Closed RoyBellingan closed 8 months ago
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade
If it's still not working, please provide the log with --debug 2
, otherwise, nobody can help you.
This is the result with a CLEAN ENVIROMENT (I tried to pass only LE_WORKING_DIR but is not enought)
[Fri Feb 9 06:37:16 UTC 2024] _selectServer try snames='zerossl.com,zerossl'
[Fri Feb 9 06:37:16 UTC 2024] _selectServer try snames='letsencrypt.org,letsencrypt'
[Fri Feb 9 06:37:17 UTC 2024] _selectServer try snames='letsencrypt.org_test,letsencrypt_test,letsencrypttest'
[Fri Feb 9 06:37:17 UTC 2024] _selectServer try snames='buypass.com,buypass'
[Fri Feb 9 06:37:17 UTC 2024] _selectServer try snames='buypass.com_test,buypass_test,buypasstest'
[Fri Feb 9 06:37:17 UTC 2024] _selectServer try snames='ssl.com,sslcom'
[Fri Feb 9 06:37:17 UTC 2024] _selectServer try snames='google.com,google'
[Fri Feb 9 06:37:17 UTC 2024] _selectServer try snames='google.com_test,googletest,google_test'
[Fri Feb 9 06:37:17 UTC 2024] Lets find script dir.
[Fri Feb 9 06:37:17 UTC 2024] _SCRIPT_='/home/diter/.acme.sh/acme.sh'
[Fri Feb 9 06:37:17 UTC 2024] _script='/home/diter/.acme.sh/acme.sh'
[Fri Feb 9 06:37:17 UTC 2024] _script_home='/home/diter/.acme.sh'
[Fri Feb 9 06:37:17 UTC 2024] Using default home:/.acme.sh
[Fri Feb 9 06:37:17 UTC 2024] Using config home:/.acme.sh
[Fri Feb 9 06:37:17 UTC 2024] LE_WORKING_DIR='/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Fri Feb 9 06:37:17 UTC 2024] Using server: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 9 06:37:17 UTC 2024] Running cmd: issue
[Fri Feb 9 06:37:17 UTC 2024] _main_domain='mailserver.simonacanni.it'
[Fri Feb 9 06:37:17 UTC 2024] _alt_domains='www.mailserver.simonacanni.it'
[Fri Feb 9 06:37:17 UTC 2024] Using config home:/.acme.sh
[Fri Feb 9 06:37:17 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Feb 9 06:37:17 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri Feb 9 06:37:17 UTC 2024] _ACME_SERVER_PATH='directory'
[Fri Feb 9 06:37:17 UTC 2024] DOMAIN_PATH='/.acme.sh/mailserver.simonacanni.it_ecc'
[Fri Feb 9 06:37:17 UTC 2024] '/srv/www/letssl/' does not contain 'dns'
[Fri Feb 9 06:37:17 UTC 2024] Le_NextRenewTime
[Fri Feb 9 06:37:17 UTC 2024] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 9 06:37:17 UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 9 06:37:17 UTC 2024] GET
[Fri Feb 9 06:37:17 UTC 2024] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri Feb 9 06:37:17 UTC 2024] timeout=
touch: cannot touch '/.acme.sh/http.header': Permission denied
[Fri Feb 9 06:37:17 UTC 2024] HTTP_HEADER='/tmp/tmp.t9ItG7Wj9b'
[Fri Feb 9 06:37:17 UTC 2024] _CURL='curl --silent --dump-header /tmp/tmp.t9ItG7Wj9b -L --trace-ascii /tmp/tmp.wsVUBV9Qtc -g '
[Fri Feb 9 06:37:17 UTC 2024] ret='0'
[Fri Feb 9 06:37:17 UTC 2024] response='{
"1bJAIF6mLOc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri Feb 9 06:37:17 UTC 2024] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri Feb 9 06:37:17 UTC 2024] ACME_NEW_AUTHZ
[Fri Feb 9 06:37:17 UTC 2024] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Feb 9 06:37:17 UTC 2024] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri Feb 9 06:37:17 UTC 2024] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri Feb 9 06:37:17 UTC 2024] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Fri Feb 9 06:37:17 UTC 2024] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
/home/diter/.acme.sh/acme.sh: line 2312: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2312: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2312: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2312: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2312: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2312: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2354: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2354: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2354: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
/home/diter/.acme.sh/acme.sh: line 2312: /.acme.sh/mailserver.simonacanni.it_ecc/mailserver.simonacanni.it.conf: Permission denied
[Fri Feb 9 06:37:17 UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 9 06:37:17 UTC 2024] _on_before_issue
[Fri Feb 9 06:37:17 UTC 2024] _chk_main_domain='mailserver.simonacanni.it'
[Fri Feb 9 06:37:17 UTC 2024] _chk_alt_domains='www.mailserver.simonacanni.it'
[Fri Feb 9 06:37:17 UTC 2024] '/srv/www/letssl/' does not contain 'no'
[Fri Feb 9 06:37:17 UTC 2024] Le_LocalAddress
[Fri Feb 9 06:37:17 UTC 2024] d='mailserver.simonacanni.it'
[Fri Feb 9 06:37:17 UTC 2024] Check for domain='mailserver.simonacanni.it'
[Fri Feb 9 06:37:17 UTC 2024] _currentRoot='/srv/www/letssl/'
[Fri Feb 9 06:37:17 UTC 2024] d='www.mailserver.simonacanni.it'
[Fri Feb 9 06:37:17 UTC 2024] Check for domain='www.mailserver.simonacanni.it'
[Fri Feb 9 06:37:17 UTC 2024] _currentRoot='/srv/www/letssl/'
[Fri Feb 9 06:37:17 UTC 2024] d
[Fri Feb 9 06:37:17 UTC 2024] '/srv/www/letssl/' does not contain 'apache'
[Fri Feb 9 06:37:17 UTC 2024] _saved_account_key_hash='IJ3e6Y7lD0MCoJETXaSV6k3d63cW7dPv4Q+z62i4aHY='
/home/diter/.acme.sh/acme.sh: line 3656: /.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key: Permission denied
[Fri Feb 9 06:37:17 UTC 2024] Using config home:/.acme.sh
[Fri Feb 9 06:37:17 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Feb 9 06:37:17 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri Feb 9 06:37:17 UTC 2024] _ACME_SERVER_PATH='directory'
[Fri Feb 9 06:37:17 UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 9 06:37:17 UTC 2024] Only RSA or EC key is supported. keyfile=/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
cat: /.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key: Permission denied
[Fri Feb 9 06:37:17 UTC 2024]
[Fri Feb 9 06:37:17 UTC 2024] _on_issue_err
[Fri Feb 9 06:37:17 UTC 2024] Please add '--debug' or '--log' to check more details.
[Fri Feb 9 06:37:17 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Fri Feb 9 06:37:17 UTC 2024] _chk_vlist
[Fri Feb 9 06:37:17 UTC 2024] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1l-fips 24 Aug 2021 SUSE release 150500.17.22.1
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.2 on Apr 3 2018 11:53:32
running on Linux version #1 SMP PREEMPT_DYNAMIC Tue Dec 5 10:06:35 UTC 2023 (2e4092e), release 5.14.21-150500.55.39-default, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#define WITH_READLINE 1
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /*debug*/
you can use acme.sh --issue --home '/home/diter/.acme.sh' -d xxxxx .......
to specify the working dir.
yes, the problem is that the program does not advertise that such important parameter is missing and ends up failing as a side effect.
While calling acme inside another process, and if the ENV is not forwarded from the parent to the child acme fail with something like
/home/user/.acme.sh/acme.sh: line 2312: /.acme.sh/site_ecc/site.it.conf: Permission denied
de facto trying, involountarly, to write inside the root file system!
This is NOT enought
This is what is needed (IE LE_WORKING_DIR is irrelevant)
So I suggest something like
Around line https://github.com/acmesh-official/acme.sh/blob/master/acme.sh#L11
Should be enought ?