Renew or issue failed with curl _ret='139'

[The-Hierophant]

Steps to reproduce

Renew or issue a letsencrypt certificate using --dns dns_cf

curl got _ret='139', seems no response.

I tried manually curl GET with curl 'https://acme-v02.api.letsencrypt.org', and it seems to be working fine. I triedcurl 'https://acme-v02.api.letsencrypt.org' and received a 405 Method not allowed. I have not tried to curl POST yet.

Debug log

acme.sh  --renew-all --debug 2

Replace sensitive information using [MASKED].

[Fri 01 Dec 2023 07:21:56 AM UTC] Lets find script dir.
[Fri 01 Dec 2023 07:21:56 AM UTC] _SCRIPT_='/home/[MASKED]/.acme.sh/acme.sh'
[Fri 01 Dec 2023 07:21:56 AM UTC] _script='/home/[MASKED]/.acme.sh/acme.sh'
[Fri 01 Dec 2023 07:21:56 AM UTC] _script_home='/home/[MASKED]/.acme.sh'
[Fri 01 Dec 2023 07:21:56 AM UTC] Using config home:/home/[MASKED]/.acme.sh
[Fri 01 Dec 2023 07:21:56 AM UTC] LE_WORKING_DIR='/home/[MASKED]/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.7
[Fri 01 Dec 2023 07:21:56 AM UTC] Running cmd: renewAll
[Fri 01 Dec 2023 07:21:56 AM UTC] Using config home:/home/[MASKED]/.acme.sh
[Fri 01 Dec 2023 07:21:56 AM UTC] default_acme_server
[Fri 01 Dec 2023 07:21:56 AM UTC] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri 01 Dec 2023 07:21:56 AM UTC] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri 01 Dec 2023 07:21:56 AM UTC] _ACME_SERVER_PATH='v2/DV90'
[Fri 01 Dec 2023 07:21:56 AM UTC] _stopRenewOnError
[Fri 01 Dec 2023 07:21:56 AM UTC] _server
[Fri 01 Dec 2023 07:21:56 AM UTC] _set_level='2'
[Fri 01 Dec 2023 07:21:56 AM UTC] di='/home/[MASKED]/.acme.sh/*.[MASKED]_ecc/'
[Fri 01 Dec 2023 07:21:56 AM UTC] d='*.[MASKED]_ecc'
[Fri 01 Dec 2023 07:21:56 AM UTC] _renewServer
[Fri 01 Dec 2023 07:21:56 AM UTC] Using config home:/home/[MASKED]/.acme.sh
[Fri 01 Dec 2023 07:21:56 AM UTC] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri 01 Dec 2023 07:21:56 AM UTC] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri 01 Dec 2023 07:21:56 AM UTC] _ACME_SERVER_PATH='v2/DV90'
[Fri 01 Dec 2023 07:21:56 AM UTC] DOMAIN_PATH='/home/[MASKED]/.acme.sh/*.[MASKED]_ecc'
[Fri 01 Dec 2023 07:21:56 AM UTC] Renew: '*.[MASKED]'
[Fri 01 Dec 2023 07:21:56 AM UTC] '*.[MASKED]' is not an issued domain, skip.
[Fri 01 Dec 2023 07:21:56 AM UTC] Return code: 2
[Fri 01 Dec 2023 07:21:56 AM UTC] Skipped *.[MASKED]_ecc
[Fri 01 Dec 2023 07:21:56 AM UTC] di='/home/[MASKED]/.acme.sh/[MASKED]_ecc/'
[Fri 01 Dec 2023 07:21:56 AM UTC] d='[MASKED]_ecc'
[Fri 01 Dec 2023 07:21:56 AM UTC] _renewServer
[Fri 01 Dec 2023 07:21:56 AM UTC] Using config home:/home/[MASKED]/.acme.sh
[Fri 01 Dec 2023 07:21:56 AM UTC] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri 01 Dec 2023 07:21:56 AM UTC] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri 01 Dec 2023 07:21:57 AM UTC] _ACME_SERVER_PATH='v2/DV90'
[Fri 01 Dec 2023 07:21:57 AM UTC] DOMAIN_PATH='/home/[MASKED]/.acme.sh/[MASKED]_ecc'
[Fri 01 Dec 2023 07:21:57 AM UTC] Renew: '[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] '[MASKED]' is not an issued domain, skip.
[Fri 01 Dec 2023 07:21:57 AM UTC] Return code: 2
[Fri 01 Dec 2023 07:21:57 AM UTC] Skipped [MASKED]_ecc
[Fri 01 Dec 2023 07:21:57 AM UTC] di='/home/[MASKED]/.acme.sh/www.[MASKED]_ecc/'
[Fri 01 Dec 2023 07:21:57 AM UTC] d='www.[MASKED]_ecc'
[Fri 01 Dec 2023 07:21:57 AM UTC] _renewServer
[Fri 01 Dec 2023 07:21:57 AM UTC] Using config home:/home/[MASKED]/.acme.sh
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri 01 Dec 2023 07:21:57 AM UTC] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri 01 Dec 2023 07:21:57 AM UTC] _ACME_SERVER_PATH='v2/DV90'
[Fri 01 Dec 2023 07:21:57 AM UTC] DOMAIN_PATH='/home/[MASKED]/.acme.sh/www.[MASKED]_ecc'
[Fri 01 Dec 2023 07:21:57 AM UTC] Renew: 'www.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Fri 01 Dec 2023 07:21:57 AM UTC] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Fri 01 Dec 2023 07:21:57 AM UTC] initpath again.
[Fri 01 Dec 2023 07:21:57 AM UTC] Using config home:/home/[MASKED]/.acme.sh
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 01 Dec 2023 07:21:57 AM UTC] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri 01 Dec 2023 07:21:57 AM UTC] _ACME_SERVER_PATH='directory'
[Fri 01 Dec 2023 07:21:57 AM UTC] _main_domain='www.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] _alt_domains='1.[MASKED],[MASKED],2.[MASKED],3.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] 'dns_cf' does not contain 'dns'
[Fri 01 Dec 2023 07:21:57 AM UTC] 'dns_cf' does not contain 'dns'
[Fri 01 Dec 2023 07:21:57 AM UTC] Le_NextRenewTime='1698697811'
[Fri 01 Dec 2023 07:21:57 AM UTC] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri 01 Dec 2023 07:21:57 AM UTC] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri 01 Dec 2023 07:21:57 AM UTC] GET
[Fri 01 Dec 2023 07:21:57 AM UTC] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri 01 Dec 2023 07:21:57 AM UTC] timeout=
[Fri 01 Dec 2023 07:21:57 AM UTC] _CURL='curl --silent --dump-header /home/[MASKED]/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.n1CcPyPLA5  -g '
[Fri 01 Dec 2023 07:21:57 AM UTC] ret='0'
[Fri 01 Dec 2023 07:21:57 AM UTC] response='{
  "1LmGnE2fw3w": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_NEW_AUTHZ
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Fri 01 Dec 2023 07:21:57 AM UTC] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 01 Dec 2023 07:21:57 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri 01 Dec 2023 07:21:57 AM UTC] _on_before_issue
[Fri 01 Dec 2023 07:21:57 AM UTC] _chk_main_domain='www.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] _chk_alt_domains='1.[MASKED],[MASKED],2.[MASKED],3.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] 'dns_cf' does not contain 'no'
[Fri 01 Dec 2023 07:21:57 AM UTC] Le_LocalAddress
[Fri 01 Dec 2023 07:21:57 AM UTC] d='www.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] Check for domain='www.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] _currentRoot='dns_cf'
[Fri 01 Dec 2023 07:21:57 AM UTC] d='1.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] Check for domain='1.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] _currentRoot='dns_cf'
[Fri 01 Dec 2023 07:21:57 AM UTC] d='[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] Check for domain='[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] _currentRoot='dns_cf'
[Fri 01 Dec 2023 07:21:57 AM UTC] d='2.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] Check for domain='2.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] _currentRoot='dns_cf'
[Fri 01 Dec 2023 07:21:57 AM UTC] d='3.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] Check for domain='3.[MASKED]'
[Fri 01 Dec 2023 07:21:57 AM UTC] _currentRoot='dns_cf'
[Fri 01 Dec 2023 07:21:57 AM UTC] d
[Fri 01 Dec 2023 07:21:57 AM UTC] 'dns_cf' does not contain 'apache'
[Fri 01 Dec 2023 07:21:57 AM UTC] _saved_account_key_hash='/e+mYAjyeTonG1/E9ccEaAA+762nrKo/DUCtwGTrMrY='
[Fri 01 Dec 2023 07:21:57 AM UTC] _saved_account_key_hash is not changed, skip register account.
[Fri 01 Dec 2023 07:21:57 AM UTC] Read key length:ec-256
[Fri 01 Dec 2023 07:21:58 AM UTC] _createcsr
[Fri 01 Dec 2023 07:21:58 AM UTC] domain='www.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] domainlist='1.[MASKED],[MASKED],2.[MASKED],3.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] csrkey='/home/[MASKED]/.acme.sh/www.[MASKED]_ecc/www.[MASKED].key'
[Fri 01 Dec 2023 07:21:58 AM UTC] csr='/home/[MASKED]/.acme.sh/www.[MASKED]_ecc/www.[MASKED].csr'
[Fri 01 Dec 2023 07:21:58 AM UTC] csrconf='/home/[MASKED]/.acme.sh/www.[MASKED]_ecc/www.[MASKED].csr.conf'[Fri 01 Dec 2023 07:21:58 AM UTC] _is_idn_d='1.[MASKED],[MASKED],2.[MASKED],3.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _idn_temp
[Fri 01 Dec 2023 07:21:58 AM UTC] domainlist='1.[MASKED],[MASKED],2.[MASKED],3.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='www'
[Fri 01 Dec 2023 07:21:58 AM UTC] _is_idn_d='www.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _idn_temp
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='1'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='2'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='3'
[Fri 01 Dec 2023 07:21:58 AM UTC] Multi domain='DNS:www.[MASKED],DNS:1.[MASKED],DNS:[MASKED],DNS:2.[MASKED],DNS:3.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _is_idn_d='www.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _idn_temp
[Fri 01 Dec 2023 07:21:58 AM UTC] _csr_cn='www.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='www'
[Fri 01 Dec 2023 07:21:58 AM UTC] Getting domain auth token for each domain
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='www'
[Fri 01 Dec 2023 07:21:58 AM UTC] _is_idn_d='www.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _idn_temp
[Fri 01 Dec 2023 07:21:58 AM UTC] d='1.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='1'
[Fri 01 Dec 2023 07:21:58 AM UTC] _is_idn_d='1.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _idn_temp
[Fri 01 Dec 2023 07:21:58 AM UTC] d='[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _is_idn_d='[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _idn_temp
[Fri 01 Dec 2023 07:21:58 AM UTC] d='2.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='2'
[Fri 01 Dec 2023 07:21:58 AM UTC] _is_idn_d='2.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _idn_temp
[Fri 01 Dec 2023 07:21:58 AM UTC] d='3.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] seg='3'
[Fri 01 Dec 2023 07:21:58 AM UTC] _is_idn_d='3.[MASKED]'
[Fri 01 Dec 2023 07:21:58 AM UTC] _idn_temp
[Fri 01 Dec 2023 07:21:58 AM UTC] d
[Fri 01 Dec 2023 07:21:58 AM UTC] _identifiers='{"type":"dns","value":"www.[MASKED]"},{"type":"dns","value":"1.[MASKED]"},{"type":"dns","value":"[MASKED]"},{"type":"dns","value":"2.[MASKED]"},{"type":"dns","value":"3.[MASKED]"}'
[Fri 01 Dec 2023 07:21:58 AM UTC] _notBefore
[Fri 01 Dec 2023 07:21:58 AM UTC] _notAfter
[Fri 01 Dec 2023 07:21:58 AM UTC] =======Begin Send Signed Request=======
[Fri 01 Dec 2023 07:21:58 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 01 Dec 2023 07:21:58 AM UTC] payload='{"identifiers": [{"type":"dns","value":"www.[MASKED]"},{"type":"dns","value":"1.[MASKED]"},{"type":"dns","value":"[MASKED]"},{"type":"dns","value":"2.[MASKED]"},{"type":"dns","value":"3.[MASKED]"}]}'
[Fri 01 Dec 2023 07:21:58 AM UTC] RSA key
[Fri 01 Dec 2023 07:21:58 AM UTC] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 01 Dec 2023 07:21:58 AM UTC] HEAD
[Fri 01 Dec 2023 07:21:58 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 01 Dec 2023 07:21:58 AM UTC] body
[Fri 01 Dec 2023 07:21:58 AM UTC] _postContentType='application/jose+json'
[Fri 01 Dec 2023 07:21:58 AM UTC] _CURL='curl --silent --dump-header /home/[MASKED]/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.TukCIqWa4A  -g  -I  '
[Fri 01 Dec 2023 07:21:58 AM UTC] _ret='0'
[Fri 01 Dec 2023 07:21:58 AM UTC] _headers='HTTP/2 200 
server: nginx
date: Fri, 01 Dec 2023 07:21:58 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 65r2Q3lMzgfo6-aDQnZ6OTj0noVa9AAy-lGw898hSGMou81qw7o
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri 01 Dec 2023 07:21:58 AM UTC] _CACHED_NONCE='65r2Q3lMzgfo6-aDQnZ6OTj0noVa9AAy-lGw898hSGMou81qw7o'
[Fri 01 Dec 2023 07:21:58 AM UTC] nonce='65r2Q3lMzgfo6-aDQnZ6OTj0noVa9AAy-lGw898hSGMou81qw7o'
[Fri 01 Dec 2023 07:21:58 AM UTC] POST
[Fri 01 Dec 2023 07:21:58 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 01 Dec 2023 07:21:58 AM UTC] body='{"protected": "eyJub25jZSI6ICI2NXIyUTNsTXpnZm82LWFEUW5aNk9UajBub1ZhOUFBeS1sR3c4OThoU0dNb3U4MXF3N28[MASKED]bGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjQwNzM1NTAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Ind3dy5yZWRyYXkub3JnIn0seyJ0eXBlIjoiZG[MASKED]In0seyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJpcHY0LnJlZHJheS5vcmcifSx7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImlwdjYucmVkcmF5Lm9yZyJ9XX0", "signature": "iX8Dbm0qYmPpwpmQ1yXfxnhrcapHhrwjRzlQJQjOmXMIB5PqGKmd8sMbVEXi7TX9QLYOi7K_f-[MASKED]I3lyfz8ImKWVX4_aLyIY2YsyNwBC3F_BE9_t_H8MMsl-2dXo-upQ72oVdVqIunI_Gf4Nk9kKbUuZE7-c-YAGX6wIrg_orqiYXwm0CwiIPpKPMhVGS9cwiLQc6Yp56CMbLc2h01S_RN3Z-RsNbePbICkDDr0fURIR0ke1vm7XriuDyFMCg4IG5NKjxsLLZxvNX5stgVw"}'
[Fri 01 Dec 2023 07:21:58 AM UTC] _postContentType='application/jose+json'
[Fri 01 Dec 2023 07:21:58 AM UTC] Http already initialized.
[Fri 01 Dec 2023 07:21:58 AM UTC] _CURL='curl --silent --dump-header /home/[MASKED]/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.TukCIqWa4A  -g '
[Fri 01 Dec 2023 07:21:58 AM UTC] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 139
[Fri 01 Dec 2023 07:21:59 AM UTC] Here is the curl dump log:
[Fri 01 Dec 2023 07:21:59 AM UTC] == Info:   Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443...
== Info: Connected to acme-v02.api.letsencrypt.org (2606:4700:60:0:f53d:5624:85c7:3a2c) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info: successfully set certificate verify locations:
== Info:  CAfile: /etc/ssl/certs/ca-certificates.crt
== Info:  CApath: /etc/ssl/certs
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: .......Z..h....f ...~<.u_4......T6.... ...J.u..8kj.(.=...i ](>~.
0040: W<.P..1.>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u...!.....acme-v02.api.letsencrypt.org................
00c0: ........3t.........h2.http/1.1.........1.....*.(................
0100: .........................+........-.....3.&.$... .2...W.....;.GN
0140: ....0...0h.Di8VFx...............................................
0180: ................................................................
01c0: ................................................................
<= Recv SSL data, 5 bytes (0x5)
0000: ....z
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 122 bytes (0x7a)
0000: ...v...Q4[....bi7...).(...T....h..|]X ...J.u..8kj.(.=...i ](>~.
0040: W<.P..1......+.....3.$... ..U..&r..Gh.3.......C......8...k
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: ....$
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
<= Recv SSL data, 19 bytes (0x13)
0000: .................h2
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 2801 bytes (0xaf1)
0000: ...........0...0............l...m...I.;Q.{..0...*.H........021.0
0040: ...U....US1.0...U....Let's Encrypt1.0...U....R30...231104124917Z
0080: ..240202124916Z0'1%0#..U....acme-v02.api.letsencrypt.org0.."0...
00c0: *.H.............0.........d....7.M....*......1h...j..).....B;(..
0100: X6..o.........A...=...b...u0..Kj...aTu..{Y ..f..X.q.......)....
0140: @p.;.dE..9R8Q}..N...b..c.w.u......BS....H....g...}Vv...}...V....
0180: P^..I....h...G...o....u............O.....uPn..x.......'..$......
01c0: ....T5e..uBa)...H..q...;.........0...0...U...........0...U.%..0
0200: ...+.........+.......0...U.......0.0...U.......5.H.%.l.......ZM.
0240: M.0...U.#..0........XV..P.@........0U..+........I0G0!..+.....0..
0280: .http://r3.o.lencr.org0"..+.....0...http://r3.i.lencr.org/0....U
02c0: .....0....acme-v02-1.api.letsencrypt.org..acme-v02-2.api.letsenc
0300: rypt.org..acme-v02-3.api.letsencrypt.org..acme-v02-4.api.letsenc
0340: rypt.org..acme-v02-5.api.letsencrypt.org..acme-v02.api.letsencry
0380: pt.org..incident.letsencrypt.org0...U. ..0.0...g.....0.....+....
03c0: .y............v.;Swu>-..N.0[..@;g.O......-ro..........Z......G0E
0400: . &..'.j.......E.Q.D.V........3.,..!......R.Gi....7yk?....t4...2
0440: ..q...u.v..?....Q.a....4....).hB...gLZ:t......Z:.....F0D. g%..o.
0480: ....x.......5e.(..B..g..*]. @.(.D/....R.8f.........h.w.{E..S0...
04c0: *.H.............W..k.....pg..%..N..d./.[U.4p4......{.T.-..ND._WA
0500: .....Y...../5..]+.9..X.....8.....t...Aq04..Y..../...T..-.m]....!
0540: .u.e...zY<.$..Ft...\.............., 1.# ....V+.].b.r....,l..M...
0580: ..P........."=.....u{:c......;n.....fZ.}...........Y..5._Mgw....
05c0: ..`D........|........0...0............+.J....S...%._Z0...*.H....
0600: ....0O1.0...U....US1)0'..U... Internet Security Research Group1.
0640: 0...U....ISRG Root X10...200904000000Z..250915160000Z021.0...U..
0680: ..US1.0...U....Let's Encrypt1.0...U....R30.."0...*.H............
06c0: .0...........(.........U.......zB..]&..+..L...k.u....G..U5W....9
0700: ...<B.Nn.;......\.Y8...i.Z.....$%..7q..........;ERE...S.4.R.....
0740: .`p..T..m...@4k+..f.f4|.k..W)..0.].ro......X=......+.....q].F...
0780: %...`guf.....\.S.:..G.......w?.S......p...c.......S...H...i.%u..
07c0: .R...Q.............0...0...U...........0...U.%..0...+.........+.
0800: ......0...U.......0.......0...U...........XV..P.@........0...U.#
0840: ..0...y.Y.{....s.....X...n02..+........&0$0"..+.....0...http://x
0880: 1.i.lencr.org/0'..U... 0.0.......http://x1.c.lencr.org/0"..U. ..
08c0: 0.0...g.....0...+..........0...*.H...............NG>...D...gx..c
0900: .uM..=3erT-...... ._..p..n;.^... ..........<....9..|%.G.en?F....
0940: .+.T....'K.../...q.J....#{.-...W>...3.G!x..'.*....\.d...y.O.mD.^
0980: .........D).Y .c.!..&..W..e..."...C....~...7.Z..0..n+*.!N.......
09c0: ^....j...;3..K........?.UC6.h.6.j.....@.4...c959un..v.....Kl....
0a00: ......h..e..=wS..y...1.u*C.U.r.)...]N..F.0..._..y..^p.........aq
0a40: %*...%PRh........}..l.!1.........=.L.8...+.......= .~Y...X.[.H..
0a80: \O.)..U#......|.../....GF?.....(Mh2.g^.i....../..RC.o2WeM2..8S.]
0ac0: ~]f)........V.B..N.%8DPm...U...Id.N....[.s...G...
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
<= Recv SSL data, 264 bytes (0x108)
0000: ........!cP 2d.=$.ZP#.)Y..?.....%..F...@G.+&<.@...k.W..*....'J..
0040: .Z...J..0...X.)..5,/.|.._79.=.!$..@..Q...
006b: .f .b^Z....{.....}.0.6_...".H.jk.9Y...U......ut....Qg`$.g.o..v.f
00ab: K.S0=..-..P....).-.3......Krnf^.......W...W...W4Q.8.oe}.>.D..!
00eb: .-.S.7f.6)...~...?...so...y..
<= Recv SSL data, 5 bytes (0x5)
0000: ....E
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Finished (20):
<= Recv SSL data, 52 bytes (0x34)
0000: ...0..E%...4..JxU.1v.n.79l.a.z...[O........2.s...JM\
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....E
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: ...0.....yM9....o.F7._o.c&W...r...t6.....I.A.O..7.U2
== Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
== Info: ALPN, server accepted to use h2
== Info: Server certificate:
== Info:  subject: CN=acme-v02.api.letsencrypt.org
== Info:  start date: Nov  4 12:49:17 2023 GMT
== Info:  expire date: Feb  2 12:49:16 2024 GMT
== Info:  subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
== Info:  issuer: C=US; O=Let's Encrypt; CN=R3
== Info:  SSL certificate verify ok.
== Info: Using HTTP2, server supports multi-use
== Info: Connection state changed (HTTP/2 confirmed)
== Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
=> Send SSL data, 5 bytes (0x5)
0000: ....)
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....,
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: Using Stream ID: 1 (easy handle 0x55d053ddf690)
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send header, 189 bytes (0xbd)
0000: HEAD /acme/new-nonce HTTP/2
001d: Host: acme-v02.api.letsencrypt.org
0041: user-agent: acme.sh/3.0.7 (https://github.com/acmesh-official/ac
0081: me.sh)
0089: accept: */*
0096: content-type: application/jose+json
00bb: 
<= Recv SSL data, 5 bytes (0x5)
0000: ....J
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 57 bytes (0x39)
0000: ...5..Q..D.~.......... ....W]......H...'..UX.|.I>..!.I...
<= Recv SSL data, 5 bytes (0x5)
0000: ....J
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 57 bytes (0x39)
0000: ...5..Q.... .......... 3MIo......X.."2.:C.D.....".1.O^...
== Info: old SSL session ID is stale, removing
<= Recv SSL data, 5 bytes (0x5)
0000: ....9
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 200 
<= Recv header, 15 bytes (0xf)
0000: server: nginx
<= Recv header, 37 bytes (0x25)
0000: date: Fri, 01 Dec 2023 07:21:58 GMT
<= Recv header, 44 bytes (0x2c)
0000: cache-control: public, max-age=0, no-cache
<= Recv header, 68 bytes (0x44)
0000: link: <https://acme-v02.api.letsencrypt.org/directory>;rel="inde
0040: x"
<= Recv header, 67 bytes (0x43)
0000: replay-nonce: 65r2Q3lMzgfo6-[MASKED]-lGw898hSGMou81qw7
0040: o
<= Recv header, 23 bytes (0x17)
0000: x-frame-options: DENY
<= Recv header, 43 bytes (0x2b)
0000: strict-transport-security: max-age=604800
<= Recv header, 2 bytes (0x2)
0000: 
== Info: Connection #0 to host acme-v02.api.letsencrypt.org left intact
[Fri 01 Dec 2023 07:21:59 AM UTC] _ret='139'
[Fri 01 Dec 2023 07:21:59 AM UTC] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 01 Dec 2023 07:21:58 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 65r2Q3lMzgfo6-[MASKED]-lGw898hSGMou81qw7o
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri 01 Dec 2023 07:21:59 AM UTC] code='200'
[Fri 01 Dec 2023 07:21:59 AM UTC] original
[Fri 01 Dec 2023 07:21:59 AM UTC] response
[Fri 01 Dec 2023 07:21:59 AM UTC] Le_LinkOrder
[Fri 01 Dec 2023 07:21:59 AM UTC] Le_OrderFinalize
[Fri 01 Dec 2023 07:21:59 AM UTC] Create new order error. Le_OrderFinalize not found. 
[Fri 01 Dec 2023 07:21:59 AM UTC] pid
[Fri 01 Dec 2023 07:21:59 AM UTC] No need to restore nginx, skip.
[Fri 01 Dec 2023 07:21:59 AM UTC] _clearupdns
[Fri 01 Dec 2023 07:21:59 AM UTC] dns_entries
[Fri 01 Dec 2023 07:21:59 AM UTC] skip dns.
[Fri 01 Dec 2023 07:21:59 AM UTC] _on_issue_err
[Fri 01 Dec 2023 07:21:59 AM UTC] Please check log file for more details: /home/[MASKED]/.acme.sh/acme.sh.log
[Fri 01 Dec 2023 07:21:59 AM UTC] _chk_vlist
[Fri 01 Dec 2023 07:21:59 AM UTC] 'dns_cf' does not contain 'dns'
[Fri 01 Dec 2023 07:21:59 AM UTC] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.1n  15 Mar 2022
apache:
apache doesn't exist.
nginx:
nginx version: nginx/1.19.2
built by gcc 8.3.0 (Debian 8.3.0-6) 
built with OpenSSL 1.1.1g  21 Apr 2020
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/www/server/nginx --add-module=/www/server/nginx/src/ngx_devel_kit --add-module=/www/server/nginx/src/lua_nginx_module --add-module=/www/server/nginx/src/ngx_cache_purge --add-module=/www/server/nginx/src/nginx-sticky-module --with-openssl=/www/server/nginx/src/openssl --with-pcre=pcre-8.43 --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-ipv6 --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-ld-opt=-Wl,-E --with-cc-opt=-Wno-error --with-ld-opt=-ljemalloc --with-http_dav_module --add-module=/www/server/nginx/src/nginx-dav-ext-module
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.1 on Feb  3 2021 12:58:17
   running on Linux version #1 SMP Fri Oct 8 21:45:26 CST 2021, release 5.14.10, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_VSOCK 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
[Fri 01 Dec 2023 07:21:59 AM UTC] Return code: 1
[Fri 01 Dec 2023 07:21:59 AM UTC] Error renew www.[MASKED]_ecc.
[Fri 01 Dec 2023 07:21:59 AM UTC] _error_level='1'
[Fri 01 Dec 2023 07:21:59 AM UTC] _set_level='2'
[Fri 01 Dec 2023 07:21:59 AM UTC] The NOTIFY_HOOK is empty, just return.

[github-actions[bot]]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.