renewing certs failing since update from 2.8.0 to 2.8.4

[jay7210]

Steps to reproduce

Issue happens when updating certs. set up using https://www.naschenweng.info/2017/01/06/securing-ubiquiti-unifi-cloud-key-encrypt-automatic-dns-01-challenge/

Works fine on acme.sh 2.8.0 but once updated (curl https://get.acme.sh | sh) to 2.8.4 returns the error

invalid domain - Error add txt for domain:_acme-challenge.###.#

Command:

acme.sh --force --issue --dns dnscf -d MY.WEBSITE.# --pre-hook "touch /etc/ssl/private/cert.tar; tar -zcvf /root/.acme.sh/CloudKeySSLdate +%Y-%m-%d_%H.%M.%S.tgz /etc/ssl/private/*" --fullchainpath /etc/ssl/private/cloudkey.crt --keypath /etc/ssl/private/cloudkey.key --reloadcmd "sh /root/.acme.sh/cloudkey-renew-hook.sh" --debug

Debug log

[Sat Nov 23 14:29:55 PST 2019] Lets find script dir.
[Sat Nov 23 14:29:55 PST 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sat Nov 23 14:29:55 PST 2019] _script='/root/.acme.sh/acme.sh'
[Sat Nov 23 14:29:55 PST 2019] _script_home='/root/.acme.sh'
[Sat Nov 23 14:29:55 PST 2019] Using config home:/root/.acme.sh
[Sat Nov 23 14:29:55 PST 2019] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.4
[Sat Nov 23 14:29:55 PST 2019] Running cmd: issue
[Sat Nov 23 14:29:55 PST 2019] _main_domain='unifi.six-pintail.tech'
[Sat Nov 23 14:29:55 PST 2019] _alt_domains='no'
[Sat Nov 23 14:29:55 PST 2019] Using config home:/root/.acme.sh
[Sat Nov 23 14:29:55 PST 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat Nov 23 14:29:55 PST 2019] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sat Nov 23 14:29:55 PST 2019] DOMAIN_PATH='/root/.acme.sh/unifi.six-pintail.tech'
[Sat Nov 23 14:29:55 PST 2019] 'dns_cf' does not contain 'dns'
[Sat Nov 23 14:29:55 PST 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 23 14:29:55 PST 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 23 14:29:55 PST 2019] GET
[Sat Nov 23 14:29:55 PST 2019] url='https://acme-v02.api.letsencrypt.org/directory'
[Sat Nov 23 14:29:55 PST 2019] timeout=
[Sat Nov 23 14:29:55 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.ZUbkm0ujo7  -g '
[Sat Nov 23 14:29:56 PST 2019] ret='0'
[Sat Nov 23 14:29:56 PST 2019] response='{
  "Y6Rwh7-BNnY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Nov 23 14:29:56 PST 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sat Nov 23 14:29:56 PST 2019] ACME_NEW_AUTHZ
[Sat Nov 23 14:29:56 PST 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Nov 23 14:29:56 PST 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sat Nov 23 14:29:56 PST 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Nov 23 14:29:56 PST 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Nov 23 14:29:56 PST 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Nov 23 14:29:56 PST 2019] ACME_VERSION='2'
[Sat Nov 23 14:29:56 PST 2019] Le_NextRenewTime
[Sat Nov 23 14:29:56 PST 2019] _on_before_issue
[Sat Nov 23 14:29:56 PST 2019] _chk_main_domain='unifi.six-pintail.tech'
[Sat Nov 23 14:29:56 PST 2019] _chk_alt_domains
[Sat Nov 23 14:29:56 PST 2019] Run pre hook:'touch /etc/ssl/private/cert.tar; tar -zcvf /root/.acme.sh/CloudKeySSL_2019-11-23_14.29.55.tgz /etc/ssl/private/*'
tar: Removing leading `/' from member names
/etc/ssl/private/cert.tar
/etc/ssl/private/cloudkey.crt
/etc/ssl/private/cloudkey.key
/etc/ssl/private/unifi.keystore.jks
/etc/ssl/private/unifi.keystore.jks.md5
[Sat Nov 23 14:29:56 PST 2019] 'dns_cf' does not contain 'no'
[Sat Nov 23 14:29:56 PST 2019] Le_LocalAddress
[Sat Nov 23 14:29:56 PST 2019] d='unifi.six-pintail.tech'
[Sat Nov 23 14:29:56 PST 2019] Check for domain='unifi.six-pintail.tech'
[Sat Nov 23 14:29:56 PST 2019] _currentRoot='dns_cf'
[Sat Nov 23 14:29:56 PST 2019] d
[Sat Nov 23 14:29:56 PST 2019] 'dns_cf' does not contain 'apache'
[Sat Nov 23 14:29:56 PST 2019] _saved_account_key_hash='*************************************'
[Sat Nov 23 14:29:56 PST 2019] _saved_account_key_hash is not changed, skip register account.
[Sat Nov 23 14:29:56 PST 2019] Read key length:
[Sat Nov 23 14:29:56 PST 2019] _createcsr
[Sat Nov 23 14:29:56 PST 2019] domain='unifi.six-pintail.tech'
[Sat Nov 23 14:29:56 PST 2019] domainlist
[Sat Nov 23 14:29:56 PST 2019] csrkey='/root/.acme.sh/unifi.six-pintail.tech/unifi.six-pintail.tech.key'
[Sat Nov 23 14:29:56 PST 2019] csr='/root/.acme.sh/unifi.six-pintail.tech/unifi.six-pintail.tech.csr'
[Sat Nov 23 14:29:56 PST 2019] csrconf='/root/.acme.sh/unifi.six-pintail.tech/unifi.six-pintail.tech.csr.conf'
[Sat Nov 23 14:29:56 PST 2019] Single domain='unifi.six-pintail.tech'
[Sat Nov 23 14:29:56 PST 2019] _is_idn_d='unifi.six-pintail.tech'
[Sat Nov 23 14:29:56 PST 2019] _idn_temp
[Sat Nov 23 14:29:56 PST 2019] _is_idn_d='unifi.six-pintail.tech'
[Sat Nov 23 14:29:57 PST 2019] _idn_temp
[Sat Nov 23 14:29:57 PST 2019] _csr_cn='unifi.six-pintail.tech'
[Sat Nov 23 14:29:57 PST 2019] Getting domain auth token for each domain
[Sat Nov 23 14:29:57 PST 2019] _is_idn_d='unifi.six-pintail.tech'
[Sat Nov 23 14:29:57 PST 2019] _idn_temp
[Sat Nov 23 14:29:57 PST 2019] d
[Sat Nov 23 14:29:57 PST 2019] _identifiers='{"type":"dns","value":"unifi.six-pintail.tech"}'
[Sat Nov 23 14:29:57 PST 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Nov 23 14:29:57 PST 2019] payload='{"identifiers": [{"type":"dns","value":"unifi.six-pintail.tech"}]}'
[Sat Nov 23 14:29:57 PST 2019] RSA key
[Sat Nov 23 14:29:57 PST 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Nov 23 14:29:57 PST 2019] HEAD
[Sat Nov 23 14:29:57 PST 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Nov 23 14:29:57 PST 2019] body
[Sat Nov 23 14:29:57 PST 2019] _postContentType='application/jose+json'
[Sat Nov 23 14:29:57 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Ea0T8L1Vu1  -g  -I  '
[Sat Nov 23 14:29:57 PST 2019] _ret='0'
[Sat Nov 23 14:29:58 PST 2019] _headers='HTTP/2 200 
server: nginx
date: Sat, 23 Nov 2019 22:29:57 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002QZ1P20ghWaIWN2EEUONLzuedsJINSQIUSSz36Wn5bpw
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Nov 23 14:29:58 PST 2019] _CACHED_NONCE='0002QZ1P20ghWaIWN2EEUONLzuedsJINSQIUSSz36Wn5bpw'
[Sat Nov 23 14:29:58 PST 2019] nonce='0002QZ1P20ghWaIWN2EEUONLzuedsJINSQIUSSz36Wn5bpw'
[Sat Nov 23 14:29:58 PST 2019] POST
[Sat Nov 23 14:29:58 PST 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Nov 23 14:29:58 PST 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyUVoxUDIwZ2hXYUlXTjJFRVVPTkx6dWVkc0pJTlNRSVVTU3ozNlduNWJwdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83MjQwNTU4OSJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InVuaWZpLnNpeC1waW50YWlsLnRlY2gifV19", "signature": "cBMy4M-naY7E9BED_pMIebfJQBGJ2etXHg9vsZU4OF_lzp9Yl6Fd4tPNDFdAVO_XRlo0zLnYq4O1a8brH0ArduiSahW2ZtYIVAMUvpOMpemGbBMqhw26BcGWByQ-h-OTA4j40oXK2bdf07nQ60i9gcGx7aYRuZEKVszqoK5320buOSehcZakxsmSl42_y1oT1mOxfgXvB5akXX2vPyjlePjWQVA1bpX-yG6-3zOOHkzwrfRoxqS7rfXy_rqyrxkxf5rU59SGIIWrVcnyItiCm2LLR5KWAgI83EN2PjE81wOvivbDWpTPosNbque6Bb8U6KJg8pkcGt9J2dBTCmwpOA"}'
[Sat Nov 23 14:29:58 PST 2019] _postContentType='application/jose+json'
[Sat Nov 23 14:29:58 PST 2019] Http already initialized.
[Sat Nov 23 14:29:58 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Ea0T8L1Vu1  -g '
[Sat Nov 23 14:29:58 PST 2019] _ret='0'
[Sat Nov 23 14:29:58 PST 2019] responseHeaders='HTTP/2 201 
server: nginx
date: Sat, 23 Nov 2019 22:29:58 GMT
content-type: application/json
content-length: 352
boulder-requester: 72405589
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/72405589/1583840747
replay-nonce: 0002WNJBWnYZ5n3Nchcw8y8059gu9jMa_Qrrz-fy4S_YaVo
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Nov 23 14:29:58 PST 2019] code='201'
[Sat Nov 23 14:29:58 PST 2019] original='{
  "status": "pending",
  "expires": "2019-11-30T22:29:58.738660831Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "unifi.six-pintail.tech"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/1375774434"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/72405589/1583840747"
}'
[Sat Nov 23 14:29:58 PST 2019] response='{"status":"pending","expires":"2019-11-30T22:29:58.738660831Z","identifiers":[{"type":"dns","value":"unifi.six-pintail.tech"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/1375774434"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/72405589/1583840747"}'
[Sat Nov 23 14:29:58 PST 2019] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/72405589/1583840747'
[Sat Nov 23 14:29:58 PST 2019] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/72405589/1583840747'
[Sat Nov 23 14:29:59 PST 2019] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1375774434'
[Sat Nov 23 14:29:59 PST 2019] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1375774434'
[Sat Nov 23 14:29:59 PST 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1375774434'
[Sat Nov 23 14:29:59 PST 2019] payload
[Sat Nov 23 14:29:59 PST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Sat Nov 23 14:29:59 PST 2019] Use _CACHED_NONCE='0002WNJBWnYZ5n3Nchcw8y8059gu9jMa_Qrrz-fy4S_YaVo'
[Sat Nov 23 14:29:59 PST 2019] nonce='0002WNJBWnYZ5n3Nchcw8y8059gu9jMa_Qrrz-fy4S_YaVo'
[Sat Nov 23 14:29:59 PST 2019] POST
[Sat Nov 23 14:29:59 PST 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1375774434'
[Sat Nov 23 14:29:59 PST 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyV05KQlduWVo1bjNOY2hjdzh5ODA1OWd1OWpNYV9RcnJ6LWZ5NFNfWWFWbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTM3NTc3NDQzNCIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzI0MDU1ODkifQ", "payload": "", "signature": "cVDujTC34-3EKlkGoX7LAxRNUjDHFICx25T5PYl1K7Il7NS_pSoyI0eN_MYuoTR_s1PGqHDyPVzS7HR8LzZjRpSNcghHQtA_4NpgOogaRoZ9yeaPoWaCFEo29eCS-2WcNmVU_YD3JJmwjlx2ceSxzwheDJsNG_V6GMx4QWZKAlSEK17134eWZ5xea4XWziE5Vlj1NBh3aq7SpSTChtJwJgKKXF9Zo1lBE_E6KKT1ELLuVZsG2LWMzjoSsbhjda6Eh_CoWI1m7bdOZDDwPTj5uIgFLOuA6sttH4_ucDs6l80SkSSGFmWmwgn5VuOjYDo7wVQm8jW0e-3RH-MBbWes2w"}'
[Sat Nov 23 14:29:59 PST 2019] _postContentType='application/jose+json'
[Sat Nov 23 14:29:59 PST 2019] Http already initialized.
[Sat Nov 23 14:29:59 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Ea0T8L1Vu1  -g '
[Sat Nov 23 14:29:59 PST 2019] _ret='0'
[Sat Nov 23 14:29:59 PST 2019] responseHeaders='HTTP/2 200 
server: nginx
date: Sat, 23 Nov 2019 22:29:59 GMT
content-type: application/json
content-length: 800
boulder-requester: 72405589
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 00028Y6fnDaqOR9oPD2c3wwxuCaJHjL0MoD6V5p-8M7u_5M
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Nov 23 14:29:59 PST 2019] code='200'
[Sat Nov 23 14:29:59 PST 2019] original='{
  "identifier": {
    "type": "dns",
    "value": "unifi.six-pintail.tech"
  },
  "status": "pending",
  "expires": "2019-11-30T22:29:58Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/ykJCqA",
      "token": "-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ",
      "token": "-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/qr5KRw",
      "token": "-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"
    }
  ]
}'
[Sat Nov 23 14:29:59 PST 2019] response='{"identifier":{"type":"dns","value":"unifi.six-pintail.tech"},"status":"pending","expires":"2019-11-30T22:29:58Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/ykJCqA","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/qr5KRw","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"}]}'
[Sat Nov 23 14:29:59 PST 2019] response='{"identifier":{"type":"dns","value":"unifi.six-pintail.tech"},"status":"pending","expires":"2019-11-30T22:29:58Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/ykJCqA","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/qr5KRw","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"}]}'
[Sat Nov 23 14:29:59 PST 2019] _d='unifi.six-pintail.tech'
[Sat Nov 23 14:29:59 PST 2019] _authorizations_map='unifi.six-pintail.tech,{"identifier":{"type":"dns","value":"unifi.six-pintail.tech"},"status":"pending","expires":"2019-11-30T22:29:58Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/ykJCqA","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/qr5KRw","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"}]}
'
[Sat Nov 23 14:29:59 PST 2019] d='unifi.six-pintail.tech'
[Sat Nov 23 14:29:59 PST 2019] Getting webroot for domain='unifi.six-pintail.tech'
[Sat Nov 23 14:30:00 PST 2019] _w='dns_cf'
[Sat Nov 23 14:30:00 PST 2019] _currentRoot='dns_cf'
[Sat Nov 23 14:30:00 PST 2019] _is_idn_d='unifi.six-pintail.tech'
[Sat Nov 23 14:30:00 PST 2019] _idn_temp
[Sat Nov 23 14:30:00 PST 2019] _candindates='unifi.six-pintail.tech,{"identifier":{"type":"dns","value":"unifi.six-pintail.tech"},"status":"pending","expires":"2019-11-30T22:29:58Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/ykJCqA","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/qr5KRw","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"}]}'
[Sat Nov 23 14:30:00 PST 2019] response='{"identifier":{"type":"dns","value":"unifi.six-pintail.tech"},"status":"pending","expires":"2019-11-30T22:29:58Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/ykJCqA","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/qr5KRw","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"}]}'
[Sat Nov 23 14:30:00 PST 2019] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"'
[Sat Nov 23 14:30:00 PST 2019] token='-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM'
[Sat Nov 23 14:30:00 PST 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ'
[Sat Nov 23 14:30:00 PST 2019] keyauthorization='-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM.SCIMUy-P2Q3TE7cARDMnPrwQvCBa1lOv24OaM5ZPof4'
[Sat Nov 23 14:30:00 PST 2019] dvlist='unifi.six-pintail.tech#-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM.SCIMUy-P2Q3TE7cARDMnPrwQvCBa1lOv24OaM5ZPof4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ#dns-01#dns_cf'
[Sat Nov 23 14:30:00 PST 2019] d
[Sat Nov 23 14:30:00 PST 2019] vlist='unifi.six-pintail.tech#-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM.SCIMUy-P2Q3TE7cARDMnPrwQvCBa1lOv24OaM5ZPof4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ#dns-01#dns_cf,'
[Sat Nov 23 14:30:00 PST 2019] d='unifi.six-pintail.tech'
[Sat Nov 23 14:30:00 PST 2019] _d_alias
[Sat Nov 23 14:30:00 PST 2019] txtdomain='_acme-challenge.unifi.six-pintail.tech'
[Sat Nov 23 14:30:00 PST 2019] txt='f6d-9kXcOk2n44L6eJAgCMNeqYmChG0a6XZTAJ8RaMA'
[Sat Nov 23 14:30:00 PST 2019] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Sat Nov 23 14:30:00 PST 2019] dns_entry='unifi.six-pintail.tech,_acme-challenge.unifi.six-pintail.tech,,dns_cf,f6d-9kXcOk2n44L6eJAgCMNeqYmChG0a6XZTAJ8RaMA,/root/.acme.sh/dnsapi/dns_cf.sh'
[Sat Nov 23 14:30:00 PST 2019] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Sat Nov 23 14:30:00 PST 2019] Adding txt value: f6d-9kXcOk2n44L6eJAgCMNeqYmChG0a6XZTAJ8RaMA for domain:  _acme-challenge.unifi.six-pintail.tech
[Sat Nov 23 14:30:00 PST 2019] First detect the root zone
[Sat Nov 23 14:30:00 PST 2019] h='_acme-challenge.unifi.six-pintail.tech'
[Sat Nov 23 14:30:00 PST 2019] zones?name=_acme-challenge.unifi.six-pintail.tech
[Sat Nov 23 14:30:00 PST 2019] GET
[Sat Nov 23 14:30:00 PST 2019] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.unifi.six-pintail.tech'
[Sat Nov 23 14:30:00 PST 2019] timeout=
[Sat Nov 23 14:30:00 PST 2019] Http already initialized.
[Sat Nov 23 14:30:00 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Ea0T8L1Vu1  -g '
[Sat Nov 23 14:30:00 PST 2019] ret='0'
[Sat Nov 23 14:30:00 PST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6102,"message":"Invalid format for X-Auth-Email header"}]}],"messages":[],"result":null}'
[Sat Nov 23 14:30:01 PST 2019] h='unifi.six-pintail.tech'
[Sat Nov 23 14:30:01 PST 2019] zones?name=unifi.six-pintail.tech
[Sat Nov 23 14:30:01 PST 2019] GET
[Sat Nov 23 14:30:01 PST 2019] url='https://api.cloudflare.com/client/v4/zones?name=unifi.six-pintail.tech'
[Sat Nov 23 14:30:01 PST 2019] timeout=
[Sat Nov 23 14:30:01 PST 2019] Http already initialized.
[Sat Nov 23 14:30:01 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Ea0T8L1Vu1  -g '
[Sat Nov 23 14:30:01 PST 2019] ret='0'
[Sat Nov 23 14:30:01 PST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6102,"message":"Invalid format for X-Auth-Email header"}]}],"messages":[],"result":null}'
[Sat Nov 23 14:30:01 PST 2019] h='six-pintail.tech'
[Sat Nov 23 14:30:01 PST 2019] zones?name=six-pintail.tech
[Sat Nov 23 14:30:01 PST 2019] GET
[Sat Nov 23 14:30:01 PST 2019] url='https://api.cloudflare.com/client/v4/zones?name=six-pintail.tech'
[Sat Nov 23 14:30:01 PST 2019] timeout=
[Sat Nov 23 14:30:01 PST 2019] Http already initialized.
[Sat Nov 23 14:30:01 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Ea0T8L1Vu1  -g '
[Sat Nov 23 14:30:02 PST 2019] ret='0'
[Sat Nov 23 14:30:02 PST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6102,"message":"Invalid format for X-Auth-Email header"}]}],"messages":[],"result":null}'
[Sat Nov 23 14:30:02 PST 2019] h='tech'
[Sat Nov 23 14:30:02 PST 2019] zones?name=tech
[Sat Nov 23 14:30:02 PST 2019] GET
[Sat Nov 23 14:30:02 PST 2019] url='https://api.cloudflare.com/client/v4/zones?name=tech'
[Sat Nov 23 14:30:02 PST 2019] timeout=
[Sat Nov 23 14:30:02 PST 2019] Http already initialized.
[Sat Nov 23 14:30:02 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Ea0T8L1Vu1  -g '
[Sat Nov 23 14:30:03 PST 2019] ret='0'
[Sat Nov 23 14:30:03 PST 2019] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6102,"message":"Invalid format for X-Auth-Email header"}]}],"messages":[],"result":null}'
[Sat Nov 23 14:30:03 PST 2019] h
[Sat Nov 23 14:30:03 PST 2019] invalid domain
[Sat Nov 23 14:30:03 PST 2019] Error add txt for domain:_acme-challenge.unifi.six-pintail.tech
[Sat Nov 23 14:30:03 PST 2019] _on_issue_err
[Sat Nov 23 14:30:03 PST 2019] Please add '--debug' or '--log' to check more details.
[Sat Nov 23 14:30:03 PST 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Sat Nov 23 14:30:03 PST 2019] _chk_vlist='unifi.six-pintail.tech#-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM.SCIMUy-P2Q3TE7cARDMnPrwQvCBa1lOv24OaM5ZPof4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ#dns-01#dns_cf,'
[Sat Nov 23 14:30:03 PST 2019] start to deactivate authz
[Sat Nov 23 14:30:03 PST 2019] Trigger domain validation.
[Sat Nov 23 14:30:03 PST 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ'
[Sat Nov 23 14:30:03 PST 2019] _t_key_authz='-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM.SCIMUy-P2Q3TE7cARDMnPrwQvCBa1lOv24OaM5ZPof4'
[Sat Nov 23 14:30:03 PST 2019] _t_vtype
[Sat Nov 23 14:30:03 PST 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ'
[Sat Nov 23 14:30:03 PST 2019] payload='{}'
[Sat Nov 23 14:30:03 PST 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Sat Nov 23 14:30:03 PST 2019] Use _CACHED_NONCE='00028Y6fnDaqOR9oPD2c3wwxuCaJHjL0MoD6V5p-8M7u_5M'
[Sat Nov 23 14:30:03 PST 2019] nonce='00028Y6fnDaqOR9oPD2c3wwxuCaJHjL0MoD6V5p-8M7u_5M'
[Sat Nov 23 14:30:03 PST 2019] POST
[Sat Nov 23 14:30:03 PST 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ'
[Sat Nov 23 14:30:03 PST 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyOFk2Zm5EYXFPUjlvUEQyYzN3d3h1Q2FKSGpMME1vRDZWNXAtOE03dV81TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTM3NTc3NDQzNC9QdTZvbVEiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzcyNDA1NTg5In0", "payload": "e30", "signature": "gcJTVp5LP8jZN2gk9w3vwVHCb9IUxkkpJ9jeN_zNZRnumRlyYvIUgFzhYujfVcsOldEs9Ink8is8U09vPnTnA3tPlNmeKaurh1Dprk5rLl6Uu9jX9j6a47J4NoaMJKCInj5Fu90pDlOafCCwei_QIiWNzmAjLPTbekGu61YQBZhDbooCPnn--GDEjUbK4hb1dbeqh7Svv5GiHH-sT7Rdxex-d_FIU9tEdM-7MpYyrqzLJatILW7tBIzyaTuVpX9RHLYzCBI5LGnVdfTE5qaY9VObfUE__CM0bVLE-nifcBSTWrlLGbhLrsYvQU6UC2cFUisn7yl-pW_SrP0eksNi2w"}'
[Sat Nov 23 14:30:03 PST 2019] _postContentType='application/jose+json'
[Sat Nov 23 14:30:04 PST 2019] Http already initialized.
[Sat Nov 23 14:30:04 PST 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.Ea0T8L1Vu1  -g '
[Sat Nov 23 14:30:05 PST 2019] _ret='0'
[Sat Nov 23 14:30:05 PST 2019] responseHeaders='HTTP/2 200 
server: nginx
date: Sat, 23 Nov 2019 22:30:05 GMT
content-type: application/json
content-length: 184
boulder-requester: 72405589
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/1375774434>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ
replay-nonce: 0002p5rEBpJLBiC0sIp8474bEpR24T0TZI2gsRYYq91acVE
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Nov 23 14:30:05 PST 2019] code='200'
[Sat Nov 23 14:30:05 PST 2019] original='{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ",
  "token": "-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"
}'
[Sat Nov 23 14:30:05 PST 2019] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1375774434/Pu6omQ","token":"-RIV139WfgVwtniLZ5IQH2ROH8ZZGhhNhrCnFLpUkaM"}'
[Sat Nov 23 14:30:05 PST 2019] socat doesn't exists.
[Sat Nov 23 14:30:05 PST 2019] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.0l  10 Sep 2019
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.14.1
built with OpenSSL 1.1.0f  25 May 2017 (running with OpenSSL 1.1.0l  10 Sep 2019)
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-owUt1e/nginx-1.14.1=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_gzip_static_module --without-http_browser_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_memcached_module --without-http_referer_module --without-http_split_clients_module --without-http_userid_module --add-dynamic-module=/build/nginx-owUt1e/nginx-1.14.1/debian/modules/http-echo
socat:
[Sat Nov 23 14:30:05 PST 2019] pid
[Sat Nov 23 14:30:05 PST 2019] No need to restore nginx, skip.
[Sat Nov 23 14:30:05 PST 2019] _clearupdns
[Sat Nov 23 14:30:05 PST 2019] dns_entries
[Sat Nov 23 14:30:05 PST 2019] skip dns.

[Neilpang]

show me the content of ~/.acme.sh/account.conf There should be a SAVED_CF_Email, show me the value

[jay7210]

Hi File is attached:

account.conf.txt

[jay7210]

Thanks for the pointer!!! Not Fixed, there was added " at the SAVED_CF_Email email address