Closed FernandoMiguel closed 7 years ago
Neilpang
commented
7 years ago it seems that when using --listen-v6, it will still use the IPv4 dns record.
It's because your domain has both ipv4 address and ipv6 address resolved. The letsencrypt CA server may choose either one of them. we can not determine which address the CA server choose.
BTW, it seems that your openssl doesn't support -6 option.
FernandoMiguel
commented
7 years ago @Neilpang
OpenSSL 1.0.2g 1 Mar 2016
No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 17.04 Release: 17.04 Codename: zesty
it's the latest version of Ubuntu server with a recent(ish) version of openssl... what ever comes with Ubuntu stable releases.
FernandoMiguel
commented
7 years ago here's the log for a URI with just AAAA records
# acme.sh --issue -d justAAAA.ipv6.imperialus.house --tls --listen-v6 --nocron --ecc --keylength ec-256 --test --debug 2 --log justaaaa.log
[Wed May 3 11:03:24 UTC 2017] Lets find script dir.
[Wed May 3 11:03:24 UTC 2017] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed May 3 11:03:24 UTC 2017] _script='/root/.acme.sh/acme.sh'
[Wed May 3 11:03:24 UTC 2017] _script_home='/root/.acme.sh'
[Wed May 3 11:03:24 UTC 2017] Using config home:/root/.acme.sh
[Wed May 3 11:03:24 UTC 2017] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.9
[Wed May 3 11:03:24 UTC 2017] Using api:
[Wed May 3 11:03:24 UTC 2017] Using config home:/root/.acme.sh
[Wed May 3 11:03:24 UTC 2017] Using stage api:https://acme-staging.api.letsencrypt.org
[Wed May 3 11:03:24 UTC 2017] DOMAIN_PATH='/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc'
[Wed May 3 11:03:24 UTC 2017] Le_NextRenewTime
[Wed May 3 11:03:24 UTC 2017] _on_before_issue
[Wed May 3 11:03:24 UTC 2017] 'tls' does not contain 'no'
[Wed May 3 11:03:24 UTC 2017] Le_LocalAddress
[Wed May 3 11:03:24 UTC 2017] Check for domain='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:24 UTC 2017] _currentRoot='tls'
[Wed May 3 11:03:24 UTC 2017] Standalone tls mode.
[Wed May 3 11:03:24 UTC 2017] _checkport='443'
[Wed May 3 11:03:24 UTC 2017] _checkaddr
[Wed May 3 11:03:24 UTC 2017] Using: ss
[Wed May 3 11:03:24 UTC 2017] 'tls' does not contain 'apache'
[Wed May 3 11:03:24 UTC 2017] _saved_account_key_hash='aUZ/vEqknXrf5anYvm2zd6xhL5ekoCtlajV9X4o6wEc='
[Wed May 3 11:03:24 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Wed May 3 11:03:24 UTC 2017] Read key length:
[Wed May 3 11:03:24 UTC 2017] Creating domain key
[Wed May 3 11:03:24 UTC 2017] Using config home:/root/.acme.sh
[Wed May 3 11:03:24 UTC 2017] _createkey for file:/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/justAAAA.ipv6.imperialus.house.key
[Wed May 3 11:03:24 UTC 2017] Use length 256
[Wed May 3 11:03:24 UTC 2017] Using ec name: prime256v1
[Wed May 3 11:03:24 UTC 2017] _createcsr
[Wed May 3 11:03:24 UTC 2017] domain='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:24 UTC 2017] domainlist
[Wed May 3 11:03:24 UTC 2017] csrkey='/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/justAAAA.ipv6.imperialus.house.key'
[Wed May 3 11:03:24 UTC 2017] csr='/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/justAAAA.ipv6.imperialus.house.csr'
[Wed May 3 11:03:24 UTC 2017] csrconf='/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/justAAAA.ipv6.imperialus.house.csr.conf'
[Wed May 3 11:03:24 UTC 2017] Single domain='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:24 UTC 2017] _is_idn_d='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:24 UTC 2017] _idn_temp
[Wed May 3 11:03:24 UTC 2017] _csr_cn='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:24 UTC 2017] Getting domain auth token for each domain
[Wed May 3 11:03:24 UTC 2017] Getting webroot for domain='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:24 UTC 2017] _w='tls'
[Wed May 3 11:03:24 UTC 2017] _currentRoot='tls'
[Wed May 3 11:03:24 UTC 2017] Getting new-authz for domain='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:24 UTC 2017] Try new-authz for the 0 time.
[Wed May 3 11:03:24 UTC 2017] _is_idn_d='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:24 UTC 2017] _idn_temp
[Wed May 3 11:03:24 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Wed May 3 11:03:24 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "justAAAA.ipv6.imperialus.house"}}'
[Wed May 3 11:03:24 UTC 2017] RSA key
[Wed May 3 11:03:25 UTC 2017] Get nonce.
[Wed May 3 11:03:25 UTC 2017] GET
[Wed May 3 11:03:25 UTC 2017] url='https://acme-staging.api.letsencrypt.org/directory'
[Wed May 3 11:03:25 UTC 2017] timeout
[Wed May 3 11:03:25 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.nXrD8s9W5c '
[Wed May 3 11:03:25 UTC 2017] ret='0'
[Wed May 3 11:03:25 UTC 2017] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 372
Boulder-Request-Id: vD_Mc7ynFzeMraSS7PIahyAuOLZp4Ax_IsI79yc6p74
Replay-Nonce: 7WBs3W4JA6W9nLY0i__qlKkNnK_bxwcKW5TayzydOro
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 May 2017 11:03:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 11:03:25 GMT
Connection: keep-alive
'
[Wed May 3 11:03:25 UTC 2017] _CACHED_NONCE='7WBs3W4JA6W9nLY0i__qlKkNnK_bxwcKW5TayzydOro'
[Wed May 3 11:03:25 UTC 2017] nonce='7WBs3W4JA6W9nLY0i__qlKkNnK_bxwcKW5TayzydOro'
[Wed May 3 11:03:25 UTC 2017] POST
[Wed May 3 11:03:25 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Wed May 3 11:03:25 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "u4s2EX1eivnGn0tGTq36qTlqdUrHJsYYHCT5g5Y8nTIT_QEHipnHwgdumOjveInUTyyVsk8cRhrHKT0mUwgWNKLzsQ6t_ONTfcWygyb6kvDKtAA6RDij2bKDI-TxrOt3QkIKgjtNSRY9AzYm4Ajcy_d1oNV_TXJSM_FuH0Cyt8iAxHXJHwa5fL5fP8_C7nxSfTO1a_zsTzvbH08NQzALyu69DuYyjv4GkN9r8dUAH7pkMU_3XCKYGVFW4k4rZqvmo6eB63J9WE7HXUqhKIyIrhMzU-QaOHfon6dUmSzyf-QeBBew2EkB3vJbteBvKO51C34ehhX69RaY1uy8y-RMXQ"}}, "protected": "eyJub25jZSI6ICI3V0JzM1c0SkE2VzluTFkwaV9fcWxLa05uS19ieHdjS1c1VGF5enlkT3JvIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidTRzMkVYMWVpdm5HbjB0R1RxMzZxVGxxZFVySEpzWVlIQ1Q1ZzVZOG5USVRfUUVIaXBuSHdnZHVtT2p2ZUluVVR5eVZzazhjUmhySEtUMG1Vd2dXTktMenNRNnRfT05UZmNXeWd5YjZrdkRLdEFBNlJEaWoyYktESS1UeHJPdDNRa0lLZ2p0TlNSWTlBelltNEFqY3lfZDFvTlZfVFhKU01fRnVIMEN5dDhpQXhIWEpId2E1Zkw1ZlA4X0M3bnhTZlRPMWFfenNUenZiSDA4TlF6QUx5dTY5RHVZeWp2NEdrTjlyOGRVQUg3cGtNVV8zWENLWUdWRlc0azRyWnF2bW82ZUI2M0o5V0U3SFhVcWhLSXlJcmhNelUtUWFPSGZvbjZkVW1TenlmLVFlQkJldzJFa0IzdkpidGVCdktPNTFDMzRlaGhYNjlSYVkxdXk4eS1STVhRIn19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAianVzdEFBQUEuaXB2Ni5pbXBlcmlhbHVzLmhvdXNlIn19", "signature": "tiiV15N6xURa-WzzeAzrXhxcKcfkTDxAr4iQhxluze5MGlaJSv2NBhBlyzFaTRxz20usl4sSWAAbJR9xy8ZIY8Jc2WqEZ7yIosVRWAsRUXiM2LAZknY2b5RtkqmXh2VxmoggKQbE-4z54FzDQkaZ13j6WIt2vTRsi93Ys9nUHWJ2Cf7Dyp6-rbDk6bFxqeEqUcX2A9eggC-ATaKa3yAm5RFK_RSDbFOtEhNwRvxkqZw2kYFQSUBoy5RqjHhuWRUYnxp6mizLEpwEx5QUlbc55_9-yRJ0AkGL8WtupHANBNQb2ofq4KBR151vUUW1WAHEa1V2kxQz_N87ctEh5RcmFA"}'
[Wed May 3 11:03:25 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.WYy6x4tWlg '
[Wed May 3 11:03:26 UTC 2017] _ret='0'
[Wed May 3 11:03:26 UTC 2017] original='{
"identifier": {
"type": "dns",
"value": "justaaaa.ipv6.imperialus.house"
},
"status": "pending",
"expires": "2017-05-10T11:03:26.682918602Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817994",
"token": "oAiZhXZuGr57v6Gze2r8Si1YWznJRn-a6Ezl8A_LssE"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995",
"token": "Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817996",
"token": "tiBA6dR-QO8QHQS42cTpsQlvtIvSMz2-RlUkKvwF7uo"
}
],
"combinations": [
[
2
],
[
0
],
[
1
]
]
}'
[Wed May 3 11:03:26 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 03 May 2017 11:03:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1024
Boulder-Request-Id: 8BFms5JJ_eD1XVI8YWGzhRkVC_GbzPx3fXBTMSDrkdM
Boulder-Requester: 2099610
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg
Replay-Nonce: Byj2SFO0HqSTNhs85PJC4PZVni9XD0pSujssW0agbcU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 May 2017 11:03:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 11:03:26 GMT
Connection: keep-alive
'
[Wed May 3 11:03:26 UTC 2017] response='{"identifier":{"type":"dns","value":"justaaaa.ipv6.imperialus.house"},"status":"pending","expires":"2017-05-10T11:03:26.682918602Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817994","token":"oAiZhXZuGr57v6Gze2r8Si1YWznJRn-a6Ezl8A_LssE"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995","token":"Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817996","token":"tiBA6dR-QO8QHQS42cTpsQlvtIvSMz2-RlUkKvwF7uo"}],"combinations":[[2],[0],[1]]}'
[Wed May 3 11:03:26 UTC 2017] code='201'
[Wed May 3 11:03:26 UTC 2017] The new-authz request is ok.
[Wed May 3 11:03:26 UTC 2017] entry='"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995","token":"Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI"'
[Wed May 3 11:03:26 UTC 2017] token='Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI'
[Wed May 3 11:03:26 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:26 UTC 2017] keyauthorization='Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A'
[Wed May 3 11:03:26 UTC 2017] dvlist='justAAAA.ipv6.imperialus.house#Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A#https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995#tls-sni-01#tls'
[Wed May 3 11:03:26 UTC 2017] vlist='justAAAA.ipv6.imperialus.house#Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A#https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995#tls-sni-01#tls,'
[Wed May 3 11:03:26 UTC 2017] ok, let's start to verify
[Wed May 3 11:03:26 UTC 2017] Verifying:justAAAA.ipv6.imperialus.house
[Wed May 3 11:03:26 UTC 2017] d='justAAAA.ipv6.imperialus.house'
[Wed May 3 11:03:26 UTC 2017] keyauthorization='Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A'
[Wed May 3 11:03:26 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:26 UTC 2017] _currentRoot='tls'
[Wed May 3 11:03:26 UTC 2017] _hash_B='90092113698c137a36b6d168d379cc8999c7886f541388ec2819d560721362eb'
[Wed May 3 11:03:26 UTC 2017] _x='90092113698c137a36b6d168d379cc89'
[Wed May 3 11:03:26 UTC 2017] _y='99c7886f541388ec2819d560721362eb'
[Wed May 3 11:03:26 UTC 2017] _SAN_B='90092113698c137a36b6d168d379cc89.99c7886f541388ec2819d560721362eb.acme.invalid'
[Wed May 3 11:03:26 UTC 2017] Starting tls server.
[Wed May 3 11:03:26 UTC 2017] san_a='90092113698c137a36b6d168d379cc89.99c7886f541388ec2819d560721362eb.acme.invalid'
[Wed May 3 11:03:26 UTC 2017] san_b
[Wed May 3 11:03:26 UTC 2017] port='443'
[Wed May 3 11:03:26 UTC 2017] _createkey for file:/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/tls.validation.key
[Wed May 3 11:03:26 UTC 2017] Use length 2048
[Wed May 3 11:03:26 UTC 2017] Using RSA: 2048
[Wed May 3 11:03:26 UTC 2017] _createcsr
[Wed May 3 11:03:26 UTC 2017] domain='tls.acme.sh'
[Wed May 3 11:03:26 UTC 2017] domainlist='90092113698c137a36b6d168d379cc89.99c7886f541388ec2819d560721362eb.acme.invalid'
[Wed May 3 11:03:26 UTC 2017] csrkey='/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/tls.validation.key'
[Wed May 3 11:03:26 UTC 2017] csr='/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/tls.validation.csr'
[Wed May 3 11:03:26 UTC 2017] csrconf='/root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/tls.validation.conf'
[Wed May 3 11:03:26 UTC 2017] _is_idn_d='90092113698c137a36b6d168d379cc89.99c7886f541388ec2819d560721362eb.acme.invalid'
[Wed May 3 11:03:27 UTC 2017] _idn_temp
[Wed May 3 11:03:27 UTC 2017] domainlist='90092113698c137a36b6d168d379cc89.99c7886f541388ec2819d560721362eb.acme.invalid'
[Wed May 3 11:03:27 UTC 2017] Multi domain='DNS:90092113698c137a36b6d168d379cc89.99c7886f541388ec2819d560721362eb.acme.invalid'
[Wed May 3 11:03:27 UTC 2017] _is_idn_d='tls.acme.sh'
[Wed May 3 11:03:27 UTC 2017] _idn_temp
[Wed May 3 11:03:27 UTC 2017] _csr_cn='tls.acme.sh'
[Wed May 3 11:03:27 UTC 2017] _signcsr
[Wed May 3 11:03:27 UTC 2017] Signature ok
subject=/CN=tls.acme.sh
Getting Private key
[Wed May 3 11:03:27 UTC 2017] Le_Listen_V4
[Wed May 3 11:03:27 UTC 2017] Le_Listen_V6='1'
[Wed May 3 11:03:27 UTC 2017] openssl s_server -cert /root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/tls.validation.cert -key /root/.acme.sh/justAAAA.ipv6.imperialus.house_ecc/tls.validation.key -accept 443 -6
unknown option -6
usage: s_server [args ...]
-accept arg - port to accept on (default is 4433)
-verify_hostname host - check peer certificate matches "host"
-verify_email email - check peer certificate matches "email"
-verify_ip ipaddr - check peer certificate matches "ipaddr"
-context arg - set session ID context
-verify arg - turn on peer certificate verification
-Verify arg - turn on peer certificate verification, must have a cert.
-verify_return_error - return verification errors
-cert arg - certificate file to use
(default is server.pem)
-serverinfo arg - PEM serverinfo file for certificate
-auth - send and receive RFC 5878 TLS auth extensions and supplemental data
-auth_require_reneg - Do not send TLS auth extensions until renegotiation
-no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag
-crl_check - check the peer certificate has not been revoked by its CA.
The CRL(s) are appended to the certificate file
-crl_check_all - check the peer certificate has not been revoked by its CA
or any other CRL in the CA chain. CRL(s) are appened to the
the certificate file.
-certform arg - certificate format (PEM or DER) PEM default
-key arg - Private Key file to use, in cert file if
not specified (default is server.pem)
-keyform arg - key format (PEM, DER or ENGINE) PEM default
-pass arg - private key file pass phrase source
-dcert arg - second certificate file to use (usually for DSA)
-dcertform x - second certificate format (PEM or DER) PEM default
-dkey arg - second private key file to use (usually for DSA)
-dkeyform arg - second key format (PEM, DER or ENGINE) PEM default
-dpass arg - second private key file pass phrase source
-dhparam arg - DH parameter file to use, in cert file if not specified
or a default set of parameters is used
-named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.
Use "openssl ecparam -list_curves" for all names
(default is nistp256).
-nbio - Run with non-blocking IO
-nbio_test - test with the non-blocking test bio
-crlf - convert LF from terminal into CRLF
-debug - Print more output
-msg - Show protocol messages
-state - Print the SSL states
-CApath arg - PEM format directory of CA's
-CAfile arg - PEM format file of CA's
-no_alt_chains - only ever use the first certificate chain found
-nocert - Don't use any certificates (Anon-DH)
-cipher arg - play with 'openssl ciphers' to see what goes here
-serverpref - Use server's cipher preferences
-quiet - No server output
-no_tmp_rsa - Do not generate a tmp RSA key
-psk_hint arg - PSK identity hint to use
-psk arg - PSK in hex (without 0x)
-srpvfile file - The verifier file for SRP
-srpuserseed string - A seed string for a default user salt.
-ssl2 - Just talk SSLv2
-ssl3 - Just talk SSLv3
-tls1_2 - Just talk TLSv1.2
-tls1_1 - Just talk TLSv1.1
-tls1 - Just talk TLSv1
-dtls1 - Just talk DTLSv1
-dtls1_2 - Just talk DTLSv1.2
-timeout - Enable timeouts
-mtu - Set link layer MTU
-chain - Read a certificate chain
-no_ssl2 - Just disable SSLv2
-no_ssl3 - Just disable SSLv3
-no_tls1 - Just disable TLSv1
-no_tls1_1 - Just disable TLSv1.1
-no_tls1_2 - Just disable TLSv1.2
-no_dhe - Disable ephemeral DH
-no_ecdhe - Disable ephemeral ECDH
-bugs - Turn on SSL bug compatibility
-hack - workaround for early Netscape code
-www - Respond to a 'GET /' with a status page
-WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>
-HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>
with the assumption it contains a complete HTTP response.
-engine id - Initialise and use the specified engine
-id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'
-rand file:file:...
-servername host - servername for HostName TLS extension
-servername_fatal - on mismatch send fatal alert (default warning alert)
-cert2 arg - certificate file to use for servername
(default is server2.pem)
-key2 arg - Private Key file to use for servername, in cert file if
not specified (default is server2.pem)
-tlsextdebug - hex dump of all TLS extensions received
-no_ticket - disable use of RFC4507bis session tickets
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)
-sigalgs arg - Signature algorithms to support (colon-separated list)
-client_sigalgs arg - Signature algorithms to support for client
certificate authentication (colon-separated list)
-nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list
-alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)
-keymatexport label - Export keying material using label
-keymatexportlen len - Export len bytes of keying material (default 20)
-status - respond to certificate status requests
-status_verbose - enable status request verbose printout
-status_timeout n - status request responder timeout
-status_url URL - status request fallback URL
[Wed May 3 11:03:28 UTC 2017] serverproc='19626'
[Wed May 3 11:03:28 UTC 2017] tigger domain validation.
[Wed May 3 11:03:28 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:28 UTC 2017] _t_key_authz='Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A'
[Wed May 3 11:03:28 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:28 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A"}'
[Wed May 3 11:03:28 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Wed May 3 11:03:28 UTC 2017] Use _CACHED_NONCE='Byj2SFO0HqSTNhs85PJC4PZVni9XD0pSujssW0agbcU'
[Wed May 3 11:03:28 UTC 2017] nonce='Byj2SFO0HqSTNhs85PJC4PZVni9XD0pSujssW0agbcU'
[Wed May 3 11:03:28 UTC 2017] POST
[Wed May 3 11:03:28 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:28 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "u4s2EX1eivnGn0tGTq36qTlqdUrHJsYYHCT5g5Y8nTIT_QEHipnHwgdumOjveInUTyyVsk8cRhrHKT0mUwgWNKLzsQ6t_ONTfcWygyb6kvDKtAA6RDij2bKDI-TxrOt3QkIKgjtNSRY9AzYm4Ajcy_d1oNV_TXJSM_FuH0Cyt8iAxHXJHwa5fL5fP8_C7nxSfTO1a_zsTzvbH08NQzALyu69DuYyjv4GkN9r8dUAH7pkMU_3XCKYGVFW4k4rZqvmo6eB63J9WE7HXUqhKIyIrhMzU-QaOHfon6dUmSzyf-QeBBew2EkB3vJbteBvKO51C34ehhX69RaY1uy8y-RMXQ"}}, "protected": "eyJub25jZSI6ICJCeWoyU0ZPMEhxU1ROaHM4NVBKQzRQWlZuaTlYRDBwU3Vqc3NXMGFnYmNVIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidTRzMkVYMWVpdm5HbjB0R1RxMzZxVGxxZFVySEpzWVlIQ1Q1ZzVZOG5USVRfUUVIaXBuSHdnZHVtT2p2ZUluVVR5eVZzazhjUmhySEtUMG1Vd2dXTktMenNRNnRfT05UZmNXeWd5YjZrdkRLdEFBNlJEaWoyYktESS1UeHJPdDNRa0lLZ2p0TlNSWTlBelltNEFqY3lfZDFvTlZfVFhKU01fRnVIMEN5dDhpQXhIWEpId2E1Zkw1ZlA4X0M3bnhTZlRPMWFfenNUenZiSDA4TlF6QUx5dTY5RHVZeWp2NEdrTjlyOGRVQUg3cGtNVV8zWENLWUdWRlc0azRyWnF2bW82ZUI2M0o5V0U3SFhVcWhLSXlJcmhNelUtUWFPSGZvbjZkVW1TenlmLVFlQkJldzJFa0IzdkpidGVCdktPNTFDMzRlaGhYNjlSYVkxdXk4eS1STVhRIn19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJLYWJ5Yl91eF9SbmhDRGlVR3oyekhxclFXdFpUeXJDbnJqalNpTDJ6WFRJLjI0ODgtTUg3dW9wdHYzc01CRWxrSzNpajF1RVFyeFhRWGM2Q1ROMkdtMEEifQ", "signature": "khzTaiO8b4SDLPkpnBZjwmPWUNEv5lSZT5l-RJR_UITaMIm2ZktZS64pipY3ZTNIxyfpGPFgsKofaJIEgEflOagDdAl_Cf9VuZjuufRJXK67B6rE1bGOOvEDW561p4ro9vgFxsYPF3p1ysLNqkaDt_yugHyeErQEdaENSvfouaa7VsNEC2Rpea6rH8uDeHJzTNjfCkkV0uarp1WC2VJjGtl849CkH9y3CDlSiDaRVSWGwmWju2HLc92cX2XlKlj7smCfif6HoeIykz4TK9iYn0ttov8bCeJxf35aOUtSYVpTMUPSnOtTxUT4KS0KtVj5gQylT2DDeTDU-LxkJqflQQ"}'
[Wed May 3 11:03:28 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.n5BcuGdn0K '
[Wed May 3 11:03:28 UTC 2017] _ret='0'
[Wed May 3 11:03:28 UTC 2017] original='{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995",
"token": "Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI",
"keyAuthorization": "Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A"
}'
[Wed May 3 11:03:28 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 03 May 2017 11:03:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 341
Boulder-Request-Id: hJWokG7Ieb2zSmwQdonPZqf4jyalwhq1_wMm7iSDu0M
Boulder-Requester: 2099610
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995
Replay-Nonce: tYteVr9GpzMqOdkmbDEih6gCZlRBtmXMm-eYZs0IzYo
Expires: Wed, 03 May 2017 11:03:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 11:03:28 GMT
Connection: keep-alive
'
[Wed May 3 11:03:28 UTC 2017] response='{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995","token":"Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI","keyAuthorization":"Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A"}'
[Wed May 3 11:03:28 UTC 2017] code='202'
[Wed May 3 11:03:28 UTC 2017] sleep 2 secs to verify
[Wed May 3 11:03:30 UTC 2017] checking
[Wed May 3 11:03:30 UTC 2017] GET
[Wed May 3 11:03:30 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:30 UTC 2017] timeout
[Wed May 3 11:03:30 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.74I00KUp4L '
[Wed May 3 11:03:31 UTC 2017] ret='0'
[Wed May 3 11:03:31 UTC 2017] original='{
"type": "tls-sni-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "Failed to connect to [2a05:d018:520:ad00:2333:cf9c:ea7:a792]:443 for tls-sni-01 challenge",
"status": 400
},
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995",
"token": "Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI",
"keyAuthorization": "Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A",
"validationRecord": [
{
"hostname": "justaaaa.ipv6.imperialus.house",
"port": "443",
"addressesResolved": [
"2a05:d018:520:ad00:2333:cf9c:ea7:a792"
],
"addressUsed": "2a05:d018:520:ad00:2333:cf9c:ea7:a792"
}
]
}'
[Wed May 3 11:03:31 UTC 2017] response='{"type":"tls-sni-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Failed to connect to [2a05:d018:520:ad00:2333:cf9c:ea7:a792]:443 for tls-sni-01 challenge","status": 400},"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995","token":"Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI","keyAuthorization":"Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A","validationRecord":[{"hostname":"justaaaa.ipv6.imperialus.house","port":"443","addressesResolved":["2a05:d018:520:ad00:2333:cf9c:ea7:a792"],"addressUsed":"2a05:d018:520:ad00:2333:cf9c:ea7:a792"}]}'
[Wed May 3 11:03:31 UTC 2017] error='"error":{"type":"urn:acme:error:connection","detail":"Failed to connect to [2a05:d018:520:ad00:2333:cf9c:ea7:a792]:443 for tls-sni-01 challenge","status": 400'
[Wed May 3 11:03:31 UTC 2017] errordetail='Failed to connect to [2a05:d018:520:ad00:2333:cf9c:ea7:a792]:443 for tls-sni-01 challenge'
[Wed May 3 11:03:31 UTC 2017] justAAAA.ipv6.imperialus.house:Verify error:Failed to connect to [2a05:d018:520:ad00:2333:cf9c:ea7:a792]:443 for tls-sni-01 challenge
[Wed May 3 11:03:31 UTC 2017] Skip for removelevel:
[Wed May 3 11:03:31 UTC 2017] pid='19626'
[Wed May 3 11:03:31 UTC 2017] Le_HTTPPort
[Wed May 3 11:03:31 UTC 2017] Le_TLSPort='443'
[Wed May 3 11:03:31 UTC 2017] No need to restore nginx, skip.
[Wed May 3 11:03:31 UTC 2017] _clearupdns
[Wed May 3 11:03:31 UTC 2017] Dns not added, skip.
[Wed May 3 11:03:31 UTC 2017] _on_issue_err
[Wed May 3 11:03:31 UTC 2017] Please check log file for more details: justaaaa.log
[Wed May 3 11:03:31 UTC 2017] _chk_vlist='justAAAA.ipv6.imperialus.house#Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A#https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995#tls-sni-01#tls,'
[Wed May 3 11:03:31 UTC 2017] start to deactivate authz
[Wed May 3 11:03:31 UTC 2017] tigger domain validation.
[Wed May 3 11:03:31 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:31 UTC 2017] _t_key_authz='Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A'
[Wed May 3 11:03:31 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:31 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "Kabyb_ux_RnhCDiUGz2zHqrQWtZTyrCnrjjSiL2zXTI.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A"}'
[Wed May 3 11:03:31 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Wed May 3 11:03:31 UTC 2017] Use _CACHED_NONCE='tYteVr9GpzMqOdkmbDEih6gCZlRBtmXMm-eYZs0IzYo'
[Wed May 3 11:03:31 UTC 2017] nonce='tYteVr9GpzMqOdkmbDEih6gCZlRBtmXMm-eYZs0IzYo'
[Wed May 3 11:03:31 UTC 2017] POST
[Wed May 3 11:03:31 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/vc2nm67VklGHJY586C3CUXEg7B2fTq4NJoO0Z0ybUsg/36817995'
[Wed May 3 11:03:31 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "u4s2EX1eivnGn0tGTq36qTlqdUrHJsYYHCT5g5Y8nTIT_QEHipnHwgdumOjveInUTyyVsk8cRhrHKT0mUwgWNKLzsQ6t_ONTfcWygyb6kvDKtAA6RDij2bKDI-TxrOt3QkIKgjtNSRY9AzYm4Ajcy_d1oNV_TXJSM_FuH0Cyt8iAxHXJHwa5fL5fP8_C7nxSfTO1a_zsTzvbH08NQzALyu69DuYyjv4GkN9r8dUAH7pkMU_3XCKYGVFW4k4rZqvmo6eB63J9WE7HXUqhKIyIrhMzU-QaOHfon6dUmSzyf-QeBBew2EkB3vJbteBvKO51C34ehhX69RaY1uy8y-RMXQ"}}, "protected": "eyJub25jZSI6ICJ0WXRlVnI5R3B6TXFPZGttYkRFaWg2Z0NabFJCdG1YTW0tZVlaczBJellvIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidTRzMkVYMWVpdm5HbjB0R1RxMzZxVGxxZFVySEpzWVlIQ1Q1ZzVZOG5USVRfUUVIaXBuSHdnZHVtT2p2ZUluVVR5eVZzazhjUmhySEtUMG1Vd2dXTktMenNRNnRfT05UZmNXeWd5YjZrdkRLdEFBNlJEaWoyYktESS1UeHJPdDNRa0lLZ2p0TlNSWTlBelltNEFqY3lfZDFvTlZfVFhKU01fRnVIMEN5dDhpQXhIWEpId2E1Zkw1ZlA4X0M3bnhTZlRPMWFfenNUenZiSDA4TlF6QUx5dTY5RHVZeWp2NEdrTjlyOGRVQUg3cGtNVV8zWENLWUdWRlc0azRyWnF2bW82ZUI2M0o5V0U3SFhVcWhLSXlJcmhNelUtUWFPSGZvbjZkVW1TenlmLVFlQkJldzJFa0IzdkpidGVCdktPNTFDMzRlaGhYNjlSYVkxdXk4eS1STVhRIn19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJLYWJ5Yl91eF9SbmhDRGlVR3oyekhxclFXdFpUeXJDbnJqalNpTDJ6WFRJLjI0ODgtTUg3dW9wdHYzc01CRWxrSzNpajF1RVFyeFhRWGM2Q1ROMkdtMEEifQ", "signature": "dRon94yJqqGfJpuMntFFYutzHFQa-_hLMCbs1Unj8AD38vOcfclQj8w9_vCDM6cdTx4S5TPlHtWfiQeVK1R8-gSk5fURe1H83G6m7L4H4TvAHRAZJ141QtVdfpY2gAr9LxMcqr6yMsIBhWHV5GLum70VJsxvfFWjyrE1b4O8nPt3C-KwqnmG8A2tVN54E9BeLOWp1JGehryewiNKct5tM7CeocdVcF1TQeWMUEn_4aJ1X9UHjb8EETJ3U0xIRv3o72ODJ-Oqhil6VyvIdkDYU5Wfw1i6NOcUYePko3IXwqz195P_wDE835URUatr7ac1BKdLxOkzt6qgCWSGqieBnA"}'
[Wed May 3 11:03:31 UTC 2017] Http already initialized.
[Wed May 3 11:03:31 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.Sz1tNM4ci7 '
[Wed May 3 11:03:32 UTC 2017] _ret='0'
[Wed May 3 11:03:32 UTC 2017] original='{
"type": "urn:acme:error:malformed",
"detail": "Unable to update challenge :: The challenge is not pending.",
"status": 400
}'
[Wed May 3 11:03:32 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 03 May 2017 11:03:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 132
Boulder-Request-Id: ZqZbHSab4Od1T3DpE9JLVkMBT9RUlikkDDrAEweVl-g
Boulder-Requester: 2099610
Replay-Nonce: tE9qRhD_essnAh7dglHVa-K4W-An1VHtIDJOC_Y33LY
Expires: Wed, 03 May 2017 11:03:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 11:03:32 GMT
Connection: close
'
[Wed May 3 11:03:32 UTC 2017] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: The challenge is not pending.","status": 400}'
[Wed May 3 11:03:32 UTC 2017] code='400'
[Wed May 3 11:03:32 UTC 2017] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2g 1 Mar 2016
apache:
apache doesn't exists.
nc:
OpenBSD netcat (Debian patchlevel 1.130-3)
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-O length]
[-P proxy_username] [-p source_port] [-q seconds] [-s source]
[-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [destination] [port]
Command Summary:
-4 Use IPv4
-6 Use IPv6
-b Allow broadcast
-C Send CRLF as line-ending
-D Enable the debug socket option
-d Detach from stdin
-F Pass socket fd
-h This help text
-I length TCP receive buffer length
-i secs Delay interval for lines sent, ports scanned
-k Keep inbound sockets open for multiple connects
-l Listen mode, for inbound connects
-N Shutdown the network socket after EOF on stdin
-n Suppress name/port resolutions
-O length TCP send buffer length
-P proxyuser Username for proxy authentication
-p port Specify local port for remote connects
-q secs quit after EOF on stdin and delay of secs
-r Randomize remote ports
-S Enable the TCP MD5 signature option
-s addr Local source address
-T toskeyword Set IP Type of Service
-t Answer TELNET negotiation
-U Use UNIX domain socket
-u UDP mode
-V rtable Specify alternate routing table
-v Verbose
-w secs Timeout for connects and final net reads
-X proto Proxy protocol: "4", "5" (SOCKS) or "connect"
-x addr[:port] Specify proxy address and port
-Z DCCP mode
-z Zero-I/O mode [used for scanning]
Port numbers can be individual or ranges: lo-hi [inclusive]Yes, this time the only problem is that the version of openssl doesn't support -6 option here.
FernandoMiguel
commented
7 years ago https://lwn.net/Articles/685152/ seems i require openssl 1.1 let me see if i can find a repo for that
cpu
commented
7 years ago It's because your domain has both ipv4 address and ipv6 address resolved. The letsencrypt CA server may choose either one of them. we can not determine which address the CA server choose.
To expand on this: Presently if you have an A record and an AAAA record Boulder will always prefer the A record. This will change to preferring AAAA and falling back to trying A shortly, please follow this issue for updates: https://github.com/letsencrypt/boulder/issues/2623
Neilpang
commented
7 years ago @cpu Thanks for your info.
Neilpang
commented
7 years ago @FernandoMiguel
I know upgrading openssl version is a pain, but it seems that you must do it in this case.
FernandoMiguel
commented
7 years ago glad i'm doing this just for fun and testing the limits of TLS :) trying to test TLS v1.3 on nginx mainline. and with that, trying to have IPv6 stack only. it's been 24h and it's still not working lol
let me see if OS1.1 works, and maybe get debian to backport it
Neilpang
commented
7 years ago @FernandoMiguel
Another choice, you can just copy the new openssl binary to your system, instead of upgrading the openssl in the global position.
we have --openssl-bin option to specify a custom openssl.
Neilpang
commented
7 years ago @FernandoMiguel Good, I'm working on implementing our own implementation for tls 1.3.
We are current testing against NSS and mint, if you get any progress to make openssl work with tls 1.3, please share with me.
Thanks.
FernandoMiguel
commented
7 years ago confirmed working
# acme.sh --issue -d justAAAA4.ipv6.imperialus.house --tls --listen-v6 --nocron --ecc --keylength ec-256 --test --debug 2 --log justaaaa4.log
[Wed May 3 13:57:28 UTC 2017] Lets find script dir.
[Wed May 3 13:57:28 UTC 2017] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed May 3 13:57:28 UTC 2017] _script='/root/.acme.sh/acme.sh'
[Wed May 3 13:57:28 UTC 2017] _script_home='/root/.acme.sh'
[Wed May 3 13:57:28 UTC 2017] Using config home:/root/.acme.sh
[Wed May 3 13:57:28 UTC 2017] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.9
[Wed May 3 13:57:28 UTC 2017] Using api:
[Wed May 3 13:57:28 UTC 2017] Using config home:/root/.acme.sh
[Wed May 3 13:57:28 UTC 2017] Using stage api:https://acme-staging.api.letsencrypt.org
[Wed May 3 13:57:28 UTC 2017] DOMAIN_PATH='/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc'
[Wed May 3 13:57:28 UTC 2017] _on_before_issue
[Wed May 3 13:57:28 UTC 2017] 'tls' does not contain 'no'
[Wed May 3 13:57:28 UTC 2017] Le_LocalAddress
[Wed May 3 13:57:28 UTC 2017] Check for domain='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:28 UTC 2017] _currentRoot='tls'
[Wed May 3 13:57:28 UTC 2017] Standalone tls mode.
[Wed May 3 13:57:28 UTC 2017] _checkport='443'
[Wed May 3 13:57:28 UTC 2017] _checkaddr
[Wed May 3 13:57:28 UTC 2017] Using: ss
[Wed May 3 13:57:28 UTC 2017] 'tls' does not contain 'apache'
[Wed May 3 13:57:28 UTC 2017] _saved_account_key_hash='aUZ/vEqknXrf5anYvm2zd6xhL5ekoCtlajV9X4o6wEc='
[Wed May 3 13:57:28 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Wed May 3 13:57:28 UTC 2017] Read key length:
[Wed May 3 13:57:28 UTC 2017] Creating domain key
[Wed May 3 13:57:28 UTC 2017] Using config home:/root/.acme.sh
[Wed May 3 13:57:28 UTC 2017] _createkey for file:/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/justAAAA4.ipv6.imperialus.house.key
[Wed May 3 13:57:28 UTC 2017] Use length 256
[Wed May 3 13:57:28 UTC 2017] Using ec name: prime256v1
[Wed May 3 13:57:28 UTC 2017] _createcsr
[Wed May 3 13:57:28 UTC 2017] domain='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:28 UTC 2017] domainlist
[Wed May 3 13:57:28 UTC 2017] csrkey='/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/justAAAA4.ipv6.imperialus.house.key'
[Wed May 3 13:57:28 UTC 2017] csr='/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/justAAAA4.ipv6.imperialus.house.csr'
[Wed May 3 13:57:28 UTC 2017] csrconf='/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/justAAAA4.ipv6.imperialus.house.csr.conf'
[Wed May 3 13:57:28 UTC 2017] Single domain='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:28 UTC 2017] _is_idn_d='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:28 UTC 2017] _idn_temp
[Wed May 3 13:57:28 UTC 2017] _csr_cn='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:28 UTC 2017] Getting domain auth token for each domain
[Wed May 3 13:57:28 UTC 2017] Getting webroot for domain='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:28 UTC 2017] _w='tls'
[Wed May 3 13:57:28 UTC 2017] _currentRoot='tls'
[Wed May 3 13:57:28 UTC 2017] Getting new-authz for domain='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:28 UTC 2017] Try new-authz for the 0 time.
[Wed May 3 13:57:28 UTC 2017] _is_idn_d='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:28 UTC 2017] _idn_temp
[Wed May 3 13:57:28 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Wed May 3 13:57:28 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "justAAAA4.ipv6.imperialus.house"}}'
[Wed May 3 13:57:28 UTC 2017] RSA key
[Wed May 3 13:57:29 UTC 2017] Get nonce.
[Wed May 3 13:57:29 UTC 2017] GET
[Wed May 3 13:57:29 UTC 2017] url='https://acme-staging.api.letsencrypt.org/directory'
[Wed May 3 13:57:29 UTC 2017] timeout
[Wed May 3 13:57:29 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.jO6ZdQoHQ4 '
[Wed May 3 13:57:29 UTC 2017] ret='0'
[Wed May 3 13:57:29 UTC 2017] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 372
Boulder-Request-Id: DyAf7aaW67qckGR32IsRnIKSLdrvZfqMQpYqVDhAMGk
Replay-Nonce: zH3eMTe0HUDgwqamVQCLHDYWNgTW8n0_uTtFDH-Wkeg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 May 2017 13:57:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:57:29 GMT
Connection: keep-alive
'
[Wed May 3 13:57:29 UTC 2017] _CACHED_NONCE='zH3eMTe0HUDgwqamVQCLHDYWNgTW8n0_uTtFDH-Wkeg'
[Wed May 3 13:57:29 UTC 2017] nonce='zH3eMTe0HUDgwqamVQCLHDYWNgTW8n0_uTtFDH-Wkeg'
[Wed May 3 13:57:29 UTC 2017] POST
[Wed May 3 13:57:29 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Wed May 3 13:57:29 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "u4s2EX1eivnGn0tGTq36qTlqdUrHJsYYHCT5g5Y8nTIT_QEHipnHwgdumOjveInUTyyVsk8cRhrHKT0mUwgWNKLzsQ6t_ONTfcWygyb6kvDKtAA6RDij2bKDI-TxrOt3QkIKgjtNSRY9AzYm4Ajcy_d1oNV_TXJSM_FuH0Cyt8iAxHXJHwa5fL5fP8_C7nxSfTO1a_zsTzvbH08NQzALyu69DuYyjv4GkN9r8dUAH7pkMU_3XCKYGVFW4k4rZqvmo6eB63J9WE7HXUqhKIyIrhMzU-QaOHfon6dUmSzyf-QeBBew2EkB3vJbteBvKO51C34ehhX69RaY1uy8y-RMXQ"}}, "protected": "eyJub25jZSI6ICJ6SDNlTVRlMEhVRGd3cWFtVlFDTEhEWVdOZ1RXOG4wX3VUdEZESC1Xa2VnIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidTRzMkVYMWVpdm5HbjB0R1RxMzZxVGxxZFVySEpzWVlIQ1Q1ZzVZOG5USVRfUUVIaXBuSHdnZHVtT2p2ZUluVVR5eVZzazhjUmhySEtUMG1Vd2dXTktMenNRNnRfT05UZmNXeWd5YjZrdkRLdEFBNlJEaWoyYktESS1UeHJPdDNRa0lLZ2p0TlNSWTlBelltNEFqY3lfZDFvTlZfVFhKU01fRnVIMEN5dDhpQXhIWEpId2E1Zkw1ZlA4X0M3bnhTZlRPMWFfenNUenZiSDA4TlF6QUx5dTY5RHVZeWp2NEdrTjlyOGRVQUg3cGtNVV8zWENLWUdWRlc0azRyWnF2bW82ZUI2M0o5V0U3SFhVcWhLSXlJcmhNelUtUWFPSGZvbjZkVW1TenlmLVFlQkJldzJFa0IzdkpidGVCdktPNTFDMzRlaGhYNjlSYVkxdXk4eS1STVhRIn19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAianVzdEFBQUE0LmlwdjYuaW1wZXJpYWx1cy5ob3VzZSJ9fQ", "signature": "UXCm8e8WpmM2Qljf_0u_Gagqyf_60CcC-vQfJJbiKUMZkH4oUKoHnjXBT21pcE1K80thSzJTuQ0EWwKi1xDVBAl1sgZNLtSLFNjSgvQDJV5NO7EqJv_da_mjXaNEOUURgVKyDiPsrp518iyiZn-EGyZSSLl0P5nha6BLap3fhYl3g7hEM_vydzWNpuAvyzpeJ5R64drHQow1LgPKZW9FHSTlDhFB2x0IK8eBJlMTOhmx0CfZV1_K3fg9aP09EivbgqzjCPi2nvKn7sjiuU7VnB7WG5fOKshmcVNkeI9W2mqXDV-pnEt9OXIb1mAQ3K37Aq6ox8_22eArEG4QhtRc1g"}'
[Wed May 3 13:57:29 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.hlHseD6VUF '
[Wed May 3 13:57:30 UTC 2017] _ret='0'
[Wed May 3 13:57:30 UTC 2017] original='{
"identifier": {
"type": "dns",
"value": "justaaaa4.ipv6.imperialus.house"
},
"status": "pending",
"expires": "2017-05-10T13:57:30.504978941Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838541",
"token": "4UQ51s6HZTls9Cwhs-H1XUmAsH5YRuTQxvn8rA2JtQM"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838542",
"token": "IE5DqjHTrrXteYik0Q-yZk5E4lvmudTfCdOs59Yjfvg"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543",
"token": "nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ"
}
],
"combinations": [
[
2
],
[
1
],
[
0
]
]
}'
[Wed May 3 13:57:30 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 03 May 2017 13:57:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1025
Boulder-Request-Id: NQ-qBfMOSvTk6l0GozxfMRFuOWdewFaz06f7eSnWJx8
Boulder-Requester: 2099610
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro
Replay-Nonce: XcpX1lmE5lt_uTbmbWQq1E8xLzODBwsqiSUAFXbpaq0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 May 2017 13:57:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:57:30 GMT
Connection: keep-alive
'
[Wed May 3 13:57:30 UTC 2017] response='{"identifier":{"type":"dns","value":"justaaaa4.ipv6.imperialus.house"},"status":"pending","expires":"2017-05-10T13:57:30.504978941Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838541","token":"4UQ51s6HZTls9Cwhs-H1XUmAsH5YRuTQxvn8rA2JtQM"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838542","token":"IE5DqjHTrrXteYik0Q-yZk5E4lvmudTfCdOs59Yjfvg"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543","token":"nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ"}],"combinations":[[2],[1],[0]]}'
[Wed May 3 13:57:30 UTC 2017] code='201'
[Wed May 3 13:57:30 UTC 2017] The new-authz request is ok.
[Wed May 3 13:57:30 UTC 2017] entry='"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543","token":"nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ"'
[Wed May 3 13:57:30 UTC 2017] token='nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ'
[Wed May 3 13:57:30 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543'
[Wed May 3 13:57:30 UTC 2017] keyauthorization='nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A'
[Wed May 3 13:57:30 UTC 2017] dvlist='justAAAA4.ipv6.imperialus.house#nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A#https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543#tls-sni-01#tls'
[Wed May 3 13:57:30 UTC 2017] vlist='justAAAA4.ipv6.imperialus.house#nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A#https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543#tls-sni-01#tls,'
[Wed May 3 13:57:30 UTC 2017] ok, let's start to verify
[Wed May 3 13:57:30 UTC 2017] Verifying:justAAAA4.ipv6.imperialus.house
[Wed May 3 13:57:30 UTC 2017] d='justAAAA4.ipv6.imperialus.house'
[Wed May 3 13:57:30 UTC 2017] keyauthorization='nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A'
[Wed May 3 13:57:30 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543'
[Wed May 3 13:57:30 UTC 2017] _currentRoot='tls'
[Wed May 3 13:57:30 UTC 2017] _hash_B='ccc873cc60971f7907f67e77f88470a253cb2833bf62df4a81b875bff0c8af4e'
[Wed May 3 13:57:30 UTC 2017] _x='ccc873cc60971f7907f67e77f88470a2'
[Wed May 3 13:57:30 UTC 2017] _y='53cb2833bf62df4a81b875bff0c8af4e'
[Wed May 3 13:57:30 UTC 2017] _SAN_B='ccc873cc60971f7907f67e77f88470a2.53cb2833bf62df4a81b875bff0c8af4e.acme.invalid'
[Wed May 3 13:57:30 UTC 2017] Starting tls server.
[Wed May 3 13:57:30 UTC 2017] san_a='ccc873cc60971f7907f67e77f88470a2.53cb2833bf62df4a81b875bff0c8af4e.acme.invalid'
[Wed May 3 13:57:30 UTC 2017] san_b
[Wed May 3 13:57:30 UTC 2017] port='443'
[Wed May 3 13:57:30 UTC 2017] _createkey for file:/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/tls.validation.key
[Wed May 3 13:57:30 UTC 2017] Use length 2048
[Wed May 3 13:57:30 UTC 2017] Using RSA: 2048
[Wed May 3 13:57:30 UTC 2017] _createcsr
[Wed May 3 13:57:30 UTC 2017] domain='tls.acme.sh'
[Wed May 3 13:57:30 UTC 2017] domainlist='ccc873cc60971f7907f67e77f88470a2.53cb2833bf62df4a81b875bff0c8af4e.acme.invalid'
[Wed May 3 13:57:30 UTC 2017] csrkey='/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/tls.validation.key'
[Wed May 3 13:57:30 UTC 2017] csr='/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/tls.validation.csr'
[Wed May 3 13:57:30 UTC 2017] csrconf='/root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/tls.validation.conf'
[Wed May 3 13:57:30 UTC 2017] _is_idn_d='ccc873cc60971f7907f67e77f88470a2.53cb2833bf62df4a81b875bff0c8af4e.acme.invalid'
[Wed May 3 13:57:30 UTC 2017] _idn_temp
[Wed May 3 13:57:30 UTC 2017] domainlist='ccc873cc60971f7907f67e77f88470a2.53cb2833bf62df4a81b875bff0c8af4e.acme.invalid'
[Wed May 3 13:57:30 UTC 2017] Multi domain='DNS:ccc873cc60971f7907f67e77f88470a2.53cb2833bf62df4a81b875bff0c8af4e.acme.invalid'
[Wed May 3 13:57:30 UTC 2017] _is_idn_d='tls.acme.sh'
[Wed May 3 13:57:30 UTC 2017] _idn_temp
[Wed May 3 13:57:30 UTC 2017] _csr_cn='tls.acme.sh'
[Wed May 3 13:57:30 UTC 2017] _signcsr
[Wed May 3 13:57:30 UTC 2017] Signature ok
subject=CN = tls.acme.sh
Getting Private key
[Wed May 3 13:57:30 UTC 2017] Le_Listen_V4
[Wed May 3 13:57:30 UTC 2017] Le_Listen_V6='1'
[Wed May 3 13:57:30 UTC 2017] openssl s_server -cert /root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/tls.validation.cert -key /root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/tls.validation.key -accept 443 -6
Using default temp DH parameters
ACCEPT
[Wed May 3 13:57:31 UTC 2017] serverproc='28300'
[Wed May 3 13:57:31 UTC 2017] tigger domain validation.
[Wed May 3 13:57:31 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543'
[Wed May 3 13:57:31 UTC 2017] _t_key_authz='nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A'
[Wed May 3 13:57:31 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543'
[Wed May 3 13:57:31 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A"}'
[Wed May 3 13:57:31 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Wed May 3 13:57:31 UTC 2017] Use _CACHED_NONCE='XcpX1lmE5lt_uTbmbWQq1E8xLzODBwsqiSUAFXbpaq0'
[Wed May 3 13:57:31 UTC 2017] nonce='XcpX1lmE5lt_uTbmbWQq1E8xLzODBwsqiSUAFXbpaq0'
[Wed May 3 13:57:31 UTC 2017] POST
[Wed May 3 13:57:31 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543'
[Wed May 3 13:57:31 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "u4s2EX1eivnGn0tGTq36qTlqdUrHJsYYHCT5g5Y8nTIT_QEHipnHwgdumOjveInUTyyVsk8cRhrHKT0mUwgWNKLzsQ6t_ONTfcWygyb6kvDKtAA6RDij2bKDI-TxrOt3QkIKgjtNSRY9AzYm4Ajcy_d1oNV_TXJSM_FuH0Cyt8iAxHXJHwa5fL5fP8_C7nxSfTO1a_zsTzvbH08NQzALyu69DuYyjv4GkN9r8dUAH7pkMU_3XCKYGVFW4k4rZqvmo6eB63J9WE7HXUqhKIyIrhMzU-QaOHfon6dUmSzyf-QeBBew2EkB3vJbteBvKO51C34ehhX69RaY1uy8y-RMXQ"}}, "protected": "eyJub25jZSI6ICJYY3BYMWxtRTVsdF91VGJtYldRcTFFOHhMek9EQndzcWlTVUFGWGJwYXEwIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidTRzMkVYMWVpdm5HbjB0R1RxMzZxVGxxZFVySEpzWVlIQ1Q1ZzVZOG5USVRfUUVIaXBuSHdnZHVtT2p2ZUluVVR5eVZzazhjUmhySEtUMG1Vd2dXTktMenNRNnRfT05UZmNXeWd5YjZrdkRLdEFBNlJEaWoyYktESS1UeHJPdDNRa0lLZ2p0TlNSWTlBelltNEFqY3lfZDFvTlZfVFhKU01fRnVIMEN5dDhpQXhIWEpId2E1Zkw1ZlA4X0M3bnhTZlRPMWFfenNUenZiSDA4TlF6QUx5dTY5RHVZeWp2NEdrTjlyOGRVQUg3cGtNVV8zWENLWUdWRlc0azRyWnF2bW82ZUI2M0o5V0U3SFhVcWhLSXlJcmhNelUtUWFPSGZvbjZkVW1TenlmLVFlQkJldzJFa0IzdkpidGVCdktPNTFDMzRlaGhYNjlSYVkxdXk4eS1STVhRIn19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJuTnl5cko0QnRGdUE0M3l1UmoxM1lFM3B2alJVb1hzb004SDF3ZEYzMkJRLjI0ODgtTUg3dW9wdHYzc01CRWxrSzNpajF1RVFyeFhRWGM2Q1ROMkdtMEEifQ", "signature": "TlOZRWWmN8IzvTU5SZoMf9VP8yyaHJ8HSaBWnO-KKKS9IePxckZO4Ep2OBvMpzsEgkUFEN5-pqlUZgzlb4_LPK7qMrBgIEkGH3n627N6sWZ_KTRr8hogM-tpJwduDIG6_woyPBw8Gl3kassN6Pb-XKosxKl0jxY_wiPG925Rq5h2gd3DUGHQwDI53W1G76sOSX70wf2f83pszSFH9Gy6SCZjdk6gQI6cNgfqzXrD1jVyxVwVGtyC2WdpCKfg-48X2kFGaN1vlUBZrf1evHsFPctlHfaWZMtgupbEkFqFPVashufhhlif-atrjDa43M_muxT7CKueilNP1e75jS4Xjw"}'
[Wed May 3 13:57:31 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.Dx53F2rcLn '
[Wed May 3 13:57:33 UTC 2017] _ret='0'
[Wed May 3 13:57:33 UTC 2017] original='{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543",
"token": "nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ",
"keyAuthorization": "nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A"
}'
[Wed May 3 13:57:33 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 03 May 2017 13:57:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 341
Boulder-Request-Id: mI1E07qdgwXVHTJqlNLwVzgqH2iCZwr4VcxSQS0eLfc
Boulder-Requester: 2099610
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543
Replay-Nonce: 0tynTQH3JimtLp-jTnyRI1Anz-KlPUmG1rhSYzHdgQA
Expires: Wed, 03 May 2017 13:57:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:57:33 GMT
Connection: keep-alive
'
[Wed May 3 13:57:33 UTC 2017] response='{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543","token":"nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ","keyAuthorization":"nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A"}'
[Wed May 3 13:57:33 UTC 2017] code='202'
[Wed May 3 13:57:33 UTC 2017] sleep 2 secs to verify
TLS client extension "server name" (id=0), len=83
0000 - 00 51 00 00 4e 63 63 63-38 37 33 63 63 36 30 39 .Q..Nccc873cc609
0010 - 37 31 66 37 39 30 37 66-36 37 65 37 37 66 38 38 71f7907f67e77f88
0020 - 34 37 30 61 32 2e 35 33-63 62 32 38 33 33 62 66 470a2.53cb2833bf
0030 - 36 32 64 66 34 61 38 31-62 38 37 35 62 66 66 30 62df4a81b875bff0
0040 - 63 38 61 66 34 65 2e 61-63 6d 65 2e 69 6e 76 61 c8af4e.acme.inva
0050 - 6c 69 64 lid
TLS client extension "status request" (id=5), len=5
0000 - 01 .
0005 - <SPACES/NULS>
TLS client extension "elliptic curves" (id=10), len=10
0000 - 00 08 00 1d 00 17 00 18-00 19 ..........
TLS client extension "EC point formats" (id=11), len=2
0000 - 01 .
0002 - <SPACES/NULS>
TLS client extension "signature algorithms" (id=13), len=14
0000 - 00 0c 04 01 04 03 05 01-05 03 02 01 02 03 ..............
TLS client extension "renegotiation info" (id=65281), len=1
0001 - <SPACES/NULS>
TLS client extension "signed certificate timestamps" (id=18), len=0
DONE
shutting down SSL
CONNECTION CLOSED
ACCEPT
[Wed May 3 13:57:35 UTC 2017] checking
[Wed May 3 13:57:35 UTC 2017] GET
[Wed May 3 13:57:35 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543'
[Wed May 3 13:57:35 UTC 2017] timeout
[Wed May 3 13:57:35 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.VlO4sICCil '
[Wed May 3 13:57:35 UTC 2017] ret='0'
[Wed May 3 13:57:35 UTC 2017] original='{
"type": "tls-sni-01",
"status": "valid",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543",
"token": "nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ",
"keyAuthorization": "nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A",
"validationRecord": [
{
"hostname": "justaaaa4.ipv6.imperialus.house",
"port": "443",
"addressesResolved": [
"2a05:d018:520:ad00:2333:cf9c:ea7:a792"
],
"addressUsed": "2a05:d018:520:ad00:2333:cf9c:ea7:a792"
}
]
}'
[Wed May 3 13:57:35 UTC 2017] response='{"type":"tls-sni-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/_fr__22BvhoYEEVxrpKhjP0G5Ezv7AJfnA-G2CSZQro/36838543","token":"nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ","keyAuthorization":"nNyyrJ4BtFuA43yuRj13YE3pvjRUoXsoM8H1wdF32BQ.2488-MH7uoptv3sMBElkK3ij1uEQrxXQXc6CTN2Gm0A","validationRecord":[{"hostname":"justaaaa4.ipv6.imperialus.house","port":"443","addressesResolved":["2a05:d018:520:ad00:2333:cf9c:ea7:a792"],"addressUsed":"2a05:d018:520:ad00:2333:cf9c:ea7:a792"}]}'
[Wed May 3 13:57:35 UTC 2017] Success
[Wed May 3 13:57:35 UTC 2017] pid='28300'
[Wed May 3 13:57:35 UTC 2017] Le_HTTPPort
[Wed May 3 13:57:35 UTC 2017] Le_TLSPort='443'
DONE
shutdown accept socket
shutting down SSL
CONNECTION CLOSED
1 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
[Wed May 3 13:57:35 UTC 2017] Skip for removelevel:
[Wed May 3 13:57:35 UTC 2017] pid
[Wed May 3 13:57:35 UTC 2017] No need to restore nginx, skip.
[Wed May 3 13:57:35 UTC 2017] _clearupdns
[Wed May 3 13:57:35 UTC 2017] Dns not added, skip.
[Wed May 3 13:57:35 UTC 2017] Verify finished, start to sign.
[Wed May 3 13:57:35 UTC 2017] i='2'
[Wed May 3 13:57:35 UTC 2017] j='7'
[Wed May 3 13:57:35 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Wed May 3 13:57:35 UTC 2017] payload='{"resource": "new-cert", "csr": "MIIBAzCBqgIBADAqMSgwJgYDVQQDDB9qdXN0QUFBQTQuaXB2Ni5pbXBlcmlhbHVzLmhvdXNlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEb3pq8UgwyicbAPoeJUI1fafjXvKz5TkAjHUy2Wcgwm3R2w6O4EcmFLaZUluCTnuYPogoT8a_s4Fuv7989mpnnqAeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQDAgXgMAoGCCqGSM49BAMCA0gAMEUCID9tIeIV2fHnCzikOJakT4dh5uRO3cgvxUYU28JVuoRtAiEAq38RTQHOE7btoCJms93gKZZvli5-fdVmHCOBjRCS9Y4"}'
[Wed May 3 13:57:35 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Wed May 3 13:57:35 UTC 2017] Use _CACHED_NONCE='0tynTQH3JimtLp-jTnyRI1Anz-KlPUmG1rhSYzHdgQA'
[Wed May 3 13:57:35 UTC 2017] nonce='0tynTQH3JimtLp-jTnyRI1Anz-KlPUmG1rhSYzHdgQA'
[Wed May 3 13:57:35 UTC 2017] POST
[Wed May 3 13:57:35 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Wed May 3 13:57:35 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "u4s2EX1eivnGn0tGTq36qTlqdUrHJsYYHCT5g5Y8nTIT_QEHipnHwgdumOjveInUTyyVsk8cRhrHKT0mUwgWNKLzsQ6t_ONTfcWygyb6kvDKtAA6RDij2bKDI-TxrOt3QkIKgjtNSRY9AzYm4Ajcy_d1oNV_TXJSM_FuH0Cyt8iAxHXJHwa5fL5fP8_C7nxSfTO1a_zsTzvbH08NQzALyu69DuYyjv4GkN9r8dUAH7pkMU_3XCKYGVFW4k4rZqvmo6eB63J9WE7HXUqhKIyIrhMzU-QaOHfon6dUmSzyf-QeBBew2EkB3vJbteBvKO51C34ehhX69RaY1uy8y-RMXQ"}}, "protected": "eyJub25jZSI6ICIwdHluVFFIM0ppbXRMcC1qVG55UkkxQW56LUtsUFVtRzFyaFNZekhkZ1FBIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidTRzMkVYMWVpdm5HbjB0R1RxMzZxVGxxZFVySEpzWVlIQ1Q1ZzVZOG5USVRfUUVIaXBuSHdnZHVtT2p2ZUluVVR5eVZzazhjUmhySEtUMG1Vd2dXTktMenNRNnRfT05UZmNXeWd5YjZrdkRLdEFBNlJEaWoyYktESS1UeHJPdDNRa0lLZ2p0TlNSWTlBelltNEFqY3lfZDFvTlZfVFhKU01fRnVIMEN5dDhpQXhIWEpId2E1Zkw1ZlA4X0M3bnhTZlRPMWFfenNUenZiSDA4TlF6QUx5dTY5RHVZeWp2NEdrTjlyOGRVQUg3cGtNVV8zWENLWUdWRlc0azRyWnF2bW82ZUI2M0o5V0U3SFhVcWhLSXlJcmhNelUtUWFPSGZvbjZkVW1TenlmLVFlQkJldzJFa0IzdkpidGVCdktPNTFDMzRlaGhYNjlSYVkxdXk4eS1STVhRIn19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJQkF6Q0JxZ0lCQURBcU1TZ3dKZ1lEVlFRRERCOXFkWE4wUVVGQlFUUXVhWEIyTmk1cGJYQmxjbWxoYkhWekxtaHZkWE5sTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFYjNwcThVZ3d5aWNiQVBvZUpVSTFmYWZqWHZLejVUa0FqSFV5MldjZ3dtM1IydzZPNEVjbUZMYVpVbHVDVG51WVBvZ29UOGFfczRGdXY3OTg5bXBubnFBZU1Cd0dDU3FHU0liM0RRRUpEakVQTUEwd0N3WURWUjBQQkFRREFnWGdNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJRDl0SWVJVjJmSG5DemlrT0pha1Q0ZGg1dVJPM2NndnhVWVUyOEpWdW9SdEFpRUFxMzhSVFFIT0U3YnRvQ0ptczkzZ0taWnZsaTUtZmRWbUhDT0JqUkNTOVk0In0", "signature": "FE2Hwgsq15aXpKw19VNNhmPldHM3KlYC4fjQvEA7EUNql22BRZoUaoo5BhdlEddlQV7i3c4kX7zJbVuTvDlMZtTtf0ldT_DLHd6VTpQGnrHwWWzwjUnHeBs7rtzpb0upMqy0Sa6DQn3AdVPcjC4k3SexTuKlISg9fYoycbVkGnSiIaJtwviObteoPAw6DySqztLyseNpsgHzF2F2VBfVaWxDrdSHJ60tIC2iOyVMY_6-PKJbLK9QbGalzpq7-vyxPIA2DL4rRWC1rE4kA0wAmYmDlXKHS-TMjYYUB6kQjX9kPLMUb8n8aGr6SjpIPq13bLNQVHFs1PisP524fBGlXg"}'
[Wed May 3 13:57:35 UTC 2017] Http already initialized.
[Wed May 3 13:57:35 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.ZWLCHs4L47 '
[Wed May 3 13:57:36 UTC 2017] _ret='0'
[Wed May 3 13:57:36 UTC 2017] original='MIIEODCCAyCgAwIBAgITAPqs8CfvUP//CeCaGkGQrbcTPzANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNzA1MDMxMjU4MDBaFw0xNzA4MDExMjU4MDBaMCoxKDAmBgNVBAMTH2p1c3RhYWFhNC5pcHY2LmltcGVyaWFsdXMuaG91c2UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvemrxSDDKJxsA+h4lQjV9p+Ne8rPlOQCMdTLZZyDCbdHbDo7gRyYUtplSW4JOe5g+iChPxr+zgW6/v3z2ameeo4ICKDCCAiQwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSsIv5Ot+axU1+Znnpg3skd9WU94zAfBgNVHSMEGDAWgBTAzANGuVggzFxycPPhLssgpvVoOjB4BggrBgEFBQcBAQRsMGowMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnN0Zy1pbnQteDEubGV0c2VuY3J5cHQub3JnLzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQuc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMCoGA1UdEQQjMCGCH2p1c3RhYWFhNC5pcHY2LmltcGVyaWFsdXMuaG91c2Uwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAADyNR7YKUPw8lJyz7PY5qiMMx12S3iGcJIlon3+AtBFCLAKZPB/pkQLI54Lbwsz7sDfBjSXGG5zt2s9GBHnn75j5NPe0+UPeoJ5uLaVN/AmVQeN4lPoCiB1Xr/7G8myCoS5lp65y0ZLvEAvDyJFLPe5xdBMVmeCuHCHXm3Fao1RJqCTHD39P2yzwXCpjcaBX2Mh1bmcQh1mIxWBxZJZVcjvy35BNs2/YooPI+J9dd+p1h9LaQ1YsoC/SuvralbeICrWS7BjEqhK6uR3tM7D2DtNUgB0lUz9gYAxSk2CgrcsvJ+IxuoV1L42PvOseQUpGf6NqyXrValJ++f6zz/910g=='
[Wed May 3 13:57:36 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 03 May 2017 13:57:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/pkix-cert
Content-Length: 1084
Boulder-Request-Id: R-GckzaqG4VhDUbCvB7I1XKcnrGtOWp2Sc1oqLwqqv8
Boulder-Requester: 2099610
Link: <https://acme-staging.api.letsencrypt.org/acme/issuer-cert>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/cert/faacf027ef50ffff09e09a1a4190adb7133f
Replay-Nonce: uh6_JuahVEe_gL8PQ77Xe0WTtLfUIFJts9eOXHomIlc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 May 2017 13:57:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:57:36 GMT
Connection: keep-alive
'
[Wed May 3 13:57:36 UTC 2017] response='MIIEODCCAyCgAwIBAgITAPqs8CfvUP//CeCaGkGQrbcTPzANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNzA1MDMxMjU4MDBaFw0xNzA4MDExMjU4MDBaMCoxKDAmBgNVBAMTH2p1c3RhYWFhNC5pcHY2LmltcGVyaWFsdXMuaG91c2UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvemrxSDDKJxsA+h4lQjV9p+Ne8rPlOQCMdTLZZyDCbdHbDo7gRyYUtplSW4JOe5g+iChPxr+zgW6/v3z2ameeo4ICKDCCAiQwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSsIv5Ot+axU1+Znnpg3skd9WU94zAfBgNVHSMEGDAWgBTAzANGuVggzFxycPPhLssgpvVoOjB4BggrBgEFBQcBAQRsMGowMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnN0Zy1pbnQteDEubGV0c2VuY3J5cHQub3JnLzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQuc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMCoGA1UdEQQjMCGCH2p1c3RhYWFhNC5pcHY2LmltcGVyaWFsdXMuaG91c2Uwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAADyNR7YKUPw8lJyz7PY5qiMMx12S3iGcJIlon3+AtBFCLAKZPB/pkQLI54Lbwsz7sDfBjSXGG5zt2s9GBHnn75j5NPe0+UPeoJ5uLaVN/AmVQeN4lPoCiB1Xr/7G8myCoS5lp65y0ZLvEAvDyJFLPe5xdBMVmeCuHCHXm3Fao1RJqCTHD39P2yzwXCpjcaBX2Mh1bmcQh1mIxWBxZJZVcjvy35BNs2/YooPI+J9dd+p1h9LaQ1YsoC/SuvralbeICrWS7BjEqhK6uR3tM7D2DtNUgB0lUz9gYAxSk2CgrcsvJ+IxuoV1L42PvOseQUpGf6NqyXrValJ++f6zz/910g=='
[Wed May 3 13:57:36 UTC 2017] code='201'
[Wed May 3 13:57:36 UTC 2017] Le_LinkCert='https://acme-staging.api.letsencrypt.org/acme/cert/faacf027ef50ffff09e09a1a4190adb7133f'
[Wed May 3 13:57:36 UTC 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIEODCCAyCgAwIBAgITAPqs8CfvUP//CeCaGkGQrbcTPzANBgkqhkiG9w0BAQsF
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNzA1MDMx
MjU4MDBaFw0xNzA4MDExMjU4MDBaMCoxKDAmBgNVBAMTH2p1c3RhYWFhNC5pcHY2
LmltcGVyaWFsdXMuaG91c2UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARvemrx
SDDKJxsA+h4lQjV9p+Ne8rPlOQCMdTLZZyDCbdHbDo7gRyYUtplSW4JOe5g+iChP
xr+zgW6/v3z2ameeo4ICKDCCAiQwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSsIv5O
t+axU1+Znnpg3skd9WU94zAfBgNVHSMEGDAWgBTAzANGuVggzFxycPPhLssgpvVo
OjB4BggrBgEFBQcBAQRsMGowMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnN0Zy1p
bnQteDEubGV0c2VuY3J5cHQub3JnLzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQu
c3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMCoGA1UdEQQjMCGCH2p1c3RhYWFh
NC5pcHY2LmltcGVyaWFsdXMuaG91c2Uwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEw
geYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNl
bmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1h
eSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25s
eSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3Vu
ZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG
9w0BAQsFAAOCAQEAADyNR7YKUPw8lJyz7PY5qiMMx12S3iGcJIlon3+AtBFCLAKZ
PB/pkQLI54Lbwsz7sDfBjSXGG5zt2s9GBHnn75j5NPe0+UPeoJ5uLaVN/AmVQeN4
lPoCiB1Xr/7G8myCoS5lp65y0ZLvEAvDyJFLPe5xdBMVmeCuHCHXm3Fao1RJqCTH
D39P2yzwXCpjcaBX2Mh1bmcQh1mIxWBxZJZVcjvy35BNs2/YooPI+J9dd+p1h9La
Q1YsoC/SuvralbeICrWS7BjEqhK6uR3tM7D2DtNUgB0lUz9gYAxSk2CgrcsvJ+Ix
uoV1L42PvOseQUpGf6NqyXrValJ++f6zz/910g==
-----END CERTIFICATE-----
[Wed May 3 13:57:36 UTC 2017] Your cert is in /root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/justAAAA4.ipv6.imperialus.house.cer
[Wed May 3 13:57:36 UTC 2017] Your cert key is in /root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/justAAAA4.ipv6.imperialus.house.key
[Wed May 3 13:57:36 UTC 2017] Le_LinkIssuer='https://acme-staging.api.letsencrypt.org/acme/issuer-cert'
[Wed May 3 13:57:36 UTC 2017] _link_issuer_retry='0'
[Wed May 3 13:57:36 UTC 2017] GET
[Wed May 3 13:57:36 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/issuer-cert'
[Wed May 3 13:57:36 UTC 2017] timeout
[Wed May 3 13:57:36 UTC 2017] Http already initialized.
[Wed May 3 13:57:36 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.ZWLCHs4L47 '
[Wed May 3 13:57:36 UTC 2017] ret='0'
[Wed May 3 13:57:36 UTC 2017] The intermediate CA cert is in /root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/ca.cer
[Wed May 3 13:57:36 UTC 2017] And the full chain certs is there: /root/.acme.sh/justAAAA4.ipv6.imperialus.house_ecc/fullchain.cer
[Wed May 3 13:57:36 UTC 2017] _on_issue_successfor anyone that finds this ticket and wants to shortcut getting openssl 1.1, can use this PPA (mind the nginx version) https://launchpad.net/~ondrej/+archive/ubuntu/nginx-mainline
Neilpang
commented
7 years ago @FernandoMiguel
why you use --nocron in this command ? lol: 😆
FernandoMiguel
commented
7 years ago cause this is just a sandbox server. dont want it renewing certs especially if i'm issuing staging certs lol
anyway, nginx 1.13 with TLS v1.2 and 1.3 over IPv6 AAAA , with LE/acme.sh with ecc tls over ipv6. https://justaaaa4.ipv6.imperialus.house/ it does work.
let me know what i can do to help with your tests on tls1.3. i can give you root access to this sandbox if needed.
FernandoMiguel
commented
7 years ago i would purpose having a warning when using --listen-v6 to make sure openssl 1.1 is used!
Neilpang
commented
7 years ago @FernandoMiguel
--nocron is only effecting on --install or --uninstall command. so it's useless on --issue here.
let me know what i can do to help with your tests on tls1.3. i can give you root access to this sandbox if needed.
Thanks, I just need a testing server. I want to debug with tls 1.3, because I'm recently writing our java implementation for tls 1.3 protocol.
i would purpose having a warning when using --listen-v6 to make sure openssl 1.1 is used!
I will think about it.
FernandoMiguel
commented
7 years ago @Neilpang add your ed25519 ssh public key to github, and i'll have the server pull from https://github.com/Neilpang.keys
see https://github.com/FernandoMiguel/sshremotekeys for reference :)
Neilpang
commented
7 years ago @FernandoMiguel Thanks for your offer. Will let you know if I need your server. Thank you.
I'm trying to force issuing a cert over IPv6 and tls. no port 80 open, just 443. I also had no IPv4 A record and that fails with a different but related error.
it seems that when using --listen-v6, it will still use the IPv4 dns record.
Log