search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.53k stars 4.9k forks source link

Triggered _on_issue_err with "config file is empty, can not read CA_KEY_HASH" notice before #5104

Open wason-wly opened 4 months ago

wason-wly commented 4 months ago

Steps to reproduce

My system: Ubuntu 22 Already update acme.sh with acme.sh --upgrade But failed when issuing as: acme.sh --issue -d www.hutdoo.info -w /home/web/webpage

Debug log

[Mon Apr 22 09:08:48 UTC 2024] _on_before_issue [Mon Apr 22 09:08:48 UTC 2024] _chk_main_domain='www.hutdoo.info' [Mon Apr 22 09:08:48 UTC 2024] _chk_alt_domains [Mon Apr 22 09:08:48 UTC 2024] '/home/web/webpage' does not contain 'no' [Mon Apr 22 09:08:48 UTC 2024] Le_LocalAddress [Mon Apr 22 09:08:48 UTC 2024] d='www.hutdoo.info' [Mon Apr 22 09:08:48 UTC 2024] Check for domain='www.hutdoo.info' [Mon Apr 22 09:08:48 UTC 2024] _currentRoot='/home/web/webpage' [Mon Apr 22 09:08:48 UTC 2024] d [Mon Apr 22 09:08:48 UTC 2024] '/home/web/webpage' does not contain 'apache' [Mon Apr 22 09:08:48 UTC 2024]_r_c_f='/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/ca.conf' [Mon Apr 22 09:08:48 UTC 2024]_sdkey='CA_KEY_HASH' [Mon Apr 22 09:08:48 UTC 2024] config file is empty, can not read CA_KEY_HASH [Mon Apr 22 09:08:48 UTC 2024] _saved_account_key_hash [Mon Apr 22 09:08:48 UTC 2024] _initpath [Mon Apr 22 09:08:48 UTC 2024] Using config home:/root/.acme.sh [Mon Apr 22 09:08:48 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon Apr 22 09:08:48 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Mon Apr 22 09:08:48 UTC 2024] _ACME_SERVER_PATH='directory' [Mon Apr 22 09:08:48 UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Mon Apr 22 09:08:48 UTC 2024] Only RSA or EC key is supported. keyfile=/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key [Mon Apr 22 09:08:48 UTC 2024] [Mon Apr 22 09:08:48 UTC 2024] _on_issue_err [Mon Apr 22 09:08:48 UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log [Mon Apr 22 09:08:48 UTC 2024] _chk_vlist

I checked:

The file /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/ca.conf doesn't exist. Only file account.key exist.

root@secure-laser-1:~/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory# ll total 8 drwxr-xr-x 2 root root 4096 Apr 22 06:02 ./ drwxr-xr-x 3 root root 4096 Apr 21 05:06 ../ -rw------- 1 root root 0 Apr 21 05:06 account.key

github-actions[bot] commented 4 months ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

wason-wly commented 4 months ago

log with --debug 2

[Mon Apr 22 09:27:54 UTC 2024] Lets find script dir. [Mon Apr 22 09:27:54 UTC 2024] SCRIPT='/root/.acme.sh/acme.sh' [Mon Apr 22 09:27:54 UTC 2024] _script='/root/.acme.sh/acme.sh' [Mon Apr 22 09:27:54 UTC 2024] _script_home='/root/.acme.sh' [Mon Apr 22 09:27:54 UTC 2024] Using config home:/root/.acme.sh [Mon Apr 22 09:27:54 UTC 2024] LE_WORKING_DIR='/root/.acme.sh' https://github.com/acmesh-official/acme.sh v3.0.8 [Mon Apr 22 09:27:54 UTC 2024] Running cmd: issue [Mon Apr 22 09:27:54 UTC 2024] _main_domain='www.hutdoo.info' [Mon Apr 22 09:27:54 UTC 2024] _alt_domains='no' [Mon Apr 22 09:27:54 UTC 2024] _initpath [Mon Apr 22 09:27:54 UTC 2024] Using config home:/root/.acme.sh [Mon Apr 22 09:27:54 UTC 2024] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Mon Apr 22 09:27:54 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon Apr 22 09:27:54 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Mon Apr 22 09:27:54 UTC 2024] _ACME_SERVER_PATH='directory' [Mon Apr 22 09:27:54 UTC 2024] DOMAIN_PATH='/root/.acme.sh/www.hutdoo.info_ecc' [Mon Apr 22 09:27:54 UTC 2024] '/home/web/webpage' does not contain 'dns' [Mon Apr 22 09:27:54 UTC 2024] Le_NextRenewTime [Mon Apr 22 09:27:54 UTC 2024] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Mon Apr 22 09:27:54 UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Mon Apr 22 09:27:54 UTC 2024] GET [Mon Apr 22 09:27:54 UTC 2024] url='https://acme-v02.api.letsencrypt.org/directory' [Mon Apr 22 09:27:54 UTC 2024] timeout= [Mon Apr 22 09:27:54 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.yfZR3cUV5m -g ' [Mon Apr 22 09:27:55 UTC 2024] ret='0' [Mon Apr 22 09:27:55 UTC 2024] response='{ "GLDgSrfLm6U": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' [Mon Apr 22 09:27:55 UTC 2024] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Mon Apr 22 09:27:55 UTC 2024] ACME_NEW_AUTHZ [Mon Apr 22 09:27:55 UTC 2024] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Mon Apr 22 09:27:55 UTC 2024] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Mon Apr 22 09:27:55 UTC 2024] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Mon Apr 22 09:27:55 UTC 2024] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf' [Mon Apr 22 09:27:55 UTC 2024] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Mon Apr 22 09:27:55 UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory

[Mon Apr 22 09:27:55 UTC 2024] _on_before_issue [Mon Apr 22 09:27:55 UTC 2024] _chk_main_domain='www.hutdoo.info' [Mon Apr 22 09:27:55 UTC 2024] _chk_alt_domains [Mon Apr 22 09:27:55 UTC 2024] '/home/web/webpage' does not contain 'no' [Mon Apr 22 09:27:55 UTC 2024] Le_LocalAddress [Mon Apr 22 09:27:55 UTC 2024] d='www.hutdoo.info' [Mon Apr 22 09:27:55 UTC 2024] Check for domain='www.hutdoo.info' [Mon Apr 22 09:27:55 UTC 2024] _currentRoot='/home/web/webpage' [Mon Apr 22 09:27:55 UTC 2024] d [Mon Apr 22 09:27:55 UTC 2024] '/home/web/webpage' does not contain 'apache' [Mon Apr 22 09:27:55 UTC 2024] _r_c_f='/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/ca.conf' [Mon Apr 22 09:27:55 UTC 2024] _sdkey='CA_KEY_HASH' [Mon Apr 22 09:27:55 UTC 2024] config file is empty, can not read CA_KEY_HASH [Mon Apr 22 09:27:55 UTC 2024] _saved_account_key_hash [Mon Apr 22 09:27:55 UTC 2024] _initpath [Mon Apr 22 09:27:55 UTC 2024] Using config home:/root/.acme.sh [Mon Apr 22 09:27:55 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Mon Apr 22 09:27:55 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Mon Apr 22 09:27:55 UTC 2024] _ACME_SERVER_PATH='directory' [Mon Apr 22 09:27:55 UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Mon Apr 22 09:27:55 UTC 2024] Only RSA or EC key is supported. keyfile=/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key [Mon Apr 22 09:27:55 UTC 2024] [Mon Apr 22 09:27:55 UTC 2024] _on_issue_err [Mon Apr 22 09:27:55 UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log [Mon Apr 22 09:27:55 UTC 2024] _chk_vlist [Mon Apr 22 09:27:55 UTC 2024] socat doesn't exist. [Mon Apr 22 09:27:55 UTC 2024] Diagnosis versions: openssl:openssl openssl: /lib/x86_64-linux-gnu/libcrypto.so.3: version `OPENSSL_3.0.9' not found (required by openssl) apache: apache doesn't exist. nginx: nginx version: nginx/1.18.0 (Ubuntu) built with OpenSSL 3.0.2 15 Mar 2022 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-zctdR4/nginx-1.18.0=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --add-dynamic-module=/build/nginx-zctdR4/nginx-1.18.0/debian/modules/http-geoip2 --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module socat: