Closed quadratmuede closed 10 months ago
github-actions[bot]
commented
1 year ago Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
jkohjk
commented
1 year ago 
quadratmuede
commented
1 year ago @jkohjk Ah thank you for the reference! I will try it. Currently, I am using another workaround by using DNS alias. Just use the top level domain for the challenge and put third level domain as alias.
Neilpang
commented
1 year ago fixed, please try again with dev
acme.sh --upgrade -b dev
Hi I am using acme.sh with the current version for issuing certs for some third-level domains (
*.second.domain.tld). My DNS provider is Gandi LiveDNS and it seems that it doesn't work well with the API (?).As far as I can intepret the debug info, when a third-level wiildcard domain provided, it will require the secondary domain (
second.domain.tld) as the webroot to the Gandi API, which returns a 404 not found error since not the secondary domainsecond.domain.tldis registered in the system but thedomain.tld.This issue does not happen when using wildcard second-level domain
*.domain.tld.Steps to reproduce
run ./acme.sh --issue -d "*.second.domain.tld" --dns dns_gandi_livedns --staging --home $PWD --debug 2(I usedd staging for test run)Debug log
[Wed Feb 1 09:21:04 CET 2023] Lets find script dir. [Wed Feb 1 09:21:04 CET 2023] _SCRIPT_='./acme.sh' [Wed Feb 1 09:21:04 CET 2023] _script='/usr/local/share/acme.sh/acme.sh' [Wed Feb 1 09:21:04 CET 2023] _script_home='/usr/local/share/acme.sh' [Wed Feb 1 09:21:04 CET 2023] Using config home:/usr/local/share/acme.sh [Wed Feb 1 09:21:04 CET 2023] LE_WORKING_DIR='/usr/local/share/acme.sh' https://github.com/acmesh-official/acme.sh v3.0.6 [Wed Feb 1 09:21:04 CET 2023] Running cmd: issue [Wed Feb 1 09:21:04 CET 2023] _main_domain='*.second.domain.tld' [Wed Feb 1 09:21:04 CET 2023] _alt_domains='no' [Wed Feb 1 09:21:04 CET 2023] Using config home:/usr/local/share/acme.sh [Wed Feb 1 09:21:04 CET 2023] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Wed Feb 1 09:21:04 CET 2023] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory' [Wed Feb 1 09:21:04 CET 2023] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org' [Wed Feb 1 09:21:04 CET 2023] _ACME_SERVER_PATH='directory' [Wed Feb 1 09:21:04 CET 2023] DOMAIN_PATH='/usr/local/share/acme.sh/*.second.domain.tld_ecc' [Wed Feb 1 09:21:05 CET 2023] 'dns_gandi_livedns' does not contain 'dns' [Wed Feb 1 09:21:05 CET 2023] Le_NextRenewTime [Wed Feb 1 09:21:05 CET 2023] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Wed Feb 1 09:21:05 CET 2023] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory [Wed Feb 1 09:21:05 CET 2023] GET [Wed Feb 1 09:21:05 CET 2023] url='https://acme-staging-v02.api.letsencrypt.org/directory' [Wed Feb 1 09:21:05 CET 2023] timeout= [Wed Feb 1 09:21:05 CET 2023] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header -L --trace-ascii /tmp/tmp.pzjTI5sueO -g --fail-with-body ' [Wed Feb 1 09:21:05 CET 2023] ret='0' [Wed Feb 1 09:21:05 CET 2023] response='{ "UMwe3b7XsMA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf", "website": "https://letsencrypt.org/docs/staging-environment/" }, "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/", "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert" }' [Wed Feb 1 09:21:05 CET 2023] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change' [Wed Feb 1 09:21:05 CET 2023] ACME_NEW_AUTHZ [Wed Feb 1 09:21:05 CET 2023] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Wed Feb 1 09:21:05 CET 2023] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' [Wed Feb 1 09:21:05 CET 2023] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert' [Wed Feb 1 09:21:05 CET 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf' [Wed Feb 1 09:21:05 CET 2023] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Wed Feb 1 09:21:06 CET 2023] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory [Wed Feb 1 09:21:06 CET 2023] _on_before_issue [Wed Feb 1 09:21:06 CET 2023] _chk_main_domain='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] _chk_alt_domains [Wed Feb 1 09:21:06 CET 2023] 'dns_gandi_livedns' does not contain 'no' [Wed Feb 1 09:21:06 CET 2023] Le_LocalAddress [Wed Feb 1 09:21:06 CET 2023] d='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] Check for domain='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] _currentRoot='dns_gandi_livedns' [Wed Feb 1 09:21:06 CET 2023] d [Wed Feb 1 09:21:06 CET 2023] 'dns_gandi_livedns' does not contain 'apache' [Wed Feb 1 09:21:06 CET 2023] _saved_account_key_hash= [redacted] [Wed Feb 1 09:21:06 CET 2023] _saved_account_key_hash is not changed, skip register account. [Wed Feb 1 09:21:06 CET 2023] Read key length:ec-256 [Wed Feb 1 09:21:06 CET 2023] _createcsr [Wed Feb 1 09:21:06 CET 2023] domain='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] domainlist [Wed Feb 1 09:21:06 CET 2023] csrkey='/usr/local/share/acme.sh/*.second.domain.tld_ecc/*.second.domain.tld.key' [Wed Feb 1 09:21:06 CET 2023] csr='/usr/local/share/acme.sh/*.second.domain.tld_ecc/*.second.domain.tld.csr' [Wed Feb 1 09:21:06 CET 2023] csrconf='/usr/local/share/acme.sh/*.second.domain.tld_ecc/*.second.domain.tld.csr.conf' [Wed Feb 1 09:21:06 CET 2023] Single domain='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] seg='*.second.domain.tld_ecc' [Wed Feb 1 09:21:06 CET 2023] _is_idn_d='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] _idn_temp [Wed Feb 1 09:21:06 CET 2023] _is_idn_d='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] _idn_temp [Wed Feb 1 09:21:06 CET 2023] _csr_cn='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] seg='*.second.domain.tld_ecc' [Wed Feb 1 09:21:06 CET 2023] Getting domain auth token for each domain [Wed Feb 1 09:21:06 CET 2023] seg='*.second.domain.tld_ecc' [Wed Feb 1 09:21:06 CET 2023] _is_idn_d='*.second.domain.tld' [Wed Feb 1 09:21:06 CET 2023] _idn_temp [Wed Feb 1 09:21:06 CET 2023] d [Wed Feb 1 09:21:06 CET 2023] _identifiers='{"type":"dns","value":"*.second.domain.tld"}' [Wed Feb 1 09:21:06 CET 2023] _notBefore [Wed Feb 1 09:21:06 CET 2023] _notAfter [Wed Feb 1 09:21:06 CET 2023] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Wed Feb 1 09:21:06 CET 2023] payload='{"identifiers": [{"type":"dns","value":"*.second.domain.tld"}]}' [Wed Feb 1 09:21:06 CET 2023] EC key [Wed Feb 1 09:21:06 CET 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Wed Feb 1 09:21:06 CET 2023] HEAD [Wed Feb 1 09:21:06 CET 2023] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Wed Feb 1 09:21:06 CET 2023] body [Wed Feb 1 09:21:06 CET 2023] _postContentType='application/jose+json' [Wed Feb 1 09:21:06 CET 2023] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header -L --trace-ascii /tmp/tmp.aViTCa33tG -g --fail-with-body -I ' [Wed Feb 1 09:21:07 CET 2023] _ret='0' [Wed Feb 1 09:21:07 CET 2023] _headers='HTTP/2 200 server: nginx date: Wed, 01 Feb 2023 08:21:07 GMT cache-control: public, max-age=0, no-cache link:;rel="index"
replay-nonce: 8F0559izFPw2BjFvox1WLDQ88d5x6ggpp7ngXfYBOYXli7c
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Wed Feb 1 09:21:07 CET 2023] _CACHED_NONCE='8F0559izFPw2BjFvox1WLDQ88d5x6ggpp7ngXfYBOYXli7c'
[Wed Feb 1 09:21:07 CET 2023] nonce='8F0559izFPw2BjFvox1WLDQ88d5x6ggpp7ngXfYBOYXli7c'
[Wed Feb 1 09:21:07 CET 2023] POST
[Wed Feb 1 09:21:07 CET 2023] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Feb 1 09:21:07 CET 2023] body='{"protected": "eyJub25jZSI6ICI4RjA1NTlpekZQdzJCakZ2b3gxV0xEUTg4ZDV4NmdncHA3bmdYZllCT1lYbGk3YyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODU3MTY3NjMifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IiouaG9tZS53YW5nLnVrIn1dfQ", "signature": "-Ral8a0Y77iTopEu-O8toiq-vpYdcdEcsbB7HbAu8AvT4ZlFCppCs-clCBfD2T12Why18lhli7yv33FKZqUrgw"}'
[Wed Feb 1 09:21:07 CET 2023] _postContentType='application/jose+json'
[Wed Feb 1 09:21:07 CET 2023] Http already initialized.
[Wed Feb 1 09:21:07 CET 2023] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header -L --trace-ascii /tmp/tmp.aViTCa33tG -g --fail-with-body '
[Wed Feb 1 09:21:07 CET 2023] _ret='0'
[Wed Feb 1 09:21:07 CET 2023] responseHeaders='HTTP/2 201
server: nginx
date: Wed, 01 Feb 2023 08:21:07 GMT
content-type: application/json
content-length: 350
boulder-requester: 85716763
cache-control: public, max-age=0, no-cache
link: ;rel="index"
location: https://acme-staging-v02.api.letsencrypt.org/acme/order/85716763/6932419093
replay-nonce: EA57uzScmMYEhPNLCn4l05Y7xjQWoVCnaqwyk7sWtq95e1g
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Wed Feb 1 09:21:07 CET 2023] code='201'
[Wed Feb 1 09:21:07 CET 2023] original='{
"status": "pending",
"expires": "2023-02-08T08:21:07Z",
"identifiers": [
{
"type": "dns",
"value": "*.second.domain.tld"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5188774743"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/85716763/6932419093"
}'
[Wed Feb 1 09:21:07 CET 2023] response='{"status":"pending","expires":"2023-02-08T08:21:07Z","identifiers":[{"type":"dns","value":"*.second.domain.tld"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5188774743"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/85716763/6932419093"}'
[Wed Feb 1 09:21:08 CET 2023] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/85716763/6932419093'
[Wed Feb 1 09:21:08 CET 2023] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/85716763/6932419093'
[Wed Feb 1 09:21:08 CET 2023] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5188774743'
[Wed Feb 1 09:21:08 CET 2023] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5188774743'
[Wed Feb 1 09:21:08 CET 2023] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5188774743'
[Wed Feb 1 09:21:08 CET 2023] payload
[Wed Feb 1 09:21:08 CET 2023] Use cached jwk for file: /usr/local/share/acme.sh/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key
[Wed Feb 1 09:21:08 CET 2023] Use _CACHED_NONCE='EA57uzScmMYEhPNLCn4l05Y7xjQWoVCnaqwyk7sWtq95e1g'
[Wed Feb 1 09:21:08 CET 2023] nonce='EA57uzScmMYEhPNLCn4l05Y7xjQWoVCnaqwyk7sWtq95e1g'
[Wed Feb 1 09:21:08 CET 2023] POST
[Wed Feb 1 09:21:08 CET 2023] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5188774743'
[Wed Feb 1 09:21:08 CET 2023] body='{"protected": "eyJub25jZSI6ICJFQTU3dXpTY21NWUVoUE5MQ240bDA1WTd4alFXb1ZDbmFxd3lrN3NXdHE5NWUxZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My81MTg4Nzc0NzQzIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg1NzE2NzYzIn0", "payload": "", "signature": "aGbYjgNbG4VMicZw5hekdS-HvNBnOHvRlRvIuptVdj4SqHB0PaddzzXjw6Af2Hja6GI0pGW-8jdqc18GDs5Rfw"}'
[Wed Feb 1 09:21:08 CET 2023] _postContentType='application/jose+json'
[Wed Feb 1 09:21:08 CET 2023] Http already initialized.
[Wed Feb 1 09:21:08 CET 2023] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header -L --trace-ascii /tmp/tmp.aViTCa33tG -g --fail-with-body '
[Wed Feb 1 09:21:08 CET 2023] _ret='0'
[Wed Feb 1 09:21:08 CET 2023] responseHeaders='HTTP/2 200
server: nginx
date: Wed, 01 Feb 2023 08:21:08 GMT
content-type: application/json
content-length: 392
boulder-requester: 85716763
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: B37CTFDZhERIYEMfXtZcxSzjSeozq_AT-d1JOOx4EziVz2c
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Wed Feb 1 09:21:08 CET 2023] code='200'
[Wed Feb 1 09:21:08 CET 2023] original='{
"identifier": {
"type": "dns",
"value": "second.domain.tld"
},
"status": "pending",
"expires": "2023-02-08T08:21:07Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g",
"token": "VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"
}
],
"wildcard": true
}'
[Wed Feb 1 09:21:08 CET 2023] response='{"identifier":{"type":"dns","value":"second.domain.tld"},"status":"pending","expires":"2023-02-08T08:21:07Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g","token":"VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"}],"wildcard": true}'
[Wed Feb 1 09:21:08 CET 2023] response='{"identifier":{"type":"dns","value":"second.domain.tld"},"status":"pending","expires":"2023-02-08T08:21:07Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g","token":"VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"}],"wildcard": true}'
[Wed Feb 1 09:21:08 CET 2023] _d='*.second.domain.tld'
[Wed Feb 1 09:21:08 CET 2023] _authorizations_map='*.second.domain.tld,{"identifier":{"type":"dns","value":"second.domain.tld"},"status":"pending","expires":"2023-02-08T08:21:07Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g","token":"VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"}],"wildcard": true}
'
[Wed Feb 1 09:21:08 CET 2023] d='*.second.domain.tld'
[Wed Feb 1 09:21:08 CET 2023] Getting webroot for domain='*.second.domain.tld'
[Wed Feb 1 09:21:08 CET 2023] _w='dns_gandi_livedns'
[Wed Feb 1 09:21:08 CET 2023] _currentRoot='dns_gandi_livedns'
[Wed Feb 1 09:21:08 CET 2023] _is_idn_d='*.second.domain.tld'
[Wed Feb 1 09:21:08 CET 2023] _idn_temp
[Wed Feb 1 09:21:08 CET 2023] _candidates='*.second.domain.tld,{"identifier":{"type":"dns","value":"second.domain.tld"},"status":"pending","expires":"2023-02-08T08:21:07Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g","token":"VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"}],"wildcard": true}'
[Wed Feb 1 09:21:08 CET 2023] response='{"identifier":{"type":"dns","value":"second.domain.tld"},"status":"pending","expires":"2023-02-08T08:21:07Z","challenges":[{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g","token":"VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"}],"wildcard": true}'
[Wed Feb 1 09:21:08 CET 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g","token":"VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"'
[Wed Feb 1 09:21:08 CET 2023] token='VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM'
[Wed Feb 1 09:21:09 CET 2023] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g'
[Wed Feb 1 09:21:09 CET 2023] keyauthorization='VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM.Y7gEb4psNlKVcEqVIsy1NbVOEQ_fFicHDk58ZXq3CI4'
[Wed Feb 1 09:21:09 CET 2023] dvlist='*.second.domain.tld#VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM.Y7gEb4psNlKVcEqVIsy1NbVOEQ_fFicHDk58ZXq3CI4#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g#dns-01#dns_gandi_livedns'
[Wed Feb 1 09:21:09 CET 2023] d
[Wed Feb 1 09:21:09 CET 2023] vlist='*.second.domain.tld#VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM.Y7gEb4psNlKVcEqVIsy1NbVOEQ_fFicHDk58ZXq3CI4#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g#dns-01#dns_gandi_livedns,'
[Wed Feb 1 09:21:09 CET 2023] d='*.second.domain.tld'
[Wed Feb 1 09:21:09 CET 2023] _d_alias
[Wed Feb 1 09:21:09 CET 2023] txtdomain='_acme-challenge.second.domain.tld'
[Wed Feb 1 09:21:09 CET 2023] txt='AQrAug_N55rpRhcAaRTNt2s6Z21VpLsjaL2ekhKrJCk'
[Wed Feb 1 09:21:09 CET 2023] d_api='/usr/local/share/acme.sh/dnsapi/dns_gandi_livedns.sh'
[Wed Feb 1 09:21:09 CET 2023] dns_entry='second.domain.tld,_acme-challenge.second.domain.tld,,dns_gandi_livedns,AQrAug_N55rpRhcAaRTNt2s6Z21VpLsjaL2ekhKrJCk,/usr/local/share/acme.sh/dnsapi/dns_gandi_livedns.sh'
[Wed Feb 1 09:21:09 CET 2023] Found domain api file: /usr/local/share/acme.sh/dnsapi/dns_gandi_livedns.sh
[Wed Feb 1 09:21:09 CET 2023] Adding txt value: AQrAug_N55rpRhcAaRTNt2s6Z21VpLsjaL2ekhKrJCk for domain: _acme-challenge.second.domain.tld
[Wed Feb 1 09:21:09 CET 2023] First detect the root zone
[Wed Feb 1 09:21:09 CET 2023] h='second.domain.tld'
[Wed Feb 1 09:21:09 CET 2023] domains/second.domain.tld
[Wed Feb 1 09:21:09 CET 2023] GET
[Wed Feb 1 09:21:09 CET 2023] url='https://dns.api.gandi.net/api/v5/domains/second.domain.tld'
[Wed Feb 1 09:21:09 CET 2023] timeout=
[Wed Feb 1 09:21:09 CET 2023] Http already initialized.
[Wed Feb 1 09:21:09 CET 2023] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header -L --trace-ascii /tmp/tmp.aViTCa33tG -g --fail-with-body '
[Wed Feb 1 09:21:09 CET 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 22
[Wed Feb 1 09:21:09 CET 2023] Here is the curl dump log:
[Wed Feb 1 09:21:09 CET 2023] => Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: ..........C.$.....t.6..N.vs3..&.bp.... O..d...VT..x......*...t/.
0040: ...+.h..>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........dns.api.gandi.net........................3t.
00c0: ........h2.http/1.1.........1.....0.............................
0100: ....................+............-.....3.&.$... IX @R.....2H...
0140: .......cy.n.."..................................................
0180: ................................................................
01c0: ................................................................
<= Recv SSL data, 5 bytes (0x5)
0000: ....z
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 122 bytes (0x7a)
0000: ...v...T....gn[Q.I;Dl...)z....OSW\s.3. O..d...VT..x......*...t/.
0040: ...+.h.......3.$... .Lz....'x...<..V.....b..w...i".a.+....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
<= Recv SSL data, 10 bytes (0xa)
0000: ..........
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 4655 bytes (0x122f)
0000: ...+...'..I0..E0..-.........`.!/ .3a.F.NI"50...*.H........0_1.0.
0040: ..U....FR1.0...U....Paris1.0...U....Paris1.0...U....Gandi1 0...U
0080: ....Gandi Standard SSL CA 20...220915000000Z..231011235959Z0.1.0
00c0: ...U....dns.api.gandi.net0.."0...*.H.............0.........um)f.
0100: ......!...I.......J.!-p...}..e........%@.0t..b9...I....(.....h.G
0140: 0.6*.G....{._..!....^.2......c......FBL.Y.....6...V......v....Q.
0180: ..~.G...%.G"YM..v=.5..,=.wLBh.r$......i......OI_7<..[.\..p..<].W
01c0: ..6....As......{..JD.t..n...n...3G.M..Y$i>xnN......o. ..7.......
0200: ..=0..90...U.#..0.........N.a<.|.]A.i0.0...U......d.O..ma.tHsE.
0240: ...../70...U...........0...U.......0.0...U.%..0...+.........+...
0280: ....0K..U. .D0B06..+.....1....0'0%..+.........https://cps.usertr
02c0: ust.com0...g.....0A..U...:0806.4.2.0http://crl.usertrust.com/Gan
0300: diStandardSSLCA2.crl0s..+........g0e0<..+.....0..0http://crt.use
0340: rtrust.com/GandiStandardSSLCA2.crt0%..+.....0...http://ocsp.user
0380: trust.com03..U...,0*..dns.api.gandi.net..www.dns.api.gandi.net0.
03c0: .~..+.....y......n...j.h.v.....|.....=..>.j.g)]...$...4........?
0400: ..N.....G0E.!..Q.2..*.....7..|h.>-..]....T..... 0T.......:.[....
0440: .h5Jp...?d=..g.J.u.z2.T..-. .8.R....p2..M;.+.:W.R.R....?..?.....
0480: F0D. x...rzwS....].?.r.......>...j... .?=...d...s.B(.*].J....-
04c0: }.....q.w..>..>..52.W(..k......k..i.w}m..n....?........H0F.!..$L
0500: ...LM.H.....&...d......:......!..p3d%Z(......=....C.P*....@l....
0540: 0...*.H.............h.q;...V....=.....e%....r.B...wCW.........F.
0580: .w&-E...7cP..........,.....+...... $....oo.....V.S......S.'A..LK.A....pe4a..9,acN.
0600: ^i..m..Z.[=5.....['._..nb..n.xL.x.._zg.....24....ew.....O.......
0640: r.........-3.....`cM.....0...0.............;.8.;......P.0...*.H.
0680: .......0..1.0...U....US1.0...U....New Jersey1.0...U....Jersey Ci
06c0: ty1.0...U....The USERTRUST Network1.0,..U...%USERTrust RSA Certi
0700: fication Authority0...140912000000Z..240911235959Z0_1.0...U....F
0740: R1.0...U....Paris1.0...U....Paris1.0...U....Gandi1 0...U....Gand
0780: i Standard SSL CA 20.."0...*.H.............0..........-.y.t...<.
07c0: ....)|.........n7(............s....5..-..!..;.@...!............N
0800: ..L..\...@Q.....-.\....$Q.z.......r....#9...L.k"...f.....nj..?.B
0840: ......-.:u.1.>..[.A.l...:.y.!...3RK$-....mH....rp|...u.......2.R
0880: .8k.E8??...........'|.XY.^......>R(HQ.k....?).n.b...........u0..
08c0: q0...U.#..0...Sy.Z.+J.T.........f.0...U............N.a<.|.]A.i0
0900: .0...U...........0...U.......0.......0...U.%..0...+.........+...
0940: ....0"..U. ..0.0...+.....1....0...g.....0P..U...I0G0E.C.A.?http:
0980: //crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v..+.
09c0: .......j0h0?..+.....0..3http://crt.usertrust.com/USERTrustRSAAdd
0a00: TrustCA.crt0%..+.....0...http://ocsp.usertrust.com0...*.H.......
0a40: ......Xg.r.j.|a..~.CF.&}.S.f.k-...V.:..;r.P..Y..h..s...e../.....
0a80: ....@n<..\.."<-..... $....s.:...$...........r.'@......Q.<+.wW..e
0ac0: :5%6...co.'..`.....z.-....n~.e..]..?(F..5........O..wgH.'...h...
0b00: w......2]..%C.BG......F_.F3k....~......$}@B.jj......8....'@..r..
0b40: .fc78d"0.;...{..):..r...N...#o>........#...0....,U..p...9......
0b80: .[.1&i.-.a.:G..T,...D..j.(.Q....u........*-.A..G....9f3J[..(Yl}.
0bc0: .v.E..p ..oc....3.7...e..Po?....]X2.p#.......'.2...X.1).....l.(.
0c00: N.............-p.R...3J.....cp...Gc..X.1_.=6U..........t.t\.4...
0c40: mQ.#.#.....0...0............m0...Q...d.5.-0...*.H........0..1.0.
0c80: ..U....US1.0...U....New Jersey1.0...U....Jersey City1.0...U....T
0cc0: he USERTRUST Network1.0,..U...%USERTrust RSA Certification Autho
0d00: rity0...100201000000Z..380118235959Z0..1.0...U....US1.0...U....N
0d40: ew Jersey1.0...U....Jersey City1.0...U....The USERTRUST Network1
0d80: .0,..U...%USERTrust RSA Certification Authority0.."0...*.H......
0dc0: .......0..........e.6.......W.v..'.L.P.a.. M.-d......=..........
0e00: {7(.+G.9..:.._..}..cB.v..;+...o... ..>..t.....bd......j."<.....
0e40: .{......Q..gF.Q...T?.3.~l......Q.5..f.rg.!f...x..P:......L....5.
0e80: WZ....=.,..T....:M.L..\... =."4.~;hf.D..NFS.3`...S7.sC.2.S....t
0ec0: Ni.k.`.......2...;Qx.g..=V...i....%&k3m.nG.sC.~..f.)|2.cU.....T0
0f00: ....}7..]:l5\.A....I.......b..f.%.....?.9......L.|.k..^....g....
0f40: .[..L..[...s.#;-..5Ut.I.IX..6.Q...&}.M....C&..A_@.DD...W..P.WT.
0f80: >.tc/.Pe..XB.C.L..%GY.....&FJP....x..g...W...c..b.._U..\.(..%9..
0fc0: +..L...?.R.../........B0@0...U......Sy.Z.+J.T.........f.0...U...
1000: ........0...U.......0....0...*.H.............\.|....}A.e.s.R....
1040: ....C....UW...R<'..(..:.7.v.SP....kN..!O..Ub..i............KU*.
1080: mUx).._0\K$.U.$.n^*+..M...8...C...`........^..jYm.?....E...d..
10c0: .s(...$N.X...E."../...Ea...o.vr...6.....q...o.l.qb....r..g.....L
1100: r4...q..q...l.<.]e..W..Ck...Mf.Q.......q...I..5q..'...a.&.o.g%!]
1140: .....h.;....g...Qt......x.\yJ`..@.L7*,..b..].6[..%%......w.?...
1180: .=...?...o.-........5..g..J.(.#..\'k..O......Y..RA...G..dAU|.Y.
11c0: ..b....Z(t...........6t2.(......L.....i.GF./....cDp...-3...{.p..
1200: >..@(.....].".R.X...1C...... Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....E
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: ...0*.....LE'.....1.%...F$..X.y.>..a..;...`@...Z..].
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send header, 224 bytes (0xe0)
0000: GET /api/v5/domains/second.domain.tld HTTP/1.1
002b: Host: dns.api.gandi.net
0044: User-Agent: acme.sh/3.0.6 (https://github.com/acmesh-official/ac
0084: me.sh)
008c: Accept: */*
0099: Content-Type: application/json
00b9: X-Api-Key: [redacted]
00de:
<= Recv SSL data, 5 bytes (0x5)
0000: ....I
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv header, 24 bytes (0x18)
0000: HTTP/1.1 404 Not Found
<= Recv header, 15 bytes (0xf)
0000: Server: nginx
<= Recv header, 37 bytes (0x25)
0000: Date: Wed, 01 Feb 2023 08:21:09 GMT
<= Recv header, 32 bytes (0x20)
0000: Content-Type: application/json
<= Recv header, 21 bytes (0x15)
0000: Content-Length: 108
<= Recv header, 63 bytes (0x3f)
0000: Cache-Control: max-age=0, must-revalidate, no-cache, no-store
<= Recv header, 40 bytes (0x28)
0000: Expires: Wed, 01 Feb 2023 08:21:09 GMT
<= Recv header, 46 bytes (0x2e)
0000: Last-Modified: Wed, 01 Feb 2023 08:21:09 GMT
<= Recv header, 18 bytes (0x12)
0000: Pragma: no-cache
<= Recv header, 28 bytes (0x1c)
0000: Trace-Id: 1addbf369e65a276
<= Recv header, 33 bytes (0x21)
0000: X-Content-Type-Options: nosniff
<= Recv header, 37 bytes (0x25)
0000: Via: 1.1 varnish-v4, 1.1 varnish-v4
<= Recv header, 17 bytes (0x11)
0000: X-Cache-Hits: 0
<= Recv header, 15 bytes (0xf)
0000: X-Cache: MISS
<= Recv header, 8 bytes (0x8)
0000: Age: 0
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 2 bytes (0x2)
0000:
<= Recv data, 108 bytes (0x6c)
0000: {"object": "HTTPNotFound", "cause": "Not Found", "code": 404, "m
0040: essage": "The resource could not be found."}
[Wed Feb 1 09:21:09 CET 2023] ret='22'
[Wed Feb 1 09:21:09 CET 2023] error domains/second.domain.tld
[Wed Feb 1 09:21:09 CET 2023] invalid domain
[Wed Feb 1 09:21:09 CET 2023] Error add txt for domain:_acme-challenge.second.domain.tld
[Wed Feb 1 09:21:09 CET 2023] _on_issue_err
[Wed Feb 1 09:21:09 CET 2023] Please add '--debug' or '--log' to check more details.
[Wed Feb 1 09:21:09 CET 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Wed Feb 1 09:21:09 CET 2023] _chk_vlist='*.second.domain.tld#VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM.Y7gEb4psNlKVcEqVIsy1NbVOEQ_fFicHDk58ZXq3CI4#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g#dns-01#dns_gandi_livedns,'
[Wed Feb 1 09:21:09 CET 2023] start to deactivate authz
[Wed Feb 1 09:21:09 CET 2023] Trigger domain validation.
[Wed Feb 1 09:21:09 CET 2023] _t_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g'
[Wed Feb 1 09:21:09 CET 2023] _t_key_authz='VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM.Y7gEb4psNlKVcEqVIsy1NbVOEQ_fFicHDk58ZXq3CI4'
[Wed Feb 1 09:21:09 CET 2023] _t_vtype
[Wed Feb 1 09:21:09 CET 2023] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g'
[Wed Feb 1 09:21:09 CET 2023] payload='{}'
[Wed Feb 1 09:21:09 CET 2023] Use cached jwk for file: /usr/local/share/acme.sh/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key
[Wed Feb 1 09:21:09 CET 2023] Use _CACHED_NONCE='B37CTFDZhERIYEMfXtZcxSzjSeozq_AT-d1JOOx4EziVz2c'
[Wed Feb 1 09:21:09 CET 2023] nonce='B37CTFDZhERIYEMfXtZcxSzjSeozq_AT-d1JOOx4EziVz2c'
[Wed Feb 1 09:21:09 CET 2023] POST
[Wed Feb 1 09:21:09 CET 2023] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g'
[Wed Feb 1 09:21:09 CET 2023] body='{"protected": "eyJub25jZSI6ICJCMzdDVEZEWmhFUklZRU1mWHRaY3hTempTZW96cV9BVC1kMUpPT3g0RXppVnoyYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My81MTg4Nzc0NzQzL0U1NkE4ZyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84NTcxNjc2MyJ9", "payload": "e30", "signature": "fO2RbN0jKE2qZe7pJCV_2zFDmGeqMvVyADysSmkXV1UOY8lRF27aZhFU29IIH_2tEgE--c4SjxxR_WC83FiJgA"}'
[Wed Feb 1 09:21:09 CET 2023] _postContentType='application/jose+json'
[Wed Feb 1 09:21:09 CET 2023] Http already initialized.
[Wed Feb 1 09:21:09 CET 2023] _CURL='curl --silent --dump-header /usr/local/share/acme.sh/http.header -L --trace-ascii /tmp/tmp.aViTCa33tG -g --fail-with-body '
[Wed Feb 1 09:21:10 CET 2023] _ret='0'
[Wed Feb 1 09:21:10 CET 2023] responseHeaders='HTTP/2 200
server: nginx
date: Wed, 01 Feb 2023 08:21:10 GMT
content-type: application/json
content-length: 192
boulder-requester: 85716763
cache-control: public, max-age=0, no-cache
link: ;rel="index"
link: ;rel="up"
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g
replay-nonce: EA572ucJf0mQxAyKpk4aq6yV47Gqj94IYQG85rStx6eqoLA
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Wed Feb 1 09:21:10 CET 2023] code='200'
[Wed Feb 1 09:21:10 CET 2023] original='{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g",
"token": "VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"
}'
[Wed Feb 1 09:21:10 CET 2023] response='{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/5188774743/E56A8g","token":"VnoyTMAnJ_NAh-Zl6Q2HNauuWxbyorF7TVd0c55CLaM"}'
[Wed Feb 1 09:21:10 CET 2023] socat doesn't exist.
[Wed Feb 1 09:21:10 CET 2023] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1o 3 May 2022
apache:
apache doesn't exist.
nginx:
nginx version: nginx/1.20.1
TLS SNI support enabled
socat:
[Wed Feb 1 09:21:10 CET 2023] pid
[Wed Feb 1 09:21:10 CET 2023] No need to restore nginx, skip.
[Wed Feb 1 09:21:10 CET 2023] _clearupdns
[Wed Feb 1 09:21:10 CET 2023] dns_entries
[Wed Feb 1 09:21:10 CET 2023] skip dns.