search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
37.49k stars 4.82k forks source link

haproxy deploy don't works #5155

Open davidemiccone opened 1 month ago

davidemiccone commented 1 month ago

In haproxy deploy script I had to remove -e after echo otherwise I receive "unknow command -e" and certificate is not deployed nor committed to haproxy socket

Line 359 changed from this _socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"

to this _socat_cert_set_cmd="echo '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"

github-actions[bot] commented 1 month ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

davidemiccone commented 1 month ago

I'm still using latest version Below the log, but I already debugged and I need to change "echo -e" in "echo" on line 359

$ /usr/local/share/acme.sh/acme.sh --force --debug 2 --cron --home "/var/lib/acme/.acme.sh" [Thu May 23 12:32:14 AM CEST 2024] Lets find script dir. [Thu May 23 12:32:14 AM CEST 2024] SCRIPT='/usr/local/share/acme.sh/acme.sh' [Thu May 23 12:32:14 AM CEST 2024] _script='/usr/local/share/acme.sh/acme.sh' [Thu May 23 12:32:14 AM CEST 2024] _script_home='/usr/local/share/acme.sh' [Thu May 23 12:32:14 AM CEST 2024] Using config home:/var/lib/acme/.acme.sh [Thu May 23 12:32:14 AM CEST 2024] LE_WORKING_DIR='/var/lib/acme/.acme.sh' https://github.com/maddes-b/acme.sh v3.0.8 [Thu May 23 12:32:14 AM CEST 2024] Running cmd: cron [Thu May 23 12:32:14 AM CEST 2024] Using config home:/var/lib/acme/.acme.sh [Thu May 23 12:32:14 AM CEST 2024] default_acme_server [Thu May 23 12:32:14 AM CEST 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90' [Thu May 23 12:32:14 AM CEST 2024] _ACME_SERVER_HOST='acme.zerossl.com' [Thu May 23 12:32:14 AM CEST 2024] _ACME_SERVER_PATH='v2/DV90' [Thu May 23 12:32:14 AM CEST 2024] ===Starting cron=== [Thu May 23 12:32:14 AM CEST 2024] Using config home:/var/lib/acme/.acme.sh [Thu May 23 12:32:14 AM CEST 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90' [Thu May 23 12:32:14 AM CEST 2024] _ACME_SERVER_HOST='acme.zerossl.com' [Thu May 23 12:32:14 AM CEST 2024] _ACME_SERVER_PATH='v2/DV90' [Thu May 23 12:32:14 AM CEST 2024] _stopRenewOnError [Thu May 23 12:32:14 AM CEST 2024] _server [Thu May 23 12:32:14 AM CEST 2024] _set_level='2' [Thu May 23 12:32:14 AM CEST 2024] di='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/' [Thu May 23 12:32:14 AM CEST 2024] d='keyring.XXXXXXXXXXX.com_ecc' [Thu May 23 12:32:14 AM CEST 2024] _renewServer [Thu May 23 12:32:14 AM CEST 2024] Using config home:/var/lib/acme/.acme.sh [Thu May 23 12:32:14 AM CEST 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90' [Thu May 23 12:32:14 AM CEST 2024] _ACME_SERVER_HOST='acme.zerossl.com' [Thu May 23 12:32:14 AM CEST 2024] _ACME_SERVER_PATH='v2/DV90' [Thu May 23 12:32:14 AM CEST 2024] DOMAIN_PATH='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc' [Thu May 23 12:32:14 AM CEST 2024] Renew: 'keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:14 AM CEST 2024] Le_API='https://acme-staging-v02.api.letsencrypt.org/directory' [Thu May 23 12:32:14 AM CEST 2024] Renew to Le_API=https://acme-staging-v02.api.letsencrypt.org/directory [Thu May 23 12:32:14 AM CEST 2024] initpath again. [Thu May 23 12:32:14 AM CEST 2024] Using config home:/var/lib/acme/.acme.sh [Thu May 23 12:32:14 AM CEST 2024] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory' [Thu May 23 12:32:14 AM CEST 2024] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org' [Thu May 23 12:32:14 AM CEST 2024] _ACME_SERVER_PATH='directory' [Thu May 23 12:32:14 AM CEST 2024] _main_domain='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:14 AM CEST 2024] _alt_domains='no' [Thu May 23 12:32:14 AM CEST 2024] 'stateless' does not contain 'dns' [Thu May 23 12:32:14 AM CEST 2024] 'stateless' does not contain 'dns' [Thu May 23 12:32:14 AM CEST 2024] Le_NextRenewTime='1721513881' [Thu May 23 12:32:14 AM CEST 2024] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Thu May 23 12:32:14 AM CEST 2024] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory [Thu May 23 12:32:14 AM CEST 2024] GET [Thu May 23 12:32:14 AM CEST 2024] url='https://acme-staging-v02.api.letsencrypt.org/directory' [Thu May 23 12:32:14 AM CEST 2024] timeout= [Thu May 23 12:32:14 AM CEST 2024] _CURL='curl --silent --dump-header /var/lib/acme/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7qNkYf3V5l -g ' [Thu May 23 12:32:15 AM CEST 2024] ret='0' [Thu May 23 12:32:15 AM CEST 2024] response='{ "e6R7qLeAG3c": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf", "website": "https://letsencrypt.org/docs/staging-environment/" }, "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo", "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert" }' [Thu May 23 12:32:15 AM CEST 2024] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change' [Thu May 23 12:32:15 AM CEST 2024] ACME_NEW_AUTHZ [Thu May 23 12:32:15 AM CEST 2024] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Thu May 23 12:32:15 AM CEST 2024] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' [Thu May 23 12:32:15 AM CEST 2024] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert' [Thu May 23 12:32:15 AM CEST 2024] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf' [Thu May 23 12:32:15 AM CEST 2024] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Thu May 23 12:32:15 AM CEST 2024] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory [Thu May 23 12:32:15 AM CEST 2024] _on_before_issue [Thu May 23 12:32:15 AM CEST 2024] _chk_main_domain='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] _chk_alt_domains [Thu May 23 12:32:15 AM CEST 2024] 'stateless' does not contain 'no' [Thu May 23 12:32:15 AM CEST 2024] Le_LocalAddress [Thu May 23 12:32:15 AM CEST 2024] d='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] Check for domain='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] _currentRoot='stateless' [Thu May 23 12:32:15 AM CEST 2024] d [Thu May 23 12:32:15 AM CEST 2024] 'stateless' does not contain 'apache' [Thu May 23 12:32:15 AM CEST 2024] _saved_account_key_hash='+v1RUDlADPSIfJgc+m2DJRYs1y3mxjGstgPpkWd7Kzk=' [Thu May 23 12:32:15 AM CEST 2024] _saved_account_key_hash is not changed, skip register account. [Thu May 23 12:32:15 AM CEST 2024] Read key length:ec-256 [Thu May 23 12:32:15 AM CEST 2024] _createcsr [Thu May 23 12:32:15 AM CEST 2024] domain='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] domainlist [Thu May 23 12:32:15 AM CEST 2024] csrkey='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/keyring.XXXXXXXXXXX.com.key' [Thu May 23 12:32:15 AM CEST 2024] csr='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/keyring.XXXXXXXXXXX.com.csr' [Thu May 23 12:32:15 AM CEST 2024] csrconf='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/keyring.XXXXXXXXXXX.com.csr.conf' [Thu May 23 12:32:15 AM CEST 2024] Single domain='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] seg='keyring' [Thu May 23 12:32:15 AM CEST 2024] _is_idn_d='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] _idn_temp [Thu May 23 12:32:15 AM CEST 2024] _is_idn_d='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] _idn_temp [Thu May 23 12:32:15 AM CEST 2024] _csr_cn='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] seg='keyring' [Thu May 23 12:32:15 AM CEST 2024] Getting domain auth token for each domain [Thu May 23 12:32:15 AM CEST 2024] seg='keyring' [Thu May 23 12:32:15 AM CEST 2024] _is_idn_d='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:15 AM CEST 2024] _idn_temp [Thu May 23 12:32:15 AM CEST 2024] d [Thu May 23 12:32:15 AM CEST 2024] _identifiers='{"type":"dns","value":"keyring.XXXXXXXXXXX.com"}' [Thu May 23 12:32:15 AM CEST 2024] _notBefore [Thu May 23 12:32:15 AM CEST 2024] _notAfter [Thu May 23 12:32:15 AM CEST 2024] STEP 1, Ordering a Certificate [Thu May 23 12:32:15 AM CEST 2024] =======Begin Send Signed Request======= [Thu May 23 12:32:15 AM CEST 2024] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Thu May 23 12:32:15 AM CEST 2024] payload='{"identifiers": [{"type":"dns","value":"keyring.XXXXXXXXXXX.com"}]}' [Thu May 23 12:32:15 AM CEST 2024] EC key [Thu May 23 12:32:15 AM CEST 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Thu May 23 12:32:15 AM CEST 2024] HEAD [Thu May 23 12:32:15 AM CEST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Thu May 23 12:32:15 AM CEST 2024] body [Thu May 23 12:32:15 AM CEST 2024] _postContentType='application/jose+json' [Thu May 23 12:32:15 AM CEST 2024] _CURL='curl --silent --dump-header /var/lib/acme/.acme.sh/http.header -L --trace-ascii /tmp/tmp.3QNx6rUPKv -g -I ' [Thu May 23 12:32:16 AM CEST 2024] _ret='0' [Thu May 23 12:32:16 AM CEST 2024] _headers='HTTP/2 200 server: nginx date: Wed, 22 May 2024 22:32:16 GMT cache-control: public, max-age=0, no-cache link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" replay-nonce: Nk1iOSEp0GV_I9JEMmJbynlCnhX9SXlY9bARoQf8XTAxM8IDAeg x-frame-options: DENY strict-transport-security: max-age=604800 ' [Thu May 23 12:32:16 AM CEST 2024] _CACHED_NONCE='Nk1iOSEp0GV_I9JEMmJbynlCnhX9SXlY9bARoQf8XTAxM8IDAeg' [Thu May 23 12:32:16 AM CEST 2024] nonce='Nk1iOSEp0GV_I9JEMmJbynlCnhX9SXlY9bARoQf8XTAxM8IDAeg' [Thu May 23 12:32:17 AM CEST 2024] POST [Thu May 23 12:32:17 AM CEST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Thu May 23 12:32:17 AM CEST 2024] body='{"protected": "eyJub25jZSI6ICJOazFpT1NFcDBHVl9JOUpFTW1KYnlubENuaFg5U1hsWTliQVJvUWY4WFRBeE04SURBZWciLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvb [Thu May 23 12:32:17 AM CEST 2024] _postContentType='application/jose+json' [Thu May 23 12:32:17 AM CEST 2024] Http already initialized. [Thu May 23 12:32:17 AM CEST 2024] _CURL='curl --silent --dump-header /var/lib/acme/.acme.sh/http.header -L --trace-ascii /tmp/tmp.3QNx6rUPKv -g ' [Thu May 23 12:32:17 AM CEST 2024] _ret='0' [Thu May 23 12:32:17 AM CEST 2024] responseHeaders='HTTP/2 201 server: nginx date: Wed, 22 May 2024 22:32:17 GMT content-type: application/json content-length: 361 boulder-requester: 149163194 cache-control: public, max-age=0, no-cache link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" location: https://acme-staging-v02.api.letsencrypt.org/acme/order/149163194/16698171534 replay-nonce: Nk1iOSEps3yye3a1H4d6qjpt-wt-5MFapnslppttJgmSiN0jpL0 x-frame-options: DENY strict-transport-security: max-age=604800 ' [Thu May 23 12:32:17 AM CEST 2024] code='201' [Thu May 23 12:32:17 AM CEST 2024] original='{ "status": "ready", "expires": "2024-05-29T22:32:17Z", "identifiers": [ { "type": "dns", "value": "keyring.XXXXXXXXXXX.com" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/149163194/16698171534" }' [Thu May 23 12:32:17 AM CEST 2024] response='{"status":"ready","expires":"2024-05-29T22:32:17Z","identifiers":[{"type":"dns","value":"keyring.XXXXXXXXXXX.com"}],"authorizations":["https://acme-staging-v02.api.letsencrypt [Thu May 23 12:32:17 AM CEST 2024] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/149163194/16698171534' [Thu May 23 12:32:17 AM CEST 2024] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/149163194/16698171534' [Thu May 23 12:32:17 AM CEST 2024] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674' [Thu May 23 12:32:17 AM CEST 2024] STEP 2, Get the authorizations of each domain [Thu May 23 12:32:17 AM CEST 2024] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674' [Thu May 23 12:32:17 AM CEST 2024] =======Begin Send Signed Request======= [Thu May 23 12:32:17 AM CEST 2024] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674' [Thu May 23 12:32:17 AM CEST 2024] payload [Thu May 23 12:32:17 AM CEST 2024] Use cached jwk for file: /var/lib/acme/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key [Thu May 23 12:32:17 AM CEST 2024] Use _CACHED_NONCE='Nk1iOSEps3yye3a1H4d6qjpt-wt-5MFapnslppttJgmSiN0jpL0' [Thu May 23 12:32:17 AM CEST 2024] nonce='Nk1iOSEps3yye3a1H4d6qjpt-wt-5MFapnslppttJgmSiN0jpL0' [Thu May 23 12:32:17 AM CEST 2024] POST [Thu May 23 12:32:17 AM CEST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674' [Thu May 23 12:32:17 AM CEST 2024] body='{"protected": "eyJub25jZSI6ICJOazFpT1NFcHMzeXllM2ExSDRkNnFqcHQtd3QtNU1GYXBuc2xwcHR0SmdtU2lOMGpwTDAiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY [Thu May 23 12:32:17 AM CEST 2024] _postContentType='application/jose+json' [Thu May 23 12:32:17 AM CEST 2024] Http already initialized. [Thu May 23 12:32:17 AM CEST 2024] _CURL='curl --silent --dump-header /var/lib/acme/.acme.sh/http.header -L --trace-ascii /tmp/tmp.3QNx6rUPKv -g ' [Thu May 23 12:32:18 AM CEST 2024] _ret='0' [Thu May 23 12:32:18 AM CEST 2024] responseHeaders='HTTP/2 200 server: nginx date: Wed, 22 May 2024 22:32:18 GMT content-type: application/json content-length: 792 boulder-requester: 149163194 cache-control: public, max-age=0, no-cache link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" replay-nonce: Nk1iOSEpUaVQVdgC2ihe6gcx17SMcS4wyEEiT76dulduyiGcMNs x-frame-options: DENY strict-transport-security: max-age=604800 ' [Thu May 23 12:32:18 AM CEST 2024] code='200' [Thu May 23 12:32:18 AM CEST 2024] original='{ "identifier": { "type": "dns", "value": "keyring.XXXXXXXXXXX.com" }, "status": "valid", "expires": "2024-06-21T20:42:07Z", "challenges": [ { "type": "http-01", "status": "valid", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12466260674/6qv-hw", "token": "hRQxDVu49o0BdxKdZxoB9pQNOcdNRWE7CWbFV1RKSfs", "validationRecord": [ { "url": "http://keyring.XXXXXXXXXXX.com/.well-known/acme-challenge/hRQxDVu49o0BdxKdZxoB9pQNOcdNRWE7CWbFV1RKSfs", "hostname": "keyring.XXXXXXXXXXX.com", "port": "80", "addressesResolved": [ "77.108.41.83" ], "addressUsed": "77.108.41.83" } ], "validated": "2024-05-22T20:41:56Z" } ] }' [Thu May 23 12:32:18 AM CEST 2024] response='{"identifier":{"type":"dns","value":"keyring.XXXXXXXXXXX.com"},"status":"valid","expires":"2024-06-21T20:42:07Z","challenges":[{"type":"http-01","status":"valid","url":"https: [Thu May 23 12:32:18 AM CEST 2024] response='{"identifier":{"type":"dns","value":"keyring.XXXXXXXXXXX.com"},"status":"valid","expires":"2024-06-21T20:42:07Z","challenges":[{"type":"http-01","status":"valid","url":"https: [Thu May 23 12:32:18 AM CEST 2024] _d='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:18 AM CEST 2024] _authorizations_map='keyring.XXXXXXXXXXX.com,{"identifier":{"type":"dns","value":"keyring.XXXXXXXXXXX.com"},"status":"valid","expires":"2024-06-21T20:42:07Z","challenges":[{"type":"htt ' [Thu May 23 12:32:18 AM CEST 2024] d='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:18 AM CEST 2024] Getting webroot for domain='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:18 AM CEST 2024] _w='stateless' [Thu May 23 12:32:18 AM CEST 2024] _currentRoot='stateless' [Thu May 23 12:32:18 AM CEST 2024] _is_idn_d='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:18 AM CEST 2024] _idn_temp [Thu May 23 12:32:18 AM CEST 2024] _candidates='keyring.XXXXXXXXXXX.com,{"identifier":{"type":"dns","value":"keyring.XXXXXXXXXXX.com"},"status":"valid","expires":"2024-06-21T20:42:07Z","challenges":[{"type":"http-01","s [Thu May 23 12:32:18 AM CEST 2024] response='{"identifier":{"type":"dns","value":"keyring.XXXXXXXXXXX.com"},"status":"valid","expires":"2024-06-21T20:42:07Z","challenges":[{"type":"http-01","status":"valid","url":"https: [Thu May 23 12:32:18 AM CEST 2024] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674' [Thu May 23 12:32:18 AM CEST 2024] keyring.XXXXXXXXXXX.com is already valid. [Thu May 23 12:32:18 AM CEST 2024] keyauthorization='verified_ok' [Thu May 23 12:32:18 AM CEST 2024] entry='"type":"http-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12466260674/6qv-hw","token":"hRQxDVu49o0BdxKdZxoB9pQNOcdNRWE7CWbFV1RKSfs","vali [Thu May 23 12:32:18 AM CEST 2024] dvlist='keyring.XXXXXXXXXXX.com#verified_ok##http-01#stateless#https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674' [Thu May 23 12:32:18 AM CEST 2024] d [Thu May 23 12:32:18 AM CEST 2024] vlist='keyring.XXXXXXXXXXX.com#verified_ok##http-01#stateless#https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674,' [Thu May 23 12:32:18 AM CEST 2024] d='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:18 AM CEST 2024] keyring.XXXXXXXXXXX.com is already verified, skip http-01. [Thu May 23 12:32:18 AM CEST 2024] ok, let's start to verify [Thu May 23 12:32:18 AM CEST 2024] keyring.XXXXXXXXXXX.com is already verified, skip http-01. [Thu May 23 12:32:18 AM CEST 2024] pid [Thu May 23 12:32:18 AM CEST 2024] No need to restore nginx, skip. [Thu May 23 12:32:18 AM CEST 2024] _clearupdns [Thu May 23 12:32:18 AM CEST 2024] dns_entries [Thu May 23 12:32:18 AM CEST 2024] skip dns. [Thu May 23 12:32:18 AM CEST 2024] Verify finished, start to sign. [Thu May 23 12:32:18 AM CEST 2024] i='2' [Thu May 23 12:32:18 AM CEST 2024] j='8' [Thu May 23 12:32:18 AM CEST 2024] Lets finalize the order. [Thu May 23 12:32:18 AM CEST 2024] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/149163194/16698171534' [Thu May 23 12:32:18 AM CEST 2024] =======Begin Send Signed Request======= [Thu May 23 12:32:18 AM CEST 2024] url='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/149163194/16698171534' [Thu May 23 12:32:18 AM CEST 2024] payload='{"csr": "MIIBMzCB2gIBADAjMSEwHwYDVQQDDBhrZXlyaW5nLmVuZHVyYW5jZXNwYS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASuhEL-1iSilvxm1dT3g2SMiMr6eq6OsY5nyU1kB2CtjOpaOJenf1OXaZ7EMKu6oJYGbDLZ [Thu May 23 12:32:18 AM CEST 2024] Use cached jwk for file: /var/lib/acme/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key [Thu May 23 12:32:18 AM CEST 2024] Use _CACHED_NONCE='Nk1iOSEpUaVQVdgC2ihe6gcx17SMcS4wyEEiT76dulduyiGcMNs' [Thu May 23 12:32:18 AM CEST 2024] nonce='Nk1iOSEpUaVQVdgC2ihe6gcx17SMcS4wyEEiT76dulduyiGcMNs' [Thu May 23 12:32:18 AM CEST 2024] POST [Thu May 23 12:32:18 AM CEST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/149163194/16698171534' [Thu May 23 12:32:18 AM CEST 2024] body='{"protected": "eyJub25jZSI6ICJOazFpT1NFcFVhVlFWZGdDMmloZTZnY3gxN1NNY1M0d3lFRWlUNzZkdWxkdXlpR2NNTnMiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvZ [Thu May 23 12:32:18 AM CEST 2024] _postContentType='application/jose+json' [Thu May 23 12:32:18 AM CEST 2024] Http already initialized. [Thu May 23 12:32:18 AM CEST 2024] _CURL='curl --silent --dump-header /var/lib/acme/.acme.sh/http.header -L --trace-ascii /tmp/tmp.3QNx6rUPKv -g ' [Thu May 23 12:32:19 AM CEST 2024] _ret='0' [Thu May 23 12:32:19 AM CEST 2024] responseHeaders='HTTP/2 200 server: nginx date: Wed, 22 May 2024 22:32:18 GMT content-type: application/json content-length: 366 boulder-requester: 149163194 cache-control: public, max-age=0, no-cache link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" location: https://acme-staging-v02.api.letsencrypt.org/acme/order/149163194/16698171534 replay-nonce: Nk1iOSEpdhrG-f2v2Rc5EAKEimsvOHZg45ZLMru7i88wdxg_oJA retry-after: 3 x-frame-options: DENY strict-transport-security: max-age=604800 ' [Thu May 23 12:32:19 AM CEST 2024] code='200' [Thu May 23 12:32:19 AM CEST 2024] original='{ "status": "processing", "expires": "2024-05-29T22:32:17Z", "identifiers": [ { "type": "dns", "value": "keyring.XXXXXXXXXXX.com" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/149163194/16698171534" }' [Thu May 23 12:32:19 AM CEST 2024] response='{"status":"processing","expires":"2024-05-29T22:32:17Z","identifiers":[{"type":"dns","value":"keyring.XXXXXXXXXXX.com"}],"authorizations":["https://acme-staging-v02.api.letsen [Thu May 23 12:32:19 AM CEST 2024] Order status is processing, lets sleep and retry. [Thu May 23 12:32:19 AM CEST 2024] _retryafter='3' [Thu May 23 12:32:19 AM CEST 2024] Retry after: 3 [Thu May 23 12:32:23 AM CEST 2024] Polling order status: https://acme-staging-v02.api.letsencrypt.org/acme/order/149163194/16698171534 [Thu May 23 12:32:23 AM CEST 2024] =======Begin Send Signed Request======= [Thu May 23 12:32:23 AM CEST 2024] url='https://acme-staging-v02.api.letsencrypt.org/acme/order/149163194/16698171534' [Thu May 23 12:32:23 AM CEST 2024] payload [Thu May 23 12:32:23 AM CEST 2024] Use cached jwk for file: /var/lib/acme/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key [Thu May 23 12:32:23 AM CEST 2024] Use _CACHED_NONCE='Nk1iOSEpdhrG-f2v2Rc5EAKEimsvOHZg45ZLMru7i88wdxg_oJA' [Thu May 23 12:32:23 AM CEST 2024] nonce='Nk1iOSEpdhrG-f2v2Rc5EAKEimsvOHZg45ZLMru7i88wdxg_oJA' [Thu May 23 12:32:23 AM CEST 2024] POST [Thu May 23 12:32:23 AM CEST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/order/149163194/16698171534' [Thu May 23 12:32:23 AM CEST 2024] body='{"protected": "eyJub25jZSI6ICJOazFpT1NFcGRockctZjJ2MlJjNUVBS0VpbXN2T0haZzQ1WkxNcnU3aTg4d2R4Z19vSkEiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvb [Thu May 23 12:32:23 AM CEST 2024] _postContentType='application/jose+json' [Thu May 23 12:32:23 AM CEST 2024] Http already initialized. [Thu May 23 12:32:23 AM CEST 2024] _CURL='curl --silent --dump-header /var/lib/acme/.acme.sh/http.header -L --trace-ascii /tmp/tmp.3QNx6rUPKv -g ' [Thu May 23 12:32:23 AM CEST 2024] _ret='0' [Thu May 23 12:32:23 AM CEST 2024] responseHeaders='HTTP/2 200 server: nginx date: Wed, 22 May 2024 22:32:23 GMT content-type: application/json content-length: 473 cache-control: public, max-age=0, no-cache link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" replay-nonce: Nk1iOSEpjtdS-wxxxarvEbUWUdyBkMKWezVvwB0ubTbWwTlQb0k x-frame-options: DENY strict-transport-security: max-age=604800 ' [Thu May 23 12:32:23 AM CEST 2024] code='200' [Thu May 23 12:32:23 AM CEST 2024] original='{ "status": "valid", "expires": "2024-05-29T22:32:17Z", "identifiers": [ { "type": "dns", "value": "keyring.XXXXXXXXXXX.com" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12466260674" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/149163194/16698171534", "certificate": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bb0b6edbebcf0e0e200298e8ecfebb57b25" }' [Thu May 23 12:32:23 AM CEST 2024] response='{"status":"valid","expires":"2024-05-29T22:32:17Z","identifiers":[{"type":"dns","value":"keyring.XXXXXXXXXXX.com"}],"authorizations":["https://acme-staging-v02.api.letsencrypt [Thu May 23 12:32:23 AM CEST 2024] Order status is valid. [Thu May 23 12:32:23 AM CEST 2024] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bb0b6edbebcf0e0e200298e8ecfebb57b25' [Thu May 23 12:32:23 AM CEST 2024] Downloading cert. [Thu May 23 12:32:23 AM CEST 2024] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bb0b6edbebcf0e0e200298e8ecfebb57b25' [Thu May 23 12:32:23 AM CEST 2024] =======Begin Send Signed Request======= [Thu May 23 12:32:23 AM CEST 2024] url='https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bb0b6edbebcf0e0e200298e8ecfebb57b25' [Thu May 23 12:32:23 AM CEST 2024] payload [Thu May 23 12:32:23 AM CEST 2024] Use cached jwk for file: /var/lib/acme/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key [Thu May 23 12:32:23 AM CEST 2024] Use _CACHED_NONCE='Nk1iOSEpjtdS-wxxxarvEbUWUdyBkMKWezVvwB0ubTbWwTlQb0k' [Thu May 23 12:32:23 AM CEST 2024] nonce='Nk1iOSEpjtdS-wxxxarvEbUWUdyBkMKWezVvwB0ubTbWwTlQb0k' [Thu May 23 12:32:24 AM CEST 2024] POST [Thu May 23 12:32:24 AM CEST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bb0b6edbebcf0e0e200298e8ecfebb57b25' [Thu May 23 12:32:24 AM CEST 2024] body='{"protected": "eyJub25jZSI6ICJOazFpT1NFcGp0ZFMtd3h4eGFydkViVVdVZHlCa01LV2V6VnZ3QjB1YlRiV3dUbFFiMGsiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY [Thu May 23 12:32:24 AM CEST 2024] _postContentType='application/jose+json' [Thu May 23 12:32:24 AM CEST 2024] Http already initialized. [Thu May 23 12:32:24 AM CEST 2024] _CURL='curl --silent --dump-header /var/lib/acme/.acme.sh/http.header -L --trace-ascii /tmp/tmp.3QNx6rUPKv -g ' [Thu May 23 12:32:24 AM CEST 2024] _ret='0' [Thu May 23 12:32:24 AM CEST 2024] responseHeaders='HTTP/2 200 server: nginx date: Wed, 22 May 2024 22:32:24 GMT content-type: application/pem-certificate-chain content-length: 3015 cache-control: public, max-age=0, no-cache link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" link: https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bb0b6edbebcf0e0e200298e8ecfebb57b25/1;rel="alternate" replay-nonce: z7d3lOu6pM3vGoG7ULpdVb0Qn7cBi7aPMVpyuilK3eLgw8pWjYI x-frame-options: DENY strict-transport-security: max-age=604800 ' [Thu May 23 12:32:24 AM CEST 2024] code='200' [Thu May 23 12:32:24 AM CEST 2024] original='-----BEGIN CERTIFICATE----- MIIDwTCCA0igAwIBAgISK7C27b688ODiACmOjs/rtXslMAoGCCqGSM49BAMDMFIx CzAJBgNVBAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlwdDEh MB8GA1UEAxMYKFNUQUdJTkcpIFBzZXVkbyBQbHVtIEU1MB4XDTI0MDUyMjIxMzIx OFoXDTI0MDgyMDIxMzIxN1owIzEhMB8GA1UEAxMYa2V5cmluZy5lbmR1cmFuY2Vz cGEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEroRC/tYkopb8ZtXU94Nk jIjK+nqujrGOZ8lNZAdgrYzqWjiXp39Tl2mexDCruqCWBmwy2RvLtKXKLffdLHKD z6OCAiswggInMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUQ9OBySlzDIXArvvP34ur WOQ79NIwHwYDVR0jBBgwFoAU/EbRAUNfu3umPTBorhG64LxtydMwXQYIKwYBBQUH AQEEUTBPMCUGCCsGAQUFBzABhhlodHRwOi8vc3RnLWU1Lm8ubGVuY3Iub3JnMCYG CCsGAQUFBzAChhpodHRwOi8vc3RnLWU1LmkubGVuY3Iub3JnLzAjBgNVHREEHDAa ghhrZXlyaW5nLmVuZHVyYW5jZXNwYS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw ggENBgorBgEEAdZ5AgQCBIH+BIH7APkAdwAW6GnB0ZXq18P4lxrj8HYB94zhtp0x qFIYtoN/MagVCAAAAY+ibxFcAAAEAwBIMEYCIQDJacb1cDoneex7pBT+kIMqub+Y DV44cjUjvHjK66MmGQIhAL1jilMBv8q4LIvPMzvBNBHYtAzo+iCGVYuRRq2J0HOQ AH4AExUpb/oOZq27GgKCHkCImjlRz/rojPdapvMN4ETOqM0AAAGPom8VKgAIAAAF ACQNAVUEAwBHMEUCIQD37h+esbr+Yiqb9doZ5ntWMzQs0EUJGKGkXr43kilv7AIg NGaH9ZtgHWuhv3cnD7fTlY0O/Kq6e7107g9eauz2sN0wCgYIKoZIzj0EAwMDZwAw ZAIwR6+vVuu72+ZgPbPdGKTaZEVdfEqDjt703wZ6Cwt4RyDa6uIXUqxC60/aSwQg f+qJAjAkNi70eRLJ4M2RuYQjUiljxrS1ZYthc0BwI+Ix4wyUrLSYr5IkwAS/kD8J hvIL7pk= -----END CERTIFICATE-----

-----BEGIN CERTIFICATE----- MIIEljCCAn6gAwIBAgIQRzEp1D1mDiVVv4b1zlB56jANBgkqhkiG9w0BAQsFADBm MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ ZWFyIFgxMB4XDTI0MDMxMzAwMDAwMFoXDTI3MDMxMjIzNTk1OVowUjELMAkGA1UE BhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSEwHwYDVQQD ExgoU1RBR0lORykgUHNldWRvIFBsdW0gRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNi AATljbbcV+mqWZa3g+z0bDOuBpZOtbi48iK9rjLtPdRU0WsgVp53MW3nXFU6qVYV zEYaYd6PSmec0Tj3R5zEp5/F+cuOjTdh3AkTMzYm1tkflocPBN5APHYZ+76WxZad q+WjggEAMIH9MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYI KwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU/EbRAUNfu3um PTBorhG64LxtydMwHwYDVR0jBBgwFoAUtfNl8v6wCpIf+zx980SgrGMlwxQwNgYI KwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vc3RnLXgxLmkubGVuY3Iu b3JnLzATBgNVHSAEDDAKMAgGBmeBDAECATArBgNVHR8EJDAiMCCgHqAchhpodHRw Oi8vc3RnLXgxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAAtCGn4iG cupruhkCTcoDqSIVTFgVR8JJ3GvGL7SYwIc4Fn0As66nQgnkATIzF5+gFb+CXEQD qR2Jo+R38OeT7lQ1rNDcaJcbY6hL8cNRku3QlcfdYODZ5pgTVH04gTZUJISZKLjD kMMcQIDZlF7iYqTvmHbn2ISSKorsJ3QKAvWhHwMoJtocSz3VeDJIep5QtbHnoXh1 /dyDx7sp8RuhC0eO9ElTgDtiA2V6JxigLPzqcnibBBR4bFLGtMNE4EvOOD/Fkd0L hdGDbAMNd+O06n+b0rgmDvg75IgOV6fpDrdZFoiNfCckOEJh9v10uYt4pTc3B6lf zI/X3EWP1H4VJmsYuy+OA29jPeP831sAObZtd3RWv0LQPrMfx6FCmy4AaeYEMvul FrF6OX+JbssE+bn83F+sGEMZu/eVBwwKh3db7+2UduMdTOb8DePE3Aqlg9zofS8X 9fJXrrp+PPrdQyvM3e8DxuioWa9GLG30yD9WD6WTlSiiOrdWGOzisWpW4shFoL8u 0EfmeLVU4JVbauhOYZASQXABNeXewe9lqJWwfqaARYpRjyf+jRibn22H5NVK4Vog l55Iq1rUgjc8r493NaNrlNwG7va7Ztkch5lJ3oL/FEVlVSK4snTbgb0b5qjQz3SA i7rA/8QRZvOLnKNtdEUlDZNrzkZwHNluLGw= -----END CERTIFICATE-----' [Thu May 23 12:32:24 AM CEST 2024] response='-----BEGIN CERTIFICATE----- MIIDwTCCA0igAwIBAgISK7C27b688ODiACmOjs/rtXslMAoGCCqGSM49BAMDMFIx CzAJBgNVBAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlwdDEh MB8GA1UEAxMYKFNUQUdJTkcpIFBzZXVkbyBQbHVtIEU1MB4XDTI0MDUyMjIxMzIx OFoXDTI0MDgyMDIxMzIxN1owIzEhMB8GA1UEAxMYa2V5cmluZy5lbmR1cmFuY2Vz cGEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEroRC/tYkopb8ZtXU94Nk jIjK+nqujrGOZ8lNZAdgrYzqWjiXp39Tl2mexDCruqCWBmwy2RvLtKXKLffdLHKD z6OCAiswggInMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUQ9OBySlzDIXArvvP34ur WOQ79NIwHwYDVR0jBBgwFoAU/EbRAUNfu3umPTBorhG64LxtydMwXQYIKwYBBQUH AQEEUTBPMCUGCCsGAQUFBzABhhlodHRwOi8vc3RnLWU1Lm8ubGVuY3Iub3JnMCYG CCsGAQUFBzAChhpodHRwOi8vc3RnLWU1LmkubGVuY3Iub3JnLzAjBgNVHREEHDAa ghhrZXlyaW5nLmVuZHVyYW5jZXNwYS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw ggENBgorBgEEAdZ5AgQCBIH+BIH7APkAdwAW6GnB0ZXq18P4lxrj8HYB94zhtp0x qFIYtoN/MagVCAAAAY+ibxFcAAAEAwBIMEYCIQDJacb1cDoneex7pBT+kIMqub+Y DV44cjUjvHjK66MmGQIhAL1jilMBv8q4LIvPMzvBNBHYtAzo+iCGVYuRRq2J0HOQ AH4AExUpb/oOZq27GgKCHkCImjlRz/rojPdapvMN4ETOqM0AAAGPom8VKgAIAAAF ACQNAVUEAwBHMEUCIQD37h+esbr+Yiqb9doZ5ntWMzQs0EUJGKGkXr43kilv7AIg NGaH9ZtgHWuhv3cnD7fTlY0O/Kq6e7107g9eauz2sN0wCgYIKoZIzj0EAwMDZwAw ZAIwR6+vVuu72+ZgPbPdGKTaZEVdfEqDjt703wZ6Cwt4RyDa6uIXUqxC60/aSwQg f+qJAjAkNi70eRLJ4M2RuYQjUiljxrS1ZYthc0BwI+Ix4wyUrLSYr5IkwAS/kD8J hvIL7pk= -----END CERTIFICATE-----

-----BEGIN CERTIFICATE----- MIIEljCCAn6gAwIBAgIQRzEp1D1mDiVVv4b1zlB56jANBgkqhkiG9w0BAQsFADBm MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ ZWFyIFgxMB4XDTI0MDMxMzAwMDAwMFoXDTI3MDMxMjIzNTk1OVowUjELMAkGA1UE BhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSEwHwYDVQQD ExgoU1RBR0lORykgUHNldWRvIFBsdW0gRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNi AATljbbcV+mqWZa3g+z0bDOuBpZOtbi48iK9rjLtPdRU0WsgVp53MW3nXFU6qVYV zEYaYd6PSmec0Tj3R5zEp5/F+cuOjTdh3AkTMzYm1tkflocPBN5APHYZ+76WxZad q+WjggEAMIH9MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYI KwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU/EbRAUNfu3um PTBorhG64LxtydMwHwYDVR0jBBgwFoAUtfNl8v6wCpIf+zx980SgrGMlwxQwNgYI KwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vc3RnLXgxLmkubGVuY3Iu b3JnLzATBgNVHSAEDDAKMAgGBmeBDAECATArBgNVHR8EJDAiMCCgHqAchhpodHRw Oi8vc3RnLXgxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAAtCGn4iG cupruhkCTcoDqSIVTFgVR8JJ3GvGL7SYwIc4Fn0As66nQgnkATIzF5+gFb+CXEQD qR2Jo+R38OeT7lQ1rNDcaJcbY6hL8cNRku3QlcfdYODZ5pgTVH04gTZUJISZKLjD kMMcQIDZlF7iYqTvmHbn2ISSKorsJ3QKAvWhHwMoJtocSz3VeDJIep5QtbHnoXh1 /dyDx7sp8RuhC0eO9ElTgDtiA2V6JxigLPzqcnibBBR4bFLGtMNE4EvOOD/Fkd0L hdGDbAMNd+O06n+b0rgmDvg75IgOV6fpDrdZFoiNfCckOEJh9v10uYt4pTc3B6lf zI/X3EWP1H4VJmsYuy+OA29jPeP831sAObZtd3RWv0LQPrMfx6FCmy4AaeYEMvul FrF6OX+JbssE+bn83F+sGEMZu/eVBwwKh3db7+2UduMdTOb8DePE3Aqlg9zofS8X 9fJXrrp+PPrdQyvM3e8DxuioWa9GLG30yD9WD6WTlSiiOrdWGOzisWpW4shFoL8u 0EfmeLVU4JVbauhOYZASQXABNeXewe9lqJWwfqaARYpRjyf+jRibn22H5NVK4Vog l55Iq1rUgjc8r493NaNrlNwG7va7Ztkch5lJ3oL/FEVlVSK4snTbgb0b5qjQz3SA i7rA/8QRZvOLnKNtdEUlDZNrzkZwHNluLGw= -----END CERTIFICATE-----' [Thu May 23 12:32:24 AM CEST 2024] Found cert chain [Thu May 23 12:32:24 AM CEST 2024] _end_n='23' [Thu May 23 12:32:24 AM CEST 2024] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/2bb0b6edbebcf0e0e200298e8ecfebb57b25' Certificate: Data: Version: 3 (0x2) Serial Number: 2b:b0:b6:ed:be:bc:f0:e0:e2:00:29:8e:8e:cf:eb:b5:7b:25 Signature Algorithm: ecdsa-with-SHA384 Issuer: C = US, O = (STAGING) Let's Encrypt, CN = (STAGING) Pseudo Plum E5 Validity Not Before: May 22 21:32:18 2024 GMT Not After : Aug 20 21:32:17 2024 GMT Subject: CN = keyring.XXXXXXXXXXX.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:ae:84:42:fe:d6:24:a2:96:fc:66:d5:d4:f7:83: 64:8c:88:ca:fa:7a:ae:8e:b1:8e:67:c9:4d:64:07: 60:ad:8c:ea:5a:38:97:a7:7f:53:97:69:9e:c4:30: ab:ba:a0:96:06:6c:32:d9:1b:cb:b4:a5:ca:2d:f7: dd:2c:72:83:cf ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 43:D3:81:C9:29:73:0C:85:C0:AE:FB:CF:DF:8B:AB:58:E4:3B:F4:D2 X509v3 Authority Key Identifier: FC:46:D1:01:43:5F:BB:7B:A6:3D:30:68:AE:11:BA:E0:BC:6D:C9:D3 Authority Information Access: OCSP - URI:http://stg-e5.o.lencr.org CA Issuers - URI:http://stg-e5.i.lencr.org/ X509v3 Subject Alternative Name: DNS:keyring.XXXXXXXXXXX.com X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 16:E8:69:C1:D1:95:EA:D7:C3:F8:97:1A:E3:F0:76:01: F7:8C:E1:B6:9D:31:A8:52:18:B6:83:7F:31:A8:15:08 Timestamp : May 22 22:32:19.036 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:C9:69:C6:F5:70:3A:27:79:EC:7B:A4: 14:FE:90:83:2A:B9:BF:98:0D:5E:38:72:35:23:BC:78: CA:EB:A3:26:19:02:21:00:BD:63:8A:53:01:BF:CA:B8: 2C:8B:CF:33:3B:C1:34:11:D8:B4:0C:E8:FA:20:86:55: 8B:91:46:AD:89:D0:73:90 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 13:15:29:6F:FA:0E:66:AD:BB:1A:02:82:1E:40:88:9A: 39:51:CF:FA:E8:8C:F7:5A:A6:F3:0D:E0:44:CE:A8:CD Timestamp : May 22 22:32:20.010 2024 GMT Extensions: 00:00:05:00:24:0D:01:55 Signature : ecdsa-with-SHA256 30:45:02:21:00:F7:EE:1F:9E:B1:BA:FE:62:2A:9B:F5: DA:19:E6:7B:56:33:34:2C:D0:45:09:18:A1:A4:5E:BE: 37:92:29:6F:EC:02:20:34:66:87:F5:9B:60:1D:6B:A1: BF:77:27:0F:B7:D3:95:8D:0E:FC:AA:BA:7B:BD:74:EE: 0F:5E:6A:EC:F6:B0:DD Signature Algorithm: ecdsa-with-SHA384 Signature Value: 30:64:02:30:47:af:af:56:eb:bb:db:e6:60:3d:b3:dd:18:a4: da:64:45:5d:7c:4a:83:8e:de:f4:df:06:7a:0b:0b:78:47:20: da:ea:e2:17:52:ac:42:eb:4f:da:4b:04:20:7f:ea:89:02:30: 24:36:2e:f4:79:12:c9:e0:cd:91:b9:84:23:52:29:63:c6:b4: b5:65:8b:61:73:40:70:23:e2:31:e3:0c:94:ac:b4:98:af:92: 24:c0:04:bf:90:3f:09:86:f2:0b:ee:99 [Thu May 23 12:32:24 AM CEST 2024] Cert success. -----BEGIN CERTIFICATE----- MIIDwTCCA0igAwIBAgISK7C27b688ODiACmOjs/rtXslMAoGCCqGSM49BAMDMFIx CzAJBgNVBAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlwdDEh MB8GA1UEAxMYKFNUQUdJTkcpIFBzZXVkbyBQbHVtIEU1MB4XDTI0MDUyMjIxMzIx OFoXDTI0MDgyMDIxMzIxN1owIzEhMB8GA1UEAxMYa2V5cmluZy5lbmR1cmFuY2Vz cGEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEroRC/tYkopb8ZtXU94Nk jIjK+nqujrGOZ8lNZAdgrYzqWjiXp39Tl2mexDCruqCWBmwy2RvLtKXKLffdLHKD z6OCAiswggInMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUQ9OBySlzDIXArvvP34ur WOQ79NIwHwYDVR0jBBgwFoAU/EbRAUNfu3umPTBorhG64LxtydMwXQYIKwYBBQUH AQEEUTBPMCUGCCsGAQUFBzABhhlodHRwOi8vc3RnLWU1Lm8ubGVuY3Iub3JnMCYG CCsGAQUFBzAChhpodHRwOi8vc3RnLWU1LmkubGVuY3Iub3JnLzAjBgNVHREEHDAa ghhrZXlyaW5nLmVuZHVyYW5jZXNwYS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw ggENBgorBgEEAdZ5AgQCBIH+BIH7APkAdwAW6GnB0ZXq18P4lxrj8HYB94zhtp0x qFIYtoN/MagVCAAAAY+ibxFcAAAEAwBIMEYCIQDJacb1cDoneex7pBT+kIMqub+Y DV44cjUjvHjK66MmGQIhAL1jilMBv8q4LIvPMzvBNBHYtAzo+iCGVYuRRq2J0HOQ AH4AExUpb/oOZq27GgKCHkCImjlRz/rojPdapvMN4ETOqM0AAAGPom8VKgAIAAAF ACQNAVUEAwBHMEUCIQD37h+esbr+Yiqb9doZ5ntWMzQs0EUJGKGkXr43kilv7AIg NGaH9ZtgHWuhv3cnD7fTlY0O/Kq6e7107g9eauz2sN0wCgYIKoZIzj0EAwMDZwAw ZAIwR6+vVuu72+ZgPbPdGKTaZEVdfEqDjt703wZ6Cwt4RyDa6uIXUqxC60/aSwQg f+qJAjAkNi70eRLJ4M2RuYQjUiljxrS1ZYthc0BwI+Ix4wyUrLSYr5IkwAS/kD8J hvIL7pk= -----END CERTIFICATE----- [Thu May 23 12:32:24 AM CEST 2024] Your cert is in: /var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/keyring.XXXXXXXXXXX.com.cer [Thu May 23 12:32:24 AM CEST 2024] Your cert key is in: /var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/keyring.XXXXXXXXXXX.com.key [Thu May 23 12:32:24 AM CEST 2024] The intermediate CA cert is in: /var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/ca.cer [Thu May 23 12:32:24 AM CEST 2024] And the full chain certs is there: /var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/fullchain.cer [Thu May 23 12:32:24 AM CEST 2024] _on_issue_success [Thu May 23 12:32:24 AM CEST 2024] 'stateless' does not contain 'dns' [Thu May 23 12:32:24 AM CEST 2024] _deployApi='/usr/local/share/acme.sh/deploy/haproxy.sh' [Thu May 23 12:32:24 AM CEST 2024] _cdomain='keyring.XXXXXXXXXXX.com' [Thu May 23 12:32:24 AM CEST 2024] _ckey='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/keyring.XXXXXXXXXXX.com.key' [Thu May 23 12:32:24 AM CEST 2024] _ccert='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/keyring.XXXXXXXXXXX.com.cer' [Thu May 23 12:32:24 AM CEST 2024] _cca='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/ca.cer' [Thu May 23 12:32:24 AM CEST 2024] _cfullchain='/var/lib/acme/.acme.sh/keyring.XXXXXXXXXXX.com_ecc/fullchain.cer' [Thu May 23 12:32:24 AM CEST 2024] DEPLOY_HAPROXY_PEM_PATH [Thu May 23 12:32:24 AM CEST 2024] PEM_PATH /etc/haproxy/certs exists [Thu May 23 12:32:24 AM CEST 2024] DEPLOY_HAPROXY_PEM_NAME [Thu May 23 12:32:24 AM CEST 2024] DEPLOY_HAPROXY_BUNDLE [Thu May 23 12:32:24 AM CEST 2024] DEPLOY_HAPROXY_ISSUER [Thu May 23 12:32:24 AM CEST 2024] DEPLOY_HAPROXY_RELOAD [Thu May 23 12:32:24 AM CEST 2024] DEPLOY_HAPROXY_HOT_UPDATE [Thu May 23 12:32:24 AM CEST 2024] DEPLOY_HAPROXY_STATS_SOCKET [Thu May 23 12:32:24 AM CEST 2024] DEPLOY_HAPROXY_MASTER_CLI [Thu May 23 12:32:24 AM CEST 2024] _suffix [Thu May 23 12:32:24 AM CEST 2024] Deploying PEM file [Thu May 23 12:32:24 AM CEST 2024] _temppem='/tmp/tmp.ZJSHxKOXGo' [Thu May 23 12:32:24 AM CEST 2024] Moving new certificate into place [Thu May 23 12:32:24 AM CEST 2024] _pem='/etc/haproxy/certs/keyring.XXXXXXXXXXX.com.pem' [Thu May 23 12:32:24 AM CEST 2024] _socat_cert_cmd='echo 'show ssl cert' | socat '/var/run/haproxy/admin.sock' - | grep -q '^/etc/haproxy/certs/keyring.XXXXXXXXXXX.com.pem$'' [Thu May 23 12:32:24 AM CEST 2024] Update existing certificate '/etc/haproxy/certs/keyring.XXXXXXXXXXX.com.pem' over HAProxy stats socket. [Thu May 23 12:32:24 AM CEST 2024] _socat_cert_set_cmd='echo -e 'set ssl cert /etc/haproxy/certs/keyring.XXXXXXXXXXX.com.pem <<\n-----BEGIN CERTIFICATE----- MIIDwTCCA0igAwIBAgISK7C27b688ODiACmOjs/rtXslMAoGCCqGSM49BAMDMFIx CzAJBgNVBAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlwdDEh MB8GA1UEAxMYKFNUQUdJTkcpIFBzZXVkbyBQbHVtIEU1MB4XDTI0MDUyMjIxMzIx OFoXDTI0MDgyMDIxMzIxN1owIzEhMB8GA1UEAxMYa2V5cmluZy5lbmR1cmFuY2Vz cGEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEroRC/tYkopb8ZtXU94Nk jIjK+nqujrGOZ8lNZAdgrYzqWjiXp39Tl2mexDCruqCWBmwy2RvLtKXKLffdLHKD z6OCAiswggInMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUQ9OBySlzDIXArvvP34ur WOQ79NIwHwYDVR0jBBgwFoAU/EbRAUNfu3umPTBorhG64LxtydMwXQYIKwYBBQUH AQEEUTBPMCUGCCsGAQUFBzABhhlodHRwOi8vc3RnLWU1Lm8ubGVuY3Iub3JnMCYG CCsGAQUFBzAChhpodHRwOi8vc3RnLWU1LmkubGVuY3Iub3JnLzAjBgNVHREEHDAa ghhrZXlyaW5nLmVuZHVyYW5jZXNwYS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw ggENBgorBgEEAdZ5AgQCBIH+BIH7APkAdwAW6GnB0ZXq18P4lxrj8HYB94zhtp0x qFIYtoN/MagVCAAAAY+ibxFcAAAEAwBIMEYCIQDJacb1cDoneex7pBT+kIMqub+Y DV44cjUjvHjK66MmGQIhAL1jilMBv8q4LIvPMzvBNBHYtAzo+iCGVYuRRq2J0HOQ AH4AExUpb/oOZq27GgKCHkCImjlRz/rojPdapvMN4ETOqM0AAAGPom8VKgAIAAAF ACQNAVUEAwBHMEUCIQD37h+esbr+Yiqb9doZ5ntWMzQs0EUJGKGkXr43kilv7AIg NGaH9ZtgHWuhv3cnD7fTlY0O/Kq6e7107g9eauz2sN0wCgYIKoZIzj0EAwMDZwAw ZAIwR6+vVuu72+ZgPbPdGKTaZEVdfEqDjt703wZ6Cwt4RyDa6uIXUqxC60/aSwQg f+qJAjAkNi70eRLJ4M2RuYQjUiljxrS1ZYthc0BwI+Ix4wyUrLSYr5IkwAS/kD8J hvIL7pk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEljCCAn6gAwIBAgIQRzEp1D1mDiVVv4b1zlB56jANBgkqhkiG9w0BAQsFADBm MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ ZWFyIFgxMB4XDTI0MDMxMzAwMDAwMFoXDTI3MDMxMjIzNTk1OVowUjELMAkGA1UE BhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSEwHwYDVQQD ExgoU1RBR0lORykgUHNldWRvIFBsdW0gRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNi AATljbbcV+mqWZa3g+z0bDOuBpZOtbi48iK9rjLtPdRU0WsgVp53MW3nXFU6qVYV zEYaYd6PSmec0Tj3R5zEp5/F+cuOjTdh3AkTMzYm1tkflocPBN5APHYZ+76WxZad q+WjggEAMIH9MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYI KwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU/EbRAUNfu3um PTBorhG64LxtydMwHwYDVR0jBBgwFoAUtfNl8v6wCpIf+zx980SgrGMlwxQwNgYI KwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vc3RnLXgxLmkubGVuY3Iu b3JnLzATBgNVHSAEDDAKMAgGBmeBDAECATArBgNVHR8EJDAiMCCgHqAchhpodHRw Oi8vc3RnLXgxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAAtCGn4iG cupruhkCTcoDqSIVTFgVR8JJ3GvGL7SYwIc4Fn0As66nQgnkATIzF5+gFb+CXEQD qR2Jo+R38OeT7lQ1rNDcaJcbY6hL8cNRku3QlcfdYODZ5pgTVH04gTZUJISZKLjD kMMcQIDZlF7iYqTvmHbn2ISSKorsJ3QKAvWhHwMoJtocSz3VeDJIep5QtbHnoXh1 /dyDx7sp8RuhC0eO9ElTgDtiA2V6JxigLPzqcnibBBR4bFLGtMNE4EvOOD/Fkd0L hdGDbAMNd+O06n+b0rgmDvg75IgOV6fpDrdZFoiNfCckOEJh9v10uYt4pTc3B6lf zI/X3EWP1H4VJmsYuy+OA29jPeP831sAObZtd3RWv0LQPrMfx6FCmy4AaeYEMvul FrF6OX+JbssE+bn83F+sGEMZu/eVBwwKh3db7+2UduMdTOb8DePE3Aqlg9zofS8X 9fJXrrp+PPrdQyvM3e8DxuioWa9GLG30yD9WD6WTlSiiOrdWGOzisWpW4shFoL8u 0EfmeLVU4JVbauhOYZASQXABNeXewe9lqJWwfqaARYpRjyf+jRibn22H5NVK4Vog l55Iq1rUgjc8r493NaNrlNwG7va7Ztkch5lJ3oL/FEVlVSK4snTbgb0b5qjQz3SA i7rA/8QRZvOLnKNtdEUlDZNrzkZwHNluLGw= -----END CERTIFICATE----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEINaO0qcBUR9lPr881ngjNShJQb4G5/JkWZKF+zpRbPauoAoGCCqGSM49 AwEHoUQDQgAEroRC/tYkopb8ZtXU94NkjIjK+nqujrGOZ8lNZAdgrYzqWjiXp39T l2mexDCruqCWBmwy2RvLtKXKLffdLHKDzw== -----END EC PRIVATE KEY-----\n' | socat '/var/run/haproxy/admin.sock' - | grep -q 'Transaction created'' [Thu May 23 12:32:24 AM CEST 2024] Can't update '/etc/haproxy/certs/keyring.XXXXXXXXXXX.com.pem' in haproxy [Thu May 23 12:32:24 AM CEST 2024] Error deploy for domain:keyring.XXXXXXXXXXX.com [Thu May 23 12:32:24 AM CEST 2024] Deploy error. [Thu May 23 12:32:24 AM CEST 2024] Return code: 1 [Thu May 23 12:32:24 AM CEST 2024] Error renew keyring.XXXXXXXXXXX.com_ecc. [Thu May 23 12:32:24 AM CEST 2024] _error_level='1' [Thu May 23 12:32:24 AM CEST 2024] _set_level='2' [Thu May 23 12:32:24 AM CEST 2024] The NOTIFY_HOOK is empty, just return. [Thu May 23 12:32:24 AM CEST 2024] ===End cron===

davidemiccone commented 1 month ago

The debug don't allow you to see the error, you can see the error if you remove
| grep -q 'Transaction created'

from line 359

Below extract of the output after removing | grep -q 'Transaction created'

-----END EC PRIVATE KEY-----\n' | socat '/var/run/haproxy/admin.sock' -'
Unknown command: '-e', but maybe one of the following ones is a better match:
  abort ssl cert <certfile>               : abort a transaction for a certificate file
  commit ssl cert <certfile>              : commit a certificate file
  set profiling <what> {auto|on|off}      : enable/disable resource profiling (tasks,memory)
  set ssl cert <certfile> <payload>       : replace a certificate file
  set ssl tls-key [id|file] <key>         : set the next TLS key for the <id> or <file> listener to <key>
  help [<command>]                        : list matching or all commands
  prompt [timed]                          : toggle interactive mode with prompt
  quit                                    : disconnect