Open qilishenhua opened 3 years ago
climba03003
commented
3 years ago I have reverted back to Let's Encrypt instead of using ZeroSSL. It seems like ZeroSSL is either not stable or it restricted each host for only 3 domain. (It is the Free Plan on their website.)
winds365
commented
3 years ago acme.sh --set-default-ca --server letsencrypt ZeroSSL 不是504就是timeout 不想吐槽
mayocream
commented
3 years ago acme.sh --set-default-ca --server letsencrypt ZeroSSL 不是504就是timeout 不想吐槽
ZeroSSL occurs 504 Gateway Timeout error in our cluster. Same problem :|
qilishenhua
commented
3 years ago I have reverted back to Let's Encrypt instead of using ZeroSSL. It seems like ZeroSSL is either not stable or it restricted each host for only 3 domain. (It is the Free Plan on their website.)
You mean after three certificates expire, I can no longer apply for certificates in this way. So I need to change a new domain?
climba03003
commented
3 years ago I have reverted back to Let's Encrypt instead of using ZeroSSL. It seems like ZeroSSL is either not stable or it restricted each host for only 3 domain. (It is the Free Plan on their website.)
You mean after three certificates expire, I can no longer apply for certificates in this way. So I need to change a new domain?
I am not sure if it is the Free Plan limitation, it should be unlimited for ACME certification. Currently, the only way to get acme.sh works is migrate out of ZeroSSL.
You need to use the issue command to change the existing record.
acme.sh --issue -d example.com --server letsencryptFor the newly created record, use the below command to change the default issuer.
acme.sh --set-default-ca --server letsencryptI have reverted back to Let's Encrypt instead of using ZeroSSL. It seems like ZeroSSL is either not stable or it restricted each host for only 3 domain. (It is the Free Plan on their website.)
You mean after three certificates expire, I can no longer apply for certificates in this way. So I need to change a new domain?
I am not sure if it is the Free Plan limitation, it should be unlimited for ACME certification. Currently, the only way to get acme.sh works is migrate out of ZeroSSL.
You need to use the issue command to change the existing record.
acme.sh --issue -d example.com --server letsencryptFor the newly created record, use the below command to change the default issuer.
acme.sh --set-default-ca --server letsencrypt
I succeeded by using your command, thank you.
工具:阿里云香港服务器、Lets Encrypt证书,手动DNS验证。这次90天过期后总是在DNS验证步骤卡住,求指导 [root@izj6c6ajmixcunm81kq13jz ~]# acme.sh --renew --dns -d hongbaimiao.vip --yes-I-know-dns-manual-mode-enough-go-ahead-please --debug 2 [Fri Oct 22 15:16:31 CST 2021] Lets find script dir. [Fri Oct 22 15:16:31 CST 2021] SCRIPT='/root/.acme.sh/acme.sh' [Fri Oct 22 15:16:31 CST 2021] _script='/root/.acme.sh/acme.sh' [Fri Oct 22 15:16:31 CST 2021] _script_home='/root/.acme.sh' [Fri Oct 22 15:16:31 CST 2021] Using config home:/root/.acme.sh [Fri Oct 22 15:16:31 CST 2021] LE_WORKING_DIR='/root/.acme.sh' https://github.com/acmesh-official/acme.sh v3.0.1 [Fri Oct 22 15:16:31 CST 2021] Running cmd: renew [Fri Oct 22 15:16:31 CST 2021] Using config home:/root/.acme.sh [Fri Oct 22 15:16:31 CST 2021] default_acme_server [Fri Oct 22 15:16:31 CST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90' [Fri Oct 22 15:16:31 CST 2021] _ACME_SERVER_HOST='acme.zerossl.com' [Fri Oct 22 15:16:31 CST 2021] _ACME_SERVER_PATH='v2/DV90' [Fri Oct 22 15:16:31 CST 2021] DOMAIN_PATH='/root/.acme.sh/hongbaimiao.vip' [Fri Oct 22 15:16:31 CST 2021] Renew: 'hongbaimiao.vip' [Fri Oct 22 15:16:31 CST 2021] Le_API='https://acme.zerossl.com/v2/DV90' [Fri Oct 22 15:16:31 CST 2021] Using config home:/root/.acme.sh [Fri Oct 22 15:16:31 CST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90' [Fri Oct 22 15:16:31 CST 2021] _ACME_SERVER_HOST='acme.zerossl.com' [Fri Oct 22 15:16:31 CST 2021] _ACME_SERVER_PATH='v2/DV90' [Fri Oct 22 15:16:31 CST 2021] _main_domain='hongbaimiao.vip' [Fri Oct 22 15:16:31 CST 2021] _alt_domains='no' [Fri Oct 22 15:16:31 CST 2021] 'dns' contains 'dns' [Fri Oct 22 15:16:31 CST 2021] 'dns' contains 'dns' [Fri Oct 22 15:16:31 CST 2021] Le_NextRenewTime='1628477547' [Fri Oct 22 15:16:31 CST 2021] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90 [Fri Oct 22 15:16:31 CST 2021] _init api for server: https://acme.zerossl.com/v2/DV90 [Fri Oct 22 15:16:31 CST 2021] Retrying GET [Fri Oct 22 15:16:31 CST 2021] GET [Fri Oct 22 15:16:31 CST 2021] url='https://acme.zerossl.com/v2/DV90' [Fri Oct 22 15:16:31 CST 2021] timeout= [Fri Oct 22 15:16:31 CST 2021] displayError='1' [Fri Oct 22 15:16:31 CST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.shDZmBEPgm -g ' [Fri Oct 22 15:16:32 CST 2021] ret='0' [Fri Oct 22 15:16:32 CST 2021] _hcode='0' [Fri Oct 22 15:16:32 CST 2021] response='{ "newNonce": "https://acme.zerossl.com/v2/DV90/newNonce", "newAccount": "https://acme.zerossl.com/v2/DV90/newAccount", "newOrder": "https://acme.zerossl.com/v2/DV90/newOrder", "revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert", "keyChange": "https://acme.zerossl.com/v2/DV90/keyChange", "meta": { "termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf", "website": "https://zerossl.com", "caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"], "externalAccountRequired": true } }' [Fri Oct 22 15:16:32 CST 2021] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange' [Fri Oct 22 15:16:32 CST 2021] ACME_NEW_AUTHZ [Fri Oct 22 15:16:32 CST 2021] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder' [Fri Oct 22 15:16:32 CST 2021] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount' [Fri Oct 22 15:16:32 CST 2021] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert' [Fri Oct 22 15:16:32 CST 2021] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf' [Fri Oct 22 15:16:32 CST 2021] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce' [Fri Oct 22 15:16:32 CST 2021] Using CA: https://acme.zerossl.com/v2/DV90 [Fri Oct 22 15:16:32 CST 2021] _on_before_issue [Fri Oct 22 15:16:32 CST 2021] _chk_main_domain='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] _chk_alt_domains [Fri Oct 22 15:16:32 CST 2021] 'dns' does not contain 'no' [Fri Oct 22 15:16:32 CST 2021] Le_LocalAddress [Fri Oct 22 15:16:32 CST 2021] d='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] Check for domain='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] _currentRoot='dns' [Fri Oct 22 15:16:32 CST 2021] d [Fri Oct 22 15:16:32 CST 2021] 'dns' does not contain 'apache' [Fri Oct 22 15:16:32 CST 2021] _saved_account_key_hash='42zGg2LcoujYxqSaV0ZWq//XqrVPU51ydRwX3pr8h+o=' [Fri Oct 22 15:16:32 CST 2021] _saved_account_key_hash is not changed, skip register account. [Fri Oct 22 15:16:32 CST 2021] Read key length: [Fri Oct 22 15:16:32 CST 2021] _createcsr [Fri Oct 22 15:16:32 CST 2021] domain='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] domainlist [Fri Oct 22 15:16:32 CST 2021] csrkey='/root/.acme.sh/hongbaimiao.vip/hongbaimiao.vip.key' [Fri Oct 22 15:16:32 CST 2021] csr='/root/.acme.sh/hongbaimiao.vip/hongbaimiao.vip.csr' [Fri Oct 22 15:16:32 CST 2021] csrconf='/root/.acme.sh/hongbaimiao.vip/hongbaimiao.vip.csr.conf' [Fri Oct 22 15:16:32 CST 2021] Single domain='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] _is_idn_d='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] _idn_temp [Fri Oct 22 15:16:32 CST 2021] _is_idn_d='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] _idn_temp [Fri Oct 22 15:16:32 CST 2021] _csr_cn='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] Getting domain auth token for each domain [Fri Oct 22 15:16:32 CST 2021] ok, let's start to verify [Fri Oct 22 15:16:32 CST 2021] Verifying: hongbaimiao.vip [Fri Oct 22 15:16:32 CST 2021] d='hongbaimiao.vip' [Fri Oct 22 15:16:32 CST 2021] keyauthorization='izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M.29Wu-nDUQmYDPh70VKU6pa5EbGKoWGMQ4wZoK_GiwPo' [Fri Oct 22 15:16:32 CST 2021] uri='https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA' [Fri Oct 22 15:16:32 CST 2021] _currentRoot='dns' [Fri Oct 22 15:16:32 CST 2021] Trigger domain validation. [Fri Oct 22 15:16:32 CST 2021] _t_url='https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA' [Fri Oct 22 15:16:32 CST 2021] _t_key_authz='izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M.29Wu-nDUQmYDPh70VKU6pa5EbGKoWGMQ4wZoK_GiwPo' [Fri Oct 22 15:16:32 CST 2021] _t_vtype='dns-01' [Fri Oct 22 15:16:32 CST 2021] url='https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA' [Fri Oct 22 15:16:32 CST 2021] payload='{}' [Fri Oct 22 15:16:32 CST 2021] RSA key [Fri Oct 22 15:16:32 CST 2021] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce' [Fri Oct 22 15:16:32 CST 2021] Retrying post [Fri Oct 22 15:16:32 CST 2021] HEAD [Fri Oct 22 15:16:32 CST 2021] _post_url='https://acme.zerossl.com/v2/DV90/newNonce' [Fri Oct 22 15:16:32 CST 2021] body [Fri Oct 22 15:16:32 CST 2021] _postContentType='application/jose+json' [Fri Oct 22 15:16:32 CST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.V10XZJ8Swp -g -I ' [Fri Oct 22 15:16:35 CST 2021] _ret='0' [Fri Oct 22 15:16:35 CST 2021] _hcode='0' [Fri Oct 22 15:16:35 CST 2021] _headers='HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Oct 2021 07:16:35 GMT Content-Type: application/octet-stream Connection: keep-alive Replay-Nonce: -YCTAwRZ4lHyBUlam_7Dh-NmoD6LuMXcfMemxKi373c Cache-Control: max-age=-1 Access-Control-Allow-Origin: Link: https://acme.zerossl.com/v2/DV90;rel="index" Strict-Transport-Security: max-age=15552000 ' [Fri Oct 22 15:16:35 CST 2021] _CACHED_NONCE='-YCTAwRZ4lHyBUlam_7Dh-NmoD6LuMXcfMemxKi373c' [Fri Oct 22 15:16:35 CST 2021] nonce='-YCTAwRZ4lHyBUlam_7Dh-NmoD6LuMXcfMemxKi373c' [Fri Oct 22 15:16:35 CST 2021] Retrying post [Fri Oct 22 15:16:35 CST 2021] POST [Fri Oct 22 15:16:35 CST 2021] _post_url='https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA' [Fri Oct 22 15:16:35 CST 2021] body='{"protected": "eyJub25jZSI6ICItWUNUQXdSWjRsSHlCVWxhbV83RGgtTm1vRDZMdU1YY2ZNZW14S2kzNzNjIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9jaGFsbC9fUVNrYWp4V3JjMlM5ZHlnZUZXbmNBIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9LR0ZkWXlDeno1amhwX2hxbmpLOXJ3In0", "payload": "e30", "signature": "tLaVns3KnVxhfFuou8hNhksYlW4Zxu4QQ1Up84kYM0bfjYTSaOC1uxate8naqbuI9U-tnuK7JlRu9OzP1vHNn_dtzT-HFDOJrJE7GNAEyBpqYn6lwcZa0vga8LVe_VJfd_9n2NTEZOFKdKXbZNhlpA50CaBSO86Mmu_Ad0LWrkFWXsJv5TUYTRN5AD_pNV30cInkKfWS5gi8zcSw6hnM-9N1JY396qev-KS53m-dB38l8OxkECg27FNGfwiEB8NKOPMUpy6oHGm3pdkFSPcZdL1FIhNWX_O77FeLvxiKl-1SMhuW5R3_iMpLU1ma5F0HdTqknfdsZ_YZ2GaTszUrYQ"}' [Fri Oct 22 15:16:35 CST 2021] _postContentType='application/jose+json' [Fri Oct 22 15:16:35 CST 2021] Http already initialized. [Fri Oct 22 15:16:35 CST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.V10XZJ8Swp -g ' [Fri Oct 22 15:16:37 CST 2021] _ret='0' [Fri Oct 22 15:16:37 CST 2021] _hcode='0' [Fri Oct 22 15:16:37 CST 2021] responseHeaders='HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Oct 2021 07:16:37 GMT Content-Type: application/json Content-Length: 163 Connection: keep-alive Replay-Nonce: ZAlMH0hxEubTZv1qWGHGTUaWbx0SmfK5rp96THM_W-U Cache-Control: max-age=-1 Access-Control-Allow-Origin: Link: https://acme.zerossl.com/v2/DV90;rel="index" Link: https://acme.zerossl.com/v2/DV90/authz/tt-OpYEWqB0CXNdQsjj88Q;rel="up" Retry-After: 10 Strict-Transport-Security: max-age=15552000 ' [Fri Oct 22 15:16:37 CST 2021] code='200' [Fri Oct 22 15:16:37 CST 2021] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA","status":"processing","token":"izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M"}' [Fri Oct 22 15:16:37 CST 2021] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA","status":"processing","token":"izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M"}' [Fri Oct 22 15:16:37 CST 2021] trigger validation code: 200 [Fri Oct 22 15:16:37 CST 2021] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA","status":"processing","token":"izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M"}' [Fri Oct 22 15:16:37 CST 2021] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA","status":"processing","token":"izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M"}' [Fri Oct 22 15:16:37 CST 2021] status='processing' [Fri Oct 22 15:16:37 CST 2021] Processing, The CA is processing your order, please just wait. (1/30) [Fri Oct 22 15:16:37 CST 2021] sleep 2 secs to verify again [Fri Oct 22 15:16:39 CST 2021] checking [Fri Oct 22 15:16:39 CST 2021] url='https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA' [Fri Oct 22 15:16:39 CST 2021] payload [Fri Oct 22 15:16:39 CST 2021] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key [Fri Oct 22 15:16:39 CST 2021] Use _CACHED_NONCE='ZAlMH0hxEubTZv1qWGHGTUaWbx0SmfK5rp96THM_W-U' [Fri Oct 22 15:16:39 CST 2021] nonce='ZAlMH0hxEubTZv1qWGHGTUaWbx0SmfK5rp96THM_W-U' [Fri Oct 22 15:16:39 CST 2021] Retrying post [Fri Oct 22 15:16:39 CST 2021] POST [Fri Oct 22 15:16:39 CST 2021] _post_url='https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA' [Fri Oct 22 15:16:39 CST 2021] body='{"protected": "eyJub25jZSI6ICJaQWxNSDBoeEV1YlRadjFxV0dIR1RVYVdieDBTbWZLNXJwOTZUSE1fVy1VIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9jaGFsbC9fUVNrYWp4V3JjMlM5ZHlnZUZXbmNBIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9LR0ZkWXlDeno1amhwX2hxbmpLOXJ3In0", "payload": "", "signature": "3k3jmYbL54TbLG7Zwp2h3L4H3LVAAcPapQNX32-tScncxHAUPmub-BqPy5vG1mk2l8rdCn5aDDZUB1U4sDPnwFTJ3Du-NWgGUbust7IOew-6G-fTPIilKoRputNJ2NXvkMFAw7M3l4-6gTTZzTp1sG4IxFftbv4x_0lcUycVel2ybXTrMQ1L4cxXzV0n5GAfrb4yvb8SFyM945ONnHca8MVN7ouFjPL0UnjE6nqrsh0Nu1mwVBfMvhbEHeeGu2ozxmEmfLbpHORj3Y3w0YWcOsRREFj9AeZRPCtDLRVvWAhk5UFEwX8X05OKXQ_W2cPRjHRavEEUyuaj1e3SPROsWQ"}' [Fri Oct 22 15:16:39 CST 2021] _postContentType='application/jose+json' [Fri Oct 22 15:16:39 CST 2021] Http already initialized. [Fri Oct 22 15:16:39 CST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.V10XZJ8Swp -g ' [Fri Oct 22 15:16:41 CST 2021] _ret='0' [Fri Oct 22 15:16:41 CST 2021] _hcode='0' [Fri Oct 22 15:16:41 CST 2021] responseHeaders='HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Oct 2021 07:16:40 GMT Content-Type: application/json Content-Length: 193 Connection: keep-alive Replay-Nonce: vYuZ4unltdh4xMTHipV9BLe1A5YCNArYna8j2rLL-lQ Cache-Control: max-age=-1 Access-Control-Allow-Origin: * Link: https://acme.zerossl.com/v2/DV90;rel="index" Link: https://acme.zerossl.com/v2/DV90/authz/tt-OpYEWqB0CXNdQsjj88Q;rel="up" Retry-After: 10 Strict-Transport-Security: max-age=15552000 ' [Fri Oct 22 15:16:41 CST 2021] code='200' [Fri Oct 22 15:16:41 CST 2021] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA","status":"valid","validated":"2021-10-22T07:16:38Z","token":"izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M"}' [Fri Oct 22 15:16:41 CST 2021] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA","status":"valid","validated":"2021-10-22T07:16:38Z","token":"izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M"}' [Fri Oct 22 15:16:41 CST 2021] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA","status":"valid","validated":"2021-10-22T07:16:38Z","token":"izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M"}' [Fri Oct 22 15:16:41 CST 2021] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/_QSkajxWrc2S9dygeFWncA","status":"valid","validated":"2021-10-22T07:16:38Z","token":"izquGu_5PwoLG9yLgF7Y2auuz-eA4xZIJEUitezXE2M"}' [Fri Oct 22 15:16:41 CST 2021] status='valid' [Fri Oct 22 15:16:41 CST 2021] Success [Fri Oct 22 15:16:41 CST 2021] pid [Fri Oct 22 15:16:41 CST 2021] Skip for removelevel: [Fri Oct 22 15:16:41 CST 2021] pid [Fri Oct 22 15:16:41 CST 2021] No need to restore nginx, skip. [Fri Oct 22 15:16:41 CST 2021] _clearupdns [Fri Oct 22 15:16:41 CST 2021] dns_entries [Fri Oct 22 15:16:41 CST 2021] skip dns. [Fri Oct 22 15:16:41 CST 2021] Verify finished, start to sign. [Fri Oct 22 15:16:41 CST 2021] i='2' [Fri Oct 22 15:16:41 CST 2021] j='15' [Fri Oct 22 15:16:41 CST 2021] Lets finalize the order. [Fri Oct 22 15:16:41 CST 2021] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/jo-baTG5niB4owXC5B_Tyg/finalize' [Fri Oct 22 15:16:41 CST 2021] url='https://acme.zerossl.com/v2/DV90/order/jo-baTG5niB4owXC5B_Tyg/finalize' [Fri Oct 22 15:16:41 CST 2021] payload='{"csr": "MIICjDCCAXQCAQAwGjEYMBYGA1UEAxMPaG9uZ2JhaW1pYW8udmlwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGc2X5qROfKMniF_8_4tv4lmktW6--FRodUxOq-zpFsS6UrIH5Jufy1vYNnvC5Js8FZ7MIzRlJD5_oGyk-ymOeGosE5kgnTotNqv7d0Ckq6iLhFszlnMYwYYEIEPSuatobzT38uRcKvm8Z_AMfia325S5Lk1ZkIbpgno-y2j3IfVGXM0-pex8U_wv0NZePHRkGMneXC_muTrQeDwJAWtjB6wDV_O3BlDytXVgFWjvOWAMBeojVfyOOxtrZd8b5cNWQ_foJ14tnh95akhLlvc3WevRhEhXcGA3g-VwnChquu_u5tBT_98Ct5VNQ9ZfHuY8RSgYYkZk7_Q9QfyScFQIDAQABoC0wKwYJKoZIhvcNAQkOMR4wHDAaBgNVHREEEzARgg9ob25nYmFpbWlhby52aXAwDQYJKoZIhvcNAQELBQADggEBAFz8XY8NRQgndTLvtAAaLJmo4GivKx0Clj1I4CCxDQbLYfvvkvuOsVi352HHyzN_bjnUo984UBr_1mVmrFJjdIv3fIor4Y3pFhszZ0RjzptLXfmkDXt5uG6f5NK8B4bzePU5Yi09hwInVpoaHFlzxvwvmHST_PioqepxUUG03GoYyOHZ4x107G0XGjZXvQMbnLQONILAynsR66hqXdUdOgAIEZW7pIsk7FyYUfVFLDbPSN5kvMh1WXPKnpQFVMSMRynkG0HWknA90mpoU2XjfsVTZgj45yo015Q8jfC_xViIjN1YGboKgNheCfd_I6SrHYWithWlLcZsu6v4zHYDPr4"}' [Fri Oct 22 15:16:41 CST 2021] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key [Fri Oct 22 15:16:41 CST 2021] Use _CACHED_NONCE='vYuZ4unltdh4xMTHipV9BLe1A5YCNArYna8j2rLL-lQ' [Fri Oct 22 15:16:41 CST 2021] nonce='vYuZ4unltdh4xMTHipV9BLe1A5YCNArYna8j2rLL-lQ' [Fri Oct 22 15:16:41 CST 2021] Retrying post [Fri Oct 22 15:16:41 CST 2021] POST [Fri Oct 22 15:16:41 CST 2021] _post_url='https://acme.zerossl.com/v2/DV90/order/jo-baTG5niB4owXC5B_Tyg/finalize' [Fri Oct 22 15:16:41 CST 2021] body='{"protected": "eyJub25jZSI6ICJ2WXVaNHVubHRkaDR4TVRIaXBWOUJMZTFBNVlDTkFyWW5hOGoyckxMLWxRIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9vcmRlci9qby1iYVRHNW5pQjRvd1hDNUJfVHlnL2ZpbmFsaXplIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9LR0ZkWXlDeno1amhwX2hxbmpLOXJ3In0", "payload": "eyJjc3IiOiAiTUlJQ2pEQ0NBWFFDQVFBd0dqRVlNQllHQTFVRUF4TVBhRzl1WjJKaGFXMXBZVzh1ZG1sd01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdkdjMlg1cVJPZktNbmlGXzhfNHR2NGxta3RXNi0tRlJvZFV4T3EtenBGc1M2VXJJSDVKdWZ5MXZZTm52QzVKczhGWjdNSXpSbEpENV9vR3lrLXltT2VHb3NFNWtnblRvdE5xdjdkMENrcTZpTGhGc3psbk1Zd1lZRUlFUFN1YXRvYnpUMzh1UmNLdm04Wl9BTWZpYTMyNVM1TGsxWmtJYnBfZ25vXy15MmozSWZWR1hNMC1wZXg4VV93djBOWmVQSFJrR01uZVhDX211VHJRZUR3SkFXdGpCNndEVl9PM0JsRHl0WFZnRldqdk9XQU1CZW9qVmZ5T094dHJaZDhiNWNOV1FfZm9KMTR0bmg5NWFraExsdmMzV2V2UmhFaFhjR0EzZy1Wd25DaHF1dV91NXRCVF85OEN0NVZOUTlaZkh1WThSU2dZWWtaazdfUTlRZnlTY0ZRSURBUUFCb0Mwd0t3WUpLb1pJaHZjTkFRa09NUjR3SERBYUJnTlZIUkVFRXpBUmdnOW9iMjVuWW1GcGJXbGhieTUyYVhBd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGejhYWThOUlFnbmRUTHZ0QUFhTEptbzRHaXZLeDBDbGoxSTRDQ3hEUWJMWWZ2dmt2dU9zVmkzNTJISHl6Tl9iam5Vbzk4NFVCcl8xbVZtckZKamRJdjNmSW9yNFkzcEZoc3paMFJqenB0TFhmbWtEWHQ1dUc2ZjVOSzhCNGJ6ZVBVNVlpMDlod0luVnBvYUhGbHp4dnd2bUhTVF9QaW9xZXB4VVVHMDNHb1l5T0haNHgxMDdHMFhHalpYdlFNYm5MUU9OSUxBeW5zUjY2aHFYZFVkT2dBSUVaVzdwSXNrN0Z5WVVmVkZMRGJQU041a3ZNaDFXWFBLbnBRRlZNU01SeW5rRzBIV2tuQTkwbXBvVTJYamZzVlRaZ2o0NXlvMDE1UThqZkNfeFZpSWpOMVlHYm9LZ05oZUNmZF9JNlNySFlXaXRoV2xMY1pzdTZ2NHpIWURQcjQifQ", "signature": "TlgnJzBvj_uD7OkA09_Npu3ZCxVHMP91OyxVwUsI91uCtE-1Kx0VvBZXRhkRovFzPOc-mr6UiUCPU5IZQCMJ9cClz7KCeLZ-xHsuejfgkKHZdcY-3F6dNy_fGWJ5zs-H6dKIgKJInCyNllrqkbrhKjgDpotj6JQR9jwG5q4vqIF5oiwtertGFZgB2tM2uYdDtqJSyQP-1NZtFxMrntCRo20s3E37mI6MZ0tL1x4kvJg1ALifjqOk4cYzzTtG1ZRG9Ybs3GGBu79jmg3FiUi_Zry-pIPR5EtEv-HlUg0R6Hol5TuGIHNNARA43Q8mCzVlDZ-ls-w2UUpRTRrNWjoZhw"}' [Fri Oct 22 15:16:41 CST 2021] _postContentType='application/jose+json' [Fri Oct 22 15:16:41 CST 2021] Http already initialized. [Fri Oct 22 15:16:41 CST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.V10XZJ8Swp -g ' [Fri Oct 22 15:16:42 CST 2021] _ret='0' [Fri Oct 22 15:16:42 CST 2021] _hcode='0' [Fri Oct 22 15:16:42 CST 2021] responseHeaders='HTTP/1.1 100 Continue
HTTP/1.1 200 OK Server: nginx Date: Fri, 22 Oct 2021 07:16:42 GMT Content-Type: application/json Content-Length: 280 Connection: keep-alive Status: Replay-Nonce: meKmSYoBKdmcMD704I-hfQVn0WqCoKb3QdjeyPj8zTo Cache-Control: max-age=-1 Access-Control-Allow-Origin: * Location: https://acme.zerossl.com/v2/DV90/order/jo-baTG5niB4owXC5B_Tyg Retry-After: 15 Strict-Transport-Security: max-age=15552000 ' [Fri Oct 22 15:16:42 CST 2021] code='200' [Fri Oct 22 15:16:42 CST 2021] original='{"status":"processing","expires":"2022-01-20T07:15:44Z","identifiers":[{"type":"dns","value":"hongbaimiao.vip"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/tt-OpYEWqB0CXNdQsjj88Q"],"finalize":"https://acme.zerossl.com/v2/DV90/order/jo-baTG5niB4owXC5B_Tyg/finalize"}' [Fri Oct 22 15:16:42 CST 2021] response='{"status":"processing","expires":"2022-01-20T07:15:44Z","identifiers":[{"type":"dns","value":"hongbaimiao.vip"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/tt-OpYEWqB0CXNdQsjj88Q"],"finalize":"https://acme.zerossl.com/v2/DV90/order/jo-baTG5niB4owXC5B_Tyg/finalize"}' [Fri Oct 22 15:16:42 CST 2021] Order status is processing, lets sleep and retry. [Fri Oct 22 15:16:42 CST 2021] _retryafter='15' [Fri Oct 22 15:16:42 CST 2021] Retry after: 15 [Fri Oct 22 15:16:58 CST 2021] Polling order status: https://acme-v02.api.letsencrypt.org/acme/order/115194894/10313587113 [Fri Oct 22 15:16:58 CST 2021] url='https://acme-v02.api.letsencrypt.org/acme/order/115194894/10313587113' [Fri Oct 22 15:16:58 CST 2021] payload [Fri Oct 22 15:16:58 CST 2021] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key [Fri Oct 22 15:16:58 CST 2021] Use _CACHED_NONCE='meKmSYoBKdmcMD704I-hfQVn0WqCoKb3QdjeyPj8zTo' [Fri Oct 22 15:16:58 CST 2021] nonce='meKmSYoBKdmcMD704I-hfQVn0WqCoKb3QdjeyPj8zTo' [Fri Oct 22 15:16:58 CST 2021] Retrying post [Fri Oct 22 15:16:58 CST 2021] POST [Fri Oct 22 15:16:58 CST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/order/115194894/10313587113' [Fri Oct 22 15:16:58 CST 2021] body='{"protected": "eyJub25jZSI6ICJtZUttU1lvQktkbWNNRDcwNEktaGZRVm4wV3FDb0tiM1FkamV5UGo4elRvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9vcmRlci8xMTUxOTQ4OTQvMTAzMTM1ODcxMTMiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hY2NvdW50L0tHRmRZeUN6ejVqaHBfaHFuaks5cncifQ", "payload": "", "signature": "giUjcwloShNHrTtCDIqD8UMXmaF7nO8lXNrWUMl2s0E0d56r3LgCg4IjpRAJnr1G5dCAYkQtW3wwmGIZHGAQ3KvMn-4XcBLQdbnT5Ukj6wp8R55D0qdLSi-FEDDctMiMAiuz58LCV_2rY_6HezNXI1Inq6gUdk6xBexLf11jDbiRHvPRyyxiSHHGUIqp7YmKRdB74H82hM8_YWvwtqo76r0-o5KBRMshXpOCf2WYobb90jH-W-0Bt5nIRR8kZtVCzcrNvsbRXHZl29V_jqN2wPAoQn9kooTeTE1Uyv_dQmRtiQKNLn2SD_RRwbj2fismtanVguWRDT98620ZN6sgVg"}' [Fri Oct 22 15:16:58 CST 2021] _postContentType='application/jose+json' [Fri Oct 22 15:16:58 CST 2021] Http already initialized. [Fri Oct 22 15:16:58 CST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.V10XZJ8Swp -g ' [Fri Oct 22 15:16:59 CST 2021] _ret='0' [Fri Oct 22 15:16:59 CST 2021] _hcode='0' [Fri Oct 22 15:16:59 CST 2021] responseHeaders='HTTP/1.1 400 Bad Request Server: nginx Date: Fri, 22 Oct 2021 07:16:59 GMT Content-Type: application/problem+json Content-Length: 199 Connection: keep-alive Cache-Control: public, max-age=0, no-cache Link: https://acme-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: 0102t7TqLVCHm1QES1sK9epdb1LbdpSYxD3zXcqew4kdLPA ' [Fri Oct 22 15:16:59 CST 2021] code='400' [Fri Oct 22 15:16:59 CST 2021] original='{ "type": "urn:ietf:params:acme:error:malformed", "detail": "KeyID header contained an invalid account URL: \"https://acme.zerossl.com/v2/DV90/account/KGFdYyCzz5jhp_hqnjK9rw\"", "status": 400 }' [Fri Oct 22 15:16:59 CST 2021] response='{ "type": "urn:ietf:params:acme:error:malformed", "detail": "KeyID header contained an invalid account URL: \"https://acme.zerossl.com/v2/DV90/account/KGFdYyCzz5jhp_hqnjK9rw\"", "status": 400 }' [Fri Oct 22 15:16:59 CST 2021] Sign error, wrong status [Fri Oct 22 15:16:59 CST 2021] { "type": "urn:ietf:params:acme:error:malformed", "detail": "KeyID header contained an invalid account URL: \"https://acme.zerossl.com/v2/DV90/account/KGFdYyCzz5jhp_hqnjK9rw\"", "status": 400 } [Fri Oct 22 15:16:59 CST 2021] _on_issue_err [Fri Oct 22 15:16:59 CST 2021] Please add '--debug' or '--log' to check more details. [Fri Oct 22 15:16:59 CST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Fri Oct 22 15:16:59 CST 2021] _chk_vlist [Fri Oct 22 15:16:59 CST 2021] 'dns' contains 'dns' [Fri Oct 22 15:16:59 CST 2021] The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead. [Fri Oct 22 15:16:59 CST 2021] socat doesn't exist. [Fri Oct 22 15:16:59 CST 2021] Diagnosis versions: openssl:openssl OpenSSL 1.0.1e-fips 11 Feb 2013 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: