyQmJKQux4PlSMqO5kkPnVjZguCKcl5CX1YSM"
    }
  ]
}'
[Sun May 26 14:02:55 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:47:21Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061600","token":"t_BEORgfMGfhhAcbCBwp8TjGw4ylQxga6Ap9nVN8urs"},{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061601","token":"Y-sDw1Z_jU9JOMzkkSXFRN9NWb4rLd0HhgrbPhJ8dLs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061602","token":"YSmQ1GcyQmJKQux4PlSMqO5kkPnVjZguCKcl5CX1YSM"}]}'
[Sun May 26 14:02:55 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:47:21Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061600","token":"t_BEORgfMGfhhAcbCBwp8TjGw4ylQxga6Ap9nVN8urs"},{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061601","token":"Y-sDw1Z_jU9JOMzkkSXFRN9NWb4rLd0HhgrbPhJ8dLs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061602","token":"YSmQ1GcyQmJKQux4PlSMqO5kkPnVjZguCKcl5CX1YSM"}]}'
[Sun May 26 14:02:55 CEST 2019] _d='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:55 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:47:21Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061600","token":"t_BEORgfMGfhhAcbCBwp8TjGw4ylQxga6Ap9nVN8urs"},{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061601","token":"Y-sDw1Z_jU9JOMzkkSXFRN9NWb4rLd0HhgrbPhJ8dLs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061602","token":"YSmQ1GcyQmJKQux4PlSMqO5kkPnVjZguCKcl5CX1YSM"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:48:20Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4/315061874","token":"ShAqOisDX3toUIRYRmCSeBmG3hqWEi77_JjtULMGnmQ"}],"wildcard": true}
'
[Sun May 26 14:02:55 CEST 2019] d='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:55 CEST 2019] Getting webroot for domain='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:55 CEST 2019] _w='dns_cf'
[Sun May 26 14:02:55 CEST 2019] _currentRoot='dns_cf'
[Sun May 26 14:02:55 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Sun May 26 14:02:55 CEST 2019] _idn_temp
[Sun May 26 14:02:55 CEST 2019] response
[Sun May 26 14:02:55 CEST 2019] get to authz error.
[Sun May 26 14:02:55 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:47:21Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061600","token":"t_BEORgfMGfhhAcbCBwp8TjGw4ylQxga6Ap9nVN8urs"},{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061601","token":"Y-sDw1Z_jU9JOMzkkSXFRN9NWb4rLd0HhgrbPhJ8dLs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Oryw5H-P1_vKhD2m--bLm7ehNA6YmhfxDpvpp27rR-s/315061602","token":"YSmQ1GcyQmJKQux4PlSMqO5kkPnVjZguCKcl5CX1YSM"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-06-01T16:48:20Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/G6AoZErW40c7CF62AQgMwI16KM-rIj8LSfOBuGwHNk4/315061874","token":"ShAqOisDX3toUIRYRmCSeBmG3hqWEi77_JjtULMGnmQ"}],"wildcard": true}
'
[Sun May 26 14:02:55 CEST 2019] pid
[Sun May 26 14:02:55 CEST 2019] No need to restore nginx, skip.
[Sun May 26 14:02:55 CEST 2019] _clearupdns
[Sun May 26 14:02:55 CEST 2019] dns_entries
[Sun May 26 14:02:55 CEST 2019] skip dns.
[Sun May 26 14:02:55 CEST 2019] _on_issue_err
[Sun May 26 14:02:55 CEST 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun May 26 14:02:55 CEST 2019] _chk_vlist
[Sun May 26 14:02:55 CEST 2019] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0j  20 Nov 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]     groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>        groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>       groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>      groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>        groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>     groups=FD,SOCKET
      ip-datagram:<host>:<protocol>     groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>       groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>       groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>      groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>       groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>      groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty       groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>       groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>       groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>        groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>      groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>        groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>        groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>        groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>       groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
root@GVM:~/GetWildCardCert#
XtraLarge commented 5 years ago

Hello, did you found the problem? Did I use it in a wrong way? Should I do anything else?

Neilpang commented 5 years ago

try 

acme.sh --issue --log --dns dns_cf --test --force --debug 2 --challenge-alias 'CF_DOMAIN.de' -d 'DYNDNS_DOMAIN.de' -d '*.DYNDNS_DOMAIN.de'  \
  --log-level 2
XtraLarge commented 5 years ago

Hello,

OK First I've updated your script withe the command "curl https://get.acme.sh | sh" after that I've used your command, but the only difference I've seen was the parameter "--log-level 2".

That's the console output: (I've noticed that the cloudflare domain was not used in this whole output)

[Wed Jul  3 21:27:08 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:08 CEST 2019] _idn_temp
[Wed Jul  3 21:27:08 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:08 CEST 2019] _idn_temp
[Wed Jul  3 21:27:08 CEST 2019] Wildcard domain
[Wed Jul  3 21:27:08 CEST 2019] Lets find script dir.
[Wed Jul  3 21:27:08 CEST 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed Jul  3 21:27:08 CEST 2019] _script='/root/.acme.sh/acme.sh'
[Wed Jul  3 21:27:08 CEST 2019] _script_home='/root/.acme.sh'
[Wed Jul  3 21:27:08 CEST 2019] Using config home:/root/.acme.sh
[Wed Jul  3 21:27:08 CEST 2019] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.2
[Wed Jul  3 21:27:08 CEST 2019] _main_domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:08 CEST 2019] _alt_domains='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:08 CEST 2019] Using config home:/root/.acme.sh
[Wed Jul  3 21:27:08 CEST 2019] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  3 21:27:08 CEST 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Jul  3 21:27:08 CEST 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Wed Jul  3 21:27:08 CEST 2019] DOMAIN_PATH='/root/.acme.sh/DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:08 CEST 2019] 'dns_cf' does not contain 'dns'
[Wed Jul  3 21:27:08 CEST 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  3 21:27:08 CEST 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  3 21:27:08 CEST 2019] GET
[Wed Jul  3 21:27:08 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Jul  3 21:27:08 CEST 2019] timeout=
[Wed Jul  3 21:27:08 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.mmcV7jFahP  -g '
[Wed Jul  3 21:27:08 CEST 2019] ret='0'
[Wed Jul  3 21:27:08 CEST 2019] response='{
  "QdwZTAe8saw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Wed Jul  3 21:27:09 CEST 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Wed Jul  3 21:27:09 CEST 2019] ACME_NEW_AUTHZ
[Wed Jul  3 21:27:09 CEST 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Jul  3 21:27:09 CEST 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Wed Jul  3 21:27:09 CEST 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed Jul  3 21:27:09 CEST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Wed Jul  3 21:27:09 CEST 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Jul  3 21:27:09 CEST 2019] ACME_VERSION='2'
[Wed Jul  3 21:27:09 CEST 2019] Le_NextRenewTime
[Wed Jul  3 21:27:09 CEST 2019] _on_before_issue
[Wed Jul  3 21:27:09 CEST 2019] _chk_main_domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _chk_alt_domains='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] 'dns_cf' does not contain 'no'
[Wed Jul  3 21:27:09 CEST 2019] Le_LocalAddress
[Wed Jul  3 21:27:09 CEST 2019] d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] Check for domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _currentRoot='dns_cf'
[Wed Jul  3 21:27:09 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] Check for domain='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _currentRoot='dns_cf'
[Wed Jul  3 21:27:09 CEST 2019] d
[Wed Jul  3 21:27:09 CEST 2019] 'dns_cf' does not contain 'apache'
[Wed Jul  3 21:27:09 CEST 2019] _saved_account_key_hash='wPqmjyx73XOGortSY1hAjlhP3Rpl4nj7gbSUv8nBknY='
[Wed Jul  3 21:27:09 CEST 2019] _saved_account_key_hash is not changed, skip register account.
[Wed Jul  3 21:27:09 CEST 2019] Read key length:
[Wed Jul  3 21:27:09 CEST 2019] _createcsr
[Wed Jul  3 21:27:09 CEST 2019] domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] domainlist='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] csrkey='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.key'
[Wed Jul  3 21:27:09 CEST 2019] csr='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.csr'
[Wed Jul  3 21:27:09 CEST 2019] csrconf='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.csr.conf'
[Wed Jul  3 21:27:09 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _idn_temp
[Wed Jul  3 21:27:09 CEST 2019] domainlist='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _idn_temp
[Wed Jul  3 21:27:09 CEST 2019] Multi domain='DNS:DYNDNS_DOMAIN.de,DNS:*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _idn_temp
[Wed Jul  3 21:27:09 CEST 2019] _csr_cn='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] Getting domain auth token for each domain
[Wed Jul  3 21:27:09 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _idn_temp
[Wed Jul  3 21:27:09 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:09 CEST 2019] _idn_temp
[Wed Jul  3 21:27:09 CEST 2019] d
[Wed Jul  3 21:27:09 CEST 2019] _identifiers='{"type":"dns","value":"DYNDNS_DOMAIN.de"},{"type":"dns","value":"*.DYNDNS_DOMAIN.de"}'
[Wed Jul  3 21:27:09 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Jul  3 21:27:09 CEST 2019] payload='{"identifiers": [{"type":"dns","value":"DYNDNS_DOMAIN.de"},{"type":"dns","value":"*.DYNDNS_DOMAIN.de"}]}'
[Wed Jul  3 21:27:09 CEST 2019] RSA key
[Wed Jul  3 21:27:09 CEST 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Jul  3 21:27:09 CEST 2019] HEAD
[Wed Jul  3 21:27:09 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Jul  3 21:27:09 CEST 2019] body
[Wed Jul  3 21:27:09 CEST 2019] _postContentType='application/jose+json'
[Wed Jul  3 21:27:09 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.PlL505IjNP  -g '
[Wed Jul  3 21:27:09 CEST 2019] _ret='0'
[Wed Jul  3 21:27:09 CEST 2019] _headers='HTTP/1.1 200 OK
Server: nginx
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: sN8o-nAcI2eEHRDlyYk28P9f0q0SPOr9fjfyuycGwWQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Wed, 03 Jul 2019 19:27:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Jul 2019 19:27:09 GMT
Connection: keep-alive
'
[Wed Jul  3 21:27:09 CEST 2019] _CACHED_NONCE='sN8o-nAcI2eEHRDlyYk28P9f0q0SPOr9fjfyuycGwWQ'
[Wed Jul  3 21:27:09 CEST 2019] nonce='sN8o-nAcI2eEHRDlyYk28P9f0q0SPOr9fjfyuycGwWQ'
[Wed Jul  3 21:27:09 CEST 2019] POST
[Wed Jul  3 21:27:09 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Jul  3 21:27:09 CEST 2019] body='{"protected": "eyJub25jZSI6ICJzTjhvLW5BY0kyZUVIUkRseVlrMjhQOWYwcTBTUE9yOWZqZnl1eWNHd1dRIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85Mzg2OTI3In0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IkRlcldlcnJlcy5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5EZXJXZXJyZXMuZGUifV19", "signature": "PqCCq7ZT5vT7oIUfeQ43SpMQh9EOJVQr4YuCFOxTK-eqX9BTRi5DYy_eaBLgKkQvlJYBkFy2tnDyuRnqd0Yf4Fy1LKo9dSTc9YPKooGDGWKNYPz8NgTWe64Oq8H2qPHYonvLHVvIg5KM5Lu0UMpZ9pMcEL6eZBLcr5MhStOIbCOwetGTHIP7IQCC21AH6H4iqYxebyV9Xxta-Wd2coL6EGf8Wq25g62zuV_KAEyOZAMD0zZAgwxNagjFDFOlGWH9IPY65BWWGfWE1WbVkX3aFo3FgFM7UtaTU81w68x_NGPVsHKL9aO3j_giabDwTDk47SHR7qaj8ZzND5X_M9FbYg"}'
[Wed Jul  3 21:27:09 CEST 2019] _postContentType='application/jose+json'
[Wed Jul  3 21:27:09 CEST 2019] Http already initialized.
[Wed Jul  3 21:27:09 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.PlL505IjNP  -g '
[Wed Jul  3 21:27:10 CEST 2019] _ret='0'
[Wed Jul  3 21:27:10 CEST 2019] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 490
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/9386927/39219811
Replay-Nonce: y9w5QlEBQWMNpL5msHzVJzuZtBI3XglQm_DtZ9rc7S0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 Jul 2019 19:27:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Jul 2019 19:27:10 GMT
Connection: keep-alive
'
[Wed Jul  3 21:27:10 CEST 2019] code='201'
[Wed Jul  3 21:27:10 CEST 2019] original='{
  "status": "pending",
  "expires": "2019-07-10T19:27:10.051912282Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.DYNDNS_DOMAIN.de"
    },
    {
      "type": "dns",
      "value": "DYNDNS_DOMAIN.de"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/39219811"
}'
[Wed Jul  3 21:27:10 CEST 2019] response='{"status":"pending","expires":"2019-07-10T19:27:10.051912282Z","identifiers":[{"type":"dns","value":"*.DYNDNS_DOMAIN.de"},{"type":"dns","value":"DYNDNS_DOMAIN.de"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581","https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/39219811"}'
[Wed Jul  3 21:27:10 CEST 2019] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/9386927/39219811'
[Wed Jul  3 21:27:10 CEST 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/39219811'
[Wed Jul  3 21:27:10 CEST 2019] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581,https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582'
[Wed Jul  3 21:27:10 CEST 2019] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581'
[Wed Jul  3 21:27:10 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581'
[Wed Jul  3 21:27:10 CEST 2019] payload
[Wed Jul  3 21:27:10 CEST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Wed Jul  3 21:27:10 CEST 2019] Use _CACHED_NONCE='y9w5QlEBQWMNpL5msHzVJzuZtBI3XglQm_DtZ9rc7S0'
[Wed Jul  3 21:27:10 CEST 2019] nonce='y9w5QlEBQWMNpL5msHzVJzuZtBI3XglQm_DtZ9rc7S0'
[Wed Jul  3 21:27:10 CEST 2019] POST
[Wed Jul  3 21:27:10 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581'
[Wed Jul  3 21:27:10 CEST 2019] body='{"protected": "eyJub25jZSI6ICJ5OXc1UWxFQlFXTU5wTDVtc0h6Vkp6dVp0QkkzWGdsUW1fRHRaOXJjN1MwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L3YyLzQ0NjU4MSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85Mzg2OTI3In0", "payload": "", "signature": "lmcvBRSSXiflmahEs_GH05HtEjY3LPT_V9tNCdhmEOsrjahGdzcEsrQ6CFnyeFoC-u6yW8BC2Mf6vDNHZDCnJBvhn-RCav8mqG-VQogLeS58kQOFih2TBpl5jjxJDnD5VppOc6sajfbtUHTcq3AE8feQiReMbkuWcZrsGwXnrdz5ZS0d_ckLZiUK0Uq3xEyxOAGCL3GUY5QVw2wJ22HoQa7TzdJIaCH0u1GMd4TEWe_PdvdGv9uWo7-BbHB12bQRs2OSk9hbYsm-f0BWKif_FIgptgmxAUXTkrJo1nY_PlnOaMJWy-R0be87nyYtBdgtUIEkoucDm5iPNs7Zh6KA3A"}'
[Wed Jul  3 21:27:10 CEST 2019] _postContentType='application/jose+json'
[Wed Jul  3 21:27:10 CEST 2019] Http already initialized.
[Wed Jul  3 21:27:10 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.PlL505IjNP  -g '
[Wed Jul  3 21:27:10 CEST 2019] _ret='0'
[Wed Jul  3 21:27:10 CEST 2019] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 392
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: mMqyiLpF1E7PCuVvlQXGGwpZa1JF-9Gx2RTu8z1_w70
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 Jul 2019 19:27:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Jul 2019 19:27:10 GMT
Connection: keep-alive
'
[Wed Jul  3 21:27:10 CEST 2019] code='200'
[Wed Jul  3 21:27:10 CEST 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "DYNDNS_DOMAIN.de"
  },
  "status": "pending",
  "expires": "2019-07-10T19:27:10Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA",
      "token": "heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"
    }
  ],
  "wildcard": true
}'
[Wed Jul  3 21:27:10 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA","token":"heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"}],"wildcard": true}'
[Wed Jul  3 21:27:10 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA","token":"heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"}],"wildcard": true}'
[Wed Jul  3 21:27:10 CEST 2019] _d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:10 CEST 2019] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582'
[Wed Jul  3 21:27:10 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582'
[Wed Jul  3 21:27:10 CEST 2019] payload
[Wed Jul  3 21:27:10 CEST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Wed Jul  3 21:27:10 CEST 2019] Use _CACHED_NONCE='mMqyiLpF1E7PCuVvlQXGGwpZa1JF-9Gx2RTu8z1_w70'
[Wed Jul  3 21:27:10 CEST 2019] nonce='mMqyiLpF1E7PCuVvlQXGGwpZa1JF-9Gx2RTu8z1_w70'
[Wed Jul  3 21:27:10 CEST 2019] POST
[Wed Jul  3 21:27:10 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582'
[Wed Jul  3 21:27:10 CEST 2019] body='{"protected": "eyJub25jZSI6ICJtTXF5aUxwRjFFN1BDdVZ2bFFYR0d3cFphMUpGLTlHeDJSVHU4ejFfdzcwIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L3YyLzQ0NjU4MiIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85Mzg2OTI3In0", "payload": "", "signature": "cctIZ-3Lf-KS0I8N_n9NowbUFsR2Dx0ECE_c5slyw-T_Ja7gcHY42977wcyYeYG_aOY7gKPDeexFHGdm9RQE9cGdGLPOt-OPeX8ae3I4H2n-if3DaCLN-3OWCyMByzUchnCOVQT11BpIr_w2m9w3HVN0fYNoNc0Lsl5gX_Kk2oHYKT-CDv1jFsnijotdJA8Y6Tdb_atkULCnOQip1jrWNUAuRyxmUUNySQC6CxqICgDLxA8P_30mrYv-k2RFzeir-i5GYtTGMmiACsKFPP6Yky65RlTm_s7khjNCHccD75VMGtpC7jrzEd0IzLn52ZDd1jqcJR925wHz6ZYAOlXxLg"}'
[Wed Jul  3 21:27:10 CEST 2019] _postContentType='application/jose+json'
[Wed Jul  3 21:27:10 CEST 2019] Http already initialized.
[Wed Jul  3 21:27:10 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.PlL505IjNP  -g '
[Wed Jul  3 21:27:10 CEST 2019] _ret='0'
[Wed Jul  3 21:27:10 CEST 2019] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 814
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: XLfsK4J4MFGiWlTOJ9LQ6F5y-W3Mwt1VqsgszcgxCeU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 Jul 2019 19:27:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Jul 2019 19:27:10 GMT
Connection: keep-alive
'
[Wed Jul  3 21:27:10 CEST 2019] code='200'
[Wed Jul  3 21:27:10 CEST 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "DYNDNS_DOMAIN.de"
  },
  "status": "pending",
  "expires": "2019-07-10T19:27:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA",
      "token": "-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g",
      "token": "-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g",
      "token": "-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"
    }
  ]
}'
[Wed Jul  3 21:27:10 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"}]}'
[Wed Jul  3 21:27:10 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"}]}'
[Wed Jul  3 21:27:11 CEST 2019] _d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA","token":"heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"}],"wildcard": true}
'
[Wed Jul  3 21:27:11 CEST 2019] d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] Getting webroot for domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _w='dns_cf'
[Wed Jul  3 21:27:11 CEST 2019] _currentRoot='dns_cf'
[Wed Jul  3 21:27:11 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _idn_temp
[Wed Jul  3 21:27:11 CEST 2019] response
[Wed Jul  3 21:27:11 CEST 2019] get to authz error.
[Wed Jul  3 21:27:11 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA","token":"heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"}],"wildcard": true}
'
[Wed Jul  3 21:27:11 CEST 2019] pid
[Wed Jul  3 21:27:11 CEST 2019] No need to restore nginx, skip.
[Wed Jul  3 21:27:11 CEST 2019] _clearupdns
[Wed Jul  3 21:27:11 CEST 2019] dns_entries
[Wed Jul  3 21:27:11 CEST 2019] skip dns.
[Wed Jul  3 21:27:11 CEST 2019] _on_issue_err
[Wed Jul  3 21:27:11 CEST 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Wed Jul  3 21:27:11 CEST 2019] _chk_vlist
[Wed Jul  3 21:27:11 CEST 2019] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0k  28 May 2019
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]     groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>        groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>       groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>      groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>        groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>     groups=FD,SOCKET
      ip-datagram:<host>:<protocol>     groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>       groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>       groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>      groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>       groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>      groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty       groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>       groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>       groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>        groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>      groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>        groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>        groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>        groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>       groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
[Wed Jul  3 21:27:11 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _idn_temp
[Wed Jul  3 21:27:11 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _idn_temp
[Wed Jul  3 21:27:11 CEST 2019] Wildcard domain
[Wed Jul  3 21:27:11 CEST 2019] Lets find script dir.
[Wed Jul  3 21:27:11 CEST 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed Jul  3 21:27:11 CEST 2019] _script='/root/.acme.sh/acme.sh'
[Wed Jul  3 21:27:11 CEST 2019] _script_home='/root/.acme.sh'
[Wed Jul  3 21:27:11 CEST 2019] Using config home:/root/.acme.sh
[Wed Jul  3 21:27:11 CEST 2019] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.2
[Wed Jul  3 21:27:11 CEST 2019] _main_domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _alt_domains='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] Using config home:/root/.acme.sh
[Wed Jul  3 21:27:11 CEST 2019] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  3 21:27:11 CEST 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Jul  3 21:27:11 CEST 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Wed Jul  3 21:27:11 CEST 2019] DOMAIN_PATH='/root/.acme.sh/DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] 'dns_cf' does not contain 'dns'
[Wed Jul  3 21:27:11 CEST 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  3 21:27:11 CEST 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Jul  3 21:27:11 CEST 2019] GET
[Wed Jul  3 21:27:11 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Jul  3 21:27:11 CEST 2019] timeout=
[Wed Jul  3 21:27:11 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.GmZiAfYie9  -g '
[Wed Jul  3 21:27:11 CEST 2019] ret='0'
[Wed Jul  3 21:27:11 CEST 2019] response='{
  "X6s0QRxH9lw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Wed Jul  3 21:27:11 CEST 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Wed Jul  3 21:27:11 CEST 2019] ACME_NEW_AUTHZ
[Wed Jul  3 21:27:11 CEST 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Jul  3 21:27:11 CEST 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Wed Jul  3 21:27:11 CEST 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed Jul  3 21:27:11 CEST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Wed Jul  3 21:27:11 CEST 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Jul  3 21:27:11 CEST 2019] ACME_VERSION='2'
[Wed Jul  3 21:27:11 CEST 2019] Le_NextRenewTime
[Wed Jul  3 21:27:11 CEST 2019] _on_before_issue
[Wed Jul  3 21:27:11 CEST 2019] _chk_main_domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _chk_alt_domains='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] 'dns_cf' does not contain 'no'
[Wed Jul  3 21:27:11 CEST 2019] Le_LocalAddress
[Wed Jul  3 21:27:11 CEST 2019] d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] Check for domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _currentRoot='dns_cf'
[Wed Jul  3 21:27:11 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] Check for domain='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _currentRoot='dns_cf'
[Wed Jul  3 21:27:11 CEST 2019] d
[Wed Jul  3 21:27:11 CEST 2019] 'dns_cf' does not contain 'apache'
[Wed Jul  3 21:27:11 CEST 2019] _saved_account_key_hash='wPqmjyx73XOGortSY1hAjlhP3Rpl4nj7gbSUv8nBknY='
[Wed Jul  3 21:27:11 CEST 2019] _saved_account_key_hash is not changed, skip register account.
[Wed Jul  3 21:27:11 CEST 2019] Read key length:
[Wed Jul  3 21:27:11 CEST 2019] _createcsr
[Wed Jul  3 21:27:11 CEST 2019] domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] domainlist='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] csrkey='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.key'
[Wed Jul  3 21:27:11 CEST 2019] csr='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.csr'
[Wed Jul  3 21:27:11 CEST 2019] csrconf='/root/.acme.sh/DYNDNS_DOMAIN.de/DYNDNS_DOMAIN.de.csr.conf'
[Wed Jul  3 21:27:11 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _idn_temp
[Wed Jul  3 21:27:11 CEST 2019] domainlist='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _idn_temp
[Wed Jul  3 21:27:11 CEST 2019] Multi domain='DNS:DYNDNS_DOMAIN.de,DNS:*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] _idn_temp
[Wed Jul  3 21:27:11 CEST 2019] _csr_cn='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:11 CEST 2019] Getting domain auth token for each domain
[Wed Jul  3 21:27:11 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:12 CEST 2019] _idn_temp
[Wed Jul  3 21:27:12 CEST 2019] d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:12 CEST 2019] _is_idn_d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:12 CEST 2019] _idn_temp
[Wed Jul  3 21:27:12 CEST 2019] d
[Wed Jul  3 21:27:12 CEST 2019] _identifiers='{"type":"dns","value":"DYNDNS_DOMAIN.de"},{"type":"dns","value":"*.DYNDNS_DOMAIN.de"}'
[Wed Jul  3 21:27:12 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Jul  3 21:27:12 CEST 2019] payload='{"identifiers": [{"type":"dns","value":"DYNDNS_DOMAIN.de"},{"type":"dns","value":"*.DYNDNS_DOMAIN.de"}]}'
[Wed Jul  3 21:27:12 CEST 2019] RSA key
[Wed Jul  3 21:27:12 CEST 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Jul  3 21:27:12 CEST 2019] HEAD
[Wed Jul  3 21:27:12 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Jul  3 21:27:12 CEST 2019] body
[Wed Jul  3 21:27:12 CEST 2019] _postContentType='application/jose+json'
[Wed Jul  3 21:27:12 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.ULXQnAM9Yy  -g '
[Wed Jul  3 21:27:12 CEST 2019] _ret='0'
[Wed Jul  3 21:27:12 CEST 2019] _headers='HTTP/1.1 200 OK
Server: nginx
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: qtZpyzWPAqjBacB7yfttg52iVSpbMs__swPg1jtC-ro
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Content-Length: 0
Expires: Wed, 03 Jul 2019 19:27:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Jul 2019 19:27:12 GMT
Connection: keep-alive
'
[Wed Jul  3 21:27:12 CEST 2019] _CACHED_NONCE='qtZpyzWPAqjBacB7yfttg52iVSpbMs__swPg1jtC-ro'
[Wed Jul  3 21:27:12 CEST 2019] nonce='qtZpyzWPAqjBacB7yfttg52iVSpbMs__swPg1jtC-ro'
[Wed Jul  3 21:27:12 CEST 2019] POST
[Wed Jul  3 21:27:12 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Jul  3 21:27:12 CEST 2019] body='{"protected": "eyJub25jZSI6ICJxdFpweXpXUEFxakJhY0I3eWZ0dGc1MmlWU3BiTXNfX3N3UGcxanRDLXJvIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85Mzg2OTI3In0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IkRlcldlcnJlcy5kZSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5EZXJXZXJyZXMuZGUifV19", "signature": "sSHthlaPfAkyxg2UDuacXx9Cq4MyY0kn4R0SrUUnIYSMCKz5OWfVQqnx6d7apITn-b2TZXF5D5bEcJ4PPi6v1uJ5fgrPKLVesy15kg7yMojuUy7ebYN6UtM_MYRoW35yZbQv0j2Gm1psu3gJJUqwGoHpfmKK_IbxewyQrsGPVe3Qr5yYYyP3ELJHviJsubYZ1ipBXFCe-YfdFxGUammat6FKaYWx-hAyXNYCDVYqlfoHPDr83qX6w79_8YuqYjURLJfZamFNBItdF6-MmOpD6CGzapAEROFvFDuZb9KwxZTBXZVf-g_mCh9vjJSuh4m27DzgyOeLi8pfGUR02bLB2Q"}'
[Wed Jul  3 21:27:12 CEST 2019] _postContentType='application/jose+json'
[Wed Jul  3 21:27:12 CEST 2019] Http already initialized.
[Wed Jul  3 21:27:12 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.ULXQnAM9Yy  -g '
[Wed Jul  3 21:27:12 CEST 2019] _ret='0'
[Wed Jul  3 21:27:12 CEST 2019] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 480
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/9386927/39219811
Replay-Nonce: 15sjiaiUUe_UhtEZsOuYsb3HW2RocLVZifGZECKw-dk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 Jul 2019 19:27:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Jul 2019 19:27:12 GMT
Connection: keep-alive
'
[Wed Jul  3 21:27:12 CEST 2019] code='201'
[Wed Jul  3 21:27:12 CEST 2019] original='{
  "status": "pending",
  "expires": "2019-07-10T19:27:10Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.DYNDNS_DOMAIN.de"
    },
    {
      "type": "dns",
      "value": "DYNDNS_DOMAIN.de"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/39219811"
}'
[Wed Jul  3 21:27:12 CEST 2019] response='{"status":"pending","expires":"2019-07-10T19:27:10Z","identifiers":[{"type":"dns","value":"*.DYNDNS_DOMAIN.de"},{"type":"dns","value":"DYNDNS_DOMAIN.de"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581","https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/39219811"}'
[Wed Jul  3 21:27:12 CEST 2019] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/9386927/39219811'
[Wed Jul  3 21:27:12 CEST 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/9386927/39219811'
[Wed Jul  3 21:27:12 CEST 2019] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581,https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582'
[Wed Jul  3 21:27:12 CEST 2019] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581'
[Wed Jul  3 21:27:12 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581'
[Wed Jul  3 21:27:12 CEST 2019] payload
[Wed Jul  3 21:27:12 CEST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Wed Jul  3 21:27:12 CEST 2019] Use _CACHED_NONCE='15sjiaiUUe_UhtEZsOuYsb3HW2RocLVZifGZECKw-dk'
[Wed Jul  3 21:27:12 CEST 2019] nonce='15sjiaiUUe_UhtEZsOuYsb3HW2RocLVZifGZECKw-dk'
[Wed Jul  3 21:27:12 CEST 2019] POST
[Wed Jul  3 21:27:12 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446581'
[Wed Jul  3 21:27:12 CEST 2019] body='{"protected": "eyJub25jZSI6ICIxNXNqaWFpVVVlX1VodEVac091WXNiM0hXMlJvY0xWWmlmR1pFQ0t3LWRrIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L3YyLzQ0NjU4MSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85Mzg2OTI3In0", "payload": "", "signature": "b0mfc3XIo1J1jUwNPupyJi-omhL7ULCm_v-xJt4mjSo0n1QZ0ewdVZ6X-4kFmoCAh6Od6xj145M3FeLqOA3sylGiK5vOcBXhh8_-3ijgtywfl4XhHagM77LIJtNEsKSte1-qW5DBFG5xih8zSaLBmBc7f5b1tC1Q2Ya_rL6LgdxsEbQLxbVV-IuFesLBerTOZ3VA-tqMMvmk2FkCpBMgomCC4FLGkpqV6qypdfP0-I_v9lLglHtvdivTpvrazBcZTMMBNlLTWuR1ZdCu3aSthNWtPA9JJjoApv8yKq4omQ-GzLtXlrhqiixvFla4DuljrsPipRy4MUxRlM-5eK-XbQ"}'
[Wed Jul  3 21:27:12 CEST 2019] _postContentType='application/jose+json'
[Wed Jul  3 21:27:12 CEST 2019] Http already initialized.
[Wed Jul  3 21:27:12 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.ULXQnAM9Yy  -g '
[Wed Jul  3 21:27:13 CEST 2019] _ret='0'
[Wed Jul  3 21:27:13 CEST 2019] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 392
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: IrwHRQ2HZnV8lVTk4TSC32IKfEdnhqLWu_ubkvX8law
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 Jul 2019 19:27:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Jul 2019 19:27:13 GMT
Connection: keep-alive
'
[Wed Jul  3 21:27:13 CEST 2019] code='200'
[Wed Jul  3 21:27:13 CEST 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "DYNDNS_DOMAIN.de"
  },
  "status": "pending",
  "expires": "2019-07-10T19:27:10Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA",
      "token": "heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"
    }
  ],
  "wildcard": true
}'
[Wed Jul  3 21:27:13 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA","token":"heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"}],"wildcard": true}'
[Wed Jul  3 21:27:13 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA","token":"heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"}],"wildcard": true}'
[Wed Jul  3 21:27:13 CEST 2019] _d='*.DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:13 CEST 2019] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582'
[Wed Jul  3 21:27:13 CEST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582'
[Wed Jul  3 21:27:13 CEST 2019] payload
[Wed Jul  3 21:27:13 CEST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Wed Jul  3 21:27:13 CEST 2019] Use _CACHED_NONCE='IrwHRQ2HZnV8lVTk4TSC32IKfEdnhqLWu_ubkvX8law'
[Wed Jul  3 21:27:13 CEST 2019] nonce='IrwHRQ2HZnV8lVTk4TSC32IKfEdnhqLWu_ubkvX8law'
[Wed Jul  3 21:27:13 CEST 2019] POST
[Wed Jul  3 21:27:13 CEST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/446582'
[Wed Jul  3 21:27:13 CEST 2019] body='{"protected": "eyJub25jZSI6ICJJcndIUlEySFpuVjhsVlRrNFRTQzMySUtmRWRuaHFMV3VfdWJrdlg4bGF3IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6L3YyLzQ0NjU4MiIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85Mzg2OTI3In0", "payload": "", "signature": "Zk32z3I900bLn7xo9gW-4FkRDonmcE9a_ZtBoj_YR5HCxBAGiBjd5faOR6DJfc0k_qXIxlN-y_sqmawjmnJumyLMByGy03FDGHHMvLfBcbMyrGX08dS4zPf-FuQ-9clyUKjYAwnFqQRL2MANIvdMx2RZ2VQlWlvdk1E4_yqxsYJfPA1FoG0MtdHu6TOSR90K3qlXETClI35cpnDNU4UIxsbb6JkK6rDJudVmX-QjzvmNpTFUEU1xrHzdpDoRIbxGINQiBs9E_ToeajBn6yWzuEyftCxSVpJMuyWYoAF1lQnMBffynyIzedHDsBBqs1BvWwbqE2RCenA1LbLVCMn4sg"}'
[Wed Jul  3 21:27:13 CEST 2019] _postContentType='application/jose+json'
[Wed Jul  3 21:27:13 CEST 2019] Http already initialized.
[Wed Jul  3 21:27:13 CEST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.ULXQnAM9Yy  -g '
[Wed Jul  3 21:27:13 CEST 2019] _ret='0'
[Wed Jul  3 21:27:13 CEST 2019] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 814
Boulder-Requester: 9386927
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: SPIr1rox33zo0sKmQAVZKaFGLQ0y32Q0yYKO-JEn-SM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 Jul 2019 19:27:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 Jul 2019 19:27:13 GMT
Connection: keep-alive
'
[Wed Jul  3 21:27:13 CEST 2019] code='200'
[Wed Jul  3 21:27:13 CEST 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "DYNDNS_DOMAIN.de"
  },
  "status": "pending",
  "expires": "2019-07-10T19:27:10Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA",
      "token": "-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g",
      "token": "-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g",
      "token": "-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"
    }
  ]
}'
[Wed Jul  3 21:27:13 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"}]}'
[Wed Jul  3 21:27:13 CEST 2019] response='{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"}]}'
[Wed Jul  3 21:27:13 CEST 2019] _d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:13 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA","token":"heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"}],"wildcard": true}
'
[Wed Jul  3 21:27:13 CEST 2019] d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:13 CEST 2019] Getting webroot for domain='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:13 CEST 2019] _w='dns_cf'
[Wed Jul  3 21:27:13 CEST 2019] _currentRoot='dns_cf'
[Wed Jul  3 21:27:13 CEST 2019] _is_idn_d='DYNDNS_DOMAIN.de'
[Wed Jul  3 21:27:13 CEST 2019] _idn_temp
[Wed Jul  3 21:27:13 CEST 2019] response
[Wed Jul  3 21:27:13 CEST 2019] get to authz error.
[Wed Jul  3 21:27:13 CEST 2019] _authorizations_map='DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/ak-ThA","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/y_211g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446582/2UJd6g","token":"-4hzYN5XHYg0ulIlM_nNQjhs-xNodt7rHXNsfACySSc"}]}
*.DYNDNS_DOMAIN.de,{"identifier":{"type":"dns","value":"DYNDNS_DOMAIN.de"},"status":"pending","expires":"2019-07-10T19:27:10Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/v2/446581/u48fVA","token":"heheLkhbyjiccFjS9VEP2eagNHrn1vLmXf_couM3DtU"}],"wildcard": true}
'
[Wed Jul  3 21:27:13 CEST 2019] pid
[Wed Jul  3 21:27:13 CEST 2019] No need to restore nginx, skip.
[Wed Jul  3 21:27:13 CEST 2019] _clearupdns
[Wed Jul  3 21:27:13 CEST 2019] dns_entries
[Wed Jul  3 21:27:13 CEST 2019] skip dns.
[Wed Jul  3 21:27:13 CEST 2019] _on_issue_err
[Wed Jul  3 21:27:13 CEST 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Wed Jul  3 21:27:13 CEST 2019] _chk_vlist
[Wed Jul  3 21:27:13 CEST 2019] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0k  28 May 2019
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]     groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>        groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>       groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>      groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>        groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>     groups=FD,SOCKET
      ip-datagram:<host>:<protocol>     groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>       groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>       groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>      groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>       groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>      groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty       groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>       groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>       groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>        groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>      groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>        groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>        groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>        groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>       groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX