search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.38k stars 4.97k forks source link

Could not get nonce, let's try again. #4937

Closed blankhang closed 9 months ago

blankhang commented 10 months ago

Steps to reproduce

acme.sh --upgrade acme.sh --issue --log --dns dns_dp -d "xxxxx.com" -d "*.xxxxx.com" --debug 2

Debug log

root@us-o-arm-1:~/.acme.sh# acme.sh --upgrade [Sat Dec 30 13:34:30 CST 2023] Already uptodate! [Sat Dec 30 13:34:30 CST 2023] Upgrade success! root@us-o-arm-1:~/.acme.sh# acme.sh --issue --log --dns dns_dp -d "xxxxx.com" -d ".xxxxx.com" [Sat Dec 30 13:34:38 CST 2023] Using CA: https://acme.zerossl.com/v2/DV90 [Sat Dec 30 13:34:38 CST 2023] Multi domain='DNS:xxxxx.com,DNS:.xxxxx.com' [Sat Dec 30 13:34:38 CST 2023] Getting domain auth token for each domain [Sat Dec 30 13:34:40 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:34:44 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:34:48 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:34:52 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:34:56 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:35:00 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:35:04 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:35:09 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:35:13 CST 2023] Could not get nonce, let's try again. [Sat Dec 30 13:35:17 CST 2023] Could not get nonce, let's try again. 0^C
root@us-o-arm-1:~/.acme.sh# acme.sh --issue --log --dns dns_dp -d "xxxxx.com" -d ".xxxxx.com" --debug 2 [Sat Dec 30 13:35:25 CST 2023] Lets find script dir. [Sat Dec 30 13:35:25 CST 2023] SCRIPT='/root/.acme.sh/acme.sh' [Sat Dec 30 13:35:25 CST 2023] _script='/root/.acme.sh/acme.sh' [Sat Dec 30 13:35:25 CST 2023] _script_home='/root/.acme.sh' [Sat Dec 30 13:35:25 CST 2023] Using config home:/root/.acme.sh [Sat Dec 30 13:35:25 CST 2023] LE_WORKING_DIR='/root/.acme.sh' https://github.com/acmesh-official/acme.sh v3.0.8 [Sat Dec 30 13:35:25 CST 2023] Running cmd: issue [Sat Dec 30 13:35:25 CST 2023] _main_domain='xxxxx.com' [Sat Dec 30 13:35:25 CST 2023] _alt_domains='.xxxxx.com' [Sat Dec 30 13:35:25 CST 2023] Using config home:/root/.acme.sh [Sat Dec 30 13:35:25 CST 2023] default_acme_server [Sat Dec 30 13:35:25 CST 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90' [Sat Dec 30 13:35:25 CST 2023] _ACME_SERVER_HOST='acme.zerossl.com' [Sat Dec 30 13:35:25 CST 2023] _ACME_SERVER_PATH='v2/DV90' [Sat Dec 30 13:35:25 CST 2023] DOMAIN_PATH='/root/.acme.sh/xxxxx.com_ecc' [Sat Dec 30 13:35:25 CST 2023] 'dns_dp' does not contain 'dns' [Sat Dec 30 13:35:25 CST 2023] Le_NextRenewTime [Sat Dec 30 13:35:25 CST 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90 [Sat Dec 30 13:35:25 CST 2023] _init api for server: https://acme.zerossl.com/v2/DV90 [Sat Dec 30 13:35:25 CST 2023] GET [Sat Dec 30 13:35:25 CST 2023] url='https://acme.zerossl.com/v2/DV90' [Sat Dec 30 13:35:25 CST 2023] timeout= [Sat Dec 30 13:35:25 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.sOjMmOa7z8 -g ' [Sat Dec 30 13:35:26 CST 2023] ret='0' [Sat Dec 30 13:35:26 CST 2023] response='{ "newNonce": "https://acme.zerossl.com/v2/DV90/newNonce", "newAccount": "https://acme.zerossl.com/v2/DV90/newAccount", "newOrder": "https://acme.zerossl.com/v2/DV90/newOrder", "revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert", "keyChange": "https://acme.zerossl.com/v2/DV90/keyChange", "meta": { "termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf", "website": "https://zerossl.com", "caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"], "externalAccountRequired": true } }' [Sat Dec 30 13:35:26 CST 2023] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange' [Sat Dec 30 13:35:26 CST 2023] ACME_NEW_AUTHZ [Sat Dec 30 13:35:26 CST 2023] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder' [Sat Dec 30 13:35:26 CST 2023] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount' [Sat Dec 30 13:35:26 CST 2023] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert' [Sat Dec 30 13:35:26 CST 2023] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf' [Sat Dec 30 13:35:26 CST 2023] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce' [Sat Dec 30 13:35:26 CST 2023] Using CA: https://acme.zerossl.com/v2/DV90 [Sat Dec 30 13:35:26 CST 2023] _on_before_issue [Sat Dec 30 13:35:26 CST 2023] _chk_main_domain='xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _chk_alt_domains='.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] 'dns_dp' does not contain 'no' [Sat Dec 30 13:35:26 CST 2023] Le_LocalAddress [Sat Dec 30 13:35:26 CST 2023] d='xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] Check for domain='xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _currentRoot='dns_dp' [Sat Dec 30 13:35:26 CST 2023] d='.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] Check for domain='.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _currentRoot='dns_dp' [Sat Dec 30 13:35:26 CST 2023] d [Sat Dec 30 13:35:26 CST 2023] 'dns_dp' does not contain 'apache' [Sat Dec 30 13:35:26 CST 2023] _saved_account_key_hash='tkwHhtACFwB/KgV1G7r0sQVSjDNuRMokCAu3m/ORnm0=' [Sat Dec 30 13:35:26 CST 2023] _saved_account_key_hash is not changed, skip register account. [Sat Dec 30 13:35:26 CST 2023] Read key length:ec-256 [Sat Dec 30 13:35:26 CST 2023] _createcsr [Sat Dec 30 13:35:26 CST 2023] domain='xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] domainlist='.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] csrkey='/root/.acme.sh/xxxxx.com_ecc/xxxxx.com.key' [Sat Dec 30 13:35:26 CST 2023] csr='/root/.acme.sh/xxxxx.com_ecc/xxxxx.com.csr' [Sat Dec 30 13:35:26 CST 2023] csrconf='/root/.acme.sh/xxxxx.com_ecc/xxxxx.com.csr.conf' [Sat Dec 30 13:35:26 CST 2023] _is_idn_d='.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _idn_temp [Sat Dec 30 13:35:26 CST 2023] domainlist='.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] seg='xxxxx' [Sat Dec 30 13:35:26 CST 2023] _is_idn_d='xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _idn_temp [Sat Dec 30 13:35:26 CST 2023] seg='account.conf' [Sat Dec 30 13:35:26 CST 2023] Multi domain='DNS:xxxxx.com,DNS:.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _is_idn_d='xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _idn_temp [Sat Dec 30 13:35:26 CST 2023] _csr_cn='xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] seg='xxxxx' [Sat Dec 30 13:35:26 CST 2023] Getting domain auth token for each domain [Sat Dec 30 13:35:26 CST 2023] seg='xxxxx' [Sat Dec 30 13:35:26 CST 2023] _is_idn_d='xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _idn_temp [Sat Dec 30 13:35:26 CST 2023] d='.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] seg='account.conf' [Sat Dec 30 13:35:26 CST 2023] _is_idn_d='.xxxxx.com' [Sat Dec 30 13:35:26 CST 2023] _idn_temp [Sat Dec 30 13:35:26 CST 2023] d [Sat Dec 30 13:35:26 CST 2023] _identifiers='{"type":"dns","value":"xxxxx.com"},{"type":"dns","value":".xxxxx.com"}' [Sat Dec 30 13:35:26 CST 2023] _notBefore [Sat Dec 30 13:35:26 CST 2023] _notAfter [Sat Dec 30 13:35:26 CST 2023] =======Begin Send Signed Request======= [Sat Dec 30 13:35:26 CST 2023] url='https://acme.zerossl.com/v2/DV90/newOrder' [Sat Dec 30 13:35:26 CST 2023] payload='{"identifiers": [{"type":"dns","value":"xxxxx.com"},{"type":"dns","value":".xxxxx.com"}]}' [Sat Dec 30 13:35:26 CST 2023] EC key [Sat Dec 30 13:35:26 CST 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce' [Sat Dec 30 13:35:26 CST 2023] HEAD [Sat Dec 30 13:35:26 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newNonce' [Sat Dec 30 13:35:26 CST 2023] body [Sat Dec 30 13:35:26 CST 2023] _postContentType='application/jose+json' [Sat Dec 30 13:35:26 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7XjxALAr5t -g -I ' [Sat Dec 30 13:35:27 CST 2023] _ret='0' [Sat Dec 30 13:35:27 CST 2023] _headers='HTTP/2 200 server: nginx date: Sat, 30 Dec 2023 05:35:27 GMT content-type: application/octet-stream replay-nonce: ZojiqmvGllEdrqqo5lOWoJTFs9RYscqw4kz4OPTooNc cache-control: max-age=0, no-cache, no-store access-control-allow-origin: link: https://acme.zerossl.com/v2/DV90;rel="index" strict-transport-security: max-age=15724800; includeSubDomains ' [Sat Dec 30 13:35:27 CST 2023] _CACHED_NONCE='ZojiqmvGllEdrqqo5lOWoJTFs9RYscqw4kz4OPTooNc' [Sat Dec 30 13:35:27 CST 2023] nonce='ZojiqmvGllEdrqqo5lOWoJTFs9RYscqw4kz4OPTooNc' [Sat Dec 30 13:35:27 CST 2023] POST [Sat Dec 30 13:35:27 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newOrder' [Sat Dec 30 13:35:27 CST 2023] body='{"protected": "eyJub25jZSI6ICJab2ppcW12R2xsRWRycXFvNWxPV29KVEZzOVJZc2NxdzRrejRPUFRvb05jIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9uZXdPcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS56ZXJvc3NsLmNvbS92Mi9EVjkwL2FjY291bnQvVTlzTldnNzRxaVlKT1pqU3V5Tk9pUSJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Im1heWFuZ21lZGlhLmNvbSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5tYXlhbmdtZWRpYS5jb20ifV19", "signature": "ZXmtLMz4aNuUrI9I3I0XR_qUYQM22IyU6q4XYD76Yes8wDJXL80CbNDN4jX4qgfgXJBf4c113UWlurMfTlvBHw"}' [Sat Dec 30 13:35:27 CST 2023] _postContentType='application/jose+json' [Sat Dec 30 13:35:27 CST 2023] Http already initialized. [Sat Dec 30 13:35:27 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7XjxALAr5t -g ' [Sat Dec 30 13:35:28 CST 2023] _ret='0' [Sat Dec 30 13:35:28 CST 2023] responseHeaders='HTTP/2 201 server: nginx date: Sat, 30 Dec 2023 05:35:28 GMT content-type: application/json content-length: 384 replay-nonce: gtAlUblqfW10Zu42ceHEtwqdkl9dgBH51s058oR8QW8 cache-control: max-age=0, no-cache, no-store access-control-allow-origin: location: https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ strict-transport-security: max-age=15724800; includeSubDomains ' [Sat Dec 30 13:35:28 CST 2023] code='201' [Sat Dec 30 13:35:28 CST 2023] original='{"status":"pending","expires":"2024-03-29T04:16:24Z","identifiers":[{"type":"dns","value":"xxxxx.com"},{"type":"dns","value":".xxxxx.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw","https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ/finalize"}' [Sat Dec 30 13:35:28 CST 2023] response='{"status":"pending","expires":"2024-03-29T04:16:24Z","identifiers":[{"type":"dns","value":"xxxxx.com"},{"type":"dns","value":".xxxxx.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw","https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ/finalize"}' [Sat Dec 30 13:35:28 CST 2023] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ' [Sat Dec 30 13:35:28 CST 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ/finalize' [Sat Dec 30 13:35:28 CST 2023] _authorizations_seg='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw,https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw' [Sat Dec 30 13:35:28 CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw' [Sat Dec 30 13:35:28 CST 2023] =======Begin Send Signed Request======= [Sat Dec 30 13:35:28 CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw' [Sat Dec 30 13:35:28 CST 2023] payload [Sat Dec 30 13:35:28 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key [Sat Dec 30 13:35:28 CST 2023] Use _CACHED_NONCE='gtAlUblqfW10Zu42ceHEtwqdkl9dgBH51s058oR8QW8' [Sat Dec 30 13:35:28 CST 2023] nonce='gtAlUblqfW10Zu42ceHEtwqdkl9dgBH51s058oR8QW8' [Sat Dec 30 13:35:28 CST 2023] POST [Sat Dec 30 13:35:28 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw' [Sat Dec 30 13:35:28 CST 2023] body='{"protected": "eyJub25jZSI6ICJndEFsVWJscWZXMTBadTQyY2VIRXR3cWRrbDlkZ0JINTFzMDU4b1I4UVc4IiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9fSWlSNWRCdVhGMExGYl9rc1poSFJ3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9VOXNOV2c3NHFpWUpPWmpTdXlOT2lRIn0", "payload": "", "signature": "fiuvT2rHGuvZ_awukZFydWT3DM6PoRQ-ZQ1HT2PT5rftQjeCeEIb-W0sK-70ka7w400Ye-EKC_2Ad8ZTliyRtg"}' [Sat Dec 30 13:35:28 CST 2023] _postContentType='application/jose+json' [Sat Dec 30 13:35:28 CST 2023] Http already initialized. [Sat Dec 30 13:35:28 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7XjxALAr5t -g ' [Sat Dec 30 13:35:29 CST 2023] _ret='0' [Sat Dec 30 13:35:29 CST 2023] responseHeaders='HTTP/2 200 server: nginx date: Sat, 30 Dec 2023 05:35:29 GMT content-type: application/json content-length: 294 replay-nonce: QXQH50Y45HPgbG69Owf4pPwQhgdBq-7DP00MkKW1PFc cache-control: max-age=0, no-cache, no-store access-control-allow-origin: link: https://acme.zerossl.com/v2/DV90;rel="index" retry-after: 86400 strict-transport-security: max-age=15724800; includeSubDomains ' [Sat Dec 30 13:35:29 CST 2023] code='200' [Sat Dec 30 13:35:29 CST 2023] original='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}' [Sat Dec 30 13:35:29 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}' [Sat Dec 30 13:35:29 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}' [Sat Dec 30 13:35:29 CST 2023] _d='xxxxx.com' [Sat Dec 30 13:35:29 CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw' [Sat Dec 30 13:35:29 CST 2023] =======Begin Send Signed Request======= [Sat Dec 30 13:35:29 CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw' [Sat Dec 30 13:35:29 CST 2023] payload [Sat Dec 30 13:35:29 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key [Sat Dec 30 13:35:29 CST 2023] Use _CACHED_NONCE='QXQH50Y45HPgbG69Owf4pPwQhgdBq-7DP00MkKW1PFc' [Sat Dec 30 13:35:29 CST 2023] nonce='QXQH50Y45HPgbG69Owf4pPwQhgdBq-7DP00MkKW1PFc' [Sat Dec 30 13:35:29 CST 2023] POST [Sat Dec 30 13:35:29 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw' [Sat Dec 30 13:35:29 CST 2023] body='{"protected": "eyJub25jZSI6ICJRWFFINTBZNDVIUGdiRzY5T3dmNHBQd1FoZ2RCcS03RFAwME1rS1cxUEZjIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei8ydHdjUHYxbnAxdFFNYVl4aEpYOVR3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9VOXNOV2c3NHFpWUpPWmpTdXlOT2lRIn0", "payload": "", "signature": "EI6KtDEd7WjFoFHZTm0EZl5ri6PmRo7GLj4A5tMFT2g3VU3Nx3Vk489Q1f_tmxfixR-WiRHfrLFf2LRT54diLw"}' [Sat Dec 30 13:35:29 CST 2023] _postContentType='application/jose+json' [Sat Dec 30 13:35:29 CST 2023] Http already initialized. [Sat Dec 30 13:35:29 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7XjxALAr5t -g ' [Sat Dec 30 13:35:30 CST 2023] _ret='0' [Sat Dec 30 13:35:31 CST 2023] responseHeaders='HTTP/2 200 server: nginx date: Sat, 30 Dec 2023 05:35:30 GMT content-type: application/json content-length: 310 replay-nonce: _yHPUONGlB4W1fHIoq8QPInzJhKd2a5ejkjD8weAiC4 cache-control: max-age=0, no-cache, no-store access-control-allow-origin: link: https://acme.zerossl.com/v2/DV90;rel="index" retry-after: 86400 strict-transport-security: max-age=15724800; includeSubDomains ' [Sat Dec 30 13:35:31 CST 2023] code='200' [Sat Dec 30 13:35:31 CST 2023] original='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/-nCjk-wMkcVYc2HDU4MAew","status":"invalid","error":{},"token":"-ZcfPYO53wEdteCp-cpPMAw9XR3f4Q61rrvu4Se-12s"}],"wildcard":true}' [Sat Dec 30 13:35:31 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/-nCjk-wMkcVYc2HDU4MAew","status":"invalid","error":{},"token":"-ZcfPYO53wEdteCp-cpPMAw9XR3f4Q61rrvu4Se-12s"}],"wildcard":true}' [Sat Dec 30 13:35:31 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/-nCjk-wMkcVYc2HDU4MAew","status":"invalid","error":{},"token":"-ZcfPYO53wEdteCp-cpPMAw9XR3f4Q61rrvu4Se-12s"}],"wildcard":true}' [Sat Dec 30 13:35:31 CST 2023] _d='.xxxxx.com' [Sat Dec 30 13:35:31 CST 2023] _authorizations_map='*.xxxxx.com,{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/-nCjk-wMkcVYc2HDU4MAew","status":"invalid","error":{},"token":"-ZcfPYO53wEdteCp-cpPMAw9XR3f4Q61rrvu4Se-12s"}],"wildcard":true}#https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw xxxxx.com,{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}#https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw ' [Sat Dec 30 13:35:31 CST 2023] d='xxxxx.com' [Sat Dec 30 13:35:31 CST 2023] Getting webroot for domain='xxxxx.com' [Sat Dec 30 13:35:31 CST 2023] _w='dns_dp' [Sat Dec 30 13:35:31 CST 2023] _currentRoot='dns_dp' [Sat Dec 30 13:35:31 CST 2023] _is_idn_d='xxxxx.com' [Sat Dec 30 13:35:31 CST 2023] _idn_temp [Sat Dec 30 13:35:31 CST 2023] _candidates='xxxxx.com,{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}#https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw' [Sat Dec 30 13:35:31 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}#https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw' [Sat Dec 30 13:35:31 CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw' [Sat Dec 30 13:35:31 CST 2023] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{' [Sat Dec 30 13:35:31 CST 2023] token [Sat Dec 30 13:35:31 CST 2023] Error, can not get domain token "type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{ [Sat Dec 30 13:35:31 CST 2023] pid [Sat Dec 30 13:35:31 CST 2023] No need to restore nginx, skip. [Sat Dec 30 13:35:31 CST 2023] _clearupdns [Sat Dec 30 13:35:31 CST 2023] dns_entries [Sat Dec 30 13:35:31 CST 2023] skip dns. [Sat Dec 30 13:35:31 CST 2023] _on_issue_err [Sat Dec 30 13:35:31 CST 2023] Please check log file for more details: /root/.acme.sh/acme.sh.log [Sat Dec 30 13:35:31 CST 2023] _chk_vlist [Sat Dec 30 13:35:31 CST 2023] socat doesn't exist. [Sat Dec 30 13:35:31 CST 2023] Diagnosis versions: openssl:openssl OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

acme.sh  --issue .....   --debug 2

please help!

github-actions[bot] commented 10 months ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

ipme commented 10 months ago

我也是同样的问题

root@AliYun-SH:~/.acme.sh# acme.sh --upgrade
[Sun Dec 31 01:35:14 AM CST 2023] Already uptodate!
[Sun Dec 31 01:35:14 AM CST 2023] Upgrade success!
root@AliYun-SH:~/.acme.sh# acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.8

Debug log

[Sun Dec 31 01:14:34 AM CST 2023] payload='{"identifiers": [{"type":"dns","value":"a.com"},{"type":"dns","value":"*.a.com"}]}'


root@AliYun-SH : ~/.acme.sh# acme.sh --issue --log --dns dns_dp -d "google.com" -d "*.google.com" --debug 2
[Sun Dec 31 01:14:33 AM CST 2023] Lets find script dir.
[Sun Dec 31 01:14:33 AM CST 2023] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun Dec 31 01:14:33 AM CST 2023] _script='/root/.acme.sh/acme.sh'
[Sun Dec 31 01:14:33 AM CST 2023] _script_home='/root/.acme.sh'
[Sun Dec 31 01:14:33 AM CST 2023] Using config home:/root/.acme.sh
[Sun Dec 31 01:14:33 AM CST 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8

[Sun Dec 31 01:14:33 AM CST 2023] Running cmd: issue
[Sun Dec 31 01:14:33 AM CST 2023] _main_domain='google.com'
[Sun Dec 31 01:14:33 AM CST 2023] _alt_domains='*.google.com'
[Sun Dec 31 01:14:33 AM CST 2023] Using config home:/root/.acme.sh
[Sun Dec 31 01:14:33 AM CST 2023] default_acme_server='https://acme.zerossl.com/v2/DV90'
[Sun Dec 31 01:14:33 AM CST 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sun Dec 31 01:14:33 AM CST 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Sun Dec 31 01:14:33 AM CST 2023] _ACME_SERVER_PATH='v2/DV90'
[Sun Dec 31 01:14:33 AM CST 2023] DOMAIN_PATH='/root/.acme.sh/google.com_ecc'
[Sun Dec 31 01:14:33 AM CST 2023] 'dns_dp' does not contain 'dns'
[Sun Dec 31 01:14:33 AM CST 2023] Le_NextRenewTime
[Sun Dec 31 01:14:33 AM CST 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Sun Dec 31 01:14:33 AM CST 2023] _init api for server: https://acme.zerossl.com/v2/DV90
[Sun Dec 31 01:14:33 AM CST 2023] GET
[Sun Dec 31 01:14:33 AM CST 2023] url='https://acme.zerossl.com/v2/DV90'
[Sun Dec 31 01:14:33 AM CST 2023] timeout=
[Sun Dec 31 01:14:33 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.Pq2kUAY46T  -g '
[Sun Dec 31 01:14:34 AM CST 2023] ret='0'
[Sun Dec 31 01:14:34 AM CST 2023] response='{
  "newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
  "newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
  "newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
  "revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
  "keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
  "meta": {
    "termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf",
    "website": "https://zerossl.com",
    "caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
    "externalAccountRequired": true
  }
}'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_NEW_AUTHZ
[Sun Dec 31 01:14:34 AM CST 2023] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 31 01:14:34 AM CST 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Dec 31 01:14:34 AM CST 2023] _on_before_issue
[Sun Dec 31 01:14:34 AM CST 2023] _chk_main_domain='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _chk_alt_domains='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] 'dns_dp' does not contain 'no'
[Sun Dec 31 01:14:34 AM CST 2023] Le_LocalAddress
[Sun Dec 31 01:14:34 AM CST 2023] d='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] Check for domain='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _currentRoot='dns_dp'
[Sun Dec 31 01:14:34 AM CST 2023] d='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] Check for domain='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _currentRoot='dns_dp'
[Sun Dec 31 01:14:34 AM CST 2023] d
[Sun Dec 31 01:14:34 AM CST 2023] 'dns_dp' does not contain 'apache'
[Sun Dec 31 01:14:34 AM CST 2023] _saved_account_key_hash='4k9Gww1ZKLYaNBF9iaFuHQa4HDsiGMNxkXkaGe5+JlM='
[Sun Dec 31 01:14:34 AM CST 2023] _saved_account_key_hash is not changed, skip register account.
[Sun Dec 31 01:14:34 AM CST 2023] Read key length:ec-256
[Sun Dec 31 01:14:34 AM CST 2023] _createcsr
[Sun Dec 31 01:14:34 AM CST 2023] domain='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] domainlist='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] csrkey='/root/.acme.sh/google.com_ecc/google.com.key'
[Sun Dec 31 01:14:34 AM CST 2023] csr='/root/.acme.sh/google.com_ecc/google.com.csr'
[Sun Dec 31 01:14:34 AM CST 2023] csrconf='/root/.acme.sh/google.com_ecc/google.com.csr.conf'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] domainlist='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] seg='atzzz'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] seg='account.conf'
[Sun Dec 31 01:14:34 AM CST 2023] Multi domain='DNS:google.com,DNS:*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] _csr_cn='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] seg='atzzz'
[Sun Dec 31 01:14:34 AM CST 2023] Getting domain auth token for each domain
[Sun Dec 31 01:14:34 AM CST 2023] seg='atzzz'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] d='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] seg='account.conf'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] d
[Sun Dec 31 01:14:34 AM CST 2023] _identifiers='{"type":"dns","value":"google.com"},{"type":"dns","value":"*.google.com"}'
[Sun Dec 31 01:14:34 AM CST 2023] _notBefore
[Sun Dec 31 01:14:34 AM CST 2023] _notAfter
[Sun Dec 31 01:14:34 AM CST 2023] =======Begin Send Signed Request=======
[Sun Dec 31 01:14:34 AM CST 2023] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 31 01:14:34 AM CST 2023] payload='{"identifiers": [{"type":"dns","value":"google.com"},{"type":"dns","value":"*.google.com"}]}'
[Sun Dec 31 01:14:34 AM CST 2023] EC key
[Sun Dec 31 01:14:35 AM CST 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 31 01:14:35 AM CST 2023] HEAD
[Sun Dec 31 01:14:35 AM CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 31 01:14:35 AM CST 2023] body
[Sun Dec 31 01:14:35 AM CST 2023] _postContentType='application/jose+json'
[Sun Dec 31 01:14:35 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.lilUxh3QHe  -g  -I  '
[Sun Dec 31 01:14:36 AM CST 2023] _ret='0'
[Sun Dec 31 01:14:36 AM CST 2023] _headers='HTTP/2 200 
server: nginx
date: Sat, 30 Dec 2023 17:14:36 GMT
content-type: application/octet-stream
replay-nonce: pdBcMeIptCXhzF7bpMqcLJDBlOk-yB1SCUjmJYsWC4c
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 31 01:14:36 AM CST 2023] _CACHED_NONCE='pdBcMeIptCXhzF7bpMqcLJDBlOk-yB1SCUjmJYsWC4c'
[Sun Dec 31 01:14:36 AM CST 2023] nonce='pdBcMeIptCXhzF7bpMqcLJDBlOk-yB1SCUjmJYsWC4c'
[Sun Dec 31 01:14:36 AM CST 2023] POST
[Sun Dec 31 01:14:36 AM CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 31 01:14:36 AM CST 2023] body='{"protected": "eyJub25jZSI6ICJwZEJjTWVJcHRDWGh6RjdicE1xY0xKREJsT2steUIxU0NVam1KWXNXQzRjIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9uZXdPcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS56ZXJvc3NsLmNvbS92Mi9EVjkwL2FjY291bnQvR0hHSEYxTHhMU1VISElCYkExaElFdyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImF0enp6LmNvbSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5hdHp6ei5jb20ifV19", "signature": "5hI04AhqY1Yj7bTIEcQCj4NkewiXltbgoPQTZ_RGJGIP2kVv2pHRCgwR7viz7eANmmDwpKD6Mpmm4H374raTHw"}'
[Sun Dec 31 01:14:36 AM CST 2023] _postContentType='application/jose+json'
[Sun Dec 31 01:14:36 AM CST 2023] Http already initialized.
[Sun Dec 31 01:14:36 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.lilUxh3QHe  -g '
[Sun Dec 31 01:14:38 AM CST 2023] _ret='0'
[Sun Dec 31 01:14:38 AM CST 2023] responseHeaders='HTTP/2 201 
server: nginx
date: Sat, 30 Dec 2023 17:14:38 GMT
content-type: application/json
content-length: 372
replay-nonce: KSTp1QjDYSEEOa6yfXXPVt2-a6FmkCGMR0qhBl8LSBI
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
location: https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 31 01:14:38 AM CST 2023] code='201'
[Sun Dec 31 01:14:38 AM CST 2023] original='{"status":"pending","expires":"2024-03-29T04:33:12Z","identifiers":[{"type":"dns","value":"google.com"},{"type":"dns","value":"*.google.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ","https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw/finalize"}'
[Sun Dec 31 01:14:38 AM CST 2023] response='{"status":"pending","expires":"2024-03-29T04:33:12Z","identifiers":[{"type":"dns","value":"google.com"},{"type":"dns","value":"*.google.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ","https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw/finalize"}'
[Sun Dec 31 01:14:38 AM CST 2023] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw'
[Sun Dec 31 01:14:38 AM CST 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw/finalize'
[Sun Dec 31 01:14:38 AM CST 2023] _authorizations_seg='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ,https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw'
[Sun Dec 31 01:14:38 AM CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:38 AM CST 2023] =======Begin Send Signed Request=======
[Sun Dec 31 01:14:38 AM CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:38 AM CST 2023] payload
[Sun Dec 31 01:14:38 AM CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sun Dec 31 01:14:38 AM CST 2023] Use _CACHED_NONCE='KSTp1QjDYSEEOa6yfXXPVt2-a6FmkCGMR0qhBl8LSBI'
[Sun Dec 31 01:14:38 AM CST 2023] nonce='KSTp1QjDYSEEOa6yfXXPVt2-a6FmkCGMR0qhBl8LSBI'
[Sun Dec 31 01:14:38 AM CST 2023] POST
[Sun Dec 31 01:14:38 AM CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:38 AM CST 2023] body='{"protected": "eyJub25jZSI6ICJLU1RwMVFqRFlTRUVPYTZ5ZlhYUFZ0Mi1hNkZta0NHTVIwcWhCbDhMU0JJIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei8tS2FhZktDQ1R5ZkJUZm5lQm0zMk9RIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9HSEdIRjFMeExTVUhISUJiQTFoSUV3In0", "payload": "", "signature": "-5Bf_idYgssXPqm5oCookNCCFrSB00IbjFHurrABQo18lExJhwrzy-FXSRq_PN-tmKaj8k84Q03aXo7A0-8Rqw"}'
[Sun Dec 31 01:14:38 AM CST 2023] _postContentType='application/jose+json'
[Sun Dec 31 01:14:38 AM CST 2023] Http already initialized.
[Sun Dec 31 01:14:38 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.lilUxh3QHe  -g '
[Sun Dec 31 01:14:41 AM CST 2023] _ret='0'
[Sun Dec 31 01:14:41 AM CST 2023] responseHeaders='HTTP/2 200 
server: nginx
date: Sat, 30 Dec 2023 17:14:40 GMT
content-type: application/json
content-length: 288
replay-nonce: C00oHfTRMSqvmKe8mp-7Cuu50w4UCzYWtNuJJczmbAY
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 31 01:14:41 AM CST 2023] code='200'
[Sun Dec 31 01:14:41 AM CST 2023] original='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}'
[Sun Dec 31 01:14:41 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}'
[Sun Dec 31 01:14:41 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}'
[Sun Dec 31 01:14:41 AM CST 2023] _d='google.com'
[Sun Dec 31 01:14:41 AM CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw'
[Sun Dec 31 01:14:41 AM CST 2023] =======Begin Send Signed Request=======
[Sun Dec 31 01:14:41 AM CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw'
[Sun Dec 31 01:14:41 AM CST 2023] payload
[Sun Dec 31 01:14:41 AM CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sun Dec 31 01:14:41 AM CST 2023] Use _CACHED_NONCE='C00oHfTRMSqvmKe8mp-7Cuu50w4UCzYWtNuJJczmbAY'
[Sun Dec 31 01:14:41 AM CST 2023] nonce='C00oHfTRMSqvmKe8mp-7Cuu50w4UCzYWtNuJJczmbAY'
[Sun Dec 31 01:14:41 AM CST 2023] POST
[Sun Dec 31 01:14:41 AM CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw'
[Sun Dec 31 01:14:41 AM CST 2023] body='{"protected": "eyJub25jZSI6ICJDMDBvSGZUUk1TcXZtS2U4bXAtN0N1dTUwdzRVQ3pZV3ROdUpKY3ptYkFZIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9DNXZlMnk4UzgzVXJFLWQwMzVKNFZ3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9HSEdIRjFMeExTVUhISUJiQTFoSUV3In0", "payload": "", "signature": "TdfLrCQhxi7BCRyNzYooK1gmf9-0CDHpxSZYf_72eTKSq5HqwPNr-gRifkltfcgBw8tOd37rnzEN38sXStr9Ig"}'
[Sun Dec 31 01:14:41 AM CST 2023] _postContentType='application/jose+json'
[Sun Dec 31 01:14:41 AM CST 2023] Http already initialized.
[Sun Dec 31 01:14:41 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.lilUxh3QHe  -g '
[Sun Dec 31 01:14:43 AM CST 2023] _ret='0'
[Sun Dec 31 01:14:43 AM CST 2023] responseHeaders='HTTP/2 200 
server: nginx
date: Sat, 30 Dec 2023 17:14:43 GMT
content-type: application/json
content-length: 304
replay-nonce: UrkH5MUaKgsdQY7EWF5-lHMSKjW91g6Zp7UcXhm9gb0
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 31 01:14:43 AM CST 2023] code='200'
[Sun Dec 31 01:14:43 AM CST 2023] original='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/mi2K6rLnjF8foymjBNatnA","status":"invalid","error":{},"token":"KJvln5SOJNDOxMp-WHGWCpcs69BKK2s8rx2U70Tj86g"}],"wildcard":true}'
[Sun Dec 31 01:14:43 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/mi2K6rLnjF8foymjBNatnA","status":"invalid","error":{},"token":"KJvln5SOJNDOxMp-WHGWCpcs69BKK2s8rx2U70Tj86g"}],"wildcard":true}'
[Sun Dec 31 01:14:43 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/mi2K6rLnjF8foymjBNatnA","status":"invalid","error":{},"token":"KJvln5SOJNDOxMp-WHGWCpcs69BKK2s8rx2U70Tj86g"}],"wildcard":true}'
[Sun Dec 31 01:14:43 AM CST 2023] _d='*.google.com'
[Sun Dec 31 01:14:43 AM CST 2023] _authorizations_map='*.google.com,{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/mi2K6rLnjF8foymjBNatnA","status":"invalid","error":{},"token":"KJvln5SOJNDOxMp-WHGWCpcs69BKK2s8rx2U70Tj86g"}],"wildcard":true}#https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw
google.com,{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}#https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ
'
[Sun Dec 31 01:14:43 AM CST 2023] d='google.com'
[Sun Dec 31 01:14:43 AM CST 2023] Getting webroot for domain='google.com'
[Sun Dec 31 01:14:43 AM CST 2023] _w='dns_dp'
[Sun Dec 31 01:14:43 AM CST 2023] _currentRoot='dns_dp'
[Sun Dec 31 01:14:43 AM CST 2023] _is_idn_d='google.com'
[Sun Dec 31 01:14:43 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:43 AM CST 2023] _candidates='google.com,{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}#https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:43 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}#https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:43 AM CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:43 AM CST 2023] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{'
[Sun Dec 31 01:14:43 AM CST 2023] token
[Sun Dec 31 01:14:43 AM CST 2023] Error, can not get domain token "type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{
[Sun Dec 31 01:14:43 AM CST 2023] pid
[Sun Dec 31 01:14:43 AM CST 2023] No need to restore nginx, skip.
[Sun Dec 31 01:14:43 AM CST 2023] _clearupdns
[Sun Dec 31 01:14:43 AM CST 2023] dns_entries
[Sun Dec 31 01:14:43 AM CST 2023] skip dns.
[Sun Dec 31 01:14:43 AM CST 2023] _on_issue_err
[Sun Dec 31 01:14:43 AM CST 2023] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun Dec 31 01:14:43 AM CST 2023] _chk_vlist
[Sun Dec 31 01:14:43 AM CST 2023] socat doesn't exist.
[Sun Dec 31 01:14:43 AM CST 2023] Diagnosis versions: 
openssl:openssl
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
apache:
apache doesn't exist.
nginx:
nginx version: openresty/1.21.4.3
built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) 
built with OpenSSL 3.0.12 24 Oct 2023
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt=-O2 --add-module=../ngx_devel_kit-0.3.2 --add-module=../echo-nginx-module-0.63 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.33 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.09 --add-module=../srcache-nginx-module-0.33 --add-module=../ngx_lua-0.10.25 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.34 --add-module=../array-var-nginx-module-0.06 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.9 --add-module=../rds-json-nginx-module-0.16 --add-module=../rds-csv-nginx-module-0.09 --add-module=../ngx_stream_lua-0.0.13 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -ljemalloc -Wl,-u,pcre_version' --user=www --group=www --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=/root/oneinstack/src/openresty-1.21.4.3/../openssl-3.0.12 --with-pcre=/root/oneinstack/src/openresty-1.21.4.3/../pcre-8.45 --with-pcre-jit --add-module=/root/oneinstack/src/openresty-1.21.4.3/../ngx_brotli --add-module=/root/oneinstack/src/openresty-1.21.4.3/../ngx_cache_purge --with-openssl-opt=-g --with-pcre-opt=-g --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module
socat:```
bago commented 10 months ago

I guess it is a temporary ZeroSSL issue. Since Dec 29 I see some Error, can not get domain token "type":"dns-01","url":"[https://acme.zerossl.com/v2/DV90/chall/####","status":"invalid","error":{ too, while renewing some domain.

The status says now everything works, but I just got the same error trying to force a renew for a domain that is not able to be renewed since dec 29: https://status.zerossl.com/

Also, maybe the issue is not with the "nonce", but later.

bago commented 10 months ago

Unfortunately alter 10 days of retries I'm still unable to renew 7 certs. Other certs are correctly renewing, but the 7 attempted on Dec 29 are somehow stuck. I submitted a request to zerossl, but maybe the main issue here is that acme.sh is not logging the error (there is only an open bracket after "error" in the log).

So, maybe zerossl is replying with an error, but acme.sh is losing it.

blankhang commented 10 months ago

After running the certificate renewal command again on Jan 7, the certificates have been successfully renewed. :D

jabis commented 10 months ago

Started happening to me just now...

lurendrejer commented 9 months ago

Started happening to me just now...

Same, I run the renewal every wednesday - it failed today.

b-0-b commented 9 months ago

This is probably a ZeroSSL specific issue. You can always use another ACME server https://github.com/acmesh-official/acme.sh/wiki/Server

Saw this same error message today while testing acme.sh with --server zerossl

lurendrejer commented 9 months ago

Moved to letsencrypt. Had an issue where I had to reinstall acme.sh because some default e-mail used when installing from a script. Did an acme --install --email 123@123.123, rm'ed the folder where the old certs were and everything ran from there.