Open Miyamoto72 opened 2 years ago
[Mi 29. Sep 21:02:29 CEST 2021] response='{"error":"authentication failed"}'
[Mi 29. Sep 21:02:29 CEST 2021] add txt record error.
[Mi 29. Sep 21:02:29 CEST 2021] Error add txt for domain:_acme-challenge.schorers.org
Thx for pointing that out. Solved that, but still not working.
Trying to issue a new combined cert with a defined keylength of 4096 bits throws an error:
[Do 30. Sep 19:32:04 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Do 30. Sep 19:32:04 CEST 2021] Creating domain key
[Do 30. Sep 19:32:04 CEST 2021] error ecc key name: mydomain.com
[Do 30. Sep 19:32:04 CEST 2021] Can not create domain key
[Do 30. Sep 19:32:04 CEST 2021] Create domain key error.
Apparently acme.sh now tries to create ECC keys, too, by default, and those have other keylengths. In my opinion this is an error in acme.sh, of course.
Trying to issue an RSA key by command line options should be possible, I'd say, but I didn't find a way. So I tried to issue a new combined cert from the backup of the old CSR:
[Do 30. Sep 19:39:19 CEST 2021] Copy csr to: /home/acmeuser/.acme.sh/*.mydomain.com/*.mydomain.com.csr
[Do 30. Sep 19:39:19 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Do 30. Sep 19:39:19 CEST 2021] Signing from existing CSR.
[Do 30. Sep 19:39:19 CEST 2021] Getting domain auth token for each domain
[Do 30. Sep 19:39:22 CEST 2021] Getting webroot for domain='*.mydomain.com'
[Do 30. Sep 19:39:23 CEST 2021] Error, can not get domain token entry *.mydomain.com for http-01
[Do 30. Sep 19:39:23 CEST 2021] The supported validation types are: dns-01 , but you specified: http-01
Here's the log:
[Do 30. Sep 19:53:44 CEST 2021] Running cmd: signcsr
[Do 30. Sep 19:53:44 CEST 2021] _csrsubj='*.mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] _csrsubj='*.mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] _dnsAltnames='DNS:*.mydomain.com,DNS:mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] AltNames contains subject
[Do 30. Sep 19:53:44 CEST 2021] _excapedAlgnames='DNS:#.mydomain.com,DNS:mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] _escapedSubject='#.mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] _dnsAltnames='DNS:mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] _csrdomainlist='mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] RSA CSR
[Do 30. Sep 19:53:44 CEST 2021] Using config home:/home/acmeuser/.acme.sh
[Do 30. Sep 19:53:44 CEST 2021] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Do 30. Sep 19:53:44 CEST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Do 30. Sep 19:53:44 CEST 2021] DOMAIN_PATH='/home/acmeuser/.acme.sh/*.mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] Copy csr to: /home/acmeuser/.acme.sh/*.mydomain.com/*.mydomain.com.csr
[Do 30. Sep 19:53:44 CEST 2021] _main_domain='*.mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] _alt_domains='mydomain.com'
[Do 30. Sep 19:53:44 CEST 2021] Using config home:/home/acmeuser/.acme.sh
[Do 30. Sep 19:53:44 CEST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Do 30. Sep 19:53:44 CEST 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Do 30. Sep 19:53:44 CEST 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Do 30. Sep 19:53:44 CEST 2021] Retrying GET
[Do 30. Sep 19:53:44 CEST 2021] GET
[Do 30. Sep 19:53:44 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Do 30. Sep 19:53:44 CEST 2021] timeout=
[Do 30. Sep 19:53:44 CEST 2021] displayError='1'
[Do 30. Sep 19:53:44 CEST 2021] _CURL='curl --silent --dump-header /home/acmeuser/.acme.sh/http.header -L '
[Do 30. Sep 19:53:45 CEST 2021] ret='0'
[Do 30. Sep 19:53:45 CEST 2021] _hcode='0'
[Do 30. Sep 19:53:45 CEST 2021] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Do 30. Sep 19:53:45 CEST 2021] ACME_NEW_AUTHZ
[Do 30. Sep 19:53:45 CEST 2021] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Do 30. Sep 19:53:45 CEST 2021] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Do 30. Sep 19:53:45 CEST 2021] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Do 30. Sep 19:53:45 CEST 2021] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Do 30. Sep 19:53:45 CEST 2021] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Do 30. Sep 19:53:45 CEST 2021] Le_NextRenewTime
[Do 30. Sep 19:53:45 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Do 30. Sep 19:53:45 CEST 2021] _on_before_issue
[Do 30. Sep 19:53:45 CEST 2021] _chk_main_domain='*.mydomain.com'
[Do 30. Sep 19:53:45 CEST 2021] _chk_alt_domains='mydomain.com'
[Do 30. Sep 19:53:45 CEST 2021] Le_LocalAddress
[Do 30. Sep 19:53:45 CEST 2021] d='*.mydomain.com'
[Do 30. Sep 19:53:45 CEST 2021] Check for domain='*.mydomain.com'
[Do 30. Sep 19:53:45 CEST 2021] _currentRoot='/var/www/letsencrypt/'
[Do 30. Sep 19:53:45 CEST 2021] d='mydomain.com'
[Do 30. Sep 19:53:45 CEST 2021] Check for domain='mydomain.com'
[Do 30. Sep 19:53:45 CEST 2021] _currentRoot='dns_servercow'
[Do 30. Sep 19:53:45 CEST 2021] d
[Do 30. Sep 19:53:45 CEST 2021] _saved_account_key_hash is not changed, skip register account.
[Do 30. Sep 19:53:45 CEST 2021] Signing from existing CSR.
[Do 30. Sep 19:53:45 CEST 2021] Getting domain auth token for each domain
[Do 30. Sep 19:53:45 CEST 2021] d='mydomain.com'
[Do 30. Sep 19:53:45 CEST 2021] d
[Do 30. Sep 19:53:45 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Do 30. Sep 19:53:45 CEST 2021] payload='{"identifiers": [{"type":"dns","value":"*.mydomain.com"},{"type":"dns","value":"mydomain.com"}]}'
[Do 30. Sep 19:53:45 CEST 2021] RSA key
[Do 30. Sep 19:53:45 CEST 2021] Retrying post
[Do 30. Sep 19:53:45 CEST 2021] HEAD
[Do 30. Sep 19:53:45 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Do 30. Sep 19:53:45 CEST 2021] _CURL='curl --silent --dump-header /home/acmeuser/.acme.sh/http.header -L -I '
[Do 30. Sep 19:53:46 CEST 2021] _ret='0'
[Do 30. Sep 19:53:46 CEST 2021] _hcode='0'
[Do 30. Sep 19:53:46 CEST 2021] Retrying post
[Do 30. Sep 19:53:46 CEST 2021] POST
[Do 30. Sep 19:53:46 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Do 30. Sep 19:53:46 CEST 2021] _CURL='curl --silent --dump-header /home/acmeuser/.acme.sh/http.header -L '
[Do 30. Sep 19:53:47 CEST 2021] _ret='0'
[Do 30. Sep 19:53:47 CEST 2021] _hcode='0'
[Do 30. Sep 19:53:47 CEST 2021] code='201'
[Do 30. Sep 19:53:47 CEST 2021] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/219267140/28406525630'
[Do 30. Sep 19:53:47 CEST 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/219267140/28406525630'
[Do 30. Sep 19:53:47 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/35793653770'
[Do 30. Sep 19:53:47 CEST 2021] payload
[Do 30. Sep 19:53:47 CEST 2021] Retrying post
[Do 30. Sep 19:53:47 CEST 2021] POST
[Do 30. Sep 19:53:47 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/35793653770'
[Do 30. Sep 19:53:47 CEST 2021] _CURL='curl --silent --dump-header /home/acmeuser/.acme.sh/http.header -L '
[Do 30. Sep 19:53:47 CEST 2021] _ret='0'
[Do 30. Sep 19:53:47 CEST 2021] _hcode='0'
[Do 30. Sep 19:53:47 CEST 2021] code='200'
[Do 30. Sep 19:53:47 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/35793653780'
[Do 30. Sep 19:53:47 CEST 2021] payload
[Do 30. Sep 19:53:48 CEST 2021] Retrying post
[Do 30. Sep 19:53:48 CEST 2021] POST
[Do 30. Sep 19:53:48 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/35793653780'
[Do 30. Sep 19:53:48 CEST 2021] _CURL='curl --silent --dump-header /home/acmeuser/.acme.sh/http.header -L '
[Do 30. Sep 19:53:48 CEST 2021] _ret='0'
[Do 30. Sep 19:53:48 CEST 2021] _hcode='0'
[Do 30. Sep 19:53:48 CEST 2021] code='200'
[Do 30. Sep 19:53:48 CEST 2021] d='*.mydomain.com'
[Do 30. Sep 19:53:48 CEST 2021] Getting webroot for domain='*.mydomain.com'
[Do 30. Sep 19:53:48 CEST 2021] _w='/var/www/letsencrypt/'
[Do 30. Sep 19:53:48 CEST 2021] _currentRoot='/var/www/letsencrypt/'
[Do 30. Sep 19:53:48 CEST 2021] entry
[Do 30. Sep 19:53:48 CEST 2021] Error, can not get domain token entry *.mydomain.com for http-01
[Do 30. Sep 19:53:48 CEST 2021] The supported validation types are: dns-01 , but you specified: http-01
[Do 30. Sep 19:53:48 CEST 2021] pid
[Do 30. Sep 19:53:48 CEST 2021] No need to restore nginx, skip.
[Do 30. Sep 19:53:48 CEST 2021] _clearupdns
[Do 30. Sep 19:53:48 CEST 2021] dns_entries
[Do 30. Sep 19:53:48 CEST 2021] skip dns.
[Do 30. Sep 19:53:48 CEST 2021] _on_issue_err
Since I don't know if this is a problem with acme.sh I also opened an issue at the servercow API github: https://github.com/jhartlep/servercow-dns-api/issues/1
[Do 30. Sep 19:39:23 CEST 2021] Error, can not get domain token entry *.mydomain.com for http-01
[Do 30. Sep 19:39:23 CEST 2021] The supported validation types are: dns-01 , but you specified: http-01
acme.sh was invoked with --dns option, but error says otherwise.
I'm not a coder, know very little shell - but I don't see where validation type is set in the dns script. Maybe someone else could fix this easily?
Been using acme.sh since v2.8.x, but now the renew of my combined domain and wildcard cert failed. After backuping the .acme.sh directory I was able to get a domain cert, but not a wildcard or combined cert.
Using acme.sh v3.0.1 on a Debian Buster machine
Steps to reproduce
Exported relevant username and password for Servercow API and ran the following command:
acme.sh --issue --staging --dns dns_servercow --keylength 4096 -d schorers.org -d *.schorers.org -f --server letsencrypt
Results in the following output:
I'm a bit puzzled about the short time between "using servercow" and "add txt record error". AFAIK the DNS has a TTL of 120 seconds or so.
Debug log
Omitting the --staging parameter doesn't change a thing. User has write access to the relevant webroot dir.