ECDSA account key support

Remonli commented 8 years ago

According to https://github.com/letsencrypt/boulder/pull/1357, LE support ECDSA account key now, will you change to ECDSA ?

Neilpang commented 8 years ago

yes, adding it

FernandoMiguel commented 7 years ago

$ ./acme.sh --staging --issue -d acmesh.imperialus.house --dns dns_cf --keylength ec-256 $ ./acme.sh --staging --issue -d acmesh.imperialus.house --dns dns_cf --keylength ec-256 --ecc Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"

Neilpang commented 7 years ago

@FernandoMiguel

Show me your version:

acme.sh  -v

Neilpang commented 7 years ago

@FernandoMiguel Did you manually change the account.key to a ECC key ?

FernandoMiguel commented 7 years ago

Didn't charge anything, was just trying to generate an elliptic curve key instead of rsa. Couldn't find exact documentation for it, except those two commands in -h

Please advise

Neilpang commented 7 years ago

@FernandoMiguel

Paste the debug log here:

https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

FernandoMiguel commented 7 years ago

$ ./acme.sh --staging --issue -d acmeshEC256.imperialus.house --dns dns_cf --keylength ec-256 --debug [Thu 22 Sep 2016 11:01:47 BST] Lets guess script dir. [Thu 22 Sep 2016 11:01:47 BST] SCRIPT='./acme.sh' [Thu 22 Sep 2016 11:01:47 BST] _script [Thu 22 Sep 2016 11:01:47 BST] _script_home='.' [Thu 22 Sep 2016 11:01:47 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh https://github.com/Neilpang/acme.sh v2.5.5 [Thu 22 Sep 2016 11:01:47 BST] Using stage api:https://acme-staging.api.letsencrypt.org [Thu 22 Sep 2016 11:01:47 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmeshEC256.imperialus.house_ecc' [Thu 22 Sep 2016 11:01:47 BST] RSA key [Thu 22 Sep 2016 11:01:48 BST] Skip register account key [Thu 22 Sep 2016 11:01:48 BST] Read key length:ec-256 [Thu 22 Sep 2016 11:01:48 BST] Creating domain key [Thu 22 Sep 2016 11:01:49 BST] Use length 256 [Thu 22 Sep 2016 11:01:49 BST] Using ec name: prime256v1 [Thu 22 Sep 2016 11:01:49 BST] _createcsr [Thu 22 Sep 2016 11:01:49 BST] Single domain='acmeshEC256.imperialus.house' [Thu 22 Sep 2016 11:01:49 BST] Verify each domain [Thu 22 Sep 2016 11:01:49 BST] Getting webroot for domain='acmeshEC256.imperialus.house' [Thu 22 Sep 2016 11:01:49 BST] _w='dns_cf' [Thu 22 Sep 2016 11:01:49 BST] _currentRoot='dns_cf' [Thu 22 Sep 2016 11:01:49 BST] Getting token for domain='acmeshEC256.imperialus.house' [Thu 22 Sep 2016 11:01:49 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz' [Thu 22 Sep 2016 11:01:49 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmeshEC256.imperialus.house"}}' [Thu 22 Sep 2016 11:01:49 BST] RSA key [Thu 22 Sep 2016 11:01:50 BST] GET [Thu 22 Sep 2016 11:01:50 BST] url='https://acme-staging.api.letsencrypt.org/directory' [Thu 22 Sep 2016 11:01:50 BST] timeout [Thu 22 Sep 2016 11:01:50 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header ' [Thu 22 Sep 2016 11:01:51 BST] ret='0' [Thu 22 Sep 2016 11:01:51 BST] POST [Thu 22 Sep 2016 11:01:51 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz' [Thu 22 Sep 2016 11:01:51 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header ' [Thu 22 Sep 2016 11:01:52 BST] _ret='0' [Thu 22 Sep 2016 11:01:52 BST] code='201' [Thu 22 Sep 2016 11:01:52 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22gx5ZXXX"' [Thu 22 Sep 2016 11:01:52 BST] token='-MtU9K4YXXX' [Thu 22 Sep 2016 11:01:52 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22gxXXX' [Thu 22 Sep 2016 11:01:52 BST] keyauthorization='-MtU9K4YEyXXX' [Thu 22 Sep 2016 11:01:52 BST] dvlist='acmeshEC256.imperialus.house#-MtU9K4YEyMhhwvXXXX#https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22XXXX/14975275#dns-01#dns_cf' [Thu 22 Sep 2016 11:01:52 BST] txtdomain='_acme-challenge.acmeshEC256.imperialus.house' [Thu 22 Sep 2016 11:01:52 BST] txt='KA_oYXXX' [Thu 22 Sep 2016 11:01:52 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh' [Thu 22 Sep 2016 11:01:52 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh [Thu 22 Sep 2016 11:01:52 BST] First detect the root zone [Thu 22 Sep 2016 11:01:52 BST] zones?name=acmeshEC256.imperialus.house [Thu 22 Sep 2016 11:01:52 BST] GET [Thu 22 Sep 2016 11:01:52 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmeshEC256.imperialus.house' [Thu 22 Sep 2016 11:01:52 BST] timeout [Thu 22 Sep 2016 11:01:52 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header ' [Thu 22 Sep 2016 11:01:53 BST] ret='0' [Thu 22 Sep 2016 11:01:53 BST] zones?name=imperialus.house [Thu 22 Sep 2016 11:01:53 BST] GET [Thu 22 Sep 2016 11:01:53 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house' [Thu 22 Sep 2016 11:01:53 BST] timeout [Thu 22 Sep 2016 11:01:53 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header ' [Thu 22 Sep 2016 11:01:54 BST] ret='0' [Thu 22 Sep 2016 11:01:54 BST] _domain_id='XXX' [Thu 22 Sep 2016 11:01:54 BST] _sub_domain='_acme-challenge.acmeshEC256' [Thu 22 Sep 2016 11:01:54 BST] _domain='imperialus.house' [Thu 22 Sep 2016 11:01:54 BST] Getting txt records [Thu 22 Sep 2016 11:01:54 BST] zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC256.imperialus.house [Thu 22 Sep 2016 11:01:54 BST] GET [Thu 22 Sep 2016 11:01:54 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC256.imperialus.house' [Thu 22 Sep 2016 11:01:54 BST] timeout [Thu 22 Sep 2016 11:01:54 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header ' [Thu 22 Sep 2016 11:01:55 BST] ret='0' [Thu 22 Sep 2016 11:01:55 BST] count='0' [Thu 22 Sep 2016 11:01:55 BST] Adding record [Thu 22 Sep 2016 11:01:55 BST] zones/XXX/dns_records [Thu 22 Sep 2016 11:01:55 BST] data='{"type":"TXT","name":"_acme-challenge.acmeshEC256.imperialus.house","content":"XXX-XXX","ttl":120}' [Thu 22 Sep 2016 11:01:55 BST] POST [Thu 22 Sep 2016 11:01:55 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records' [Thu 22 Sep 2016 11:01:55 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header ' [Thu 22 Sep 2016 11:01:56 BST] _ret='0' [Thu 22 Sep 2016 11:01:56 BST] Add txt record error. [Thu 22 Sep 2016 11:01:56 BST] Error add txt for domain:_acme-challenge.acmeshEC256.imperialus.house [Thu 22 Sep 2016 11:01:56 BST] pid

FYI, this subdomain didnt exist prior to run this command , not sure if an A record is required

Neilpang commented 7 years ago

add --debug 2

FernandoMiguel commented 7 years ago

I hope i've removed all API keys, but let me know if i'm exposing something that needs to be revoked.

$ ./acme.sh --staging --issue -d acmeshEC2562.imperialus.house --dns dns_cf --keylength ec-256 --debug 2
[Thu 22 Sep 2016 11:31:33 BST] Lets guess script dir.
[Thu 22 Sep 2016 11:31:33 BST] _SCRIPT_='./acme.sh'
[Thu 22 Sep 2016 11:31:33 BST] _script
[Thu 22 Sep 2016 11:31:33 BST] _script_home='.'
[Thu 22 Sep 2016 11:31:33 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 11:31:33 BST] 20:USER_AGENT=""
[Thu 22 Sep 2016 11:31:33 BST] 6:ACCOUNT_EMAIL=""
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 11:31:33 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 11:31:33 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc'
[Thu 22 Sep 2016 11:31:33 BST] 1:Le_Domain="acmeshEC2562.imperialus.house"
[Thu 22 Sep 2016 11:31:33 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 11:31:33 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 11:31:33 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 11:31:33 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 11:31:33 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 11:31:33 BST] RSA key
[Thu 22 Sep 2016 11:31:35 BST] Registering account
[Thu 22 Sep 2016 11:31:35 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 11:31:35 BST] payload='{"resource": "new-reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Thu 22 Sep 2016 11:31:35 BST] RSA key
[Thu 22 Sep 2016 11:31:36 BST] GET
[Thu 22 Sep 2016 11:31:36 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 11:31:36 BST] timeout
[Thu 22 Sep 2016 11:31:36 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.kiSFJLeV '
[Thu 22 Sep 2016 11:31:37 BST] ret='0'
[Thu 22 Sep 2016 11:31:37 BST] POST
[Thu 22 Sep 2016 11:31:37 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 11:31:37 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXX"}'
[Thu 22 Sep 2016 11:31:37 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.OCjDMxuf '
[Thu 22 Sep 2016 11:31:38 BST] _ret='0'
[Thu 22 Sep 2016 11:31:38 BST] original='{
  "type": "urn:acme:error:malformed",
  "detail": "Registration key is already in use",
  "status": 409
}'
[Thu 22 Sep 2016 11:31:38 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 10:31:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Location: https://acme-staging.api.letsencrypt.org/acme/reg/340385
Replay-Nonce: XXX
Expires: Thu, 22 Sep 2016 10:31:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 10:31:38 GMT
Connection: close
'
[Thu 22 Sep 2016 11:31:38 BST] response='{"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status": 409}'
[Thu 22 Sep 2016 11:31:38 BST] code='409'
[Thu 22 Sep 2016 11:31:38 BST] Already registered
[Thu 22 Sep 2016 11:31:38 BST] 18:ACCOUNT_KEY_HASH="H/XX="
[Thu 22 Sep 2016 11:31:38 BST] Read key length:ec-256
[Thu 22 Sep 2016 11:31:38 BST] Creating domain key
[Thu 22 Sep 2016 11:31:38 BST] Use length 256
[Thu 22 Sep 2016 11:31:38 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 11:31:38 BST] _createcsr
[Thu 22 Sep 2016 11:31:38 BST] domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] domainlist
[Thu 22 Sep 2016 11:31:38 BST] csrkey='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.key'
[Thu 22 Sep 2016 11:31:38 BST] csr='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.csr'
[Thu 22 Sep 2016 11:31:38 BST] csrconf='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.csr.conf'
[Thu 22 Sep 2016 11:31:38 BST] Single domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 11:31:38 BST] Verify each domain
[Thu 22 Sep 2016 11:31:38 BST] Getting webroot for domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] _w='dns_cf'
[Thu 22 Sep 2016 11:31:38 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 11:31:38 BST] Getting token for domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:31:38 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmeshEC2562.imperialus.house"}}'
[Thu 22 Sep 2016 11:31:38 BST] RSA key
[Thu 22 Sep 2016 11:31:40 BST] GET
[Thu 22 Sep 2016 11:31:40 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 11:31:40 BST] timeout
[Thu 22 Sep 2016 11:31:40 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.laRSV7dp '
[Thu 22 Sep 2016 11:31:40 BST] ret='0'
[Thu 22 Sep 2016 11:31:40 BST] POST
[Thu 22 Sep 2016 11:31:40 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:31:40 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "XXX"}'
[Thu 22 Sep 2016 11:31:40 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.ls8WBqsS '
[Thu 22 Sep 2016 11:31:41 BST] _ret='0'
[Thu 22 Sep 2016 11:31:41 BST] original='{
  "identifier": {
    "type": "dns",
    "value": "acmeshec2562.imperialus.house"
  },
  "status": "pending",
  "expires": "2016-09-29T10:31:41.844001602Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XX",
      "token": "SII4LwmkELXXX"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX",
      "token": "iODhfz6bEVmtXXXX"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XX",
      "token": "qlTeMeXXX"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ],
    [
      2
    ]
  ]
}'
[Thu 22 Sep 2016 11:31:41 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 10:31:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1023
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/XXX
Replay-Nonce: XXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 10:31:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 10:31:41 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 11:31:42 BST] response='{"identifier":{"type":"dns","value":"acmeshec2562.imperialus.house"},"status":"pending","expires":"2016-09-29T10:31:41.844001602Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/XXXX}],"combinations":[[0],[1],[2]]}'
[Thu 22 Sep 2016 11:31:42 BST] code='201'
[Thu 22 Sep 2016 11:31:42 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX","token":"XXX"'
[Thu 22 Sep 2016 11:31:42 BST] token='XXX'
[Thu 22 Sep 2016 11:31:42 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XX/XXX'
[Thu 22 Sep 2016 11:31:42 BST] keyauthorization='XXX.XXX'
[Thu 22 Sep 2016 11:31:42 BST] dvlist='acmeshEC2562.imperialus.house#XXX.XX#https://acme-staging.api.letsencrypt.org/acme/challenge/XX/XXX#dns-01#dns_cf'
[Thu 22 Sep 2016 11:31:42 BST] txtdomain='_acme-challenge.acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:42 BST] txt='XXX-XXX'
[Thu 22 Sep 2016 11:31:42 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 11:31:42 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 11:31:42 BST] 28:CF_Key="XX"
[Thu 22 Sep 2016 11:31:42 BST] 30:CF_Email="XXX"
[Thu 22 Sep 2016 11:31:42 BST] First detect the root zone
[Thu 22 Sep 2016 11:31:42 BST] zones?name=acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:42 BST] GET
[Thu 22 Sep 2016 11:31:42 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:42 BST] timeout
[Thu 22 Sep 2016 11:31:42 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.HymEP1uA '
[Thu 22 Sep 2016 11:31:43 BST] ret='0'
[Thu 22 Sep 2016 11:31:43 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:43 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 11:31:43 BST] GET
[Thu 22 Sep 2016 11:31:43 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 11:31:43 BST] timeout
[Thu 22 Sep 2016 11:31:43 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.pKhvJjr1 '
[Thu 22 Sep 2016 11:31:44 BST] ret='0'
[Thu 22 Sep 2016 11:31:44 BST] response='{"result":[{"id":"XXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T10:24:57.680746Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXXX","email":"XXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"0feeeeeeeeeeeeeeeeeeeeeeeeeeeeee","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:44 BST] _domain_id='XXX'
[Thu 22 Sep 2016 11:31:44 BST] _sub_domain='_acme-challenge.acmeshEC2562'
[Thu 22 Sep 2016 11:31:44 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 11:31:44 BST] Getting txt records
[Thu 22 Sep 2016 11:31:44 BST] zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:44 BST] GET
[Thu 22 Sep 2016 11:31:44 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:44 BST] timeout
[Thu 22 Sep 2016 11:31:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.2zCoSfTi '
[Thu 22 Sep 2016 11:31:44 BST] ret='0'
[Thu 22 Sep 2016 11:31:44 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:44 BST] count='0'
[Thu 22 Sep 2016 11:31:44 BST] Adding record
[Thu 22 Sep 2016 11:31:44 BST] zones/XXX/dns_records
[Thu 22 Sep 2016 11:31:44 BST] data='{"type":"TXT","name":"_acme-challenge.acmeshEC2562.imperialus.house","content":"XXX-XX","ttl":120}'
[Thu 22 Sep 2016 11:31:44 BST] POST
[Thu 22 Sep 2016 11:31:44 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records'
[Thu 22 Sep 2016 11:31:44 BST] body='{"type":"TXT","name":"_acme-challenge.acmeshEC2562.imperialus.house","content":"XXX-XX","ttl":120}'
[Thu 22 Sep 2016 11:31:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.sUM6UiC7 '
[Thu 22 Sep 2016 11:31:45 BST] _ret='0'
[Thu 22 Sep 2016 11:31:45 BST] response='{"result":{"id":"XXX","type":"TXT","name":"_acme-challenge.acmeshec2562.imperialus.house","content":"XXX-XXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"XXX","zone_name":"imperialus.house","modified_on":"2016-09-22T10:31:45.632349Z","created_on":"2016-09-22T10:31:45.632349Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:45 BST] Add txt record error.
[Thu 22 Sep 2016 11:31:45 BST] Error add txt for domain:_acme-challenge.acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:45 BST] pid

Neilpang commented 7 years ago

@FernandoMiguel I made a fix: cfdaff5a46ed6bbd4ea716a1e6f0dc8b79a1bdf7

Please upgrade to latest code and try again:

acme.sh  --upgrade

FernandoMiguel commented 7 years ago

$ ./acme.sh --staging --issue -d acmesh2565.imperialus.house --dns dns_cf --keylength ec-256  --debug 2
[Thu 22 Sep 2016 13:52:39 BST] Lets guess script dir.
[Thu 22 Sep 2016 13:52:39 BST] _SCRIPT_='./acme.sh'
[Thu 22 Sep 2016 13:52:39 BST] _script
[Thu 22 Sep 2016 13:52:39 BST] _script_home='.'
[Thu 22 Sep 2016 13:52:39 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 13:52:39 BST] 20:USER_AGENT=""
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 13:52:39 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 13:52:39 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc'
[Thu 22 Sep 2016 13:52:39 BST] 1:Le_Domain="acmesh2565.imperialus.house"
[Thu 22 Sep 2016 13:52:39 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 13:52:39 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 13:52:39 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 13:52:39 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 13:52:39 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 13:52:39 BST] RSA key
[Thu 22 Sep 2016 13:52:41 BST] Registering account
[Thu 22 Sep 2016 13:52:41 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 13:52:41 BST] payload='{"resource": "new-reg", "contact": ["mailto: SSL@FernandoMiguel.net"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Thu 22 Sep 2016 13:52:41 BST] RSA key
[Thu 22 Sep 2016 13:52:42 BST] GET
[Thu 22 Sep 2016 13:52:42 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:52:42 BST] timeout
[Thu 22 Sep 2016 13:52:42 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.tUBFIFoD '
[Thu 22 Sep 2016 13:52:43 BST] ret='0'
[Thu 22 Sep 2016 13:52:43 BST] POST
[Thu 22 Sep 2016 13:52:43 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 13:52:43 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXXX"}'
[Thu 22 Sep 2016 13:52:43 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.8fADt6I1 '
[Thu 22 Sep 2016 13:52:44 BST] _ret='0'
[Thu 22 Sep 2016 13:52:44 BST] original='{
  "type": "urn:acme:error:malformed",
  "detail": "Registration key is already in use",
  "status": 409
}'
[Thu 22 Sep 2016 13:52:44 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:52:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Request-Id: Mle4VXXX
Boulder-Requester: 340385
Location: https://acme-staging.api.letsencrypt.org/acme/reg/340385
Replay-Nonce: XXXX
Expires: Thu, 22 Sep 2016 12:52:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:52:44 GMT
Connection: close
'
[Thu 22 Sep 2016 13:52:44 BST] response='{"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status": 409}'
[Thu 22 Sep 2016 13:52:44 BST] code='409'
[Thu 22 Sep 2016 13:52:44 BST] Already registered
[Thu 22 Sep 2016 13:52:44 BST] 18:ACCOUNT_KEY_HASH="XXXX="
[Thu 22 Sep 2016 13:52:44 BST] Read key length:ec-256
[Thu 22 Sep 2016 13:52:44 BST] Creating domain key
[Thu 22 Sep 2016 13:52:44 BST] Use length 256
[Thu 22 Sep 2016 13:52:44 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 13:52:44 BST] _createcsr
[Thu 22 Sep 2016 13:52:44 BST] domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] domainlist
[Thu 22 Sep 2016 13:52:44 BST] csrkey='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.key'
[Thu 22 Sep 2016 13:52:44 BST] csr='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.csr'
[Thu 22 Sep 2016 13:52:44 BST] csrconf='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.csr.conf'
[Thu 22 Sep 2016 13:52:44 BST] Single domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 13:52:44 BST] Verify each domain
[Thu 22 Sep 2016 13:52:44 BST] Getting webroot for domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] _w='dns_cf'
[Thu 22 Sep 2016 13:52:44 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 13:52:44 BST] Getting token for domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 13:52:44 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmesh2565.imperialus.house"}}'
[Thu 22 Sep 2016 13:52:44 BST] RSA key
[Thu 22 Sep 2016 13:52:46 BST] GET
[Thu 22 Sep 2016 13:52:46 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:52:46 BST] timeout
[Thu 22 Sep 2016 13:52:46 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.UBCpiWgT '
[Thu 22 Sep 2016 13:52:47 BST] ret='0'
[Thu 22 Sep 2016 13:52:47 BST] POST
[Thu 22 Sep 2016 13:52:47 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 13:52:47 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "XXX"}'
[Thu 22 Sep 2016 13:52:47 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.HxhW0X3Y '
[Thu 22 Sep 2016 13:52:48 BST] _ret='0'
[Thu 22 Sep 2016 13:52:48 BST] original='{
  "identifier": {
    "type": "dns",
    "value": "acmesh2565.imperialus.house"
  },
  "status": "pending",
  "expires": "2016-09-29T12:52:47.934326806Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX",
      "token": "XXXX"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX",
      "token": "XXX"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/IK_e3RGFc7XXX",
      "token": "tJn4RXXX"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      2
    ],
    [
      1
    ]
  ]
}'
[Thu 22 Sep 2016 13:52:48 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:52:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1021
Boulder-Request-Id: XXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/XXXX
Replay-Nonce: _FM5YZXXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 12:52:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:52:48 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 13:52:48 BST] response='{"identifier":{"type":"dns","value":"acmesh2565.imperialus.house"},"status":"pending","expires":"2016-09-29T12:52:47.934326806Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX","token":"XXXX"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993884","token":"tJn4RmXXX"}],"combinations":[[0],[2],[1]]}'
[Thu 22 Sep 2016 13:52:48 BST] code='201'
[Thu 22 Sep 2016 13:52:48 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX"'
[Thu 22 Sep 2016 13:52:48 BST] token='-MLCOWF6kXXX'
[Thu 22 Sep 2016 13:52:48 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:52:48 BST] keyauthorization='-MLCXXX'
[Thu 22 Sep 2016 13:52:48 BST] dvlist='acmesh2565.imperialus.house#-MLCOWXXXX#https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883#dns-01#dns_cf'
[Thu 22 Sep 2016 13:52:48 BST] txtdomain='_acme-challenge.acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:48 BST] txt='XXXX'
[Thu 22 Sep 2016 13:52:48 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 13:52:48 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 13:52:48 BST] 28:CF_Key="XXXX"
[Thu 22 Sep 2016 13:52:48 BST] 30:CF_Email="XXXX"
[Thu 22 Sep 2016 13:52:48 BST] First detect the root zone
[Thu 22 Sep 2016 13:52:48 BST] zones?name=acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:52:48 BST] GET
[Thu 22 Sep 2016 13:52:48 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:48 BST] timeout
[Thu 22 Sep 2016 13:52:48 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.vBbJkPvN '
[Thu 22 Sep 2016 13:52:48 BST] ret='0'
[Thu 22 Sep 2016 13:52:48 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:48 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 13:52:49 BST] GET
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] timeout
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.erxtJZKg '
[Thu 22 Sep 2016 13:52:49 BST] ret='0'
[Thu 22 Sep 2016 13:52:49 BST] response='{"result":[{"id":"XXXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T12:50:45.268289Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXX","email":"XXXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"XXX","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:49 BST] _domain_id='XXXX'
[Thu 22 Sep 2016 13:52:49 BST] _sub_domain='_acme-challenge.acmesh2565'
[Thu 22 Sep 2016 13:52:49 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] Getting txt records
[Thu 22 Sep 2016 13:52:49 BST] zones/XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:52:49 BST] GET
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones/XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] timeout
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.tilQpVoO '
[Thu 22 Sep 2016 13:52:49 BST] ret='0'
[Thu 22 Sep 2016 13:52:49 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:49 BST] count='0'
[Thu 22 Sep 2016 13:52:49 BST] Adding record
[Thu 22 Sep 2016 13:52:49 BST] zones/XXXX/dns_records
[Thu 22 Sep 2016 13:52:49 BST] data='{"type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","ttl":120}'
[Thu 22 Sep 2016 13:52:49 BST] POST
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones/XXXX/dns_records'
[Thu 22 Sep 2016 13:52:49 BST] body='{"type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","ttl":120}'
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.vbJsjUvv '
[Thu 22 Sep 2016 13:52:50 BST] _ret='0'
[Thu 22 Sep 2016 13:52:50 BST] response='{"result":{"id":"XXXX","type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"XXXX","zone_name":"imperialus.house","modified_on":"2016-09-22T12:52:50.187501Z","created_on":"2016-09-22T12:52:50.187501Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:50 BST] Added, sleeping 10 seconds
[Thu 22 Sep 2016 13:53:00 BST] Sleep 10 seconds for the txt records to take effect
[Thu 22 Sep 2016 13:53:10 BST] ok, let's start to verify
[Thu 22 Sep 2016 13:53:10 BST] Verifying:acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:53:10 BST] d='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:53:10 BST] keyauthorization='-MLCOWXXXX'
[Thu 22 Sep 2016 13:53:10 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:10 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 13:53:10 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:10 BST] payload='{"resource": "challenge", "keyAuthorization": "-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:10 BST] RSA key
[Thu 22 Sep 2016 13:53:12 BST] GET
[Thu 22 Sep 2016 13:53:12 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:53:12 BST] timeout
[Thu 22 Sep 2016 13:53:12 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.nmsSlYiH '
[Thu 22 Sep 2016 13:53:12 BST] ret='0'
[Thu 22 Sep 2016 13:53:12 BST] POST
[Thu 22 Sep 2016 13:53:12 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:12 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXXX"}}, "protected": "XXX", "payload": "XXX", "signature": "XXX-ZC"}'
[Thu 22 Sep 2016 13:53:12 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.v04YMPvs '
[Thu 22 Sep 2016 13:53:13 BST] _ret='0'
[Thu 22 Sep 2016 13:53:13 BST] original='{
  "type": "dns-01",
  "status": "pending",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883",
  "token": "-XXXX",
  "keyAuthorization": "-MLCOWXXXX"
}'
[Thu 22 Sep 2016 13:53:13 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:53:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/XXXX>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883
Replay-Nonce: XXXX
Expires: Thu, 22 Sep 2016 12:53:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:53:13 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 13:53:13 BST] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX","keyAuthorization":"-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:13 BST] code='202'
[Thu 22 Sep 2016 13:53:13 BST] sleep 5 secs to verify
[Thu 22 Sep 2016 13:53:18 BST] checking
[Thu 22 Sep 2016 13:53:18 BST] GET
[Thu 22 Sep 2016 13:53:18 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:18 BST] timeout
[Thu 22 Sep 2016 13:53:18 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.PnYcF233 '
[Thu 22 Sep 2016 13:53:19 BST] ret='0'
[Thu 22 Sep 2016 13:53:19 BST] original='{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Correct value not found for DNS challenge",
    "status": 403
  },
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883",
  "token": "-XXXX",
  "keyAuthorization": "-MLCOWXXXX"
}'
[Thu 22 Sep 2016 13:53:19 BST] response='{"type":"dns-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Correct value not found for DNS challenge","status": 403},"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX","keyAuthorization":"-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:19 BST] error='"error":{"type":"urn:acme:error:unauthorized","detail":"Correct value not found for DNS challenge","status": 403}'
[Thu 22 Sep 2016 13:53:19 BST] errordetail='Correct value not found for DNS challenge'
[Thu 22 Sep 2016 13:53:19 BST] acmesh2565.imperialus.house:Verify error:Correct value not found for DNS challenge
[Thu 22 Sep 2016 13:53:19 BST] Skip for removelevel:
[Thu 22 Sep 2016 13:53:19 BST] pid

Neilpang commented 7 years ago

@FernandoMiguel Can you please log in to your cloudflare account to see if the txt record is added successfully?

_acme-challenge.acmesh2565.imperialus.house

FernandoMiguel commented 7 years ago

$ alias acme.sh="/Users/Fernando/.acme.sh/acme.sh" $ acme.sh --staging --issue -d acmesh2566.imperialus.house --dns dns_cf --keylength ec-256 [Thu 22 Sep 2016 14:27:30 BST] Using stage api:https://acme-staging.api.letsencrypt.org [Thu 22 Sep 2016 14:27:31 BST] Skip register account key [Thu 22 Sep 2016 14:27:31 BST] Creating domain key [Thu 22 Sep 2016 14:27:31 BST] Single domain='acmesh2566.imperialus.house' [Thu 22 Sep 2016 14:27:31 BST] Verify each domain [Thu 22 Sep 2016 14:27:31 BST] Getting webroot for domain='acmesh2566.imperialus.house' [Thu 22 Sep 2016 14:27:31 BST] Getting token for domain='acmesh2566.imperialus.house' [Thu 22 Sep 2016 14:27:34 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh [Thu 22 Sep 2016 14:27:37 BST] Adding record [Thu 22 Sep 2016 14:27:38 BST] Added, sleeping 10 seconds [Thu 22 Sep 2016 14:27:48 BST] Sleep 10 seconds for the txt records to take effect [Thu 22 Sep 2016 14:27:58 BST] Verifying:acmesh2566.imperialus.house [Thu 22 Sep 2016 14:28:07 BST] Success [Thu 22 Sep 2016 14:28:07 BST] Verify finished, start to sign. [Thu 22 Sep 2016 14:28:10 BST] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"

screenshot 2016-09-22 14 27 55

Neilpang commented 7 years ago

@FernandoMiguel

--debug 2

FernandoMiguel commented 7 years ago

$ dig TXT _acme-challenge.acmesh2567.imperialus.house +short
"zpBADYWquyZfXXXX"

$ acme.sh --staging --issue -d acmesh2567.imperialus.house --dns dns_cf --keylength ec-256  --debug 2
[Thu 22 Sep 2016 19:30:22 BST] Lets guess script dir.
[Thu 22 Sep 2016 19:30:22 BST] _SCRIPT_='/Users/Fernando/.acme.sh/acme.sh'
[Thu 22 Sep 2016 19:30:22 BST] _script
[Thu 22 Sep 2016 19:30:22 BST] _script_home='.'
[Thu 22 Sep 2016 19:30:22 BST] It seems that acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 19:30:22 BST] 20:USER_AGENT=""
[Thu 22 Sep 2016 19:30:22 BST] 6:ACCOUNT_EMAIL="XXXX"
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 19:30:22 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 19:30:22 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc'
[Thu 22 Sep 2016 19:30:22 BST] 1:Le_Domain="acmesh2567.imperialus.house"
[Thu 22 Sep 2016 19:30:22 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 19:30:22 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 19:30:22 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 19:30:22 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 19:30:22 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 19:30:22 BST] RSA key
[Thu 22 Sep 2016 19:30:24 BST] Skip register account key
[Thu 22 Sep 2016 19:30:24 BST] Read key length:ec-256
[Thu 22 Sep 2016 19:30:24 BST] Creating domain key
[Thu 22 Sep 2016 19:30:24 BST] Use length 256
[Thu 22 Sep 2016 19:30:24 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 19:30:24 BST] _createcsr
[Thu 22 Sep 2016 19:30:24 BST] domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] domainlist
[Thu 22 Sep 2016 19:30:24 BST] csrkey='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.key'
[Thu 22 Sep 2016 19:30:24 BST] csr='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.csr'
[Thu 22 Sep 2016 19:30:24 BST] csrconf='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.csr.conf'
[Thu 22 Sep 2016 19:30:24 BST] Single domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 19:30:24 BST] Verify each domain
[Thu 22 Sep 2016 19:30:24 BST] Getting webroot for domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] _w='dns_cf'
[Thu 22 Sep 2016 19:30:24 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 19:30:24 BST] Getting new-authz for domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 19:30:24 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmesh2567.imperialus.house"}}'
[Thu 22 Sep 2016 19:30:24 BST] RSA key
[Thu 22 Sep 2016 19:30:26 BST] GET
[Thu 22 Sep 2016 19:30:26 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:30:26 BST] timeout
[Thu 22 Sep 2016 19:30:26 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.KJQAdPZv '
[Thu 22 Sep 2016 19:30:27 BST] ret='0'
[Thu 22 Sep 2016 19:30:27 BST] POST
[Thu 22 Sep 2016 19:30:27 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 19:30:27 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB--S---XXXX"}}, "protected": "eyJuXXXX", "payload": "eyJyXXXX", "signature": "FypNZ_XXX"}'
[Thu 22 Sep 2016 19:30:27 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.KNtxJfNd '
[Thu 22 Sep 2016 19:30:28 BST] _ret='0'
[Thu 22 Sep 2016 19:30:28 BST] original='{
  "identifier": {
    "type": "dns",
    "value": "acmesh2567.imperialus.house"
  },
  "status": "pending",
  "expires": "2016-09-29T18:30:28.046026987Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX/15029723",
      "token": "ifzlkDXXXX"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029724",
      "token": "Ym_jLwV_PXXXXX"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029725",
      "token": "ffCxV_jJMpXXXX"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      2
    ],
    [
      1
    ]
  ]
}'
[Thu 22 Sep 2016 19:30:28 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:30:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1021
Boulder-Request-Id: 8RofDXXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/EblzXXXX
Replay-Nonce: RNK_DEXXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 18:30:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:30:28 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 19:30:28 BST] response='{"identifier":{"type":"dns","value":"acmesh2567.imperialus.house"},"status":"pending","expires":"2016-09-29T18:30:28.046026987Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029724","token":"Ym_jLwV_PXXXXX"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029725","token":"ffCxV_jJMpXXXX"}],"combinations":[[0],[2],[1]]}'
[Thu 22 Sep 2016 19:30:28 BST] code='201'
[Thu 22 Sep 2016 19:30:28 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX"'
[Thu 22 Sep 2016 19:30:28 BST] token='ifzlkDXXXX'
[Thu 22 Sep 2016 19:30:28 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:30:28 BST] keyauthorization='ifzlkDXXXX.XXXX'
[Thu 22 Sep 2016 19:30:28 BST] dvlist='acmesh2567.imperialus.house#ifzlkDXXXX.XXXXo#https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX#dns-01#dns_cf'
[Thu 22 Sep 2016 19:30:28 BST] txtdomain='_acme-challenge.acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:28 BST] txt='zpBAXXXX'
[Thu 22 Sep 2016 19:30:28 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 19:30:28 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 19:30:28 BST] 28:CF_Key="XXX"
[Thu 22 Sep 2016 19:30:28 BST] 30:CF_Email="XXXX"
[Thu 22 Sep 2016 19:30:28 BST] First detect the root zone
[Thu 22 Sep 2016 19:30:28 BST] zones?name=acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:30:28 BST] GET
[Thu 22 Sep 2016 19:30:28 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:28 BST] timeout
[Thu 22 Sep 2016 19:30:28 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.Ch48xyIP '
[Thu 22 Sep 2016 19:30:30 BST] ret='0'
[Thu 22 Sep 2016 19:30:30 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:30 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 19:30:30 BST] GET
[Thu 22 Sep 2016 19:30:30 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 19:30:30 BST] timeout
[Thu 22 Sep 2016 19:30:30 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.BX3sRG0G '
[Thu 22 Sep 2016 19:30:30 BST] ret='0'
[Thu 22 Sep 2016 19:30:30 BST] response='{"result":[{"id":"027XXXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T13:29:31.210521Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXX","email":"XXXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"XXXX","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:30 BST] _domain_id='027XXXX'
[Thu 22 Sep 2016 19:30:30 BST] _sub_domain='_acme-challenge.acmesh2567'
[Thu 22 Sep 2016 19:30:31 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 19:30:31 BST] Getting txt records
[Thu 22 Sep 2016 19:30:31 BST] zones/027XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:30:31 BST] GET
[Thu 22 Sep 2016 19:30:31 BST] url='https://api.cloudflare.com/client/v4/zones/027XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:31 BST] timeout
[Thu 22 Sep 2016 19:30:31 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.2urfdcpt '
[Thu 22 Sep 2016 19:30:31 BST] ret='0'
[Thu 22 Sep 2016 19:30:31 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:31 BST] count='0'
[Thu 22 Sep 2016 19:30:31 BST] Adding record
[Thu 22 Sep 2016 19:30:31 BST] zones/027XXXX/dns_records
[Thu 22 Sep 2016 19:30:31 BST] data='{"type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","ttl":120}'
[Thu 22 Sep 2016 19:30:31 BST] POST
[Thu 22 Sep 2016 19:30:31 BST] url='https://api.cloudflare.com/client/v4/zones/027XXXX/dns_records'
[Thu 22 Sep 2016 19:30:31 BST] body='{"type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","ttl":120}'
[Thu 22 Sep 2016 19:30:31 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.4JT9n0F4 '
[Thu 22 Sep 2016 19:30:32 BST] _ret='0'
[Thu 22 Sep 2016 19:30:32 BST] response='{"result":{"id":"97caXXXX","type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"027XXXX","zone_name":"imperialus.house","modified_on":"2016-09-22T18:30:32.506831Z","created_on":"2016-09-22T18:30:32.506831Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:32 BST] Added, sleeping 10 seconds
[Thu 22 Sep 2016 19:30:42 BST] Sleep 120 seconds for the txt records to take effect
[Thu 22 Sep 2016 19:32:42 BST] ok, let's start to verify
[Thu 22 Sep 2016 19:32:42 BST] Verifying:acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:32:42 BST] d='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:32:42 BST] keyauthorization='ifzlkDXXXX.XXXX'
[Thu 22 Sep 2016 19:32:42 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:42 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 19:32:42 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:42 BST] payload='{"resource": "challenge", "keyAuthorization": "ifzlkDXXXX.XXXX"}'
[Thu 22 Sep 2016 19:32:42 BST] RSA key
[Thu 22 Sep 2016 19:32:44 BST] GET
[Thu 22 Sep 2016 19:32:44 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:32:44 BST] timeout
[Thu 22 Sep 2016 19:32:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.DFxbNy94 '
[Thu 22 Sep 2016 19:32:45 BST] ret='0'
[Thu 22 Sep 2016 19:32:45 BST] POST
[Thu 22 Sep 2016 19:32:45 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:45 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-fguXXXX"}}, "protected": "eyJXXXX", "payload": "eyJyXXXX", "signature": "E0SbVXXXXX"}'
[Thu 22 Sep 2016 19:32:45 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.92B4ZoYY '
[Thu 22 Sep 2016 19:32:46 BST] _ret='0'
[Thu 22 Sep 2016 19:32:46 BST] original='{
  "type": "dns-01",
  "status": "pending",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX",
  "token": "ifzlkDXXXX",
  "keyAuthorization": "ifzlkDXXXX.XXXX"
}'
[Thu 22 Sep 2016 19:32:46 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:32:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Boulder-Request-Id: 1LAmYXXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/EblzXXXX>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXX
Replay-Nonce: yhXwPXXXX
Expires: Thu, 22 Sep 2016 18:32:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:32:46 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 19:32:46 BST] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXX","token":"ifzlkDXXXX","keyAuthorization":"XXX.XXXX"}'
[Thu 22 Sep 2016 19:32:46 BST] code='202'
[Thu 22 Sep 2016 19:32:46 BST] sleep 5 secs to verify
[Thu 22 Sep 2016 19:32:51 BST] checking
[Thu 22 Sep 2016 19:32:51 BST] GET
[Thu 22 Sep 2016 19:32:52 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXX'
[Thu 22 Sep 2016 19:32:52 BST] timeout
[Thu 22 Sep 2016 19:32:52 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.ad8Y3WwU '
[Thu 22 Sep 2016 19:32:52 BST] ret='0'
[Thu 22 Sep 2016 19:32:52 BST] original='{
  "type": "dns-01",
  "status": "valid",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX",
  "token": "ifzlkDXXXX",
  "keyAuthorization": "ifzlkDXXXX.XXXX",
  "validationRecord": [
    {
      "hostname": "acmesh2567.imperialus.house",
      "port": "",
      "addressesResolved": null,
      "addressUsed": ""
    }
  ]
}'
[Thu 22 Sep 2016 19:32:52 BST] response='{"type":"dns-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX","keyAuthorization":"ifzlkDXXXX.XXXX","validationRecord":[{"hostname":"acmesh2567.imperialus.house","port":"","addressesResolved": null,"addressUsed":""}]}'
[Thu 22 Sep 2016 19:32:52 BST] Success
[Thu 22 Sep 2016 19:32:52 BST] pid
[Thu 22 Sep 2016 19:32:52 BST] Skip for removelevel:
[Thu 22 Sep 2016 19:32:52 BST] pid
[Thu 22 Sep 2016 19:32:52 BST] Verify finished, start to sign.
[Thu 22 Sep 2016 19:32:52 BST] i='2'
[Thu 22 Sep 2016 19:32:52 BST] j='7'
[Thu 22 Sep 2016 19:32:52 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Thu 22 Sep 2016 19:32:52 BST] payload='{"resource": "new-cert", "csr": "MIH-XXXX"}'
[Thu 22 Sep 2016 19:32:52 BST] RSA key
[Thu 22 Sep 2016 19:32:54 BST] GET
[Thu 22 Sep 2016 19:32:54 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:32:54 BST] timeout
[Thu 22 Sep 2016 19:32:54 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.rV81srQ9 '
[Thu 22 Sep 2016 19:32:55 BST] ret='0'
[Thu 22 Sep 2016 19:32:55 BST] POST
[Thu 22 Sep 2016 19:32:55 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Thu 22 Sep 2016 19:32:55 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-fguXXXX"}}, "protected": "eyJub25jXXXX", "payload": "eyJyXXXX", "signature": "TkfXXXX"}'
[Thu 22 Sep 2016 19:32:55 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.SXFPfFKr '
[Thu 22 Sep 2016 19:32:56 BST] _ret='0'
[Thu 22 Sep 2016 19:32:56 BST] original='ewogXXXX'
[Thu 22 Sep 2016 19:32:56 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:32:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 133
Boulder-Request-Id: 8CXXXX
Boulder-Requester: 340385
Replay-Nonce: R5pXXXX
Expires: Thu, 22 Sep 2016 18:32:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:32:55 GMT
Connection: close
'
[Thu 22 Sep 2016 19:32:56 BST] response='ewogXXXX'
[Thu 22 Sep 2016 19:32:56 BST] code='400'
[Thu 22 Sep 2016 19:32:56 BST] 8:Le_LinkCert=""
[Thu 22 Sep 2016 19:32:56 BST] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
/Users/Fernando/.acme.sh/acme.sh: line 3721: syntax error near unexpected token `fi'
/Users/Fernando/.acme.sh/acme.sh: line 3721: `"$@";fi'

these two lines at the end are new

Remonli commented 7 years ago

然而 account key 还是只支持RSA嘛。

FernandoMiguel commented 7 years ago

@Rememberli i noticed the same.... no idea what's going on

Neilpang commented 7 years ago

@Rememberli @Rememberli Yes, because my ECC account signature was not same with boulder. That's why this issue is still open.

RSA account key seems working good. It's just the account key, not the domain key.

I will fix this later when I have time.

Neilpang commented 7 years ago

https://tools.ietf.org/html/rfc3278#section-8.2 http://bitcoin.stackexchange.com/questions/2376/ecdsa-r-s-encoding-as-a-signature http://davidederosa.com/basic-blockchain-programming/elliptic-curve-digital-signatures/

acmesh-official / acme.sh

ECDSA account key support #76