search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.67k stars 4.91k forks source link

Can't issue Multi Domain on the same challenge-alias - dns_nsupdate #4996

Open LexaNz opened 7 months ago

LexaNz commented 7 months ago

I can successfully issue single domain certificate, but when I need 2 SANs then the verification failed.

I got no issue with single domain, but only with ZeroSSL and this edit - https://github.com/acmesh-official/acme.sh/pull/4973/files

Not the case in this issue, using the latest version the let's encrypt server (see the upgrade before the issue)

DNS backend is BIND, with two views, internal and external. CNAME and TXT records are all correct - please see DIG output in the next comment.

real domain obfuscated by 'mydomain.net'

Steps to reproduce

See acme-.sh cmd in the log provided ( BIND DNS backend )

Debug log


acme.sh --upgrade                                                                                                                     Mon 12 Feb 2024 14:37:27
[Mon 12 Feb 2024 14:37:30 NZDT] Already uptodate!
[Mon 12 Feb 2024 14:37:30 NZDT] Upgrade success!
 acme.sh --issue -d "calcifer.mydomain.net" --challenge-alias "mydomain.net" -d "smtp.mydomain.net" --challenge-alias "mydomain.net" --dns dns_nsupdate --dnssleep 120 --server letsencrypt --debug 2
[Mon 12 Feb 2024 14:37:45 NZDT] _selectServer try snames='zerossl.com,zerossl'
[Mon 12 Feb 2024 14:37:45 NZDT] _selectServer try snames='letsencrypt.org,letsencrypt'
[Mon 12 Feb 2024 14:37:45 NZDT] _selectServer match letsencrypt
[Mon 12 Feb 2024 14:37:45 NZDT] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Mon 12 Feb 2024 14:37:45 NZDT] Lets find script dir.
[Mon 12 Feb 2024 14:37:45 NZDT] _SCRIPT_='/opt/acme/acme.sh'
[Mon 12 Feb 2024 14:37:45 NZDT] _script='/opt/acme/acme.sh'
[Mon 12 Feb 2024 14:37:45 NZDT] _script_home='/opt/acme'
[Mon 12 Feb 2024 14:37:45 NZDT] Using config home:/opt/acme/data/
[Mon 12 Feb 2024 14:37:45 NZDT] LE_WORKING_DIR='/opt/acme'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Mon 12 Feb 2024 14:37:45 NZDT] Using server: https://acme-v02.api.letsencrypt.org/directory
[Mon 12 Feb 2024 14:37:45 NZDT] Running cmd: issue
[Mon 12 Feb 2024 14:37:45 NZDT] _main_domain='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _alt_domains='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] Using config home:/opt/acme/data/
[Mon 12 Feb 2024 14:37:45 NZDT] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 12 Feb 2024 14:37:45 NZDT] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Mon 12 Feb 2024 14:37:45 NZDT] _ACME_SERVER_PATH='directory'
[Mon 12 Feb 2024 14:37:45 NZDT] DOMAIN_PATH='/etc/ssl/calcifer.mydomain.net_ecc'
[Mon 12 Feb 2024 14:37:45 NZDT] 'dns_nsupdate' does not contain 'dns'
[Mon 12 Feb 2024 14:37:45 NZDT] Le_NextRenewTime
[Mon 12 Feb 2024 14:37:45 NZDT] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon 12 Feb 2024 14:37:45 NZDT] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon 12 Feb 2024 14:37:45 NZDT] GET
[Mon 12 Feb 2024 14:37:45 NZDT] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon 12 Feb 2024 14:37:45 NZDT] timeout=
[Mon 12 Feb 2024 14:37:45 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.SxzzCgGzMP  -g '
[Mon 12 Feb 2024 14:37:45 NZDT] ret='0'
[Mon 12 Feb 2024 14:37:45 NZDT] response='{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
  "ytnkcOHGBws": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}'
[Mon 12 Feb 2024 14:37:45 NZDT] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon 12 Feb 2024 14:37:45 NZDT] ACME_NEW_AUTHZ
[Mon 12 Feb 2024 14:37:45 NZDT] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 12 Feb 2024 14:37:45 NZDT] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon 12 Feb 2024 14:37:45 NZDT] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon 12 Feb 2024 14:37:45 NZDT] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Mon 12 Feb 2024 14:37:45 NZDT] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon 12 Feb 2024 14:37:45 NZDT] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 12 Feb 2024 14:37:45 NZDT] _on_before_issue
[Mon 12 Feb 2024 14:37:45 NZDT] _chk_main_domain='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _chk_alt_domains='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] 'dns_nsupdate' does not contain 'no'
[Mon 12 Feb 2024 14:37:45 NZDT] Le_LocalAddress
[Mon 12 Feb 2024 14:37:45 NZDT] d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] Check for domain='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _currentRoot='dns_nsupdate'
[Mon 12 Feb 2024 14:37:45 NZDT] d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] Check for domain='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _currentRoot='dns_nsupdate'
[Mon 12 Feb 2024 14:37:45 NZDT] d
[Mon 12 Feb 2024 14:37:45 NZDT] 'dns_nsupdate' does not contain 'apache'
[Mon 12 Feb 2024 14:37:45 NZDT] _saved_account_key_hash='sD6sZSB7LovPykNTR1tqBDQr1OvXAPBeD+KBzUAWqlA='
[Mon 12 Feb 2024 14:37:45 NZDT] _saved_account_key_hash is not changed, skip register account.
[Mon 12 Feb 2024 14:37:45 NZDT] Read key length:ec-256
[Mon 12 Feb 2024 14:37:45 NZDT] _createcsr
[Mon 12 Feb 2024 14:37:45 NZDT] domain='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] domainlist='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] csrkey='/etc/ssl/calcifer.mydomain.net_ecc/calcifer.mydomain.net.key'
[Mon 12 Feb 2024 14:37:45 NZDT] csr='/etc/ssl/calcifer.mydomain.net_ecc/calcifer.mydomain.net.csr'
[Mon 12 Feb 2024 14:37:45 NZDT] csrconf='/etc/ssl/calcifer.mydomain.net_ecc/calcifer.mydomain.net.csr.conf'
[Mon 12 Feb 2024 14:37:45 NZDT] _is_idn_d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _idn_temp
[Mon 12 Feb 2024 14:37:45 NZDT] domainlist='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] seg='calcifer'
[Mon 12 Feb 2024 14:37:45 NZDT] _is_idn_d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _idn_temp
[Mon 12 Feb 2024 14:37:45 NZDT] seg='smtp'
[Mon 12 Feb 2024 14:37:45 NZDT] Multi domain='DNS:calcifer.mydomain.net,DNS:smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _is_idn_d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _idn_temp
[Mon 12 Feb 2024 14:37:45 NZDT] _csr_cn='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] seg='calcifer'
[Mon 12 Feb 2024 14:37:45 NZDT] Getting domain auth token for each domain
[Mon 12 Feb 2024 14:37:45 NZDT] seg='calcifer'
[Mon 12 Feb 2024 14:37:45 NZDT] _is_idn_d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:45 NZDT] _idn_temp
[Mon 12 Feb 2024 14:37:46 NZDT] d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:46 NZDT] seg='smtp'
[Mon 12 Feb 2024 14:37:46 NZDT] _is_idn_d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:46 NZDT] _idn_temp
[Mon 12 Feb 2024 14:37:46 NZDT] d
[Mon 12 Feb 2024 14:37:46 NZDT] _identifiers='{"type":"dns","value":"calcifer.mydomain.net"},{"type":"dns","value":"smtp.mydomain.net"}'
[Mon 12 Feb 2024 14:37:46 NZDT] _notBefore
[Mon 12 Feb 2024 14:37:46 NZDT] _notAfter
[Mon 12 Feb 2024 14:37:46 NZDT] STEP 1, Ordering a Certificate
[Mon 12 Feb 2024 14:37:46 NZDT] =======Begin Send Signed Request=======
[Mon 12 Feb 2024 14:37:46 NZDT] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 12 Feb 2024 14:37:46 NZDT] payload='{"identifiers": [{"type":"dns","value":"calcifer.mydomain.net"},{"type":"dns","value":"smtp.mydomain.net"}]}'
[Mon 12 Feb 2024 14:37:46 NZDT] EC key
[Mon 12 Feb 2024 14:37:46 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:37:46 NZDT] xargs
[Mon 12 Feb 2024 14:37:46 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:37:46 NZDT] xargs
[Mon 12 Feb 2024 14:37:46 NZDT] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon 12 Feb 2024 14:37:46 NZDT] HEAD
[Mon 12 Feb 2024 14:37:46 NZDT] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon 12 Feb 2024 14:37:46 NZDT] body
[Mon 12 Feb 2024 14:37:46 NZDT] _postContentType='application/jose+json'
[Mon 12 Feb 2024 14:37:46 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.l3vIlyt8hr  -g  -I  '
[Mon 12 Feb 2024 14:37:46 NZDT] _ret='0'
[Mon 12 Feb 2024 14:37:46 NZDT] _headers='HTTP/2 200 
server: nginx
date: Mon, 12 Feb 2024 01:37:46 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: HpY91-Gp7m5qKqiGZxPMdP8Ulpqu-LvPVe0r2S7caf4_6KO6VAI
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon 12 Feb 2024 14:37:46 NZDT] _CACHED_NONCE='HpY91-Gp7m5qKqiGZxPMdP8Ulpqu-LvPVe0r2S7caf4_6KO6VAI'
[Mon 12 Feb 2024 14:37:46 NZDT] nonce='HpY91-Gp7m5qKqiGZxPMdP8Ulpqu-LvPVe0r2S7caf4_6KO6VAI'
[Mon 12 Feb 2024 14:37:46 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:37:46 NZDT] xargs
[Mon 12 Feb 2024 14:37:46 NZDT] POST
[Mon 12 Feb 2024 14:37:46 NZDT] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 12 Feb 2024 14:37:46 NZDT] body='{"protected": "eyJub25jZSI6ICJIcFk5MS1HcDdtNXFLcWlHWnhQTWRQOFVscHF1LUx2UFZlMHIyUzdjYWY0XzZLTzZWQUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU0MTc5Njk2NiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImNhbGNpZmVyLnRyaWJ1dHV4Lm5ldCJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoic210cC50cmlidXR1eC5uZXQifV19", "signature": "tz54ZTmv-DTN3CC2_DrFfHbeekG_FbCFX8jsf19y7uIxGx9faWQhLxlbTEIQZBLZV2-BJnx-ydtRsmEex5Nmeg"}'
[Mon 12 Feb 2024 14:37:46 NZDT] _postContentType='application/jose+json'
[Mon 12 Feb 2024 14:37:46 NZDT] Http already initialized.
[Mon 12 Feb 2024 14:37:46 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.l3vIlyt8hr  -g '
[Mon 12 Feb 2024 14:37:46 NZDT] _ret='0'
[Mon 12 Feb 2024 14:37:46 NZDT] responseHeaders='HTTP/2 201 
server: nginx
date: Mon, 12 Feb 2024 01:37:46 GMT
content-type: application/json
content-length: 487
boulder-requester: 1541796966
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/1541796966/243759317307
replay-nonce: 6HUcA-o58AoX03AkMor3fknl-sKkwyeFNEFNfvTPnoWSqt4WRFs
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon 12 Feb 2024 14:37:46 NZDT] code='201'
[Mon 12 Feb 2024 14:37:46 NZDT] original='{
  "status": "pending",
  "expires": "2024-02-19T01:37:46Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "calcifer.mydomain.net"
    },
    {
      "type": "dns",
      "value": "smtp.mydomain.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1541796966/243759317307"
}'
[Mon 12 Feb 2024 14:37:46 NZDT] response='{"status":"pending","expires":"2024-02-19T01:37:46Z","identifiers":[{"type":"dns","value":"calcifer.mydomain.net"},{"type":"dns","value":"smtp.mydomain.net"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067","https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1541796966/243759317307"}'
[Mon 12 Feb 2024 14:37:46 NZDT] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1541796966/243759317307'
[Mon 12 Feb 2024 14:37:46 NZDT] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1541796966/243759317307'
[Mon 12 Feb 2024 14:37:46 NZDT] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067,https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077'
[Mon 12 Feb 2024 14:37:46 NZDT] STEP 2, Get the authorizations of each domain
[Mon 12 Feb 2024 14:37:46 NZDT] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:37:46 NZDT] =======Begin Send Signed Request=======
[Mon 12 Feb 2024 14:37:46 NZDT] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:37:46 NZDT] payload
[Mon 12 Feb 2024 14:37:46 NZDT] Use cached jwk for file: /opt/acme/data//ca/acme-v02.api.letsencrypt.org/directory/account.key
[Mon 12 Feb 2024 14:37:46 NZDT] Use _CACHED_NONCE='6HUcA-o58AoX03AkMor3fknl-sKkwyeFNEFNfvTPnoWSqt4WRFs'
[Mon 12 Feb 2024 14:37:46 NZDT] nonce='6HUcA-o58AoX03AkMor3fknl-sKkwyeFNEFNfvTPnoWSqt4WRFs'
[Mon 12 Feb 2024 14:37:46 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:37:46 NZDT] xargs
[Mon 12 Feb 2024 14:37:46 NZDT] POST
[Mon 12 Feb 2024 14:37:46 NZDT] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:37:46 NZDT] body='{"protected": "eyJub25jZSI6ICI2SFVjQS1vNThBb1gwM0FrTW9yM2Zrbmwtc0trd3llRk5FRk5mdlRQbm9XU3F0NFdSRnMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxNDI0MTk2NTA2NyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU0MTc5Njk2NiJ9", "payload": "", "signature": "24MSYDucvrrUT8sw8w1KxfNbtky8Nk4H2hQJn5pAYxWXeMCFTd39lVd-mX8i6d8EONI_dOt5Dh_EkTJGgVTHQw"}'
[Mon 12 Feb 2024 14:37:46 NZDT] _postContentType='application/jose+json'
[Mon 12 Feb 2024 14:37:46 NZDT] Http already initialized.
[Mon 12 Feb 2024 14:37:46 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.l3vIlyt8hr  -g '
[Mon 12 Feb 2024 14:37:47 NZDT] _ret='0'
[Mon 12 Feb 2024 14:37:47 NZDT] responseHeaders='HTTP/2 200 
server: nginx
date: Mon, 12 Feb 2024 01:37:47 GMT
content-type: application/json
content-length: 805
boulder-requester: 1541796966
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: HWHXB1ul1NElxQDAhMh-zUtOLdBZN7CS8pKH0cjth9pjsxPWQ-I
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon 12 Feb 2024 14:37:47 NZDT] code='200'
[Mon 12 Feb 2024 14:37:47 NZDT] original='{
  "identifier": {
    "type": "dns",
    "value": "calcifer.mydomain.net"
  },
  "status": "pending",
  "expires": "2024-02-19T01:37:46Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/4K_4EA",
      "token": "RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg",
      "token": "RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/M-lqpg",
      "token": "RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"
    }
  ]
}'
[Mon 12 Feb 2024 14:37:47 NZDT] response='{"identifier":{"type":"dns","value":"calcifer.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/4K_4EA","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/M-lqpg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"}]}'
[Mon 12 Feb 2024 14:37:47 NZDT] response='{"identifier":{"type":"dns","value":"calcifer.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/4K_4EA","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/M-lqpg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"}]}'
[Mon 12 Feb 2024 14:37:47 NZDT] _d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077'
[Mon 12 Feb 2024 14:37:47 NZDT] =======Begin Send Signed Request=======
[Mon 12 Feb 2024 14:37:47 NZDT] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077'
[Mon 12 Feb 2024 14:37:47 NZDT] payload
[Mon 12 Feb 2024 14:37:47 NZDT] Use cached jwk for file: /opt/acme/data//ca/acme-v02.api.letsencrypt.org/directory/account.key
[Mon 12 Feb 2024 14:37:47 NZDT] Use _CACHED_NONCE='HWHXB1ul1NElxQDAhMh-zUtOLdBZN7CS8pKH0cjth9pjsxPWQ-I'
[Mon 12 Feb 2024 14:37:47 NZDT] nonce='HWHXB1ul1NElxQDAhMh-zUtOLdBZN7CS8pKH0cjth9pjsxPWQ-I'
[Mon 12 Feb 2024 14:37:47 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:37:47 NZDT] xargs
[Mon 12 Feb 2024 14:37:47 NZDT] POST
[Mon 12 Feb 2024 14:37:47 NZDT] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077'
[Mon 12 Feb 2024 14:37:47 NZDT] body='{"protected": "eyJub25jZSI6ICJIV0hYQjF1bDFORWx4UURBaE1oLXpVdE9MZEJaTjdDUzhwS0gwY2p0aDlwanN4UFdRLUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxNDI0MTk2NTA3NyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU0MTc5Njk2NiJ9", "payload": "", "signature": "Wbe7jKx4a_Sv6gLi_zZLsF0p3mU71XEh3Kk0YipUiWNZ0D3u2looP1FiJzjum0kpsIA_w61ysZ1HjnP8Ec1mxQ"}'
[Mon 12 Feb 2024 14:37:47 NZDT] _postContentType='application/jose+json'
[Mon 12 Feb 2024 14:37:47 NZDT] Http already initialized.
[Mon 12 Feb 2024 14:37:47 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.l3vIlyt8hr  -g '
[Mon 12 Feb 2024 14:37:47 NZDT] _ret='0'
[Mon 12 Feb 2024 14:37:47 NZDT] responseHeaders='HTTP/2 200 
server: nginx
date: Mon, 12 Feb 2024 01:37:47 GMT
content-type: application/json
content-length: 801
boulder-requester: 1541796966
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: HpY91-GpwkLv_xwAymvjDMEjw6avtAjYmVNyCEcGvi8qlbNSoJA
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon 12 Feb 2024 14:37:47 NZDT] code='200'
[Mon 12 Feb 2024 14:37:47 NZDT] original='{
  "identifier": {
    "type": "dns",
    "value": "smtp.mydomain.net"
  },
  "status": "pending",
  "expires": "2024-02-19T01:37:46Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hRtIdA",
      "token": "w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A",
      "token": "w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/mWqIUg",
      "token": "w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"
    }
  ]
}'
[Mon 12 Feb 2024 14:37:47 NZDT] response='{"identifier":{"type":"dns","value":"smtp.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hRtIdA","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/mWqIUg","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"}]}'
[Mon 12 Feb 2024 14:37:47 NZDT] response='{"identifier":{"type":"dns","value":"smtp.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hRtIdA","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/mWqIUg","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"}]}'
[Mon 12 Feb 2024 14:37:47 NZDT] _d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] _authorizations_map='smtp.mydomain.net,{"identifier":{"type":"dns","value":"smtp.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hRtIdA","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/mWqIUg","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077
calcifer.mydomain.net,{"identifier":{"type":"dns","value":"calcifer.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/4K_4EA","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/M-lqpg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067
'
[Mon 12 Feb 2024 14:37:47 NZDT] d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] Getting webroot for domain='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] _w='dns_nsupdate'
[Mon 12 Feb 2024 14:37:47 NZDT] _currentRoot='dns_nsupdate'
[Mon 12 Feb 2024 14:37:47 NZDT] _is_idn_d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] _idn_temp
[Mon 12 Feb 2024 14:37:47 NZDT] _candidates='calcifer.mydomain.net,{"identifier":{"type":"dns","value":"calcifer.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/4K_4EA","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/M-lqpg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:37:47 NZDT] response='{"identifier":{"type":"dns","value":"calcifer.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/4K_4EA","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/M-lqpg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:37:47 NZDT] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:37:47 NZDT] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"'
[Mon 12 Feb 2024 14:37:47 NZDT] token='RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q'
[Mon 12 Feb 2024 14:37:47 NZDT] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg'
[Mon 12 Feb 2024 14:37:47 NZDT] keyauthorization='RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw'
[Mon 12 Feb 2024 14:37:47 NZDT] dvlist='calcifer.mydomain.net#RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw#https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg#dns-01#dns_nsupdate#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:37:47 NZDT] d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] Getting webroot for domain='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] _w='dns_nsupdate'
[Mon 12 Feb 2024 14:37:47 NZDT] _currentRoot='dns_nsupdate'
[Mon 12 Feb 2024 14:37:47 NZDT] _is_idn_d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] _idn_temp
[Mon 12 Feb 2024 14:37:47 NZDT] _candidates='smtp.mydomain.net,{"identifier":{"type":"dns","value":"smtp.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hRtIdA","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/mWqIUg","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077'
[Mon 12 Feb 2024 14:37:47 NZDT] response='{"identifier":{"type":"dns","value":"smtp.mydomain.net"},"status":"pending","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hRtIdA","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/mWqIUg","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077'
[Mon 12 Feb 2024 14:37:47 NZDT] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077'
[Mon 12 Feb 2024 14:37:47 NZDT] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"'
[Mon 12 Feb 2024 14:37:47 NZDT] token='w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE'
[Mon 12 Feb 2024 14:37:47 NZDT] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A'
[Mon 12 Feb 2024 14:37:47 NZDT] keyauthorization='w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw'
[Mon 12 Feb 2024 14:37:47 NZDT] dvlist='smtp.mydomain.net#w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw#https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A#dns-01#dns_nsupdate#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077'
[Mon 12 Feb 2024 14:37:47 NZDT] d
[Mon 12 Feb 2024 14:37:47 NZDT] vlist='calcifer.mydomain.net#RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw#https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg#dns-01#dns_nsupdate#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067,smtp.mydomain.net#w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw#https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A#dns-01#dns_nsupdate#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077,'
[Mon 12 Feb 2024 14:37:47 NZDT] d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] _d_alias='mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] txtdomain='_acme-challenge.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] txt='yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo'
[Mon 12 Feb 2024 14:37:47 NZDT] d_api='/opt/acme/dnsapi/dns_nsupdate.sh'
[Mon 12 Feb 2024 14:37:47 NZDT] dns_entry='calcifer.mydomain.net,_acme-challenge.calcifer.mydomain.net,_acme-challenge.mydomain.net,dns_nsupdate,yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo,/opt/acme/dnsapi/dns_nsupdate.sh'
[Mon 12 Feb 2024 14:37:47 NZDT] Found domain api file: /opt/acme/dnsapi/dns_nsupdate.sh
[Mon 12 Feb 2024 14:37:47 NZDT] Adding txt value: yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo for domain:  _acme-challenge.mydomain.net
[Mon 12 Feb 2024 14:37:47 NZDT] adding _acme-challenge.mydomain.net. 60 in txt "yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo"
setup_system()
Creating key...
Creating key...
namefromtext
keycreate
reset_system()
user_interaction()
do_next_command()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
start_update()
recvsoa()
About to create rcvmsg
show_message()
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  48011
;; flags: qr aa; QUESTION: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;_acme-challenge.mydomain.net.  IN      SOA

;; ANSWER SECTION:
_acme-challenge.mydomain.net. 60 IN     SOA     calcifer.mydomain.net. admin.mydomain.net. 2024013159 7200 3600 2419200 7200

;; AUTHORITY SECTION:
_acme-challenge.mydomain.net. 60 IN     NS      calcifer.mydomain.net.

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701867 300 64 LIhO660/kUMRR0TcnKlZ1opA8sgCRkx0WKGEoUnnrvfh65c849ndUFTT dvqGNQBUhAB3ABtlnmPgR1FaKtPPVA== 48011 NOERROR 0 

Found zone name: _acme-challenge.mydomain.net
The primary is: calcifer.mydomain.net
send_update()
Sending update to 172.23.0.1#53
show_message()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  48200
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; UPDATE SECTION:
_acme-challenge.mydomain.net. 60 IN     TXT     "yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo"

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701867 300 64 0NCdc404Lc3ovyREt4crOMjD4JB7jtfd6Nz0e8Yau0Lo85WedYglw3pt 0wuOgd85M7hOXnC3K1CPHldsl8tzOA== 48200 NOERROR 0 

Out of recvsoa
update_completed()
tsig verification successful
show_message()

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  48200
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;_acme-challenge.mydomain.net.  IN      SOA

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701867 300 64 DygHBXnU8id3yVGfcBiNfeaUxMkK3eITVBF6ijr5b0LYr95qkI9N4lbO 3d+Ld2w3l+URVSP2WUqvpRqpnXSXOg== 48200 NOERROR 0 

done_update()
reset_system()
user_interaction()
cleanup()
Shutting down managers
shutdown_program()
Shutting down request manager
Freeing TSIG key
Destroying request manager
Freeing the dispatchers
Shutting down dispatch manager
Destroying event
Removing log context
Destroying memory context
Destroy DST lib
[Mon 12 Feb 2024 14:37:47 NZDT] The txt record is added: Success.
[Mon 12 Feb 2024 14:37:47 NZDT] calcifer.mydomain.net,_acme-challenge.calcifer.mydomain.net,_acme-challenge.mydomain.net,dns_nsupdate,yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo,/opt/acme/dnsapi/dns_nsupdate.sh

[Mon 12 Feb 2024 14:37:47 NZDT] d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] _d_alias='mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] txtdomain='_acme-challenge.mydomain.net'
[Mon 12 Feb 2024 14:37:47 NZDT] txt='XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI'
[Mon 12 Feb 2024 14:37:47 NZDT] d_api='/opt/acme/dnsapi/dns_nsupdate.sh'
[Mon 12 Feb 2024 14:37:47 NZDT] dns_entry='smtp.mydomain.net,_acme-challenge.smtp.mydomain.net,_acme-challenge.mydomain.net,dns_nsupdate,XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI,/opt/acme/dnsapi/dns_nsupdate.sh'
[Mon 12 Feb 2024 14:37:47 NZDT] Found domain api file: /opt/acme/dnsapi/dns_nsupdate.sh
[Mon 12 Feb 2024 14:37:47 NZDT] Adding txt value: XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI for domain:  _acme-challenge.mydomain.net
[Mon 12 Feb 2024 14:37:47 NZDT] adding _acme-challenge.mydomain.net. 60 in txt "XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI"
setup_system()
Creating key...
Creating key...
namefromtext
keycreate
reset_system()
user_interaction()
do_next_command()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
start_update()
recvsoa()
About to create rcvmsg
show_message()
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  29870
;; flags: qr aa; QUESTION: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;_acme-challenge.mydomain.net.  IN      SOA

;; ANSWER SECTION:
_acme-challenge.mydomain.net. 60 IN     SOA     calcifer.mydomain.net. admin.mydomain.net. 2024013160 7200 3600 2419200 7200

;; AUTHORITY SECTION:
_acme-challenge.mydomain.net. 60 IN     NS      calcifer.mydomain.net.

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701867 300 64 F1JNiQLb0rz2+0K6lu9fxfwOGhrdND4ovIl2BfTvSJMRAA55mPiN93oT joPvp9Lj5BLvjDqcArxK0+5Aw0RlOg== 29870 NOERROR 0 

Found zone name: _acme-challenge.mydomain.net
The primary is: calcifer.mydomain.net
send_update()
Sending update to 172.23.0.1#53
show_message()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  25702
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; UPDATE SECTION:
_acme-challenge.mydomain.net. 60 IN     TXT     "XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI"

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701867 300 64 mvkvgqg9S1GrhD7XIy3XoHJUBqM/D01xUmkJIZiompsXEC3rr1/3MySl VU8VD8vNFmgpmHwAIxqHhaFTuCGByQ== 25702 NOERROR 0 

Out of recvsoa
update_completed()
tsig verification successful
show_message()

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  25702
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;_acme-challenge.mydomain.net.  IN      SOA

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701867 300 64 5e9BJWgSNJfRVzAcf3gMumMpzIgVfUsb1Kpogi+MjwHOUk07tCNiMS8F +QeBC6pRzwuIqE9v6K1aCUGmXxOFog== 25702 NOERROR 0 

done_update()
reset_system()
user_interaction()
cleanup()
Shutting down managers
shutdown_program()
Shutting down request manager
Freeing TSIG key
Destroying request manager
Freeing the dispatchers
Shutting down dispatch manager
Destroying event
Removing log context
Destroying memory context
Destroy DST lib
[Mon 12 Feb 2024 14:37:47 NZDT] The txt record is added: Success.
[Mon 12 Feb 2024 14:37:47 NZDT] calcifer.mydomain.net,_acme-challenge.calcifer.mydomain.net,_acme-challenge.mydomain.net,dns_nsupdate,yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo,/opt/acme/dnsapi/dns_nsupdate.sh
smtp.mydomain.net,_acme-challenge.smtp.mydomain.net,_acme-challenge.mydomain.net,dns_nsupdate,XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI,/opt/acme/dnsapi/dns_nsupdate.sh

[Mon 12 Feb 2024 14:37:47 NZDT] Sleep 120 seconds for the txt records to take effect
[Mon 12 Feb 2024 14:39:49 NZDT] ok, let's start to verify
[Mon 12 Feb 2024 14:39:49 NZDT] Verifying: calcifer.mydomain.net
[Mon 12 Feb 2024 14:39:49 NZDT] d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:39:49 NZDT] keyauthorization='RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw'
[Mon 12 Feb 2024 14:39:49 NZDT] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg'
[Mon 12 Feb 2024 14:39:49 NZDT] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:39:49 NZDT] _currentRoot='dns_nsupdate'
[Mon 12 Feb 2024 14:39:49 NZDT] Trigger domain validation.
[Mon 12 Feb 2024 14:39:49 NZDT] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg'
[Mon 12 Feb 2024 14:39:49 NZDT] _t_key_authz='RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw'
[Mon 12 Feb 2024 14:39:49 NZDT] _t_vtype='dns-01'
[Mon 12 Feb 2024 14:39:49 NZDT] =======Begin Send Signed Request=======
[Mon 12 Feb 2024 14:39:49 NZDT] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg'
[Mon 12 Feb 2024 14:39:49 NZDT] payload='{}'
[Mon 12 Feb 2024 14:39:49 NZDT] Use cached jwk for file: /opt/acme/data//ca/acme-v02.api.letsencrypt.org/directory/account.key
[Mon 12 Feb 2024 14:39:49 NZDT] Use _CACHED_NONCE='HpY91-GpwkLv_xwAymvjDMEjw6avtAjYmVNyCEcGvi8qlbNSoJA'
[Mon 12 Feb 2024 14:39:49 NZDT] nonce='HpY91-GpwkLv_xwAymvjDMEjw6avtAjYmVNyCEcGvi8qlbNSoJA'
[Mon 12 Feb 2024 14:39:49 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:39:49 NZDT] xargs
[Mon 12 Feb 2024 14:39:49 NZDT] POST
[Mon 12 Feb 2024 14:39:49 NZDT] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg'
[Mon 12 Feb 2024 14:39:49 NZDT] body='{"protected": "eyJub25jZSI6ICJIcFk5MS1HcHdrTHZfeHdBeW12akRNRWp3NmF2dEFqWW1WTnlDRWNHdmk4cWxiTlNvSkEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMxNDI0MTk2NTA2Ny9fbWpJbGciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE1NDE3OTY5NjYifQ", "payload": "e30", "signature": "eW1VYTALl26HU-JZxIXxHGN6DYEg_0njC5n72moW1nr0GVdB0sJE_Yqzd3kiGzkVjbT9OJ0pSkbZ5wc5U1Uo1A"}'
[Mon 12 Feb 2024 14:39:49 NZDT] _postContentType='application/jose+json'
[Mon 12 Feb 2024 14:39:49 NZDT] Http already initialized.
[Mon 12 Feb 2024 14:39:49 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.l3vIlyt8hr  -g '
[Mon 12 Feb 2024 14:39:49 NZDT] _ret='0'
[Mon 12 Feb 2024 14:39:49 NZDT] responseHeaders='HTTP/2 200 
server: nginx
date: Mon, 12 Feb 2024 01:39:49 GMT
content-type: application/json
content-length: 186
boulder-requester: 1541796966
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg
replay-nonce: HWHXB1ulx-OlnImsR8sawTpZEmfIAogw9IfHb0qYnAejFveXiF4
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon 12 Feb 2024 14:39:49 NZDT] code='200'
[Mon 12 Feb 2024 14:39:49 NZDT] original='{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg",
  "token": "RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"
}'
[Mon 12 Feb 2024 14:39:49 NZDT] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"}'
[Mon 12 Feb 2024 14:39:49 NZDT] trigger validation code: 200
[Mon 12 Feb 2024 14:39:49 NZDT] Lets check the status of the authz
[Mon 12 Feb 2024 14:39:49 NZDT] original='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"}'
[Mon 12 Feb 2024 14:39:49 NZDT] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q"}'
[Mon 12 Feb 2024 14:39:49 NZDT] status='pending'
[Mon 12 Feb 2024 14:39:49 NZDT] Pending, The CA is processing your order, please just wait. (1/30)
[Mon 12 Feb 2024 14:39:49 NZDT] sleep 2 secs to verify again
[Mon 12 Feb 2024 14:39:52 NZDT] checking
[Mon 12 Feb 2024 14:39:52 NZDT] =======Begin Send Signed Request=======
[Mon 12 Feb 2024 14:39:52 NZDT] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:39:52 NZDT] payload
[Mon 12 Feb 2024 14:39:52 NZDT] Use cached jwk for file: /opt/acme/data//ca/acme-v02.api.letsencrypt.org/directory/account.key
[Mon 12 Feb 2024 14:39:52 NZDT] Use _CACHED_NONCE='HWHXB1ulx-OlnImsR8sawTpZEmfIAogw9IfHb0qYnAejFveXiF4'
[Mon 12 Feb 2024 14:39:52 NZDT] nonce='HWHXB1ulx-OlnImsR8sawTpZEmfIAogw9IfHb0qYnAejFveXiF4'
[Mon 12 Feb 2024 14:39:52 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:39:52 NZDT] xargs
[Mon 12 Feb 2024 14:39:52 NZDT] POST
[Mon 12 Feb 2024 14:39:52 NZDT] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067'
[Mon 12 Feb 2024 14:39:52 NZDT] body='{"protected": "eyJub25jZSI6ICJIV0hYQjF1bHgtT2xuSW1zUjhzYXdUcFpFbWZJQW9ndzlJZkhiMHFZbkFlakZ2ZVhpRjQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxNDI0MTk2NTA2NyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU0MTc5Njk2NiJ9", "payload": "", "signature": "2s5390GVE8HH0YjXYz3x0ZrX51XrLAvPMc6Mo-wWJ48GfCg2vD7N9M1RxEMIVkE_WrL1xYFPC2NpLaXQ9zBpfQ"}'
[Mon 12 Feb 2024 14:39:52 NZDT] _postContentType='application/jose+json'
[Mon 12 Feb 2024 14:39:52 NZDT] Http already initialized.
[Mon 12 Feb 2024 14:39:52 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.l3vIlyt8hr  -g '
[Mon 12 Feb 2024 14:39:52 NZDT] _ret='0'
[Mon 12 Feb 2024 14:39:52 NZDT] responseHeaders='HTTP/2 200 
server: nginx
date: Mon, 12 Feb 2024 01:39:52 GMT
content-type: application/json
content-length: 665
boulder-requester: 1541796966
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 63lPIS7zoK30fYZEajuIgMc7GSh-ppR22iQ88twLO8lNnv3niXA
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon 12 Feb 2024 14:39:52 NZDT] code='200'
[Mon 12 Feb 2024 14:39:52 NZDT] original='{
  "identifier": {
    "type": "dns",
    "value": "calcifer.mydomain.net"
  },
  "status": "invalid",
  "expires": "2024-02-19T01:37:46Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.calcifer.mydomain.net - check that a DNS record exists for this domain",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg",
      "token": "RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q",
      "validated": "2024-02-12T01:39:49Z"
    }
  ]
}'
[Mon 12 Feb 2024 14:39:52 NZDT] response='{"identifier":{"type":"dns","value":"calcifer.mydomain.net"},"status":"invalid","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.calcifer.mydomain.net - check that a DNS record exists for this domain","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q","validated":"2024-02-12T01:39:49Z"}]}'
[Mon 12 Feb 2024 14:39:52 NZDT] original='{"identifier":{"type":"dns","value":"calcifer.mydomain.net"},"status":"invalid","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.calcifer.mydomain.net - check that a DNS record exists for this domain","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q","validated":"2024-02-12T01:39:49Z"}]}'
[Mon 12 Feb 2024 14:39:52 NZDT] response='{"identifier":{"type":"dns","value":"calcifer.mydomain.net"},"status":"invalid","expires":"2024-02-19T01:37:46Z","challenges":[{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.calcifer.mydomain.net - check that a DNS record exists for this domain","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg","token":"RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q","validated":"2024-02-12T01:39:49Z"}]}'
[Mon 12 Feb 2024 14:39:52 NZDT] status='invalid
invalid'
[Mon 12 Feb 2024 14:39:52 NZDT] error='"error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.calcifer.mydomain.net - check that a DNS record exists for this domain","status": 400'
[Mon 12 Feb 2024 14:39:52 NZDT] errordetail='DNS problem: NXDOMAIN looking up TXT for _acme-challenge.calcifer.mydomain.net - check that a DNS record exists for this domain'
[Mon 12 Feb 2024 14:39:52 NZDT] Invalid status, calcifer.mydomain.net:Verify error detail:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.calcifer.mydomain.net - check that a DNS record exists for this domain
[Mon 12 Feb 2024 14:39:52 NZDT] Skip for removelevel:
[Mon 12 Feb 2024 14:39:52 NZDT] pid
[Mon 12 Feb 2024 14:39:52 NZDT] No need to restore nginx, skip.
[Mon 12 Feb 2024 14:39:52 NZDT] _clearupdns
[Mon 12 Feb 2024 14:39:52 NZDT] dns_entries='calcifer.mydomain.net,_acme-challenge.calcifer.mydomain.net,_acme-challenge.mydomain.net,dns_nsupdate,yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo,/opt/acme/dnsapi/dns_nsupdate.sh
smtp.mydomain.net,_acme-challenge.smtp.mydomain.net,_acme-challenge.mydomain.net,dns_nsupdate,XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI,/opt/acme/dnsapi/dns_nsupdate.sh
'
[Mon 12 Feb 2024 14:39:52 NZDT] Removing DNS records.
[Mon 12 Feb 2024 14:39:52 NZDT] d='calcifer.mydomain.net'
[Mon 12 Feb 2024 14:39:52 NZDT] txtdomain='_acme-challenge.calcifer.mydomain.net'
[Mon 12 Feb 2024 14:39:52 NZDT] aliasDomain='_acme-challenge.mydomain.net'
[Mon 12 Feb 2024 14:39:52 NZDT] _currentRoot='dns_nsupdate'
[Mon 12 Feb 2024 14:39:52 NZDT] txt='yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo'
[Mon 12 Feb 2024 14:39:52 NZDT] d_api='/opt/acme/dnsapi/dns_nsupdate.sh'
[Mon 12 Feb 2024 14:39:52 NZDT] Removing txt: yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo for domain: _acme-challenge.mydomain.net
[Mon 12 Feb 2024 14:39:52 NZDT] removing _acme-challenge.mydomain.net. txt
setup_system()
Creating key...
Creating key...
namefromtext
keycreate
reset_system()
user_interaction()
do_next_command()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
start_update()
recvsoa()
About to create rcvmsg
show_message()
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  17292
;; flags: qr aa; QUESTION: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;_acme-challenge.mydomain.net.  IN      SOA

;; ANSWER SECTION:
_acme-challenge.mydomain.net. 60 IN     SOA     calcifer.mydomain.net. admin.mydomain.net. 2024013161 7200 3600 2419200 7200

;; AUTHORITY SECTION:
_acme-challenge.mydomain.net. 60 IN     NS      calcifer.mydomain.net.

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701993 300 64 DUMpNxK8C413X2b3J3bhKTQD+EFosnPnxd1VrjyJlThyD3blqDrV9QE5 VLDMEetyq595dRV4tWf1SdUbl6S04w== 17292 NOERROR 0 

Found zone name: _acme-challenge.mydomain.net
The primary is: calcifer.mydomain.net
send_update()
Sending update to 172.23.0.1#53
show_message()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  14586
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; UPDATE SECTION:
_acme-challenge.mydomain.net. 0 ANY     TXT

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701993 300 64 g6Wf+BJ0Pchp2tjkmc4tvJTXKk/nfgSt00jvG/kE5BhkEGjGyxShML5a VpsbAQGOh2GIG76+AccY7F43nG+fwQ== 14586 NOERROR 0 

Out of recvsoa
update_completed()
tsig verification successful
show_message()

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  14586
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;_acme-challenge.mydomain.net.  IN      SOA

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701993 300 64 VfB8+FxUGcdED2MtenA3lWx9t7Meg4YMcri7VpkBhdvX5fHGccRatPFT eDtMsoGdlf8LD9s3vfjD6VS0WNdKoA== 14586 NOERROR 0 

done_update()
reset_system()
user_interaction()
cleanup()
Shutting down managers
shutdown_program()
Shutting down request manager
Freeing TSIG key
Destroying request manager
Freeing the dispatchers
Shutting down dispatch manager
Destroying event
Removing log context
Destroying memory context
Destroy DST lib
[Mon 12 Feb 2024 14:39:53 NZDT] Removed: Success
[Mon 12 Feb 2024 14:39:53 NZDT] d='smtp.mydomain.net'
[Mon 12 Feb 2024 14:39:53 NZDT] txtdomain='_acme-challenge.smtp.mydomain.net'
[Mon 12 Feb 2024 14:39:53 NZDT] aliasDomain='_acme-challenge.mydomain.net'
[Mon 12 Feb 2024 14:39:53 NZDT] _currentRoot='dns_nsupdate'
[Mon 12 Feb 2024 14:39:53 NZDT] txt='XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI'
[Mon 12 Feb 2024 14:39:53 NZDT] d_api='/opt/acme/dnsapi/dns_nsupdate.sh'
[Mon 12 Feb 2024 14:39:53 NZDT] Removing txt: XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI for domain: _acme-challenge.mydomain.net
[Mon 12 Feb 2024 14:39:53 NZDT] removing _acme-challenge.mydomain.net. txt
setup_system()
Creating key...
Creating key...
namefromtext
keycreate
reset_system()
user_interaction()
do_next_command()
do_next_command()
evaluate_update()
update_addordelete()
do_next_command()
start_update()
recvsoa()
About to create rcvmsg
show_message()
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  58183
;; flags: qr aa; QUESTION: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;_acme-challenge.mydomain.net.  IN      SOA

;; ANSWER SECTION:
_acme-challenge.mydomain.net. 60 IN     SOA     calcifer.mydomain.net. admin.mydomain.net. 2024013162 7200 3600 2419200 7200

;; AUTHORITY SECTION:
_acme-challenge.mydomain.net. 60 IN     NS      calcifer.mydomain.net.

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701993 300 64 sQ5mNssBf6ksxwZeHmvd1E66CakmFzM6qiIGSfLWd1MW6JPgoQZy9mhy vXOJiMFjzvQDNBK9TJXLhrVwZ78rvg== 58183 NOERROR 0 

Found zone name: _acme-challenge.mydomain.net
The primary is: calcifer.mydomain.net
send_update()
Sending update to 172.23.0.1#53
show_message()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  65416
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; UPDATE SECTION:
_acme-challenge.mydomain.net. 0 ANY     TXT

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701993 300 64 grIiikP4VXjvS2EBByz09ZsCKBSOpWfucnhgMavAHyRrPg4HFg5Ew/ns ERMG/OAGNOesTOcPduiUB58VHXmB9Q== 65416 NOERROR 0 

Out of recvsoa
update_completed()
tsig verification successful
show_message()

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  65416
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;_acme-challenge.mydomain.net.  IN      SOA

;; TSIG PSEUDOSECTION:
acme-update.            0       ANY     TSIG    hmac-sha512. 1707701993 300 64 n0aTL2GpxfsyryCXyk0P/nOPqdGeT2/kc2zl635AGoY0mIKDOk1KuwVZ hTP+R4vuTpKD4/fc/9i8e41R7bZvZg== 65416 NOERROR 0 

done_update()
reset_system()
user_interaction()
cleanup()
Shutting down managers
shutdown_program()
Shutting down request manager
Freeing TSIG key
Destroying request manager
Freeing the dispatchers
Shutting down dispatch manager
Destroying event
Removing log context
Destroying memory context
Destroy DST lib
[Mon 12 Feb 2024 14:39:53 NZDT] Removed: Success
[Mon 12 Feb 2024 14:39:53 NZDT] _on_issue_err
[Mon 12 Feb 2024 14:39:53 NZDT] Please check log file for more details: /opt/acme/data/acme.sh.log
[Mon 12 Feb 2024 14:39:53 NZDT] _chk_vlist='calcifer.mydomain.net#RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw#https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg#dns-01#dns_nsupdate#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965067,smtp.mydomain.net#w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw#https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A#dns-01#dns_nsupdate#https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077,'
[Mon 12 Feb 2024 14:39:53 NZDT] start to deactivate authz
[Mon 12 Feb 2024 14:39:53 NZDT] Trigger domain validation.
[Mon 12 Feb 2024 14:39:53 NZDT] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg'
[Mon 12 Feb 2024 14:39:53 NZDT] _t_key_authz='RDlW2seVt6ctTvjX6ittajZl_qWe4DZmBzfkglof21Q.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw'
[Mon 12 Feb 2024 14:39:53 NZDT] _t_vtype
[Mon 12 Feb 2024 14:39:53 NZDT] =======Begin Send Signed Request=======
[Mon 12 Feb 2024 14:39:53 NZDT] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg'
[Mon 12 Feb 2024 14:39:53 NZDT] payload='{}'
[Mon 12 Feb 2024 14:39:53 NZDT] Use cached jwk for file: /opt/acme/data//ca/acme-v02.api.letsencrypt.org/directory/account.key
[Mon 12 Feb 2024 14:39:53 NZDT] Use _CACHED_NONCE='63lPIS7zoK30fYZEajuIgMc7GSh-ppR22iQ88twLO8lNnv3niXA'
[Mon 12 Feb 2024 14:39:53 NZDT] nonce='63lPIS7zoK30fYZEajuIgMc7GSh-ppR22iQ88twLO8lNnv3niXA'
[Mon 12 Feb 2024 14:39:53 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:39:53 NZDT] xargs
[Mon 12 Feb 2024 14:39:53 NZDT] POST
[Mon 12 Feb 2024 14:39:53 NZDT] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965067/_mjIlg'
[Mon 12 Feb 2024 14:39:53 NZDT] body='{"protected": "eyJub25jZSI6ICI2M2xQSVM3em9LMzBmWVpFYWp1SWdNYzdHU2gtcHBSMjJpUTg4dHdMTzhsTm52M25pWEEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMxNDI0MTk2NTA2Ny9fbWpJbGciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE1NDE3OTY5NjYifQ", "payload": "e30", "signature": "Qukbq9-dM0fJs_3I1_U5ZKicFtuje5nWLh3hVYo_AlA-r5qqvWszTxRatV8mB7iDHGgLidAWhnJxChLRP3HzsA"}'
[Mon 12 Feb 2024 14:39:53 NZDT] _postContentType='application/jose+json'
[Mon 12 Feb 2024 14:39:53 NZDT] Http already initialized.
[Mon 12 Feb 2024 14:39:53 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.l3vIlyt8hr  -g '
[Mon 12 Feb 2024 14:39:53 NZDT] _ret='0'
[Mon 12 Feb 2024 14:39:53 NZDT] responseHeaders='HTTP/2 400 
server: nginx
date: Mon, 12 Feb 2024 01:39:53 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 1541796966
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: HpY91-Gp-AxgtTeUA2o8UfN9T8cSzRFu9p_p6AQbdYFa0sOETkw
'
[Mon 12 Feb 2024 14:39:53 NZDT] code='400'
[Mon 12 Feb 2024 14:39:53 NZDT] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Mon 12 Feb 2024 14:39:53 NZDT] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Mon 12 Feb 2024 14:39:53 NZDT] Trigger domain validation.
[Mon 12 Feb 2024 14:39:53 NZDT] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A'
[Mon 12 Feb 2024 14:39:53 NZDT] _t_key_authz='w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE.oMIGgG0ALrcisnaXhZ0UQ2O5LO0vrWpG4A5D-VIjHBw'
[Mon 12 Feb 2024 14:39:53 NZDT] _t_vtype
[Mon 12 Feb 2024 14:39:53 NZDT] =======Begin Send Signed Request=======
[Mon 12 Feb 2024 14:39:53 NZDT] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A'
[Mon 12 Feb 2024 14:39:53 NZDT] payload='{}'
[Mon 12 Feb 2024 14:39:53 NZDT] Use cached jwk for file: /opt/acme/data//ca/acme-v02.api.letsencrypt.org/directory/account.key
[Mon 12 Feb 2024 14:39:53 NZDT] Use _CACHED_NONCE='HpY91-Gp-AxgtTeUA2o8UfN9T8cSzRFu9p_p6AQbdYFa0sOETkw'
[Mon 12 Feb 2024 14:39:53 NZDT] nonce='HpY91-Gp-AxgtTeUA2o8UfN9T8cSzRFu9p_p6AQbdYFa0sOETkw'
[Mon 12 Feb 2024 14:39:53 NZDT] _URGLY_PRINTF
[Mon 12 Feb 2024 14:39:53 NZDT] xargs
[Mon 12 Feb 2024 14:39:53 NZDT] POST
[Mon 12 Feb 2024 14:39:53 NZDT] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A'
[Mon 12 Feb 2024 14:39:53 NZDT] body='{"protected": "eyJub25jZSI6ICJIcFk5MS1HcC1BeGd0VGVVQTJvOFVmTjlUOGNTelJGdTlwX3A2QVFiZFlGYTBzT0VUa3ciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMxNDI0MTk2NTA3Ny9oWjNmNUEiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE1NDE3OTY5NjYifQ", "payload": "e30", "signature": "SyG1Bbv1yIqUvYsWxkKT9qwj1VW01eLOqsq-yLU4lxJ3jV0AaZ_Htr8CEKLvnZbB32IPz383jCTWs_eRyD733w"}'
[Mon 12 Feb 2024 14:39:53 NZDT] _postContentType='application/jose+json'
[Mon 12 Feb 2024 14:39:53 NZDT] Http already initialized.
[Mon 12 Feb 2024 14:39:53 NZDT] _CURL='curl --silent --dump-header /opt/acme/data//http.header  -L  --trace-ascii /tmp/tmp.l3vIlyt8hr  -g '
[Mon 12 Feb 2024 14:39:53 NZDT] _ret='0'
[Mon 12 Feb 2024 14:39:53 NZDT] responseHeaders='HTTP/2 200 
server: nginx
date: Mon, 12 Feb 2024 01:39:53 GMT
content-type: application/json
content-length: 186
boulder-requester: 1541796966
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/314241965077>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A
replay-nonce: HWHXB1ulzAJIiL9oaGlBCZ8KdvgSrrN0Q1VUyokZVfKXRhkXmFE
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon 12 Feb 2024 14:39:53 NZDT] code='200'
[Mon 12 Feb 2024 14:39:53 NZDT] original='{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A",
  "token": "w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"
}'
[Mon 12 Feb 2024 14:39:53 NZDT] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/314241965077/hZ3f5A","token":"w8mxad_3KIq6RdlAGuQeGourgFLULvYT8iMirnRzukE"}'
[Mon 12 Feb 2024 14:39:53 NZDT] Diagnosis versions: 
openssl:openssl
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.4 on 06 Nov 2022 08:15:51
   running on Linux version #1 SMP PREEMPT_DYNAMIC PMX 6.5.11-8 (2024-01-30T12:27Z), release 6.5.11-8-pve, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_VSOCK 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
github-actions[bot] commented 7 months ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

LexaNz commented 7 months ago

Find DIG output below

DIG log

DIG from external server on internet

 dig _acme-challenge.smtp.mydomain.net. TXT                                                                                                                                     Mon 12 Feb 2024 14:38:03

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> _acme-challenge.smtp.mydomain.net. TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3445
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;_acme-challenge.smtp.mydomain.net. IN  TXT

;; ANSWER SECTION:
_acme-challenge.smtp.mydomain.net. 59 IN CNAME  _acme-challenge.mydomain.net.
_acme-challenge.mydomain.net. 59 IN     TXT     "yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo"
_acme-challenge.mydomain.net. 59 IN     TXT     "XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI"

;; Query time: 432 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Feb 12 14:38:04 NZDT 2024
;; MSG SIZE  rcvd: 204

 ~  
 dig _acme-challenge.calcifer.mydomain.net. TXT                                                                                                                         459ms  Mon 12 Feb 2024 14:38:04

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> _acme-challenge.calcifer.mydomain.net. TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61512
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;_acme-challenge.calcifer.mydomain.net. IN TXT

;; ANSWER SECTION:
_acme-challenge.calcifer.mydomain.net. 60 IN CNAME _acme-challenge.mydomain.net.
_acme-challenge.mydomain.net. 43 IN     TXT     "XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI"
_acme-challenge.mydomain.net. 43 IN     TXT     "yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo"

;; Query time: 228 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Mon Feb 12 14:38:21 NZDT 2024
;; MSG SIZE  rcvd: 208

DIG from same server where acme.sh is launched

 dig _acme-challenge.calcifer.mydomain.net. TXT                                                                                        Mon 12 Feb 2024 14:32:36

; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> _acme-challenge.calcifer.mydomain.net. TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3777
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6d54cb6c958c2e900100000065c9769be666e5875b22dbcc (good)
;; QUESTION SECTION:
;_acme-challenge.calcifer.mydomain.net. IN TXT

;; ANSWER SECTION:
_acme-challenge.calcifer.mydomain.net. 60 IN CNAME _acme-challenge.mydomain.net.
_acme-challenge.mydomain.net. 60 IN     TXT     "XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI"
_acme-challenge.mydomain.net. 60 IN     TXT     "yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo"

;; Query time: 0 msec
;; SERVER: 172.23.0.1#53(172.23.0.1) (UDP)
;; WHEN: Mon Feb 12 14:38:35 NZDT 2024
;; MSG SIZE  rcvd: 248

 dig _acme-challenge.smtp.mydomain.net. TXT                                                                                            Mon 12 Feb 2024 14:38:35

; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> _acme-challenge.smtp.mydomain.net. TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61261
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c2d7cf5cca40ca170100000065c976a4b8549e034f5df0fa (good)
;; QUESTION SECTION:
;_acme-challenge.smtp.mydomain.net. IN  TXT

;; ANSWER SECTION:
_acme-challenge.smtp.mydomain.net. 60 IN CNAME  _acme-challenge.mydomain.net.
_acme-challenge.mydomain.net. 60 IN     TXT     "yDdGck6WoazAUp-jCHdYD8DQw9_dECLrG8P8qhUeHxo"
_acme-challenge.mydomain.net. 60 IN     TXT     "XR9CQd-1xddTBKdT8J5bxinmeX26tkcAaEslk3eOpsI"

;; Query time: 0 msec
;; SERVER: 172.23.0.1#53(172.23.0.1) (UDP)
;; WHEN: Mon Feb 12 14:38:44 NZDT 2024
;; MSG SIZE  rcvd: 244