search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.67k stars 4.91k forks source link

Error add txt for domain when trying to use nsupdate to automatically issue cert #3040

Open liudonghua123 opened 4 years ago

liudonghua123 commented 4 years ago

Steps to reproduce

  1. config bind9 according https://github.com/acmesh-official/acme.sh/wiki/dnsapi#7-use-nsupdate-to-automatically-issue-cert
  2. install the latest acme.sh
  3. execute acme.sh --issue --dns dns_nsupdate -d test.ynu.edu.cn -d *.test.ynu.edu.cn --debug 2 --log

Debug log

```bash [root@pridns acme.sh]# acme.sh --issue --dns dns_nsupdate -d test.ynu.edu.cn -d *.test.ynu.edu.cn --debug 2 --log [Sun Jul 12 22:32:21 CST 2020] Lets find script dir. [Sun Jul 12 22:32:21 CST 2020] _SCRIPT_='/root/.acme.sh/acme.sh' [Sun Jul 12 22:32:21 CST 2020] _script='/root/.acme.sh/acme.sh' [Sun Jul 12 22:32:21 CST 2020] _script_home='/root/.acme.sh' [Sun Jul 12 22:32:21 CST 2020] Using config home:/root/.acme.sh [Sun Jul 12 22:32:21 CST 2020] LE_WORKING_DIR='/root/.acme.sh' https://github.com/acmesh-official/acme.sh v2.8.7 [Sun Jul 12 22:32:21 CST 2020] Running cmd: issue [Sun Jul 12 22:32:21 CST 2020] _main_domain='test.ynu.edu.cn' [Sun Jul 12 22:32:21 CST 2020] _alt_domains='*.test.ynu.edu.cn' [Sun Jul 12 22:32:21 CST 2020] Using config home:/root/.acme.sh [Sun Jul 12 22:32:21 CST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Sun Jul 12 22:32:21 CST 2020] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Sun Jul 12 22:32:21 CST 2020] DOMAIN_PATH='/root/.acme.sh/test.ynu.edu.cn' [Sun Jul 12 22:32:21 CST 2020] 'dns_nsupdate' does not contain 'dns' [Sun Jul 12 22:32:21 CST 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Sun Jul 12 22:32:21 CST 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Sun Jul 12 22:32:21 CST 2020] GET [Sun Jul 12 22:32:21 CST 2020] url='https://acme-v02.api.letsencrypt.org/directory' [Sun Jul 12 22:32:21 CST 2020] timeout= [Sun Jul 12 22:32:21 CST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.6tH2X8AwqT -g ' [Sun Jul 12 22:34:31 CST 2020] ret='0' [Sun Jul 12 22:34:31 CST 2020] response='{ "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "pfyKlEaZS18": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' [Sun Jul 12 22:34:31 CST 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Sun Jul 12 22:34:31 CST 2020] ACME_NEW_AUTHZ [Sun Jul 12 22:34:31 CST 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Sun Jul 12 22:34:31 CST 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Sun Jul 12 22:34:31 CST 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Sun Jul 12 22:34:31 CST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Sun Jul 12 22:34:31 CST 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Sun Jul 12 22:34:31 CST 2020] ACME_VERSION='2' [Sun Jul 12 22:34:31 CST 2020] Le_NextRenewTime [Sun Jul 12 22:34:31 CST 2020] _on_before_issue [Sun Jul 12 22:34:31 CST 2020] _chk_main_domain='test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _chk_alt_domains='*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] 'dns_nsupdate' does not contain 'no' [Sun Jul 12 22:34:31 CST 2020] Le_LocalAddress [Sun Jul 12 22:34:31 CST 2020] d='test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] Check for domain='test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _currentRoot='dns_nsupdate' [Sun Jul 12 22:34:31 CST 2020] d='*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] Check for domain='*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _currentRoot='dns_nsupdate' [Sun Jul 12 22:34:31 CST 2020] d [Sun Jul 12 22:34:31 CST 2020] 'dns_nsupdate' does not contain 'apache' [Sun Jul 12 22:34:31 CST 2020] _saved_account_key_hash='qJY7prbTcwrQ0T/TKNCRVeUCPAYWnHRDCqQl4qkkYoo=' [Sun Jul 12 22:34:31 CST 2020] _saved_account_key_hash is not changed, skip register account. [Sun Jul 12 22:34:31 CST 2020] Read key length: [Sun Jul 12 22:34:31 CST 2020] _createcsr [Sun Jul 12 22:34:31 CST 2020] domain='test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] domainlist='*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] csrkey='/root/.acme.sh/test.ynu.edu.cn/test.ynu.edu.cn.key' [Sun Jul 12 22:34:31 CST 2020] csr='/root/.acme.sh/test.ynu.edu.cn/test.ynu.edu.cn.csr' [Sun Jul 12 22:34:31 CST 2020] csrconf='/root/.acme.sh/test.ynu.edu.cn/test.ynu.edu.cn.csr.conf' [Sun Jul 12 22:34:31 CST 2020] _is_idn_d='*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _idn_temp [Sun Jul 12 22:34:31 CST 2020] domainlist='*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _is_idn_d='test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _idn_temp [Sun Jul 12 22:34:31 CST 2020] Multi domain='DNS:test.ynu.edu.cn,DNS:*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _is_idn_d='test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _idn_temp [Sun Jul 12 22:34:31 CST 2020] _csr_cn='test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] Getting domain auth token for each domain [Sun Jul 12 22:34:31 CST 2020] _is_idn_d='test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _idn_temp [Sun Jul 12 22:34:31 CST 2020] d='*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _is_idn_d='*.test.ynu.edu.cn' [Sun Jul 12 22:34:31 CST 2020] _idn_temp [Sun Jul 12 22:34:31 CST 2020] d [Sun Jul 12 22:34:31 CST 2020] _identifiers='{"type":"dns","value":"test.ynu.edu.cn"},{"type":"dns","value":"*.test.ynu.edu.cn"}' [Sun Jul 12 22:34:31 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Sun Jul 12 22:34:31 CST 2020] payload='{"identifiers": [{"type":"dns","value":"test.ynu.edu.cn"},{"type":"dns","value":"*.test.ynu.edu.cn"}]}' [Sun Jul 12 22:34:31 CST 2020] RSA key [Sun Jul 12 22:34:31 CST 2020] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Sun Jul 12 22:34:31 CST 2020] HEAD [Sun Jul 12 22:34:31 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Sun Jul 12 22:34:31 CST 2020] body [Sun Jul 12 22:34:31 CST 2020] _postContentType='application/jose+json' [Sun Jul 12 22:34:31 CST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.e3jPeTxmUS -g -I ' [Sun Jul 12 22:36:40 CST 2020] _ret='0' [Sun Jul 12 22:36:40 CST 2020] _headers='HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jul 2020 14:36:40 GMT Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 0102eA4I4-mgtLLbPacvRhABY8Oc-fl9zSW7Ir-yh-CKeAE X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 ' [Sun Jul 12 22:36:40 CST 2020] _CACHED_NONCE='0102eA4I4-mgtLLbPacvRhABY8Oc-fl9zSW7Ir-yh-CKeAE' [Sun Jul 12 22:36:40 CST 2020] nonce='0102eA4I4-mgtLLbPacvRhABY8Oc-fl9zSW7Ir-yh-CKeAE' [Sun Jul 12 22:36:40 CST 2020] POST [Sun Jul 12 22:36:40 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Sun Jul 12 22:36:40 CST 2020] body='{"protected": "eyJub25jZSI6ICIwMTAyZUE0STQtbWd0TExiUGFjdlJoQUJZOE9jLWZsOXpTVzdJci15aC1DS2VBRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85MTE1MTMwMiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InRlc3QueW51LmVkdS5jbiJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi50ZXN0LnludS5lZHUuY24ifV19", "signature": "fC_4PxVl3S5_y1c5oTuS7FybxO4dLObUvNtQ-7g3DaRevlvytIW0DdpOXLIbkUlZ8J1r7W-9F5icJnYfEPZiKhpwBK2YnTVkioG216ZPfrJF_bZdMoymwYlzk8TBZCb9QejzXRIY5pi72gr4mc2IgTI4clwpxh5dDWBMBV7y6N_sp2r1sjkY8en8fFmcEmBYhp98fii5-RB45naiepPE0kVcBdNiSbdkrpzHL6T_vq62OvVxKe9RK8vLH4wuHzdILR_3ZUmci9ntLVEYh3EDhusI7rr1fQrYg_dYzoyB1vlfS4jcFtKirBjo5ZqTr2b-6GKlRUDn5IAVJXq3Bz3F0g"}' [Sun Jul 12 22:36:40 CST 2020] _postContentType='application/jose+json' [Sun Jul 12 22:36:40 CST 2020] Http already initialized. [Sun Jul 12 22:36:40 CST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.e3jPeTxmUS -g ' [Sun Jul 12 22:38:51 CST 2020] _ret='0' [Sun Jul 12 22:38:51 CST 2020] responseHeaders='HTTP/1.1 201 Created Server: nginx Date: Sun, 12 Jul 2020 14:38:51 GMT Content-Type: application/json Content-Length: 483 Connection: keep-alive Boulder-Requester: 91151302 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Location: https://acme-v02.api.letsencrypt.org/acme/order/91151302/4172434097 Replay-Nonce: 0001c0LCt_jTUVmkkIPr7uoMQiWHXc4X4rWRT3hn59baMoY X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 ' [Sun Jul 12 22:38:51 CST 2020] code='201' [Sun Jul 12 22:38:51 CST 2020] original='{ "status": "pending", "expires": "2020-07-19T14:38:51.257380848Z", "identifiers": [ { "type": "dns", "value": "*.test.ynu.edu.cn" }, { "type": "dns", "value": "test.ynu.edu.cn" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038209", "https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038214" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/91151302/4172434097" }' [Sun Jul 12 22:38:51 CST 2020] response='{"status":"pending","expires":"2020-07-19T14:38:51.257380848Z","identifiers":[{"type":"dns","value":"*.test.ynu.edu.cn"},{"type":"dns","value":"test.ynu.edu.cn"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038209","https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038214"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/91151302/4172434097"}' [Sun Jul 12 22:38:51 CST 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/91151302/4172434097' [Sun Jul 12 22:38:51 CST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/91151302/4172434097' [Sun Jul 12 22:38:51 CST 2020] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038209,https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038214' [Sun Jul 12 22:38:51 CST 2020] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038209' [Sun Jul 12 22:38:51 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038209' [Sun Jul 12 22:38:51 CST 2020] payload [Sun Jul 12 22:38:51 CST 2020] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key [Sun Jul 12 22:38:51 CST 2020] Use _CACHED_NONCE='0001c0LCt_jTUVmkkIPr7uoMQiWHXc4X4rWRT3hn59baMoY' [Sun Jul 12 22:38:51 CST 2020] nonce='0001c0LCt_jTUVmkkIPr7uoMQiWHXc4X4rWRT3hn59baMoY' [Sun Jul 12 22:38:51 CST 2020] POST [Sun Jul 12 22:38:51 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038209' [Sun Jul 12 22:38:51 CST 2020] body='{"protected": "eyJub25jZSI6ICIwMDAxYzBMQ3RfalRVVm1ra0lQcjd1b01RaVdIWGM0WDRyV1JUM2huNTliYU1vWSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNTgzMzAzODIwOSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTExNTEzMDIifQ", "payload": "", "signature": "W6fGZ1XsnRAiTw7LpTO72F2pdMPYwEr-sSr-rCTJuVXHnKiOt0rAKfts1NSg6LE4AKDUewo_gnKHaF0BcJdpWgIk00TBuvHwCe-axKRTU08F31VzyV6SAjtsAp30DLwgyviWGogmhO1_1eJPlqsmvSFUkbsVsDejJUinXixsiKt9iw7BezbF3OdtzEzo9s1edqSYw8Yvf-dnpCfmP7oeljuGI7_Jp0yGdY8vHkyh2MX4UW7EwAj4ELGkNWK2FsRE2l6nVo8lldx9Y5KFMasmudqt52gf_NGYfsSBk8cnGgjvu2D9xrB0p_kJRzORVsMblEi_Rwe8P1zPSMpZsZjooQ"}' [Sun Jul 12 22:38:51 CST 2020] _postContentType='application/jose+json' [Sun Jul 12 22:38:51 CST 2020] Http already initialized. [Sun Jul 12 22:38:51 CST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.e3jPeTxmUS -g ' [Sun Jul 12 22:41:01 CST 2020] _ret='0' [Sun Jul 12 22:41:01 CST 2020] responseHeaders='HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jul 2020 14:41:01 GMT Content-Type: application/json Content-Length: 387 Connection: keep-alive Boulder-Requester: 91151302 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 0001DvkGCcfZa6tg_1Qp5B55-AzJnOvczmiWOSM02CGHDGw X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 ' [Sun Jul 12 22:41:01 CST 2020] code='200' [Sun Jul 12 22:41:01 CST 2020] original='{ "identifier": { "type": "dns", "value": "test.ynu.edu.cn" }, "status": "pending", "expires": "2020-07-19T14:38:51Z", "challenges": [ { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg", "token": "Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc" } ], "wildcard": true }' [Sun Jul 12 22:41:01 CST 2020] response='{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg","token":"Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc"}],"wildcard": true}' [Sun Jul 12 22:41:01 CST 2020] response='{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg","token":"Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc"}],"wildcard": true}' [Sun Jul 12 22:41:01 CST 2020] _d='*.test.ynu.edu.cn' [Sun Jul 12 22:41:01 CST 2020] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038214' [Sun Jul 12 22:41:01 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038214' [Sun Jul 12 22:41:01 CST 2020] payload [Sun Jul 12 22:41:01 CST 2020] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key [Sun Jul 12 22:41:01 CST 2020] Use _CACHED_NONCE='0001DvkGCcfZa6tg_1Qp5B55-AzJnOvczmiWOSM02CGHDGw' [Sun Jul 12 22:41:01 CST 2020] nonce='0001DvkGCcfZa6tg_1Qp5B55-AzJnOvczmiWOSM02CGHDGw' [Sun Jul 12 22:41:01 CST 2020] POST [Sun Jul 12 22:41:01 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/5833038214' [Sun Jul 12 22:41:01 CST 2020] body='{"protected": "eyJub25jZSI6ICIwMDAxRHZrR0NjZlphNnRnXzFRcDVCNTUtQXpKbk92Y3ptaVdPU00wMkNHSERHdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNTgzMzAzODIxNCIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTExNTEzMDIifQ", "payload": "", "signature": "uh1JBWVObqRhCv7mFD_EV-Q16QUFDWRnEDWUiqy5PWTT95KfcRq7OdCe3NMF6kOhUCM-mpKoPiaGM7eY9ZPE2Bd4kP-O37pLL4ZOsx0x5apMyEKz-PCOyNBCukdv3C__3T1wV-oPbz-vsJUpJZTf2RJp3kABt5fWk8RfSS4ZXIY7-2gOwsiCFQxosT7370qKUOJCfOvt-ekAXyQ299TORvNefZ-aewyBA-yIYd5rQashznS9qhfrIzvMiR9B7f4TJ4BGuOHGVLOcoI-KR-tvflZHtJKIP49TO6xzycoeluR6IcAC-5iIWy2agz4Ep5eFDfphD75M2Ab8O-IvuEttQg"}' [Sun Jul 12 22:41:01 CST 2020] _postContentType='application/jose+json' [Sun Jul 12 22:41:01 CST 2020] Http already initialized. [Sun Jul 12 22:41:01 CST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.e3jPeTxmUS -g ' [Sun Jul 12 22:43:15 CST 2020] _ret='0' [Sun Jul 12 22:43:15 CST 2020] responseHeaders='HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jul 2020 14:43:15 GMT Content-Type: application/json Content-Length: 793 Connection: keep-alive Boulder-Requester: 91151302 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Replay-Nonce: 0001MvojpEtTJ5JaMYHhylBBbOL9R-Pdk63XCfN0aQfDaSo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 ' [Sun Jul 12 22:43:15 CST 2020] code='200' [Sun Jul 12 22:43:15 CST 2020] original='{ "identifier": { "type": "dns", "value": "test.ynu.edu.cn" }, "status": "pending", "expires": "2020-07-19T14:38:51Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/MJ-k6A", "token": "gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w", "token": "gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/JtA3SA", "token": "gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q" } ] }' [Sun Jul 12 22:43:15 CST 2020] response='{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/MJ-k6A","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/JtA3SA","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"}]}' [Sun Jul 12 22:43:15 CST 2020] response='{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/MJ-k6A","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/JtA3SA","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"}]}' [Sun Jul 12 22:43:15 CST 2020] _d='test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] _authorizations_map='test.ynu.edu.cn,{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/MJ-k6A","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/JtA3SA","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"}]} *.test.ynu.edu.cn,{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg","token":"Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc"}],"wildcard": true} ' [Sun Jul 12 22:43:15 CST 2020] d='test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] Getting webroot for domain='test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] _w='dns_nsupdate' [Sun Jul 12 22:43:15 CST 2020] _currentRoot='dns_nsupdate' [Sun Jul 12 22:43:15 CST 2020] _is_idn_d='test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] _idn_temp [Sun Jul 12 22:43:15 CST 2020] _candidates='test.ynu.edu.cn,{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/MJ-k6A","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/JtA3SA","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"}]}' [Sun Jul 12 22:43:15 CST 2020] response='{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/MJ-k6A","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/JtA3SA","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"}]}' [Sun Jul 12 22:43:15 CST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"' [Sun Jul 12 22:43:15 CST 2020] token='gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q' [Sun Jul 12 22:43:15 CST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w' [Sun Jul 12 22:43:15 CST 2020] keyauthorization='gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk' [Sun Jul 12 22:43:15 CST 2020] dvlist='test.ynu.edu.cn#gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w#dns-01#dns_nsupdate' [Sun Jul 12 22:43:15 CST 2020] d='*.test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] Getting webroot for domain='*.test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] _w='dns_nsupdate' [Sun Jul 12 22:43:15 CST 2020] _currentRoot='dns_nsupdate' [Sun Jul 12 22:43:15 CST 2020] _is_idn_d='*.test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] _idn_temp [Sun Jul 12 22:43:15 CST 2020] _candidates='*.test.ynu.edu.cn,{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg","token":"Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc"}],"wildcard": true}' [Sun Jul 12 22:43:15 CST 2020] response='{"identifier":{"type":"dns","value":"test.ynu.edu.cn"},"status":"pending","expires":"2020-07-19T14:38:51Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg","token":"Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc"}],"wildcard": true}' [Sun Jul 12 22:43:15 CST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg","token":"Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc"' [Sun Jul 12 22:43:15 CST 2020] token='Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc' [Sun Jul 12 22:43:15 CST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg' [Sun Jul 12 22:43:15 CST 2020] keyauthorization='Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk' [Sun Jul 12 22:43:15 CST 2020] dvlist='*.test.ynu.edu.cn#Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg#dns-01#dns_nsupdate' [Sun Jul 12 22:43:15 CST 2020] d [Sun Jul 12 22:43:15 CST 2020] vlist='test.ynu.edu.cn#gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w#dns-01#dns_nsupdate,*.test.ynu.edu.cn#Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg#dns-01#dns_nsupdate,' [Sun Jul 12 22:43:15 CST 2020] d='test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] _d_alias [Sun Jul 12 22:43:15 CST 2020] txtdomain='_acme-challenge.test.ynu.edu.cn' [Sun Jul 12 22:43:15 CST 2020] txt='EzBq80Bqa-_aXpSd_da-kipemnL6gXA-TU54lUoCzMk' [Sun Jul 12 22:43:15 CST 2020] d_api='/root/.acme.sh/dnsapi/dns_nsupdate.sh' [Sun Jul 12 22:43:15 CST 2020] dns_entry='test.ynu.edu.cn,_acme-challenge.test.ynu.edu.cn,,dns_nsupdate,EzBq80Bqa-_aXpSd_da-kipemnL6gXA-TU54lUoCzMk,/root/.acme.sh/dnsapi/dns_nsupdate.sh' [Sun Jul 12 22:43:15 CST 2020] Found domain api file: /root/.acme.sh/dnsapi/dns_nsupdate.sh [Sun Jul 12 22:43:15 CST 2020] Adding txt value: EzBq80Bqa-_aXpSd_da-kipemnL6gXA-TU54lUoCzMk for domain: _acme-challenge.test.ynu.edu.cn [Sun Jul 12 22:43:15 CST 2020] adding _acme-challenge.test.ynu.edu.cn. 60 in txt "EzBq80Bqa-_aXpSd_da-kipemnL6gXA-TU54lUoCzMk" setup_system() Creating key... Creating key... namefromtext keycreate reset_system() user_interaction() do_next_command() do_next_command() do_next_command() evaluate_update() update_addordelete() do_next_command() start_update() send_update() Sending update to 2001:250:2800:2::33#53 show_message() Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 15860 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; ZONE SECTION: ;ynu.edu.cn. IN SOA ;; UPDATE SECTION: _acme-challenge.test.ynu.edu.cn. 60 IN TXT "EzBq80Bqa-_aXpSd_da-kipemnL6gXA-TU54lUoCzMk" ;; TSIG PSEUDOSECTION: update. 0 ANY TSIG hmac-sha512. 1594564995 300 64 FIFn2ldJJ7Yr/4icmNN0OFJQtXNfY9ddMEoQEFxjWXtJ9yeGaY9lzeEP nFFkXypME5iC/TCCeiep4NfdjXmWxw== 15860 NOERROR 0 update_completed() tsig verification successful show_message() Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id: 15860 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;ynu.edu.cn. IN SOA ;; TSIG PSEUDOSECTION: update. 0 ANY TSIG hmac-sha512. 1594564995 300 64 GW55mgqTesojoz5owbzhgYy/V2VbwjfJqJpdhw5Erb/CjzCfXyRLQchn FouTljEaHZRhBTfWMY4WVztWcFJ8CQ== 15860 NOERROR 0 done_update() reset_system() user_interaction() cleanup() detach tsigkey x0x7f60162ad0b8 Shutting down task manager shutdown_program() Shutting down request manager Destroy DST lib Destroying request manager Freeing the dispatchers Shutting down dispatch manager Destroying event Shutting down socket manager Shutting down timer manager Destroying hash context Destroying name state Removing log context Destroying memory context [Sun Jul 12 22:43:15 CST 2020] error updating domain [Sun Jul 12 22:43:15 CST 2020] Error add txt for domain:_acme-challenge.test.ynu.edu.cn [Sun Jul 12 22:43:15 CST 2020] _on_issue_err [Sun Jul 12 22:43:15 CST 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log [Sun Jul 12 22:43:15 CST 2020] _chk_vlist='test.ynu.edu.cn#gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w#dns-01#dns_nsupdate,*.test.ynu.edu.cn#Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg#dns-01#dns_nsupdate,' [Sun Jul 12 22:43:15 CST 2020] start to deactivate authz [Sun Jul 12 22:43:15 CST 2020] Trigger domain validation. [Sun Jul 12 22:43:15 CST 2020] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w' [Sun Jul 12 22:43:15 CST 2020] _t_key_authz='gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk' [Sun Jul 12 22:43:15 CST 2020] _t_vtype [Sun Jul 12 22:43:15 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w' [Sun Jul 12 22:43:15 CST 2020] payload='{}' [Sun Jul 12 22:43:15 CST 2020] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key [Sun Jul 12 22:43:15 CST 2020] Use _CACHED_NONCE='0001MvojpEtTJ5JaMYHhylBBbOL9R-Pdk63XCfN0aQfDaSo' [Sun Jul 12 22:43:15 CST 2020] nonce='0001MvojpEtTJ5JaMYHhylBBbOL9R-Pdk63XCfN0aQfDaSo' [Sun Jul 12 22:43:16 CST 2020] POST [Sun Jul 12 22:43:16 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w' [Sun Jul 12 22:43:16 CST 2020] body='{"protected": "eyJub25jZSI6ICIwMDAxTXZvanBFdFRKNUphTVlIaHlsQkJiT0w5Ui1QZGs2M1hDZk4wYVFmRGFTbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNTgzMzAzODIxNC8wRjJfOHciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzkxMTUxMzAyIn0", "payload": "e30", "signature": "dlx3suwn0uFYDcg3rfkNBGmqOfP1dgC7hMT-Y1RhML9njcqC1N6N43mo3dyo6ck_mTf7G0A66BDGG7rCWYEugxScPuJxVJhgPoNVk4pDG9abHO5Alxtlq6H35Sf5r_x7ydgcDkictXqAaD4bHSUOR-ya5_sJxsLSabSHoXdN7ZP_HJj9DdGkXEPraRjg21EOwbpMmyZUS4k3cG-kdfxMiIkukL1a_PKStToP2ht2SwdSN9KKofv4kb_JclR_oiN5Fa5Xk-QJlAoCRBaThs5KuEdj5qBGT9ZYL1lFChxp0bcNlDsIUagqXpDiMjaFNFVtJ7BzgLkL6kZsOxcE6I6Xjg"}' [Sun Jul 12 22:43:16 CST 2020] _postContentType='application/jose+json' [Sun Jul 12 22:43:16 CST 2020] Http already initialized. [Sun Jul 12 22:43:16 CST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.e3jPeTxmUS -g ' [Sun Jul 12 22:45:24 CST 2020] _ret='0' [Sun Jul 12 22:45:24 CST 2020] responseHeaders='HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jul 2020 14:45:24 GMT Content-Type: application/json Content-Length: 184 Connection: keep-alive Boulder-Requester: 91151302 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Link: ;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w Replay-Nonce: 0002Zv1HaDa5YDq_r4xPlOCSSAQhZ6nu82l0sgzlI4bKfKI X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 ' [Sun Jul 12 22:45:24 CST 2020] code='200' [Sun Jul 12 22:45:24 CST 2020] original='{ "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w", "token": "gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q" }' [Sun Jul 12 22:45:24 CST 2020] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038214/0F2_8w","token":"gr2qoZARMk0ZghGyZsgF-SkhU_LW70FYXEEp3Pk5q3Q"}' [Sun Jul 12 22:45:24 CST 2020] Trigger domain validation. [Sun Jul 12 22:45:24 CST 2020] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg' [Sun Jul 12 22:45:24 CST 2020] _t_key_authz='Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc.5Uj8SDvTIiNwKLpShIGeXND0IqR7FBYmVZ7GqSHWggk' [Sun Jul 12 22:45:24 CST 2020] _t_vtype [Sun Jul 12 22:45:24 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg' [Sun Jul 12 22:45:24 CST 2020] payload='{}' [Sun Jul 12 22:45:24 CST 2020] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key [Sun Jul 12 22:45:24 CST 2020] Use _CACHED_NONCE='0002Zv1HaDa5YDq_r4xPlOCSSAQhZ6nu82l0sgzlI4bKfKI' [Sun Jul 12 22:45:24 CST 2020] nonce='0002Zv1HaDa5YDq_r4xPlOCSSAQhZ6nu82l0sgzlI4bKfKI' [Sun Jul 12 22:45:24 CST 2020] POST [Sun Jul 12 22:45:24 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg' [Sun Jul 12 22:45:24 CST 2020] body='{"protected": "eyJub25jZSI6ICIwMDAyWnYxSGFEYTVZRHFfcjR4UGxPQ1NTQVFoWjZudTgybDBzZ3psSTRiS2ZLSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNTgzMzAzODIwOS9taDBlWmciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzkxMTUxMzAyIn0", "payload": "e30", "signature": "EPxZx16JP0EhQy3L9W0_KKRlluH2SdEe7OYGZwLvMyWfq9eymObOltbp8zqiNCfcrjfrMMWDQa8I6S7A2f8oRovxlWAIpBN30GmvgtDORrURr1AhRiWtbEqBRa3WwcD7IchlShQ5fa0PFEIbaWL_C7OhuMP7KvQKWdrKlIxh4x92z8f9mpZCRh9w29gRHwzsrce4d3ShmHKiZnbRqVWyOS2k1NFvbFFPLbhE0HQKMmTGThzlMJuOIr8LxpSENVp_o3uHvleUi8Ev_c_O2nAtkalB-Z7z0HayWId5hP2KR-IYdbhvJFLUusDJQ6oSYYE7qRJz-UPIYPmFdUU06GYGCg"}' [Sun Jul 12 22:45:24 CST 2020] _postContentType='application/jose+json' [Sun Jul 12 22:45:24 CST 2020] Http already initialized. [Sun Jul 12 22:45:24 CST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.e3jPeTxmUS -g ' [Sun Jul 12 22:47:34 CST 2020] _ret='0' [Sun Jul 12 22:47:34 CST 2020] responseHeaders='HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jul 2020 14:47:33 GMT Content-Type: application/json Content-Length: 184 Connection: keep-alive Boulder-Requester: 91151302 Cache-Control: public, max-age=0, no-cache Link: ;rel="index" Link: ;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg Replay-Nonce: 0102qp9dN2weuE8PWnn9rEcI155LMyQLCgVzbS4ONGtsJLY X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 ' [Sun Jul 12 22:47:34 CST 2020] code='200' [Sun Jul 12 22:47:34 CST 2020] original='{ "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg", "token": "Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc" }' [Sun Jul 12 22:47:34 CST 2020] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5833038209/mh0eZg","token":"Sn32ffXTBZXWPL-ubHoCbCyB0ldisUYb_H2zx4BqGGc"}' [Sun Jul 12 22:47:34 CST 2020] socat doesn't exist. [Sun Jul 12 22:47:34 CST 2020] Diagnosis versions: openssl:openssl OpenSSL 1.0.2k-fips 26 Jan 2017 apache: apache doesn't exist. nginx: nginx version: nginx/1.12.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_auth_request_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' socat: [Sun Jul 12 22:47:34 CST 2020] pid [Sun Jul 12 22:47:34 CST 2020] No need to restore nginx, skip. [Sun Jul 12 22:47:34 CST 2020] _clearupdns [Sun Jul 12 22:47:34 CST 2020] dns_entries [Sun Jul 12 22:47:34 CST 2020] skip dns. [root@pridns acme.sh]# ```

I tried a lot of times, but always the same error produced finally.

Neilpang commented 4 years ago

@philfry @AlexeyStolyarov @PeterDaveHello

Do you guys have any ideas?

Thanks.

philfry commented 4 years ago

Just tested it with the current HEAD, but I cannot reproduce the error.

Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id: 15860 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;ynu.edu.cn. IN SOA

;; TSIG PSEUDOSECTION: update. 0 ANY TSIG hmac-sha512. 1594564995 300 64 GW55mgqTesojoz5owbzhgYy/V2VbwjfJqJpdhw5Erb/CjzCfXyRLQchn FouTljEaHZRhBTfWMY4WVztWcFJ8CQ== 15860 NOERROR 0

This can have different causes. Either the update key is incorrect, the server is not accepting the key coming from your current ip address (your logs show that acme.sh/dns_nsupdate connects to a public ipv6 address), you're simply connecting to the wrong server or the server is misconfigured. Usually the server logs failed update attempts, so please take a look at the log files and tell us the result.