search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.38k stars 4.97k forks source link

dns_me.sh is pulling wrong domain ID from response. #2734

Closed JeffCleverley closed 4 years ago

JeffCleverley commented 4 years ago

Steps to reproduce

export ME_Key="XXXXXXXXXXXX"
export ME_Secret="XXXXXXXXXXX"

Occuring with both staging:

acme.sh --issue -d website.url -d "*.website.url" \
--config-home /root/gridenv/acme-wildcard-configs/staging/website.url \
--staging --dns dns_me --debug 2

And non staging

acme.sh --issue -d website.url -d "*.website.url" \
--config-home /root/gridenv/acme-wildcard-configs/staging/website.url \
--dns dns_me --debug 2

Debug log

acme.sh --upgrade
[Sat Feb 15 10:30:25 UTC 2020] Already uptodate!
[Sat Feb 15 10:30:25 UTC 2020] Upgrade success!
acme.sh --issue -d website.url -d "*.website.url" --config-home /root/gridenv/acme-wildcard-configs/staging/website.url --staging --dns dns_me --debug 2
[Sat Feb 15 10:32:11 UTC 2020] Lets find script dir.
[Sat Feb 15 10:32:11 UTC 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sat Feb 15 10:32:11 UTC 2020] _script='/root/.acme.sh/acme.sh'
[Sat Feb 15 10:32:11 UTC 2020] _script_home='/root/.acme.sh'
[Sat Feb 15 10:32:11 UTC 2020] Using config home:/root/gridenv/acme-wildcard-configs/staging/website.url
[Sat Feb 15 10:32:11 UTC 2020] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v2.8.6
[Sat Feb 15 10:32:11 UTC 2020] Running cmd: issue
[Sat Feb 15 10:32:11 UTC 2020] _main_domain='website.url'
[Sat Feb 15 10:32:11 UTC 2020] _alt_domains='*.website.url'
[Sat Feb 15 10:32:11 UTC 2020] Using config home:/root/gridenv/acme-wildcard-configs/staging/website.url
[Sat Feb 15 10:32:11 UTC 2020] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sat Feb 15 10:32:11 UTC 2020] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sat Feb 15 10:32:11 UTC 2020] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Sat Feb 15 10:32:11 UTC 2020] DOMAIN_PATH='/root/gridenv/acme-wildcard-configs/staging/website.url/website.url'
[Sat Feb 15 10:32:11 UTC 2020] 'dns_me' does not contain 'dns'
[Sat Feb 15 10:32:11 UTC 2020] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sat Feb 15 10:32:11 UTC 2020] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Sat Feb 15 10:32:11 UTC 2020] GET
[Sat Feb 15 10:32:11 UTC 2020] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sat Feb 15 10:32:11 UTC 2020] timeout=
[Sat Feb 15 10:32:11 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.rCVBZk8Ryo  -g '
[Sat Feb 15 10:32:12 UTC 2020] ret='0'
[Sat Feb 15 10:32:12 UTC 2020] response='{
  "YPpSIIaEKJc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Feb 15 10:32:12 UTC 2020] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Sat Feb 15 10:32:12 UTC 2020] ACME_NEW_AUTHZ
[Sat Feb 15 10:32:12 UTC 2020] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sat Feb 15 10:32:12 UTC 2020] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Sat Feb 15 10:32:12 UTC 2020] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Feb 15 10:32:12 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Feb 15 10:32:12 UTC 2020] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Feb 15 10:32:12 UTC 2020] ACME_VERSION='2'
[Sat Feb 15 10:32:12 UTC 2020] Le_NextRenewTime
[Sat Feb 15 10:32:12 UTC 2020] _on_before_issue
[Sat Feb 15 10:32:12 UTC 2020] _chk_main_domain='website.url'
[Sat Feb 15 10:32:12 UTC 2020] _chk_alt_domains='*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] 'dns_me' does not contain 'no'
[Sat Feb 15 10:32:12 UTC 2020] Le_LocalAddress
[Sat Feb 15 10:32:12 UTC 2020] d='website.url'
[Sat Feb 15 10:32:12 UTC 2020] Check for domain='website.url'
[Sat Feb 15 10:32:12 UTC 2020] _currentRoot='dns_me'
[Sat Feb 15 10:32:12 UTC 2020] d='*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] Check for domain='*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] _currentRoot='dns_me'
[Sat Feb 15 10:32:12 UTC 2020] d
[Sat Feb 15 10:32:12 UTC 2020] 'dns_me' does not contain 'apache'
[Sat Feb 15 10:32:12 UTC 2020] _saved_account_key_hash='V/RHRVxhRoG/udYWyMKl1Ykaz54WF4P4Px8qC5r2NSU='
[Sat Feb 15 10:32:12 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Sat Feb 15 10:32:12 UTC 2020] Read key length:
[Sat Feb 15 10:32:12 UTC 2020] _createcsr
[Sat Feb 15 10:32:12 UTC 2020] domain='website.url'
[Sat Feb 15 10:32:12 UTC 2020] domainlist='*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] csrkey='/root/gridenv/acme-wildcard-configs/staging/website.url/website.url/website.url.key'
[Sat Feb 15 10:32:12 UTC 2020] csr='/root/gridenv/acme-wildcard-configs/staging/website.url/website.url/website.url.csr'
[Sat Feb 15 10:32:12 UTC 2020] csrconf='/root/gridenv/acme-wildcard-configs/staging/website.url/website.url/website.url.csr.conf'
[Sat Feb 15 10:32:12 UTC 2020] _is_idn_d='*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] _idn_temp
[Sat Feb 15 10:32:12 UTC 2020] domainlist='*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] _is_idn_d='website.url'
[Sat Feb 15 10:32:12 UTC 2020] _idn_temp
[Sat Feb 15 10:32:12 UTC 2020] Multi domain='DNS:website.url,DNS:*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] _is_idn_d='website.url'
[Sat Feb 15 10:32:12 UTC 2020] _idn_temp
[Sat Feb 15 10:32:12 UTC 2020] _csr_cn='website.url'
[Sat Feb 15 10:32:12 UTC 2020] Getting domain auth token for each domain
[Sat Feb 15 10:32:12 UTC 2020] _is_idn_d='website.url'
[Sat Feb 15 10:32:12 UTC 2020] _idn_temp
[Sat Feb 15 10:32:12 UTC 2020] d='*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] _is_idn_d='*.website.url'
[Sat Feb 15 10:32:12 UTC 2020] _idn_temp
[Sat Feb 15 10:32:12 UTC 2020] d
[Sat Feb 15 10:32:12 UTC 2020] _identifiers='{"type":"dns","value":"website.url"},{"type":"dns","value":"*.website.url"}'
[Sat Feb 15 10:32:12 UTC 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sat Feb 15 10:32:12 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"website.url"},{"type":"dns","value":"*.website.url"}]}'
[Sat Feb 15 10:32:12 UTC 2020] RSA key
[Sat Feb 15 10:32:12 UTC 2020] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Feb 15 10:32:12 UTC 2020] HEAD
[Sat Feb 15 10:32:12 UTC 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Feb 15 10:32:12 UTC 2020] body
[Sat Feb 15 10:32:12 UTC 2020] _postContentType='application/jose+json'
[Sat Feb 15 10:32:12 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.LFTYgzIpJ0  -g  -I  '
[Sat Feb 15 10:32:13 UTC 2020] _ret='0'
[Sat Feb 15 10:32:13 UTC 2020] _headers='HTTP/2 200
server: nginx
date: Sat, 15 Feb 2020 10:32:13 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0001KZ5sJjctwwmNrve-IbOQJNOltBeo-nqT0vWHqb5zy3M
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Feb 15 10:32:13 UTC 2020] _CACHED_NONCE='0001KZ5sJjctwwmNrve-IbOQJNOltBeo-nqT0vWHqb5zy3M'
[Sat Feb 15 10:32:13 UTC 2020] nonce='0001KZ5sJjctwwmNrve-IbOQJNOltBeo-nqT0vWHqb5zy3M'
[Sat Feb 15 10:32:13 UTC 2020] POST
[Sat Feb 15 10:32:13 UTC 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sat Feb 15 10:32:13 UTC 2020] body='{"protected": "eyJub25jZSI6ICIwMDAxS1o1c0pqY3R3d21OcnZlLUliT1FKTk9sdEJlby1ucVQwdldIcWI1enkzTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0NTU1MTQifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImNhdGVyZWR3ZWJzaXRlcy5jb20ifSx7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IiouY2F0ZXJlZHdlYnNpdGVzLmNvbSJ9XX0", "signature": "yymfMPCHv6x5_CDIs9QO1oBGPjZRAkn9jq4iZ0WMKQi02wXQXk4MUXFhHrdzdZ508srrpIc08qMypXlp0zwibVKIPGXV067swsbqKKgjmYBAOiDEqfyX_yL0yhBV0eJAg8wL5tK-R_O4_oPKTyLy45EfLi5NSjwJ_DzvjcRSklmPFv9Y7DCztsLNogcxtmr7Iww_qnfhHzw_jexdyNE5GHeFo1mTxDf_38_st2YYj6eQYukjwxyCbSIL6LvBDKoYCspvH9TYFWGFcXMAflZoFd_CiIFhr8I8SN0Z_PAJz5-JfdFd_P_TBVpGjUhgFdqF9v8zb0rXe_wWX-mNcoxX2g"}'
[Sat Feb 15 10:32:13 UTC 2020] _postContentType='application/jose+json'
[Sat Feb 15 10:32:13 UTC 2020] Http already initialized.
[Sat Feb 15 10:32:13 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.LFTYgzIpJ0  -g '
[Sat Feb 15 10:32:13 UTC 2020] _ret='0'
[Sat Feb 15 10:32:13 UTC 2020] responseHeaders='HTTP/2 201
server: nginx
date: Sat, 15 Feb 2020 10:32:13 GMT
content-type: application/json
content-length: 509
boulder-requester: 12455514
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-staging-v02.api.letsencrypt.org/acme/order/12455514/75427414
replay-nonce: 0001OKYOAbVpb5SQAQYx3hxOGuvNBy1X4C-n1IkIeCRusbU
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Feb 15 10:32:13 UTC 2020] code='201'
[Sat Feb 15 10:32:13 UTC 2020] original='{
  "status": "pending",
  "expires": "2020-02-22T10:32:13.612184484Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.website.url"
    },
    {
      "type": "dns",
      "value": "website.url"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033756",
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033757"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12455514/75427414"
}'
[Sat Feb 15 10:32:13 UTC 2020] response='{"status":"pending","expires":"2020-02-22T10:32:13.612184484Z","identifiers":[{"type":"dns","value":"*.website.url"},{"type":"dns","value":"website.url"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033756","https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033757"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12455514/75427414"}'
[Sat Feb 15 10:32:13 UTC 2020] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/12455514/75427414'
[Sat Feb 15 10:32:13 UTC 2020] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12455514/75427414'
[Sat Feb 15 10:32:13 UTC 2020] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033756,https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033757'
[Sat Feb 15 10:32:13 UTC 2020] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033756'
[Sat Feb 15 10:32:13 UTC 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033756'
[Sat Feb 15 10:32:13 UTC 2020] payload
[Sat Feb 15 10:32:13 UTC 2020] Use cached jwk for file: /root/gridenv/acme-wildcard-configs/staging/website.url/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sat Feb 15 10:32:13 UTC 2020] Use _CACHED_NONCE='0001OKYOAbVpb5SQAQYx3hxOGuvNBy1X4C-n1IkIeCRusbU'
[Sat Feb 15 10:32:13 UTC 2020] nonce='0001OKYOAbVpb5SQAQYx3hxOGuvNBy1X4C-n1IkIeCRusbU'
[Sat Feb 15 10:32:13 UTC 2020] POST
[Sat Feb 15 10:32:13 UTC 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033756'
[Sat Feb 15 10:32:13 UTC 2020] body='{"protected": "eyJub25jZSI6ICIwMDAxT0tZT0FiVnBiNVNRQVFZeDNoeE9HdXZOQnkxWDRDLW4xSWtJZUNSdXNiVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTAzMzc1NiIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjQ1NTUxNCJ9", "payload": "", "signature": "2A2KVM-QID4WCvW0Gk5ZN93IPSfenUhDM4DUen19k0tyXHIPxI1iiH9aCvvVqGezRIsAp9Nqd64aGMFq4ZkJOv8l21uUW4nWTq-Dr7hLqzOUQ5F4VIQArXUUjm6JbhBUkVK74cS82mSZqRgRkH_Z6L5vlWyBX78WaKz6ioJTy2xNuOIz5BkYPOWFhtt67Czj-bysW3kg_F8K5NXaE0Coqkwq-tJJrETFddwPCS0k5Rz-mS23ItbjxAf6RzHnEm9hNunUkJtorUmDPWt9HmHOdCQ_UFHnKPvwkqtkHKg4AgH3HchebHWsPK0TPtNoo1mVrU4PRBU6mX7NPoIhCXR6Eg"}'
[Sat Feb 15 10:32:13 UTC 2020] _postContentType='application/jose+json'
[Sat Feb 15 10:32:13 UTC 2020] Http already initialized.
[Sat Feb 15 10:32:13 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.LFTYgzIpJ0  -g '
[Sat Feb 15 10:32:14 UTC 2020] _ret='0'
[Sat Feb 15 10:32:14 UTC 2020] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 15 Feb 2020 10:32:14 GMT
content-type: application/json
content-length: 397
boulder-requester: 12455514
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0001pQL0UO663DBHegUlN1OY0N5dNt1g7vY5vtN99VnbBsU
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Feb 15 10:32:14 UTC 2020] code='200'
[Sat Feb 15 10:32:14 UTC 2020] original='{
  "identifier": {
    "type": "dns",
    "value": "website.url"
  },
  "status": "pending",
  "expires": "2020-02-22T10:32:13Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ",
      "token": "shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"
    }
  ],
  "wildcard": true
}'
[Sat Feb 15 10:32:14 UTC 2020] response='{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ","token":"shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"}],"wildcard": true}'
[Sat Feb 15 10:32:14 UTC 2020] response='{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ","token":"shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"}],"wildcard": true}'
[Sat Feb 15 10:32:14 UTC 2020] _d='*.website.url'
[Sat Feb 15 10:32:14 UTC 2020] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033757'
[Sat Feb 15 10:32:14 UTC 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033757'
[Sat Feb 15 10:32:14 UTC 2020] payload
[Sat Feb 15 10:32:14 UTC 2020] Use cached jwk for file: /root/gridenv/acme-wildcard-configs/staging/website.url/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sat Feb 15 10:32:14 UTC 2020] Use _CACHED_NONCE='0001pQL0UO663DBHegUlN1OY0N5dNt1g7vY5vtN99VnbBsU'
[Sat Feb 15 10:32:14 UTC 2020] nonce='0001pQL0UO663DBHegUlN1OY0N5dNt1g7vY5vtN99VnbBsU'
[Sat Feb 15 10:32:14 UTC 2020] POST
[Sat Feb 15 10:32:14 UTC 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033757'
[Sat Feb 15 10:32:14 UTC 2020] body='{"protected": "eyJub25jZSI6ICIwMDAxcFFMMFVPNjYzREJIZWdVbE4xT1kwTjVkTnQxZzd2WTV2dE45OVZuYkJzVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zOTAzMzc1NyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjQ1NTUxNCJ9", "payload": "", "signature": "1Xp6Q7uBdrUtLM11xFceApT87HoFnlBhfZvUAlLqH3i6K7-G3FYJPDH6a_XPwecqe6mzyw7K4BRXESDK_6pu__Qpk4DTcPP8FNLvVrfzZZTy6LVAUxUnSKylEoKYh5b2oH3JEO7X98D7mdGHUrjTRxMlRDJmbBPhScIomfuFqG666mp753w8WfSBq6uLt2X6yg03osK0Ov7vvRafC4AER8DvZpXxYHfc4d-YGPO1hcJJF53Lp8Bgc5pq66Bxv1uUWoUzmshgLHyN-C7k2vg56liwMwbM8RWEd6ovXSUwaMxXd-kDmZVHyzNGiTNvX6Aq55LvhHrIPU7JtWNxBerd8g"}'
[Sat Feb 15 10:32:14 UTC 2020] _postContentType='application/jose+json'
[Sat Feb 15 10:32:14 UTC 2020] Http already initialized.
[Sat Feb 15 10:32:14 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.LFTYgzIpJ0  -g '
[Sat Feb 15 10:32:15 UTC 2020] _ret='0'
[Sat Feb 15 10:32:15 UTC 2020] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 15 Feb 2020 10:32:14 GMT
content-type: application/json
content-length: 815
boulder-requester: 12455514
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0001KSKFLQjbjcZvhVe-3Sv9Xu-906WKi-XlWVGmSDGkSyU
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Feb 15 10:32:15 UTC 2020] code='200'
[Sat Feb 15 10:32:15 UTC 2020] original='{
  "identifier": {
    "type": "dns",
    "value": "website.url"
  },
  "status": "pending",
  "expires": "2020-02-22T10:32:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/nFx4mg",
      "token": "l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg",
      "token": "l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/w9JYAQ",
      "token": "l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"
    }
  ]
}'
[Sat Feb 15 10:32:15 UTC 2020] response='{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/nFx4mg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/w9JYAQ","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"}]}'
[Sat Feb 15 10:32:15 UTC 2020] response='{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/nFx4mg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/w9JYAQ","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"}]}'
[Sat Feb 15 10:32:15 UTC 2020] _d='website.url'
[Sat Feb 15 10:32:15 UTC 2020] _authorizations_map='website.url,{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/nFx4mg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/w9JYAQ","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"}]}
*.website.url,{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ","token":"shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"}],"wildcard": true}
'
[Sat Feb 15 10:32:15 UTC 2020] d='website.url'
[Sat Feb 15 10:32:15 UTC 2020] Getting webroot for domain='website.url'
[Sat Feb 15 10:32:15 UTC 2020] _w='dns_me'
[Sat Feb 15 10:32:15 UTC 2020] _currentRoot='dns_me'
[Sat Feb 15 10:32:15 UTC 2020] _is_idn_d='website.url'
[Sat Feb 15 10:32:15 UTC 2020] _idn_temp
[Sat Feb 15 10:32:15 UTC 2020] _candindates='website.url,{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/nFx4mg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/w9JYAQ","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"}]}'
[Sat Feb 15 10:32:15 UTC 2020] response='{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/nFx4mg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/w9JYAQ","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"}]}'
[Sat Feb 15 10:32:15 UTC 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"'
[Sat Feb 15 10:32:15 UTC 2020] token='l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w'
[Sat Feb 15 10:32:15 UTC 2020] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg'
[Sat Feb 15 10:32:15 UTC 2020] keyauthorization='l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg'
[Sat Feb 15 10:32:15 UTC 2020] dvlist='website.url#l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg#dns-01#dns_me'
[Sat Feb 15 10:32:15 UTC 2020] d='*.website.url'
[Sat Feb 15 10:32:15 UTC 2020] Getting webroot for domain='*.website.url'
[Sat Feb 15 10:32:15 UTC 2020] _w='dns_me'
[Sat Feb 15 10:32:15 UTC 2020] _currentRoot='dns_me'
[Sat Feb 15 10:32:15 UTC 2020] _is_idn_d='*.website.url'
[Sat Feb 15 10:32:15 UTC 2020] _idn_temp
[Sat Feb 15 10:32:15 UTC 2020] _candindates='*.website.url,{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ","token":"shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"}],"wildcard": true}'
[Sat Feb 15 10:32:15 UTC 2020] response='{"identifier":{"type":"dns","value":"website.url"},"status":"pending","expires":"2020-02-22T10:32:13Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ","token":"shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"}],"wildcard": true}'
[Sat Feb 15 10:32:15 UTC 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ","token":"shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"'
[Sat Feb 15 10:32:15 UTC 2020] token='shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs'
[Sat Feb 15 10:32:15 UTC 2020] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ'
[Sat Feb 15 10:32:15 UTC 2020] keyauthorization='shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg'
[Sat Feb 15 10:32:15 UTC 2020] dvlist='*.website.url#shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ#dns-01#dns_me'
[Sat Feb 15 10:32:15 UTC 2020] d
[Sat Feb 15 10:32:15 UTC 2020] vlist='website.url#l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg#dns-01#dns_me,*.website.url#shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ#dns-01#dns_me,'
[Sat Feb 15 10:32:15 UTC 2020] d='website.url'
[Sat Feb 15 10:32:15 UTC 2020] _d_alias
[Sat Feb 15 10:32:15 UTC 2020] txtdomain='_acme-challenge.website.url'
[Sat Feb 15 10:32:15 UTC 2020] txt='1Wshhz7KOx2MQS8sLB-3j9Frs0Q0AoNHMXBnB7U4518'
[Sat Feb 15 10:32:15 UTC 2020] d_api='/root/.acme.sh/dnsapi/dns_me.sh'
[Sat Feb 15 10:32:15 UTC 2020] dns_entry='website.url,_acme-challenge.website.url,,dns_me,1Wshhz7KOx2MQS8sLB-3j9Frs0Q0AoNHMXBnB7U4518,/root/.acme.sh/dnsapi/dns_me.sh'
[Sat Feb 15 10:32:15 UTC 2020] Found domain api file: /root/.acme.sh/dnsapi/dns_me.sh
[Sat Feb 15 10:32:15 UTC 2020] Adding txt value: 1Wshhz7KOx2MQS8sLB-3j9Frs0Q0AoNHMXBnB7U4518 for domain:  _acme-challenge.website.url
[Sat Feb 15 10:32:15 UTC 2020] First detect the root zone
[Sat Feb 15 10:32:15 UTC 2020] name?domainname=website.url
[Sat Feb 15 10:32:15 UTC 2020] GET
[Sat Feb 15 10:32:15 UTC 2020] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=website.url'
[Sat Feb 15 10:32:15 UTC 2020] timeout=
[Sat Feb 15 10:32:15 UTC 2020] Http already initialized.
[Sat Feb 15 10:32:15 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.LFTYgzIpJ0  -g '
[Sat Feb 15 10:32:15 UTC 2020] ret='0'
[Sat Feb 15 10:32:15 UTC 2020] response='{"gtdEnabled":false,"nameServers":[{"ipv6":"2600:1800:10::1","fqdn":"ns10.dnsmadeeasy.com","groupId":2,"ipv4":"208.94.148.4","id":10},{"ipv6":"2600:1801:11::1","fqdn":"ns11.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.124.4","id":11},{"ipv6":"2600:1802:12::1","fqdn":"ns12.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.126.4","id":12},{"ipv6":"2600:1801:13::1","fqdn":"ns13.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.125.4","id":13},{"ipv6":"2600:1802:14::1","fqdn":"ns14.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.127.4","id":14},{"ipv6":"2600:1800:15::1","fqdn":"ns15.dnsmadeeasy.com","groupId":2,"ipv4":"208.94.149.4","id":15}],"updated":1581752486493,"created":1576800000000,"delegateNameServers":["ns10.dnsmadeeasy.com.","ns11.dnsmadeeasy.com.","ns12.dnsmadeeasy.com.","ns13.dnsmadeeasy.com.","ns14.dnsmadeeasy.com.","ns15.dnsmadeeasy.com."],"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"website.url","id":6715808}'
[Sat Feb 15 10:32:15 UTC 2020] _domain_id='10'
[Sat Feb 15 10:32:15 UTC 2020] _sub_domain='_acme-challenge'
[Sat Feb 15 10:32:15 UTC 2020] _domain='website.url'
[Sat Feb 15 10:32:15 UTC 2020] Getting txt records
[Sat Feb 15 10:32:15 UTC 2020] 10/records?recordName=_acme-challenge&type=TXT
[Sat Feb 15 10:32:15 UTC 2020] GET
[Sat Feb 15 10:32:15 UTC 2020] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/10/records?recordName=_acme-challenge&type=TXT'
[Sat Feb 15 10:32:15 UTC 2020] timeout=
[Sat Feb 15 10:32:15 UTC 2020] Http already initialized.
[Sat Feb 15 10:32:15 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.LFTYgzIpJ0  -g '
[Sat Feb 15 10:32:16 UTC 2020] ret='0'
[Sat Feb 15 10:32:16 UTC 2020] response='<html><head><title>Apache Tomcat/7.0.12 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - Not Found</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Not Found</u></p><p><b>description</b> <u>The requested resource (Not Found) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.12</h3></body></html>'
[Sat Feb 15 10:32:16 UTC 2020] Error
[Sat Feb 15 10:32:16 UTC 2020] Error add txt for domain:_acme-challenge.website.url
[Sat Feb 15 10:32:16 UTC 2020] _on_issue_err
[Sat Feb 15 10:32:16 UTC 2020] Please check log file for more details: /root/gridenv/acme-wildcard-configs/staging/website.url/acme.sh.log
[Sat Feb 15 10:32:16 UTC 2020] _chk_vlist='website.url#l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg#dns-01#dns_me,*.website.url#shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ#dns-01#dns_me,'
[Sat Feb 15 10:32:16 UTC 2020] start to deactivate authz
[Sat Feb 15 10:32:16 UTC 2020] Trigger domain validation.
[Sat Feb 15 10:32:16 UTC 2020] _t_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg'
[Sat Feb 15 10:32:16 UTC 2020] _t_key_authz='l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg'
[Sat Feb 15 10:32:16 UTC 2020] _t_vtype
[Sat Feb 15 10:32:16 UTC 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg'
[Sat Feb 15 10:32:16 UTC 2020] payload='{}'
[Sat Feb 15 10:32:16 UTC 2020] Use cached jwk for file: /root/gridenv/acme-wildcard-configs/staging/website.url/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sat Feb 15 10:32:16 UTC 2020] Use _CACHED_NONCE='0001KSKFLQjbjcZvhVe-3Sv9Xu-906WKi-XlWVGmSDGkSyU'
[Sat Feb 15 10:32:16 UTC 2020] nonce='0001KSKFLQjbjcZvhVe-3Sv9Xu-906WKi-XlWVGmSDGkSyU'
[Sat Feb 15 10:32:16 UTC 2020] POST
[Sat Feb 15 10:32:16 UTC 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg'
[Sat Feb 15 10:32:16 UTC 2020] body='{"protected": "eyJub25jZSI6ICIwMDAxS1NLRkxRamJqY1p2aFZlLTNTdjlYdS05MDZXS2ktWGxXVkdtU0RHa1N5VSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8zOTAzMzc1Ny91M3NDQmciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0NTU1MTQifQ", "payload": "e30", "signature": "qK-c6i7LNfAcH-ZxAIll2A5lvd8cJNY1poLisPef8WhvuqzWbYZBz3RVFsfCCXjC7Wary52A_sNslCBkJjGngyFvi5FPPYXkhslptPL3751OL4a0mxnUh_n33tjhLbtRQe6mLh8kZwYltjURvbzGYfegoXZ2KRLf3JHnTmCGV95j3RVRTHYw71sTWoG6FtJcAtJ2_L8lOjWuhQ7fjDJCSWerlfwTMU-GiWZ3j7QM_Vtaza5SF7Luxxvuyp5HM20kB-zFdVlUWms5ixnsx30bwLcNXIJIhFynKf1mKdomMPHh-X74kuIRTXiFdZoKR1GhUSbfIgjR5qv-ubD1jfwCaA"}'
[Sat Feb 15 10:32:16 UTC 2020] _postContentType='application/jose+json'
[Sat Feb 15 10:32:16 UTC 2020] Http already initialized.
[Sat Feb 15 10:32:16 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.LFTYgzIpJ0  -g '
[Sat Feb 15 10:32:17 UTC 2020] _ret='0'
[Sat Feb 15 10:32:17 UTC 2020] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 15 Feb 2020 10:32:16 GMT
content-type: application/json
content-length: 190
boulder-requester: 12455514
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033757>;rel="up"
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg
replay-nonce: 0002isYyzQD0uDHUKxHRbiRFTrKg3SPhTUGvcsIgXNXJwEY
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Feb 15 10:32:17 UTC 2020] code='200'
[Sat Feb 15 10:32:17 UTC 2020] original='{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg",
  "token": "l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"
}'
[Sat Feb 15 10:32:17 UTC 2020] response='{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033757/u3sCBg","token":"l3QEKw1mR0M31ELvQCtZ1X0FUuTnDvCAvbZhB3eQ4-w"}'
[Sat Feb 15 10:32:17 UTC 2020] Trigger domain validation.
[Sat Feb 15 10:32:17 UTC 2020] _t_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ'
[Sat Feb 15 10:32:17 UTC 2020] _t_key_authz='shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs.qMQ1z8oqGdH6xl5vbzmS2nVmXfFIlB8MoURlCFhJxkg'
[Sat Feb 15 10:32:17 UTC 2020] _t_vtype
[Sat Feb 15 10:32:17 UTC 2020] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ'
[Sat Feb 15 10:32:17 UTC 2020] payload='{}'
[Sat Feb 15 10:32:17 UTC 2020] Use cached jwk for file: /root/gridenv/acme-wildcard-configs/staging/website.url/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sat Feb 15 10:32:17 UTC 2020] Use _CACHED_NONCE='0002isYyzQD0uDHUKxHRbiRFTrKg3SPhTUGvcsIgXNXJwEY'
[Sat Feb 15 10:32:17 UTC 2020] nonce='0002isYyzQD0uDHUKxHRbiRFTrKg3SPhTUGvcsIgXNXJwEY'
[Sat Feb 15 10:32:17 UTC 2020] POST
[Sat Feb 15 10:32:17 UTC 2020] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ'
[Sat Feb 15 10:32:17 UTC 2020] body='{"protected": "eyJub25jZSI6ICIwMDAyaXNZeXpRRDB1REhVS3hIUmJpUkZUcktnM1NQaFRVR3Zjc0lnWE5YSndFWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8zOTAzMzc1Ni9YTzR2aFEiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0NTU1MTQifQ", "payload": "e30", "signature": "BIM5ajHkwi4l2UsfKt3OP8Ukoon66KkVlxhPU7VsiIc1VzowvjIiQTF4L9BAl7_CVylmeiBjfo4iDaqngKNsZO_eHCtAUaVdHY5b22cHt3vBSCe-ej-edQ3xTLi4GuW7qxmsqle8WzvQ7u6QaQSmoiYlZ5kx1Fn3aZN-eZVfGg6JnzWmYsDrJAl45tDZ12ZNmaFYZlZ3Eid3Qc7Ds_TqJPcg2WAI-mrlvQ4gbQNawwBzGizdMwVNqkdSiXwcEW1ELAt3bsK4Kb9e2S_X5ESJ4kN_F-IWLO6wQrumOp7QQKcKC1OrPD8LQWBxHAgNY_jBp0-wQQaZRIZb-COlDt7GVQ"}'
[Sat Feb 15 10:32:17 UTC 2020] _postContentType='application/jose+json'
[Sat Feb 15 10:32:17 UTC 2020] Http already initialized.
[Sat Feb 15 10:32:17 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.LFTYgzIpJ0  -g '
[Sat Feb 15 10:32:17 UTC 2020] _ret='0'
[Sat Feb 15 10:32:17 UTC 2020] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 15 Feb 2020 10:32:17 GMT
content-type: application/json
content-length: 190
boulder-requester: 12455514
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/39033756>;rel="up"
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ
replay-nonce: 0002h8Y7ks0ORe9Xd41xbl0Ejk9E3dKJl01P53y1PbIkeHQ
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sat Feb 15 10:32:17 UTC 2020] code='200'
[Sat Feb 15 10:32:17 UTC 2020] original='{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ",
  "token": "shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"
}'
[Sat Feb 15 10:32:17 UTC 2020] response='{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/39033756/XO4vhQ","token":"shQn4j93gTLXfvwKKcOBbRyJoGNrFsznQjQJTegbwAs"}'
[Sat Feb 15 10:32:17 UTC 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1d  10 Sep 2019
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.16.1
built by gcc 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)
built with OpenSSL 1.1.1c  28 May 2019
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --modules-path=/etc/nginx/modules --user=www-data --group=www-data --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-openssl=/build-1.16.1/openssl-1.1.1c --with-openssl-opt=no-nextprotoneg --with-openssl-opt=no-weak-ssl-ciphers --with-openssl-opt=enable-tls1_3 --with-pcre --with-pcre-jit --with-cc-opt='-g -O2 -fPIC -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIC -pie -Wl,-z,relro -Wl,-z,now' --with-pcre-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-zlib-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-http_degradation_module --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_slice_module --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_v2_module --with-http_secure_link_module --with-stream=dynamic --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_xslt_module=dynamic --with-select_module --with-poll_module --with-http_image_filter_module=dynamic --add-module=/build-1.16.1/ngx_cache_purge --add-module=/build-1.16.1/ngx_brotli --add-dynamic-module=/build-1.16.1/ModSecurity-nginx --add-dynamic-module=/build-1.16.1/ngx_devel_kit --add-dynamic-module=/build-1.16.1/srcache-nginx-module --add-dynamic-module=/build-1.16.1/ngx_http_redis-0.3.9 --add-dynamic-module=/build-1.16.1/redis2-nginx-module --add-dynamic-module=/build-1.16.1/memc-nginx-module --add-dynamic-module=/build-1.16.1/headers-more-nginx-module --add-dynamic-module=/build-1.16.1/echo-nginx-module --add-dynamic-module=/build-1.16.1/set-misc-nginx-module --add-dynamic-module=/build-1.16.1/ngx_http_geoip2_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>] groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>    groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>   groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>  groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>    groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>   groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface> groups=FD,SOCKET
      ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>    groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>   groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>   groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>  groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>   groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>  groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty   groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>   groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>   groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>  groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>    groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>    groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>   groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>    groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>   groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>  groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>  groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
[Sat Feb 15 10:32:17 UTC 2020] pid
[Sat Feb 15 10:32:17 UTC 2020] No need to restore nginx, skip.
[Sat Feb 15 10:32:17 UTC 2020] _clearupdns
[Sat Feb 15 10:32:17 UTC 2020] dns_entries
[Sat Feb 15 10:32:17 UTC 2020] skip dns.

So looking here I am seeing the first GET request to check the domain exists and get its ID:

[Sat Feb 15 07:42:54 UTC 2020] First detect the root zone
[Sat Feb 15 07:42:54 UTC 2020] name?domainname=website.url
[Sat Feb 15 07:42:54 UTC 2020] GET
[Sat Feb 15 07:42:54 UTC 2020] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=website.url'
[Sat Feb 15 07:42:54 UTC 2020] timeout=
[Sat Feb 15 07:42:54 UTC 2020] Http already initialized.
[Sat Feb 15 07:42:54 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.3cwFwV68iq  -g '
[Sat Feb 15 07:42:55 UTC 2020] ret='0'
[Sat Feb 15 07:42:55 UTC 2020] response='{"gtdEnabled":false,"nameServers":[{"ipv6":"2600:1800:10::1","fqdn":"ns10.dnsmadeeasy.com","groupId":2,"ipv4":"208.94.148.4",**"id":10**},{"ipv6":"2600:1801:11::1","fqdn":"ns11.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.124.4","id":11},{"ipv6":"2600:1802:12::1","fqdn":"ns12.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.126.4","id":12},{"ipv6":"2600:1801:13::1","fqdn":"ns13.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.125.4","id":13},{"ipv6":"2600:1802:14::1","fqdn":"ns14.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.127.4","id":14},{"ipv6":"2600:1800:15::1","fqdn":"ns15.dnsmadeeasy.com","groupId":2,"ipv4":"208.94.149.4","id":15}],"updated":1581752486493,"created":1576800000000,"delegateNameServers":["ns10.dnsmadeeasy.com.","ns11.dnsmadeeasy.com.","ns12.dnsmadeeasy.com.","ns13.dnsmadeeasy.com.","ns14.dnsmadeeasy.com.","ns15.dnsmadeeasy.com."],"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"website.url",**"id":6715808**}'
[Sat Feb 15 07:42:55 UTC 2020] _domain_id='10'

From dns_me.sh:

if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"

I can see it is outputting the _domain_id='10, which looks like the ID of the namerserver.

We can that the id of the domains is actually "id":6715808

Acme proceeds to try to pull the records for domain 10:

_me_rest GET "${_domain_id}/records?recordName=$_sub_domain&type=TXT"

if ! _contains "$response" "\"totalRecords\":"; then
    _err "Error"
    return 1
fi

and gets no records for the domain 10, as it would:

[Sat Feb 15 07:42:55 UTC 2020] Getting txt records
[Sat Feb 15 07:42:55 UTC 2020] 10/records?recordName=_acme-challenge&type=TXT
[Sat Feb 15 07:42:55 UTC 2020] GET
[Sat Feb 15 07:42:55 UTC 2020] url='https://api.dnsmadeeasy.com/V2.0/dns/managed/10/records?recordName=_acme-challenge&type=TXT'
[Sat Feb 15 07:42:55 UTC 2020] timeout=
[Sat Feb 15 07:42:55 UTC 2020] Http already initialized.
[Sat Feb 15 07:42:55 UTC 2020] _CURL='curl -L --silent --dump-header /root/gridenv/acme-wildcard-configs/staging/website.url/http.header  --trace-ascii /tmp/tmp.3cwFwV68iq  -g '
[Sat Feb 15 07:42:55 UTC 2020] ret='0'
[Sat Feb 15 07:42:55 UTC 2020] response='<html><head><title>Apache Tomcat/7.0.12 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - Not Found</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Not Found</u></p><p><b>description</b> <u>The requested resource (Not Found) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.12</h3></body></html>'
[Sat Feb 15 07:42:55 UTC 2020] Error
[Sat Feb 15 07:42:55 UTC 2020] Error add txt for domain:_acme-challenge.website.url

and then errors out and doesn't proceed to the POST update of new records.

I think what is happening is the script is parsing the json response and pulling the first "id" value it comes to, which happens to be within the nameservers array as its parseing down, as opposed to the outermost ID of the object.

{
    "nameservers":[{"id":10}],
     "id":6715808
}

I wrote a check script to make sure that DNS API is functioning and the error isn't on their end.

#!/bin/bash

key="$1"
secret="$2"

date=$(LANG=C date -u +"%a, %d %b %Y %T %Z")
hmac=$(echo -n "$date" | openssl dgst -sha1 -hmac "$secret") && \
hmac=${hmac// /:} && \
hmac=${hmac##*:}

echo "------------ Check Domain exists ----------------------"

curl  \
-H "Content-Type: application/json" \
-H "x-dnsme-hmac: $hmac" \
-H "x-dnsme-apiKey: $key" \
-H "x-dnsme-requestDate: $date" \
-X GET https://api.dnsmadeeasy.com/V2.0/dns/managed/name?domainname=website.url

echo "------- Get Domain Records using ID 10   --------------"

curl  \
-H "Content-Type: application/json" \
-H "x-dnsme-hmac: $hmac" \
-H "x-dnsme-apiKey: $key" \
-H "x-dnsme-requestDate: $date" \
-X GET https://api.dnsmadeeasy.com/V2.0/dns/managed/10/records

echo "--------- Get All Domains  ----------------------------"

curl  \
-H "Content-Type: application/json" \
-H "x-dnsme-hmac: $hmac" \
-H "x-dnsme-apiKey: $key" \
-H "x-dnsme-requestDate: $date" \
-X GET https://api.dnsmadeeasy.com/V2.0/dns/managed

echo "----- Get Domain Records using 6715808  ---------------"

curl  \
-H "Content-Type: application/json" \
-H "x-dnsme-hmac: $hmac" \
-H "x-dnsme-apiKey: $key" \
-H "x-dnsme-requestDate: $date" \
-X GET https://api.dnsmadeeasy.com/V2.0/dns/managed/6715808/records

Out as expected, confirmed the error of using domain ID 10 and succesfully pulled correct records from right domain ID.

------------ Check Domain exists ----------------------
{"gtdEnabled":false,"nameServers":[{"ipv6":"2600:1800:10::1","fqdn":"ns10.dnsmadeeasy.com","groupId":2,"ipv4":"208.94.148.4","id":10},{"ipv6":"2600:1801:11::1","fqdn":"ns11.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.124.4","id":11},{"ipv6":"2600:1802:12::1","fqdn":"ns12.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.126.4","id":12},{"ipv6":"2600:1801:13::1","fqdn":"ns13.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.125.4","id":13},{"ipv6":"2600:1802:14::1","fqdn":"ns14.dnsmadeeasy.com","groupId":2,"ipv4":"208.80.127.4","id":14},{"ipv6":"2600:1800:15::1","fqdn":"ns15.dnsmadeeasy.com","groupId":2,"ipv4":"208.94.149.4","id":15}],"updated":1581752486493,"created":1576800000000,"delegateNameServers":["ns10.dnsmadeeasy.com.","ns11.dnsmadeeasy.com.","ns12.dnsmadeeasy.com.","ns13.dnsmadeeasy.com.","ns14.dnsmadeeasy.com.","ns15.dnsmadeeasy.com."],"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"website.url","id":6715808}
------- Get Domain Records using ID 10   --------------
<html><head><title>Apache Tomcat/7.0.12 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - Not Found</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Not Found</u></p><p><b>description</b> <u>The requested resource (Not Found) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.12</h3></body></html>
--------- Get All Domains  ----------------------------
{"totalRecords":6,"totalPages":1,"data":[{"gtdEnabled":false,"updated":1581752486493,"created":1576800000000,"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"website.url","id":6715808},{"gtdEnabled":false,"updated":1581089914024,"created":1581033600000,"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"another.com","id":6817542},{"gtdEnabled":false,"updated":1580360058673,"created":1580256000000,"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"whatever.io","id":6796193},{"gtdEnabled":false,"updated":1576566376861,"created":1575072000000,"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"somethingpress.com","id":6669712},{"gtdEnabled":false,"updated":1581070560718,"created":1581033600000,"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"andtraining.com","id":6817116},{"gtdEnabled":false,"updated":1581346102395,"created":1580256000000,"processMulti":false,"activeThirdParties":[],"folderId":151948,"pendingActionId":0,"name":"website.com","id":6796191}],"page":0}
----- Get Domain Records using 6715808  ---------------
{"totalRecords":3,"totalPages":1,"data":[{"monitor":false,"sourceId":6715808,"failover":false,"dynamicDns":false,"hardLink":false,"ttl":1800,"failed":false,"gtdLocation":"DEFAULT","source":1,"name":"","value":"95.179.203.190","id":105965344,"type":"A"},{"monitor":false,"sourceId":6715808,"failover":false,"dynamicDns":false,"hardLink":false,"ttl":1800,"failed":false,"gtdLocation":"DEFAULT","source":1,"name":"*","value":"95.179.203.190","id":105965346,"type":"A"},{"monitor":false,"sourceId":6715808,"failover":false,"dynamicDns":false,"hardLink":false,"ttl":1800,"failed":false,"gtdLocation":"DEFAULT","source":1,"name":"www","value":"","id":109367241,"type":"CNAME"}],"page":0}

I have obviously stripped out our clients real URLs, we use acme across thousands of sites now, and this is the first time I have seen this... but it is persistent.

I am going to get my team to spin up a bunch of test servers and domains and see if we can get this to repeat with other domains, but this has been going on with this domain for about a week.

JeffCleverley commented 4 years ago

Mybad, I see two reports already... doh.

https://github.com/acmesh-official/acme.sh/issues/2031 https://github.com/acmesh-official/acme.sh/issues/2731