dehydrated with broken pipe in cat...

dehydrated-io / dehydrated

letsencrypt/acme client implemented as a shell-script – just add water

MIT License

5.96k stars 716 forks source link

$cmd = '/opt/dehydrated/dehydrated -c -o '.CertStore.' -a '.$row3['algo'].' -d '.$row3['domain'].' 2>&1 >> /var/log/dehydrated/dehydrated.log'; // other Code for addional Domains and --force Parameter if required exec($cmd, $return, $ret_val);

Do 15. Mär 07:15:01 CET 2018 # INFO: Using main config file /opt/dehydrated/config Processing tb-itf.de with alternative names: www.domain.de + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... + Valid till Apr 3 22:05:12 2018 GMT Certificate will expire (Less than 30 days). Renewing! + Signing domains... + Generating private key... + Generating signing request... + Requesting new certificate order from CA...`

bash -x dehydrated -c "/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1" + set -e + set -u + set -o pipefail + [[ -n '' ]] + [[ -z '' ]] + shopt -s nullglob + set -f + umask 077 + VERSION=git-master-after-0.6.1 + SOURCE=dehydrated + '[' -h dehydrated ']' +++ dirname dehydrated ++ cd -P . ++ pwd + SCRIPTDIR=/opt/reksys + BASEDIR=/opt/reksys + ORIGARGS='-c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 -d www.domain.de' ++ uname + OSTYPE=Linux + [[ ! '' = \N\O\O\P ]] + main -c '/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' -d www.domain.de + COMMAND= + [[ -z -c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 -d www.domain.de ]] + (( 4 )) + case "${1}" in + set_command sign_domains + [[ -z '' ]] + COMMAND=sign_domains + shift 1 + (( 3 )) + case "${1}" in + echo 'Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 + echo + command_help + printf 'Usage: %s [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...\n\n' dehydrated Usage: dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ... + printf 'Default command: help\n\n' Default command: help + echo Commands: Commands: + grep -e '^[[:space:]]*# Usage:' -e '^[[:space:]]*# Description:' -e '^command_.*()[[:space:]]*{' dehydrated + read -r usage grep: dehydrated: Datei oder Verzeichnis nicht gefunden + read -r description + read -r command

bash -x /opt/dehydrated/dehydrated -c "/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1" + set -e + set -u + set -o pipefail + [[ -n '' ]] + [[ -z '' ]] + shopt -s nullglob + set -f + umask 077 + VERSION=git-master-after-0.6.1 + SOURCE=/opt/dehydrated/dehydrated + '[' -h /opt/dehydrated/dehydrated ']' +++ dirname /opt/dehydrated/dehydrated ++ cd -P /opt/dehydrated ++ pwd + SCRIPTDIR=/opt/dehydrated + BASEDIR=/opt/dehydrated + ORIGARGS='-c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 -d www.domain.de' ++ uname + OSTYPE=Linux + [[ ! '' = \N\O\O\P ]] + main -c '/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' -d www.domain.de + COMMAND= + [[ -z -c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 -d www.domain.de ]] + (( 4 )) + case "${1}" in + set_command sign_domains + [[ -z '' ]] + COMMAND=sign_domains + shift 1 + (( 3 )) + case "${1}" in + echo 'Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 + echo + command_help + printf 'Usage: %s [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...\n\n' /opt/dehydrated/dehydrated Usage: /opt/dehydrated/dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ... + printf 'Default command: help\n\n' Default command: help + echo Commands: Commands: + grep -e '^[[:space:]]*# Usage:' -e '^[[:space:]]*# Description:' -e '^command_.*()[[:space:]]*{' /opt/dehydrated/dehydrated + read -r usage + read -r description + read -r command + [[ ! # Usage: --version (-v) =~ Usage ]] + [[ ! # Description: Print version information =~ Description ]] + [[ ! command_version() { =~ ^command_ ]] + printf ' %-32s %s\n' '--version (-v)' 'Print version information' --version (-v) Print version information + read -r usage + read -r description + read -r command + [[ ! # Usage: --register =~ Usage ]] + [[ ! # Description: Register account key =~ Description ]] + [[ ! command_register() { =~ ^command_ ]] + printf ' %-32s %s\n' --register 'Register account key' --register Register account key + read -r usage + read -r description + read -r command + [[ ! # Usage: --account =~ Usage ]] + [[ ! # Description: Update account contact information =~ Description ]] + [[ ! command_account() { =~ ^command_ ]] + printf ' %-32s %s\n' --account 'Update account contact information' --account Update account contact information + read -r usage + read -r description + read -r command + [[ ! # Usage: --cron (-c) =~ Usage ]] + [[ ! # Description: Sign/renew non-existent/changed/expiring certificates. =~ Description ]] + [[ ! command_sign_domains() { =~ ^command_ ]] + printf ' %-32s %s\n' '--cron (-c)' 'Sign/renew non-existent/changed/expiring certificates.' --cron (-c) Sign/renew non-existent/changed/expiring certificates. + read -r usage + read -r description + read -r command + [[ ! # Usage: --signcsr (-s) path/to/csr.pem =~ Usage ]] + [[ ! # Description: Sign a given CSR, output CRT on stdout (advanced usage) =~ Description ]] + [[ ! command_sign_csr() { =~ ^command_ ]] + printf ' %-32s %s\n' '--signcsr (-s) path/to/csr.pem' 'Sign a given CSR, output CRT on stdout (advanced usage)' --signcsr (-s) path/to/csr.pem Sign a given CSR, output CRT on stdout (advanced usage) + read -r usage + read -r description + read -r command + [[ ! # Usage: --revoke (-r) path/to/cert.pem =~ Usage ]] + [[ ! # Description: Revoke specified certificate =~ Description ]] + [[ ! command_revoke() { =~ ^command_ ]] + printf ' %-32s %s\n' '--revoke (-r) path/to/cert.pem' 'Revoke specified certificate' --revoke (-r) path/to/cert.pem Revoke specified certificate + read -r usage + read -r description + read -r command + [[ ! # Usage: --cleanup (-gc) =~ Usage ]] + [[ ! # Description: Move unused certificate files to archive directory =~ Description ]] + [[ ! command_cleanup() { =~ ^command_ ]] + printf ' %-32s %s\n' '--cleanup (-gc)' 'Move unused certificate files to archive directory' --cleanup (-gc) Move unused certificate files to archive directory + read -r usage + read -r description + read -r command + [[ ! # Usage: --help (-h) =~ Usage ]] + [[ ! # Description: Show help text =~ Description ]] + [[ ! command_help() { =~ ^command_ ]] + printf ' %-32s %s\n' '--help (-h)' 'Show help text' --help (-h) Show help text + read -r usage + read -r description + read -r command + [[ ! # Usage: --env (-e) =~ Usage ]] + [[ ! # Description: Output configuration variables for use in other scripts =~ Description ]] + [[ ! command_env() { =~ ^command_ ]] + printf ' %-32s %s\n' '--env (-e)' 'Output configuration variables for use in other scripts' --env (-e) Output configuration variables for use in other scripts + read -r usage + read -r description + read -r command + printf -- '\nParameters:\n' Parameters: + grep -E -e '^[[:space:]]*# PARAM_Usage:' -e '^[[:space:]]*# PARAM_Description:' /opt/dehydrated/dehydrated + read -r usage + read -r description + [[ ! # PARAM_Usage: --accept-terms =~ Usage ]] + [[ ! # PARAM_Description: Accept CAs terms of service =~ Description ]] + printf ' %-32s %s\n' --accept-terms 'Accept CAs terms of service' --accept-terms Accept CAs terms of service + read -r usage + read -r description + [[ ! # PARAM_Usage: --full-chain (-fc) =~ Usage ]] + [[ ! # PARAM_Description: Print full chain when using --signcsr =~ Description ]] + printf ' %-32s %s\n' '--full-chain (-fc)' 'Print full chain when using --signcsr' --full-chain (-fc) Print full chain when using --signcsr + read -r usage + read -r description + [[ ! # PARAM_Usage: --ipv4 (-4) =~ Usage ]] + [[ ! # PARAM_Description: Resolve names to IPv4 addresses only =~ Description ]] + printf ' %-32s %s\n' '--ipv4 (-4)' 'Resolve names to IPv4 addresses only' --ipv4 (-4) Resolve names to IPv4 addresses only + read -r usage + read -r description + [[ ! # PARAM_Usage: --ipv6 (-6) =~ Usage ]] + [[ ! # PARAM_Description: Resolve names to IPv6 addresses only =~ Description ]] + printf ' %-32s %s\n' '--ipv6 (-6)' 'Resolve names to IPv6 addresses only' --ipv6 (-6) Resolve names to IPv6 addresses only + read -r usage + read -r description + [[ ! # PARAM_Usage: --domain (-d) domain.tld =~ Usage ]] + [[ ! # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!) =~ Description ]] + printf ' %-32s %s\n' '--domain (-d) domain.tld' 'Use specified domain name(s) instead of domains.txt entry (one certificate!)' --domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!) + read -r usage + read -r description + [[ ! # PARAM_Usage: --alias certalias =~ Usage ]] + [[ ! # PARAM_Description: Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified) =~ Description ]] + printf ' %-32s %s\n' '--alias certalias' 'Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)' --alias certalias Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified) + read -r usage + read -r description + [[ ! # PARAM_Usage: --keep-going (-g) =~ Usage ]] + [[ ! # PARAM_Description: Keep going after encountering an error while creating/renewing multiple certificates in cron mode =~ Description ]] + printf ' %-32s %s\n' '--keep-going (-g)' 'Keep going after encountering an error while creating/renewing multiple certificates in cron mode' --keep-going (-g) Keep going after encountering an error while creating/renewing multiple certificates in cron mode + read -r usage + read -r description + [[ ! # PARAM_Usage: --force (-x) =~ Usage ]] + [[ ! # PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS =~ Description ]] + printf ' %-32s %s\n' '--force (-x)' 'Force renew of certificate even if it is longer valid than value in RENEW_DAYS' --force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS + read -r usage + read -r description + [[ ! # PARAM_Usage: --no-lock (-n) =~ Usage ]] + [[ ! # PARAM_Description: Don't use lockfile (potentially dangerous!) =~ Description ]] + printf ' %-32s %s\n' '--no-lock (-n)' 'Don'\''t use lockfile (potentially dangerous!)' --no-lock (-n) Don't use lockfile (potentially dangerous!) + read -r usage + read -r description + [[ ! # PARAM_Usage: --lock-suffix example.com =~ Usage ]] + [[ ! # PARAM_Description: Suffix lockfile name with a string (useful for with -d) =~ Description ]] + printf ' %-32s %s\n' '--lock-suffix example.com' 'Suffix lockfile name with a string (useful for with -d)' --lock-suffix example.com Suffix lockfile name with a string (useful for with -d) + read -r usage + read -r description + [[ ! # PARAM_Usage: --ocsp =~ Usage ]] + [[ ! # PARAM_Description: Sets option in CSR indicating OCSP stapling to be mandatory =~ Description ]] + printf ' %-32s %s\n' --ocsp 'Sets option in CSR indicating OCSP stapling to be mandatory' --ocsp Sets option in CSR indicating OCSP stapling to be mandatory + read -r usage + read -r description + [[ ! # PARAM_Usage: --privkey (-p) path/to/key.pem =~ Usage ]] + [[ ! # PARAM_Description: Use specified private key instead of account key (useful for revocation) =~ Description ]] + printf ' %-32s %s\n' '--privkey (-p) path/to/key.pem' 'Use specified private key instead of account key (useful for revocation)' --privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation) + read -r usage + read -r description + [[ ! # PARAM_Usage: --config (-f) path/to/config =~ Usage ]] + [[ ! # PARAM_Description: Use specified config file =~ Description ]] + printf ' %-32s %s\n' '--config (-f) path/to/config' 'Use specified config file' --config (-f) path/to/config Use specified config file + read -r usage + read -r description + [[ ! # PARAM_Usage: --hook (-k) path/to/hook.sh =~ Usage ]] + [[ ! # PARAM_Description: Use specified script for hooks =~ Description ]] + printf ' %-32s %s\n' '--hook (-k) path/to/hook.sh' 'Use specified script for hooks' --hook (-k) path/to/hook.sh Use specified script for hooks + read -r usage + read -r description + [[ ! # PARAM_Usage: --out (-o) certs/directory =~ Usage ]] + [[ ! # PARAM_Description: Output certificates into the specified directory =~ Description ]] + printf ' %-32s %s\n' '--out (-o) certs/directory' 'Output certificates into the specified directory' --out (-o) certs/directory Output certificates into the specified directory + read -r usage + read -r description + [[ ! # PARAM_Usage: --challenge (-t) http-01|dns-01 =~ Usage ]] + [[ ! # PARAM_Description: Which challenge should be used? Currently http-01 and dns-01 are supported =~ Description ]] + printf ' %-32s %s\n' '--challenge (-t) http-01|dns-01' 'Which challenge should be used? Currently http-01 and dns-01 are supported' --challenge (-t) http-01|dns-01 Which challenge should be used? Currently http-01 and dns-01 are supported + read -r usage + read -r description + [[ ! # PARAM_Usage: --algo (-a) rsa|prime256v1|secp384r1 =~ Usage ]] + [[ ! # PARAM_Description: Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 =~ Description ]] + printf ' %-32s %s\n' '--algo (-a) rsa|prime256v1|secp384r1' 'Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1' --algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 + read -r usage + read -r description + exit 1

bash -x /opt/dehydrated/dehydrated -c "/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1" + set -e + set -u + set -o pipefail + [[ -n '' ]] + [[ -z '' ]] + shopt -s nullglob + set -f + umask 077 + VERSION=git-master-after-0.6.1 + SOURCE=/opt/dehydrated/dehydrated + '[' -h /opt/dehydrated/dehydrated ']' +++ dirname /opt/dehydrated/dehydrated ++ cd -P /opt/dehydrated ++ pwd + SCRIPTDIR=/opt/dehydrated + BASEDIR=/opt/dehydrated + ORIGARGS='-c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' ++ uname + OSTYPE=Linux + [[ ! '' = \N\O\O\P ]] + main -c '/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' + COMMAND= + [[ -z -c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 ]] + (( 2 )) + case "${1}" in + set_command sign_domains + [[ -z '' ]] + COMMAND=sign_domains + shift 1 + (( 1 )) + case "${1}" in + echo 'Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 + echo + command_help + printf 'Usage: %s [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...\n\n' /opt/dehydrated/dehydrated Usage: /opt/dehydrated/dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ... + printf 'Default command: help\n\n' Default command: help + echo Commands: Commands: + grep -e '^[[:space:]]*# Usage:' -e '^[[:space:]]*# Description:' -e '^command_.*()[[:space:]]*{' /opt/dehydrated/dehydrated + read -r usage + read -r description + read -r command + [[ ! # Usage: --version (-v) =~ Usage ]] + [[ ! # Description: Print version information =~ Description ]] + [[ ! command_version() { =~ ^command_ ]] + printf ' %-32s %s\n' '--version (-v)' 'Print version information' --version (-v) Print version information + read -r usage + read -r description + read -r command + [[ ! # Usage: --register =~ Usage ]] + [[ ! # Description: Register account key =~ Description ]] + [[ ! command_register() { =~ ^command_ ]] + printf ' %-32s %s\n' --register 'Register account key' --register Register account key + read -r usage + read -r description + read -r command + [[ ! # Usage: --account =~ Usage ]] + [[ ! # Description: Update account contact information =~ Description ]] + [[ ! command_account() { =~ ^command_ ]] + printf ' %-32s %s\n' --account 'Update account contact information' --account Update account contact information + read -r usage + read -r description + read -r command + [[ ! # Usage: --cron (-c) =~ Usage ]] + [[ ! # Description: Sign/renew non-existent/changed/expiring certificates. =~ Description ]] + [[ ! command_sign_domains() { =~ ^command_ ]] + printf ' %-32s %s\n' '--cron (-c)' 'Sign/renew non-existent/changed/expiring certificates.' --cron (-c) Sign/renew non-existent/changed/expiring certificates. + read -r usage + read -r description + read -r command + [[ ! # Usage: --signcsr (-s) path/to/csr.pem =~ Usage ]] + [[ ! # Description: Sign a given CSR, output CRT on stdout (advanced usage) =~ Description ]] + [[ ! command_sign_csr() { =~ ^command_ ]] + printf ' %-32s %s\n' '--signcsr (-s) path/to/csr.pem' 'Sign a given CSR, output CRT on stdout (advanced usage)' --signcsr (-s) path/to/csr.pem Sign a given CSR, output CRT on stdout (advanced usage) + read -r usage + read -r description + read -r command + [[ ! # Usage: --revoke (-r) path/to/cert.pem =~ Usage ]] + [[ ! # Description: Revoke specified certificate =~ Description ]] + [[ ! command_revoke() { =~ ^command_ ]] + printf ' %-32s %s\n' '--revoke (-r) path/to/cert.pem' 'Revoke specified certificate' --revoke (-r) path/to/cert.pem Revoke specified certificate + read -r usage + read -r description + read -r command + [[ ! # Usage: --cleanup (-gc) =~ Usage ]] + [[ ! # Description: Move unused certificate files to archive directory =~ Description ]] + [[ ! command_cleanup() { =~ ^command_ ]] + printf ' %-32s %s\n' '--cleanup (-gc)' 'Move unused certificate files to archive directory' --cleanup (-gc) Move unused certificate files to archive directory + read -r usage + read -r description + read -r command + [[ ! # Usage: --help (-h) =~ Usage ]] + [[ ! # Description: Show help text =~ Description ]] + [[ ! command_help() { =~ ^command_ ]] + printf ' %-32s %s\n' '--help (-h)' 'Show help text' --help (-h) Show help text + read -r usage + read -r description + read -r command + [[ ! # Usage: --env (-e) =~ Usage ]] + [[ ! # Description: Output configuration variables for use in other scripts =~ Description ]] + [[ ! command_env() { =~ ^command_ ]] + printf ' %-32s %s\n' '--env (-e)' 'Output configuration variables for use in other scripts' --env (-e) Output configuration variables for use in other scripts + read -r usage + read -r description + read -r command + printf -- '\nParameters:\n' Parameters: + grep -E -e '^[[:space:]]*# PARAM_Usage:' -e '^[[:space:]]*# PARAM_Description:' /opt/dehydrated/dehydrated + read -r usage + read -r description + [[ ! # PARAM_Usage: --accept-terms =~ Usage ]] + [[ ! # PARAM_Description: Accept CAs terms of service =~ Description ]] + printf ' %-32s %s\n' --accept-terms 'Accept CAs terms of service' --accept-terms Accept CAs terms of service + read -r usage + read -r description + [[ ! # PARAM_Usage: --full-chain (-fc) =~ Usage ]] + [[ ! # PARAM_Description: Print full chain when using --signcsr =~ Description ]] + printf ' %-32s %s\n' '--full-chain (-fc)' 'Print full chain when using --signcsr' --full-chain (-fc) Print full chain when using --signcsr + read -r usage + read -r description + [[ ! # PARAM_Usage: --ipv4 (-4) =~ Usage ]] + [[ ! # PARAM_Description: Resolve names to IPv4 addresses only =~ Description ]] + printf ' %-32s %s\n' '--ipv4 (-4)' 'Resolve names to IPv4 addresses only' --ipv4 (-4) Resolve names to IPv4 addresses only + read -r usage + read -r description + [[ ! # PARAM_Usage: --ipv6 (-6) =~ Usage ]] + [[ ! # PARAM_Description: Resolve names to IPv6 addresses only =~ Description ]] + printf ' %-32s %s\n' '--ipv6 (-6)' 'Resolve names to IPv6 addresses only' --ipv6 (-6) Resolve names to IPv6 addresses only + read -r usage + read -r description + [[ ! # PARAM_Usage: --domain (-d) domain.tld =~ Usage ]] + [[ ! # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!) =~ Description ]] + printf ' %-32s %s\n' '--domain (-d) domain.tld' 'Use specified domain name(s) instead of domains.txt entry (one certificate!)' --domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!) + read -r usage + read -r description + [[ ! # PARAM_Usage: --alias certalias =~ Usage ]] + [[ ! # PARAM_Description: Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified) =~ Description ]] + printf ' %-32s %s\n' '--alias certalias' 'Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)' --alias certalias Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified) + read -r usage + read -r description + [[ ! # PARAM_Usage: --keep-going (-g) =~ Usage ]] + [[ ! # PARAM_Description: Keep going after encountering an error while creating/renewing multiple certificates in cron mode =~ Description ]] + printf ' %-32s %s\n' '--keep-going (-g)' 'Keep going after encountering an error while creating/renewing multiple certificates in cron mode' --keep-going (-g) Keep going after encountering an error while creating/renewing multiple certificates in cron mode + read -r usage + read -r description + [[ ! # PARAM_Usage: --force (-x) =~ Usage ]] + [[ ! # PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS =~ Description ]] + printf ' %-32s %s\n' '--force (-x)' 'Force renew of certificate even if it is longer valid than value in RENEW_DAYS' --force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS + read -r usage + read -r description + [[ ! # PARAM_Usage: --no-lock (-n) =~ Usage ]] + [[ ! # PARAM_Description: Don't use lockfile (potentially dangerous!) =~ Description ]] + printf ' %-32s %s\n' '--no-lock (-n)' 'Don'\''t use lockfile (potentially dangerous!)' --no-lock (-n) Don't use lockfile (potentially dangerous!) + read -r usage + read -r description + [[ ! # PARAM_Usage: --lock-suffix example.com =~ Usage ]] + [[ ! # PARAM_Description: Suffix lockfile name with a string (useful for with -d) =~ Description ]] + printf ' %-32s %s\n' '--lock-suffix example.com' 'Suffix lockfile name with a string (useful for with -d)' --lock-suffix example.com Suffix lockfile name with a string (useful for with -d) + read -r usage + read -r description + [[ ! # PARAM_Usage: --ocsp =~ Usage ]] + [[ ! # PARAM_Description: Sets option in CSR indicating OCSP stapling to be mandatory =~ Description ]] + printf ' %-32s %s\n' --ocsp 'Sets option in CSR indicating OCSP stapling to be mandatory' --ocsp Sets option in CSR indicating OCSP stapling to be mandatory + read -r usage + read -r description + [[ ! # PARAM_Usage: --privkey (-p) path/to/key.pem =~ Usage ]] + [[ ! # PARAM_Description: Use specified private key instead of account key (useful for revocation) =~ Description ]] + printf ' %-32s %s\n' '--privkey (-p) path/to/key.pem' 'Use specified private key instead of account key (useful for revocation)' --privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation) + read -r usage + read -r description + [[ ! # PARAM_Usage: --config (-f) path/to/config =~ Usage ]] + [[ ! # PARAM_Description: Use specified config file =~ Description ]] + printf ' %-32s %s\n' '--config (-f) path/to/config' 'Use specified config file' --config (-f) path/to/config Use specified config file + read -r usage + read -r description + [[ ! # PARAM_Usage: --hook (-k) path/to/hook.sh =~ Usage ]] + [[ ! # PARAM_Description: Use specified script for hooks =~ Description ]] + printf ' %-32s %s\n' '--hook (-k) path/to/hook.sh' 'Use specified script for hooks' --hook (-k) path/to/hook.sh Use specified script for hooks + read -r usage + read -r description + [[ ! # PARAM_Usage: --out (-o) certs/directory =~ Usage ]] + [[ ! # PARAM_Description: Output certificates into the specified directory =~ Description ]] + printf ' %-32s %s\n' '--out (-o) certs/directory' 'Output certificates into the specified directory' --out (-o) certs/directory Output certificates into the specified directory + read -r usage + read -r description + [[ ! # PARAM_Usage: --challenge (-t) http-01|dns-01 =~ Usage ]] + [[ ! # PARAM_Description: Which challenge should be used? Currently http-01 and dns-01 are supported =~ Description ]] + printf ' %-32s %s\n' '--challenge (-t) http-01|dns-01' 'Which challenge should be used? Currently http-01 and dns-01 are supported' --challenge (-t) http-01|dns-01 Which challenge should be used? Currently http-01 and dns-01 are supported + read -r usage + read -r description + [[ ! # PARAM_Usage: --algo (-a) rsa|prime256v1|secp384r1 =~ Usage ]] + [[ ! # PARAM_Description: Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 =~ Description ]] + printf ' %-32s %s\n' '--algo (-a) rsa|prime256v1|secp384r1' 'Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1' --algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 + read -r usage + read -r description + exit 1

+ set -e + set -u + set -o pipefail + [[ -n '' ]] + [[ -z '' ]] + shopt -s nullglob + set -f + umask 077 + VERSION=git-master-after-0.6.1 + SOURCE=/opt/dehydrated/dehydrated + '[' -h /opt/dehydrated/dehydrated ']' +++ dirname /opt/dehydrated/dehydrated ++ cd -P /opt/dehydrated ++ pwd + SCRIPTDIR=/opt/dehydrated + BASEDIR=/opt/dehydrated + ORIGARGS='-c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de' ++ uname + OSTYPE=Linux + [[ ! '' = \N\O\O\P ]] + main -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de + COMMAND= + [[ -z -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de ]] + (( 9 )) + case "${1}" in + set_command sign_domains + [[ -z '' ]] + COMMAND=sign_domains + shift 1 + (( 8 )) + case "${1}" in + shift 1 + check_parameters /etc/ssl/reksys + [[ -z /etc/ssl/reksys ]] + [[ / = \- ]] + PARAM_CERTDIR=/etc/ssl/reksys + shift 1 + (( 6 )) + case "${1}" in + shift 1 + check_parameters secp384r1 + [[ -z secp384r1 ]] + [[ s = \- ]] + PARAM_KEY_ALGO=secp384r1 + shift 1 + (( 4 )) + case "${1}" in + shift 1 + check_parameters domain.de + [[ -z domain.de ]] + [[ t = \- ]] + [[ -z '' ]] + PARAM_DOMAIN=domain.de + shift 1 + (( 2 )) + case "${1}" in + shift 1 + check_parameters www.domain.de + [[ -z www.domain.de ]] + [[ w = \- ]] + [[ -z domain.de ]] + PARAM_DOMAIN='domain.de www.domain.de' + shift 1 + (( 0 )) + case "${COMMAND}" in + command_sign_domains + init_system + load_config + [[ -z '' ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /etc/dehydrated/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /usr/local/etc/dehydrated/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /opt/reksys/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /opt/dehydrated/config ]] + BASEDIR=/opt/dehydrated + CONFIG=/opt/dehydrated/config + break + CA=https://acme-v02.api.letsencrypt.org/directory + OLDCA= + CERTDIR= + ACCOUNTDIR= + CHALLENGETYPE=http-01 + CONFIG_D= + CURL_OPTS= + DOMAINS_D= + DOMAINS_TXT= + HOOK= + HOOK_CHAIN=no + RENEW_DAYS=30 + KEYSIZE=4096 + WELLKNOWN= + PRIVATE_KEY_RENEW=yes + PRIVATE_KEY_ROLLOVER=no + KEY_ALGO=rsa + OPENSSL=openssl + OPENSSL_CNF= + CONTACT_EMAIL= + LOCKFILE= + OCSP_MUST_STAPLE=no + OCSP_FETCH=no + IP_VERSION= + CHAINCACHE= + AUTO_CLEANUP=no + DEHYDRATED_USER= + DEHYDRATED_GROUP= + API=auto + [[ -z /opt/dehydrated/config ]] + [[ -f /opt/dehydrated/config ]] + echo '# INFO: Using main config file /opt/dehydrated/config' # INFO: Using main config file /opt/dehydrated/config ++ dirname /opt/dehydrated/config + BASEDIR=/opt/dehydrated + . /opt/dehydrated/config ++ CHALLENGETYPE=http-01 ++ WELLKNOWN=/srv/http/dehydrated ++ KEYSIZE=4096 ++ PRIVATE_KEY_RENEW=yes ++ KEY_ALGO=rsa + [[ -n '' ]] + [[ -n '' ]] + [[ -n '' ]] + check_dependencies + openssl version + _sed '' + command -v grep + command -v mktemp + command -v diff + set +e ++ awk '{print $2}' ++ curl -V ++ head -n1 + CURL_VERSION=7.58.0 + retcode=0 + set -e + [[ ! 0 = \0 ]] + [[ /opt/dehydrated != \/ ]] + BASEDIR=/opt/dehydrated + [[ -d /opt/dehydrated ]] + [[ -z '' ]] + [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]] + OLDCA=https://acme-v01.api.letsencrypt.org/directory ++ echo https://acme-v02.api.letsencrypt.org/directory ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: + CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo + [[ -z '' ]] + ACCOUNTDIR=/opt/dehydrated/accounts + [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]] + [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]] + ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem + ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json + [[ -f /opt/dehydrated/private_key.pem ]] + [[ -f /opt/dehydrated/private_key.json ]] + [[ -z '' ]] + CERTDIR=/opt/dehydrated/certs + [[ -z '' ]] + CHAINCACHE=/opt/dehydrated/chains + [[ -z '' ]] + DOMAINS_TXT=/opt/dehydrated/domains.txt + [[ -z /srv/http/dehydrated ]] + [[ -z '' ]] + LOCKFILE=/opt/dehydrated/lock + [[ -z '' ]] ++ openssl version -d ++ cut '-d"' -f2 + OPENSSL_CNF=/etc/ssl/openssl.cnf + [[ -n '' ]] + [[ -n '' ]] + [[ -n '' ]] + [[ -n /etc/ssl/reksys ]] + CERTDIR=/etc/ssl/reksys + [[ -n '' ]] + [[ -n secp384r1 ]] + KEY_ALGO=secp384r1 + [[ -n '' ]] + [[ -n '' ]] + '[' '!' '' = noverify ']' + verify_config + [[ http-01 == \h\t\t\p\-\0\1 ]] + [[ http-01 = \d\n\s\-\0\1 ]] + [[ http-01 = \h\t\t\p\-\0\1 ]] + [[ ! -d /srv/http/dehydrated ]] + [[ secp384r1 == \r\s\a ]] + [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]] + [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]] + [[ -n '' ]] + [[ auto == \a\u\t\o ]] + store_configvars + __KEY_ALGO=secp384r1 + __OCSP_MUST_STAPLE=no + __PRIVATE_KEY_RENEW=yes + __KEYSIZE=4096 + __CHALLENGETYPE=http-01 + __HOOK= + __WELLKNOWN=/srv/http/dehydrated + __HOOK_CHAIN=no + __OPENSSL_CNF=/etc/ssl/openssl.cnf + __RENEW_DAYS=30 + __IP_VERSION= + [[ -n /opt/dehydrated/lock ]] ++ dirname /opt/dehydrated/lock + LOCKDIR=/opt/dehydrated + [[ -w /opt/dehydrated ]] + trap remove_lock EXIT ++ http_request get https://acme-v02.api.letsencrypt.org/directory +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-B8Grah +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-aRsALy ++ [[ -n '' ]] ++ set +e ++ [[ get = \h\e\a\d ]] ++ [[ get = \g\e\t ]] +++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -L -s -w '%{http_code}' -o /tmp/dehydrated-B8Grah -D /tmp/dehydrated-aRsALy https://acme-v02.api.letsencrypt.org/directory ++ statuscode=200 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ cat /tmp/dehydrated-aRsALy ++ cat /tmp/dehydrated-B8Grah ++ rm -f /tmp/dehydrated-B8Grah ++ rm -f /tmp/dehydrated-aRsALy + CA_DIRECTORY='{ "7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' + [[ auto = \a\u\t\o ]] + grep -q newOrder + API=2 + [[ 2 -eq 1 ]] ++ printf %s '{ "7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newOrder ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' newOrder ++ filter='s/.*"newOrder": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"newOrder": *"$[^"]*$".*/\1/p' + CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order ++ printf %s '{ "7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newNonce ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' newNonce ++ filter='s/.*"newNonce": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"newNonce": *"$[^"]*$".*/\1/p' + CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce ++ printf %s '{ "7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newAccount ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' newAccount ++ filter='s/.*"newAccount": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"newAccount": *"$[^"]*$".*/\1/p' + CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct ++ printf %s '{ "7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value termsOfService ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' termsOfService ++ filter='s/.*"termsOfService": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"termsOfService": *"$[^"]*$".*/\1/p' + CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf ++ printf %s '{ "7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value revokeCert ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' revokeCert ++ filter='s/.*"revokeCert": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"revokeCert": *"$[^"]*$".*/\1/p' + CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert + CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct + export WELLKNOWN BASEDIR CERTDIR CONFIG COMMAND + register_new_key=no + [[ -n '' ]] + [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]] + openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check ++ hex2bin ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' +++ awk '/publicExponent/ {print $2}' +++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: +++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' +++ cat ++ printf %x 65537 ++ printf -- '\x01\x00\x01' + pubExponent64=AQAB ++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus ++ cut -d= -f2 ++ hex2bin ++ urlbase64 ++ openssl base64 -e +++ cat +++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ tr -d '\n\r' ++ [[ Linux = \L\i\n\u\x ]] +++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: +++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' ++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3' + pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM ++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM ++ openssl dgst -sha256 -binary ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: + thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI + [[ no = \y\e\s ]] + [[ sign_domains = \r\e\g\i\s\t\e\r ]] + [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]] ++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ++ get_json_int_value id ++ local filter +++ printf 's/.*"%s": *$[0-9]*$.*/\\1/p' id ++ filter='s/.*"id": *$[0-9]*$.*/\1/p' ++ sed -n 's/.*"id": *$[0-9]*$.*/\1/p' + ACCOUNT_ID=4935574 + [[ 2 -eq 1 ]] + ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574 + hookscript_bricker_hook + [[ -n '' ]] + [[ -n '' ]] + '[' '!' -d /opt/dehydrated/chains ']' + [[ -n domain.de www.domain.de ]] ++ _mktemp ++ mktemp /tmp/dehydrated-XXXXXX + DOMAINS_TXT=/tmp/dehydrated-qsGIOe + [[ -n '' ]] + printf -- 'domain.de www.domain.de' + ORIGIFS=' ' + IFS=' ' ++ tr -d '\r' ++ awk '{print tolower($0)}' ++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' ++ grep -vE '^(#|$)' + for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true)) + reset_configvars + KEY_ALGO=secp384r1 + OCSP_MUST_STAPLE=no + PRIVATE_KEY_RENEW=yes + KEYSIZE=4096 + CHALLENGETYPE=http-01 + HOOK= + WELLKNOWN=/srv/http/dehydrated + HOOK_CHAIN=no + OPENSSL_CNF=/etc/ssl/openssl.cnf + RENEW_DAYS=30 + IP_VERSION= + IFS=' ' ++ grep -Eo '>[^ ]+' ++ true + alias= ++ _sed -e 's/>[^ ]+[ ]*//g' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/>[^ ]+[ ]*//g' + line='domain.de www.domain.de' ++ grep -Eo '>' ++ awk 'END {print NR}' ++ true + aliascount=0 + '[' 0 -gt 1 ']' ++ printf '%s\n' 'domain.de www.domain.de' ++ cut '-d ' -f1 + domain=domain.de ++ printf '%s\n' 'domain.de www.domain.de' ++ cut -s '-d ' -f2- + morenames=www.domain.de + '[' 0 -lt 1 ']' + alias=domain.de + export alias + [[ -z www.domain.de ]] + echo 'Processing domain.de with alternative names: www.domain.de' Processing domain.de with alternative names: www.domain.de + '[' tb = '*.' ']' + local certdir=/etc/ssl/reksys/domain.de + cert=/etc/ssl/reksys/domain.de/cert.pem + chain=/etc/ssl/reksys/domain.de/chain.pem + force_renew=no ++ date +%s + timestamp=1521107702 + [[ ! -e /etc/ssl/reksys/domain.de ]] + [[ -n '' ]] + certconfig=/etc/ssl/reksys/domain.de/config + '[' -f /etc/ssl/reksys/domain.de/config ']' + verify_config + [[ http-01 == \h\t\t\p\-\0\1 ]] + [[ http-01 = \d\n\s\-\0\1 ]] + [[ http-01 = \h\t\t\p\-\0\1 ]] + [[ ! -d /srv/http/dehydrated ]] + [[ secp384r1 == \r\s\a ]] + [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]] + [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]] + [[ -n '' ]] + [[ 2 == \a\u\t\o ]] + [[ 2 == \1 ]] + [[ 2 == \2 ]] + hookscript_bricker_hook + [[ -n '' ]] + export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER + skip=no + local csr= + [[ -n '' ]] + [[ -e /etc/ssl/reksys/domain.de/cert.pem ]] + printf ' + Checking domain name(s) of existing cert...' + Checking domain name(s) of existing cert...++ openssl x509 -in /etc/ssl/reksys/domain.de/cert.pem -text -noout ++ grep DNS: ++ _sed s/DNS://g ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r s/DNS://g ++ tr , '\n' ++ tr -d ' ' ++ sort -u ++ tr '\n' ' ' ++ _sed 's/ $//' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/ $//' + certnames='domain.de www.domain.de' ++ echo domain.de www.domain.de ++ tr ' ' '\n' ++ sort -u ++ tr '\n' ' ' ++ _sed 's/ $//' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/ $//' ++ _sed 's/^ //' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/^ //' + givennames='domain.de www.domain.de' + [[ domain.de www.domain.de = \t\b\-\i\t\f\.\d\e\ \w\w\w\.\t\b\-\i\t\f\.\d\e ]] + echo ' unchanged.' unchanged. + [[ -e /etc/ssl/reksys/domain.de/cert.pem ]] + echo ' + Checking expire date of existing cert...' + Checking expire date of existing cert... ++ openssl x509 -enddate -noout -in /etc/ssl/reksys/domain.de/cert.pem ++ cut -d= -f2- + valid='Apr 3 22:05:12 2018 GMT' + printf ' + Valid till %s ' 'Apr 3 22:05:12 2018 GMT' + Valid till Apr 3 22:05:12 2018 GMT + openssl x509 -checkend 2592000 -noout -in /etc/ssl/reksys/domain.de/cert.pem Certificate will expire + echo '(Less than 30 days). Renewing!' (Less than 30 days). Renewing! + local update_ocsp + update_ocsp=no + [[ ! no = \y\e\s ]] + update_ocsp=yes + [[ -z '' ]] + [[ '' = \y\e\s ]] + sign_domain /etc/ssl/reksys/domain.de 1521107702 domain.de www.domain.de + local certdir=/etc/ssl/reksys/domain.de + shift + timestamp=1521107702 + shift + domain=domain.de + altnames='domain.de www.domain.de' + export altnames + echo ' + Signing domains...' + Signing domains... + [[ 2 -eq 1 ]] + [[ 2 -eq 2 ]] + [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]] + local privkey=privkey.pem + [[ ! -e /etc/ssl/reksys/domain.de/cert-1521107702.csr ]] + [[ ! -r /etc/ssl/reksys/domain.de/privkey.pem ]] + [[ yes = \y\e\s ]] + echo ' + Generating private key...' + Generating private key... + privkey=privkey-1521107702.pem + case "${KEY_ALGO}" in + _openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521107702.pem + set +e ++ openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521107702.pem + out= + res=0 + set -e + [[ 0 -ne 0 ]] + [[ -r /etc/ssl/reksys/domain.de/privkey.pem ]] + [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]] + [[ ! -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]] + [[ no = \y\e\s ]] + [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]] + echo ' + Generating signing request...' + Generating signing request... + SAN= + for altname in ${altnames} + SAN='DNS:domain.de, ' + for altname in ${altnames} + SAN='DNS:domain.de, DNS:www.domain.de, ' + SAN='DNS:domain.de, DNS:www.domain.de' + local tmp_openssl_cnf ++ _mktemp ++ mktemp /tmp/dehydrated-XXXXXX + tmp_openssl_cnf=/tmp/dehydrated-CcSKF0 + cat /etc/ssl/openssl.cnf + printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.de, DNS:www.domain.de' + '[' no = yes ']' + SUBJ=/CN=domain.de/ + [[ Linux = \M\I\N\G\W ]] + openssl req -new -sha256 -key /etc/ssl/reksys/domain.de/privkey-1521107702.pem -out /etc/ssl/reksys/domain.de/cert-1521107702.csr -subj /CN=domain.de/ -reqexts SAN -config /tmp/dehydrated-CcSKF0 + rm -f /tmp/dehydrated-CcSKF0 + crt_path=/etc/ssl/reksys/domain.de/cert-1521107702.pem + sign_csr '-----BEGIN CERTIFICATE REQUEST----- MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr gQQAIgNiAARY2/Y8cRAXz9KayEaFiY8XJXfBthZ9NSwQF6mUNHyNK6BXYXxiC17y ... I7+jnF+SuKAFQvVl5HRnm1nYK9lGT5nLutqygdHMQNm1FfTbAjAiu5uIbjmn9PYJ jrnCTJ+DC+RVToZ03IuNuXU8eAqVtuFu78LFtKiHEqiPRlAkRzQ= -----END CERTIFICATE REQUEST-----' domain.de www.domain.de + csr='-----BEGIN CERTIFICATE REQUEST----- MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr gQQAIgNiAARY2/Y8cRAXz9KayEaFiY8XJXfBthZ9NSwQF6mUNHyNK6BXYXxiC17y ... I7+jnF+SuKAFQvVl5HRnm1nYK9lGT5nLutqygdHMQNm1FfTbAjAiu5uIbjmn9PYJ jrnCTJ+DC+RVToZ03IuNuXU8eAqVtuFu78LFtKiHEqiPRlAkRzQ= -----END CERTIFICATE REQUEST-----' + : + shift 1 + export 'altnames=domain.de www.domain.de' + altnames='domain.de www.domain.de' + [[ 2 -eq 1 ]] + [[ 2 -eq 2 ]] + [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]] + [[ -n '' ]] + local -a challenge_identifiers challenge_uris challenge_tokens authorizations keyauths deploy_args + [[ 2 -eq 2 ]] + for altname in ${altnames} ++ printf '{"type": "dns", "value": "%s"}, ' domain.de + challenge_identifiers+='{"type": "dns", "value": "domain.de"}, ' + for altname in ${altnames} ++ printf '{"type": "dns", "value": "%s"}, ' www.domain.de + challenge_identifiers+='{"type": "dns", "value": "www.domain.de"}, ' + challenge_identifiers='[{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]' + echo ' + Requesting new certificate order from CA...' + Requesting new certificate order from CA... ++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}' +++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}' +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19 ++ [[ 2 -eq 1 ]] +++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce +++ grep Replay-Nonce: +++ awk -F ': ' '{print $2}' +++ tr -d '\n\r' ++++ _mktemp ++++ mktemp /tmp/dehydrated-XXXXXX +++ tempcont=/tmp/dehydrated-PCKWNe ++++ _mktemp ++++ mktemp /tmp/dehydrated-XXXXXX +++ tempheaders=/tmp/dehydrated-Ur7gmS +++ [[ -n '' ]] +++ set +e +++ [[ head = \h\e\a\d ]] ++++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-PCKWNe https://acme-v02.api.letsencrypt.org/acme/new-nonce -I +++ statuscode=204 +++ touch /tmp/dehydrated-Ur7gmS +++ curlret=0 +++ set -e +++ [[ ! 0 = \0 ]] +++ [[ ! 2 = \2 ]] +++ cat /tmp/dehydrated-Ur7gmS +++ cat /tmp/dehydrated-PCKWNe +++ rm -f /tmp/dehydrated-PCKWNe +++ rm -f /tmp/dehydrated-Ur7gmS ++ nonce=UT2G1O0FxgF7-v6XsqB-GcnIC1WssnoPATviVkSruhw ++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}' ++ [[ 2 -eq 1 ]] ++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]] ++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "UT2G1O0FxgF7-v6XsqB-GcnIC1WssnoPATviVkSruhw"}' +++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "UT2G1O0FxgF7-v6XsqB-GcnIC1WssnoPATviVkSruhw"}' +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ +++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19 +++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ signed64=QBzpQ9dQoIcYzNJCtv9qRofVHNOqrrHiTElFMeobXgoE-ESwMXmkB-DTuxAcW1yRx-KDl7HRafl_iSpCDZgAzrTngUQTcU_Mhk1XtetHGmevWrJhjA0t7TVuSVa7futxErmIymmARYgxaisqXb00CJSBDpaAI_tURIe47qhOmzno_EVqvtmgclpNRbhkLcb3ezVIoV0D2hUTCn5KUChAxp4pbOaivSw02oDWuFwzZ3a7i3vKPnVs6ceks2lKn5KEjpdPgW6QaNMEBn_gQQpD3fgd2YTQGqvipIcZ2ZMVxTySfIOMUlLEhtFLqycm0DwL9bbMZ_Yb7-siIa9U3MBmYGW3KYDf3UtVJx15hibIR7OtLJCG1GoVaw3JYnew47xfvYEbiOpyxkZUoBg7z8VqxSy48p3Z8WBDZHICnPig0S6rzapGcL0-EPLUVUtcjnZicL1hauCFCXHYRF0waX-sJa2oWYyZyDF4v-8m5vQSwxscCr8aQeTgytMmp_rHWeICM6TglQZJQbkgbRsDjIIdqk49BqPBJ-lN5wuuClANJs9zF8vZMXwGU6bGH5yapJuYMT8YKJuXzt7oiwClp5P9zufPY3713cYG-L0E7_lFCHs6f4ab9_j1pTJ9sFFlAhUozdN3Q73Jmgu7pPNy3xW2khDfx3GIU4sNa9v60AE4RhY ++ [[ 2 -eq 1 ]] ++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "QBzpQ9dQoIcYzNJCtv9qRofVHNOqrrHiTElFMeobXgoE-ESwMXmkB-DTuxAcW1yRx-KDl7HRafl_iSpCDZgAzrTngUQTcU_Mhk1XtetHGmevWrJhjA0t7TVuSVa7futxErmIymmARYgxaisqXb00CJSBDpaAI_tURIe47qhOmzno_EVqvtmgclpNRbhkLcb3ezVIoV0D2hUTCn5KUChAxp4pbOaivSw02oDWuFwzZ3a7i3vKPnVs6ceks2lKn5KEjpdPgW6QaNMEBn_gQQpD3fgd2YTQGqvipIcZ2ZMVxTySfIOMUlLEhtFLqycm0DwL9bbMZ_Yb7-siIa9U3MBmYGW3KYDf3UtVJx15hibIR7OtLJCG1GoVaw3JYnew47xfvYEbiOpyxkZUoBg7z8VqxSy48p3Z8WBDZHICnPig0S6rzapGcL0-EPLUVUtcjnZicL1hauCFCXHYRF0waX-sJa2oWYyZyDF4v-8m5vQSwxscCr8aQeTgytMmp_rHWeICM6TglQZJQbkgbRsDjIIdqk49BqPBJ-lN5wuuClANJs9zF8vZMXwGU6bGH5yapJuYMT8YKJuXzt7oiwClp5P9zufPY3713cYG-L0E7_lFCHs6f4ab9_j1pTJ9sFFlAhUozdN3Q73Jmgu7pPNy3xW2khDfx3GIU4sNa9v60AE4RhY"}' ++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "QBzpQ9dQoIcYzNJCtv9qRofVHNOqrrHiTElFMeobXgoE-ESwMXmkB-DTuxAcW1yRx-KDl7HRafl_iSpCDZgAzrTngUQTcU_Mhk1XtetHGmevWrJhjA0t7TVuSVa7futxErmIymmARYgxaisqXb00CJSBDpaAI_tURIe47qhOmzno_EVqvtmgclpNRbhkLcb3ezVIoV0D2hUTCn5KUChAxp4pbOaivSw02oDWuFwzZ3a7i3vKPnVs6ceks2lKn5KEjpdPgW6QaNMEBn_gQQpD3fgd2YTQGqvipIcZ2ZMVxTySfIOMUlLEhtFLqycm0DwL9bbMZ_Yb7-siIa9U3MBmYGW3KYDf3UtVJx15hibIR7OtLJCG1GoVaw3JYnew47xfvYEbiOpyxkZUoBg7z8VqxSy48p3Z8WBDZHICnPig0S6rzapGcL0-EPLUVUtcjnZicL1hauCFCXHYRF0waX-sJa2oWYyZyDF4v-8m5vQSwxscCr8aQeTgytMmp_rHWeICM6TglQZJQbkgbRsDjIIdqk49BqPBJ-lN5wuuClANJs9zF8vZMXwGU6bGH5yapJuYMT8YKJuXzt7oiwClp5P9zufPY3713cYG-L0E7_lFCHs6f4ab9_j1pTJ9sFFlAhUozdN3Q73Jmgu7pPNy3xW2khDfx3GIU4sNa9v60AE4RhY"}' +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-Qn0Nu7 +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-kMe0wM ++ [[ -n '' ]] ++ set +e ++ [[ post = \h\e\a\d ]] ++ [[ post = \g\e\t ]] ++ [[ post = \p\o\s\t ]] +++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-Qn0Nu7 https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-kMe0wM -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "QBzpQ9dQoIcYzNJCtv9qRofVHNOqrrHiTElFMeobXgoE-ESwMXmkB-DTuxAcW1yRx-KDl7HRafl_iSpCDZgAzrTngUQTcU_Mhk1XtetHGmevWrJhjA0t7TVuSVa7futxErmIymmARYgxaisqXb00CJSBDpaAI_tURIe47qhOmzno_EVqvtmgclpNRbhkLcb3ezVIoV0D2hUTCn5KUChAxp4pbOaivSw02oDWuFwzZ3a7i3vKPnVs6ceks2lKn5KEjpdPgW6QaNMEBn_gQQpD3fgd2YTQGqvipIcZ2ZMVxTySfIOMUlLEhtFLqycm0DwL9bbMZ_Yb7-siIa9U3MBmYGW3KYDf3UtVJx15hibIR7OtLJCG1GoVaw3JYnew47xfvYEbiOpyxkZUoBg7z8VqxSy48p3Z8WBDZHICnPig0S6rzapGcL0-EPLUVUtcjnZicL1hauCFCXHYRF0waX-sJa2oWYyZyDF4v-8m5vQSwxscCr8aQeTgytMmp_rHWeICM6TglQZJQbkgbRsDjIIdqk49BqPBJ-lN5wuuClANJs9zF8vZMXwGU6bGH5yapJuYMT8YKJuXzt7oiwClp5P9zufPY3713cYG-L0E7_lFCHs6f4ab9_j1pTJ9sFFlAhUozdN3Q73Jmgu7pPNy3xW2khDfx3GIU4sNa9v60AE4RhY"}' ++ statuscode=201 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ cat /tmp/dehydrated-kMe0wM cat: Schreibfehler: Datenübergabe unterbrochen (broken pipe) + result= + remove_lock + rm -f /opt/dehydrated/lock

echo "checking pipe 4" >&2 if { true >&4; } 2>/dev/null; then echo "using pipe 4" >&2 cat "${tempheaders}" >&4 fi echo "getting curl output" >&2 cat "${tempcont}" echo "deleting temp files" >&2 rm -f "${tempcont}" rm -f "${tempheaders}"

Here's the version output:

# ./dehydrated --version
# INFO: Using main config file /opt/dehydrated/config
Dehydrated by Lukas Schauer
https://dehydrated.de

Dehydrated version: git-master-after-0.6.1
GIT-Revision: b93eac389395c8228be48999bf51c9f45e775a88

OS: Arch Linux
Used software:
 bash: 4.4.19(1)-release
 curl: curl 7.58.0
 awk: GNU Awk 4.2.1, API: 2.0 (GNU MPFR 4.0.1, GNU MP 6.1.2)
 sed: sed (GNU sed) 4.4
 mktemp: mktemp (GNU coreutils) 8.29
 grep: grep (GNU grep) 3.1
 diff: diff (GNU diffutils) 3.6
 openssl: OpenSSL 1.1.0g  2 Nov 2017

And here's the output including your Debug Code:

+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ VERSION=git-master-after-0.6.1
+ SOURCE=/opt/dehydrated/dehydrated
+ '[' -h /opt/dehydrated/dehydrated ']'
+++ dirname /opt/dehydrated/dehydrated
++ cd -P /opt/dehydrated
++ pwd
+ SCRIPTDIR=/opt/dehydrated
+ BASEDIR=/opt/dehydrated
+ ORIGARGS='-c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de
+ COMMAND=
+ [[ -z -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de ]]
+ ((  9  ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ ((  8  ))
+ case "${1}" in
+ shift 1
+ check_parameters /etc/ssl/reksys
+ [[ -z /etc/ssl/reksys ]]
+ [[ / = \- ]]
+ PARAM_CERTDIR=/etc/ssl/reksys
+ shift 1
+ ((  6  ))
+ case "${1}" in
+ shift 1
+ check_parameters secp384r1
+ [[ -z secp384r1 ]]
+ [[ s = \- ]]
+ PARAM_KEY_ALGO=secp384r1
+ shift 1
+ ((  4  ))
+ case "${1}" in
+ shift 1
+ check_parameters domain.de
+ [[ -z domain.de ]]
+ [[ t = \- ]]
+ [[ -z '' ]]
+ PARAM_DOMAIN=domain.de
+ shift 1
+ ((  2  ))
+ case "${1}" in
+ shift 1
+ check_parameters www.domain.de
+ [[ -z www.domain.de ]]
+ [[ w = \- ]]
+ [[ -z domain.de ]]
+ PARAM_DOMAIN='domain.de www.domain.de'
+ shift 1
+ ((  0  ))
+ case "${COMMAND}" in
+ command_sign_domains
+ init_system
+ load_config
+ [[ -z '' ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /usr/local/etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/reksys/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/dehydrated/config ]]
+ BASEDIR=/opt/dehydrated
+ CONFIG=/opt/dehydrated/config
+ break
+ CA=https://acme-v02.api.letsencrypt.org/directory
+ OLDCA=
+ CERTDIR=
+ ACCOUNTDIR=
+ CHALLENGETYPE=http-01
+ CONFIG_D=
+ CURL_OPTS=
+ DOMAINS_D=
+ DOMAINS_TXT=
+ HOOK=
+ HOOK_CHAIN=no
+ RENEW_DAYS=30
+ KEYSIZE=4096
+ WELLKNOWN=
+ PRIVATE_KEY_RENEW=yes
+ PRIVATE_KEY_ROLLOVER=no
+ KEY_ALGO=rsa
+ OPENSSL=openssl
+ OPENSSL_CNF=
+ CONTACT_EMAIL=
+ LOCKFILE=
+ OCSP_MUST_STAPLE=no
+ OCSP_FETCH=no
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP=no
+ DEHYDRATED_USER=
+ DEHYDRATED_GROUP=
+ API=auto
+ [[ -z /opt/dehydrated/config ]]
+ [[ -f /opt/dehydrated/config ]]
+ echo '# INFO: Using main config file /opt/dehydrated/config'
# INFO: Using main config file /opt/dehydrated/config
++ dirname /opt/dehydrated/config
+ BASEDIR=/opt/dehydrated
+ . /opt/dehydrated/config
++ CHALLENGETYPE=http-01
++ WELLKNOWN=/srv/http/dehydrated
++ KEYSIZE=4096
++ PRIVATE_KEY_RENEW=yes
++ KEY_ALGO=rsa
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ check_dependencies
+ openssl version
+ _sed ''
+ command -v grep
+ command -v mktemp
+ command -v diff
+ set +e
++ awk '{print $2}'
++ head -n1
++ curl -V
+ CURL_VERSION=7.58.0
+ retcode=0
+ set -e
+ [[ ! 0 = \0 ]]
+ [[ /opt/dehydrated != \/ ]]
+ BASEDIR=/opt/dehydrated
+ [[ -d /opt/dehydrated ]]
+ [[ -z '' ]]
+ [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]]
+ OLDCA=https://acme-v01.api.letsencrypt.org/directory
++ echo https://acme-v02.api.letsencrypt.org/directory
++ urlbase64
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ tr -d '\n\r'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ openssl base64 -e
+ CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo
+ [[ -z '' ]]
+ ACCOUNTDIR=/opt/dehydrated/accounts
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]]
+ [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]]
+ ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+ ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
+ [[ -f /opt/dehydrated/private_key.pem ]]
+ [[ -f /opt/dehydrated/private_key.json ]]
+ [[ -z '' ]]
+ CERTDIR=/opt/dehydrated/certs
+ [[ -z '' ]]
+ CHAINCACHE=/opt/dehydrated/chains
+ [[ -z '' ]]
+ DOMAINS_TXT=/opt/dehydrated/domains.txt
+ [[ -z /srv/http/dehydrated ]]
+ [[ -z '' ]]
+ LOCKFILE=/opt/dehydrated/lock
+ [[ -z '' ]]
++ cut '-d"' -f2
++ openssl version -d
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n /etc/ssl/reksys ]]
+ CERTDIR=/etc/ssl/reksys
+ [[ -n '' ]]
+ [[ -n secp384r1 ]]
+ KEY_ALGO=secp384r1
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' '' = noverify ']'
+ verify_config
+ [[ http-01 == \h\t\t\p\-\0\1 ]]
+ [[ http-01 = \d\n\s\-\0\1 ]]
+ [[ http-01 = \h\t\t\p\-\0\1 ]]
+ [[ ! -d /srv/http/dehydrated ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ auto == \a\u\t\o ]]
+ store_configvars
+ __KEY_ALGO=secp384r1
+ __OCSP_MUST_STAPLE=no
+ __PRIVATE_KEY_RENEW=yes
+ __KEYSIZE=4096
+ __CHALLENGETYPE=http-01
+ __HOOK=
+ __WELLKNOWN=/srv/http/dehydrated
+ __HOOK_CHAIN=no
+ __OPENSSL_CNF=/etc/ssl/openssl.cnf
+ __RENEW_DAYS=30
+ __IP_VERSION=
+ [[ -n /opt/dehydrated/lock ]]
++ dirname /opt/dehydrated/lock
+ LOCKDIR=/opt/dehydrated
+ [[ -w /opt/dehydrated ]]
+ trap remove_lock EXIT
++ http_request get https://acme-v02.api.letsencrypt.org/directory
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-KiC0gb
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-exvjsg
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -L -s -w '%{http_code}' -o /tmp/dehydrated-KiC0gb -D /tmp/dehydrated-exvjsg https://acme-v02.api.letsencrypt.org/directory
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ echo 'checking pipe 4'
checking pipe 4
++ echo 'using pipe 4'
using pipe 4
++ cat /tmp/dehydrated-exvjsg
++ echo 'getting curl output'
getting curl output
++ cat /tmp/dehydrated-KiC0gb
++ echo 'deleting temp files'
deleting temp files
++ rm -f /tmp/dehydrated-KiC0gb
++ rm -f /tmp/dehydrated-exvjsg
+ CA_DIRECTORY='{
  "CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
+ [[ auto = \a\u\t\o ]]
+ grep -q newOrder
+ API=2
+ [[ 2 -eq 1 ]]
++ printf %s '{
  "CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
++ get_json_string_value newOrder
}'
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newOrder
++ filter='s/.*"newOrder": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newOrder": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order
++ printf %s '{
  "CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newNonce
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newNonce
++ filter='s/.*"newNonce": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newNonce": *"\([^"]*\)".*/\1/p'
+ CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce
++ printf %s '{
  "CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newAccount
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newAccount
++ filter='s/.*"newAccount": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newAccount": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct
++ printf %s '{
  "CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value termsOfService
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' termsOfService
++ filter='s/.*"termsOfService": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"termsOfService": *"\([^"]*\)".*/\1/p'
+ CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
++ printf %s '{
  "CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value revokeCert
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' revokeCert
++ filter='s/.*"revokeCert": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"revokeCert": *"\([^"]*\)".*/\1/p'
+ CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert
+ CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct
+ export WELLKNOWN BASEDIR CERTDIR CONFIG COMMAND
+ register_new_key=no
+ [[ -n '' ]]
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]]
+ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check
++ hex2bin
++ urlbase64
+++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text
++ openssl base64 -e
+++ cat
++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ awk '/publicExponent/ {print $2}'
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ tr -d '\n\r'
++ [[ Linux = \L\i\n\u\x ]]
+++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf %x 65537
++ printf -- '\x01\x00\x01'
+ pubExponent64=AQAB
++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus
++ cut -d= -f2
++ urlbase64
++ hex2bin
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ cat
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3'
+ pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ urlbase64
++ openssl dgst -sha256 -binary
++ openssl base64 -e
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ tr -d '\n\r'
+ thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ [[ no = \y\e\s ]]
+ [[ sign_domains = \r\e\g\i\s\t\e\r ]]
+ [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]]
++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
++ get_json_int_value id
++ local filter
+++ printf 's/.*"%s": *\([0-9]*\).*/\\1/p' id
++ filter='s/.*"id": *\([0-9]*\).*/\1/p'
++ sed -n 's/.*"id": *\([0-9]*\).*/\1/p'
+ ACCOUNT_ID=4935574
+ [[ 2 -eq 1 ]]
+ ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574
+ hookscript_bricker_hook
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' -d /opt/dehydrated/chains ']'
+ [[ -n domain.de www.domain.de ]]
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ DOMAINS_TXT=/tmp/dehydrated-1e049T
+ [[ -n '' ]]
+ printf -- 'domain.de www.domain.de'
+ ORIGIFS='     
'
+ IFS='
'
++ tr -d '\r'
++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ grep -vE '^(#|$)'
++ awk '{print tolower($0)}'
+ for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true))
+ reset_configvars
+ KEY_ALGO=secp384r1
+ OCSP_MUST_STAPLE=no
+ PRIVATE_KEY_RENEW=yes
+ KEYSIZE=4096
+ CHALLENGETYPE=http-01
+ HOOK=
+ WELLKNOWN=/srv/http/dehydrated
+ HOOK_CHAIN=no
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ RENEW_DAYS=30
+ IP_VERSION=
+ IFS='     
'
++ grep -Eo '>[^ ]+'
++ true
+ alias=
++ _sed -e 's/>[^ ]+[ ]*//g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/>[^ ]+[ ]*//g'
+ line='domain.de www.domain.de'
++ grep -Eo '>'
++ awk 'END {print NR}'
++ true
+ aliascount=0
+ '[' 0 -gt 1 ']'
++ printf '%s\n' 'domain.de www.domain.de'
++ cut '-d ' -f1
+ domain=domain.de
++ printf '%s\n' 'domain.de www.domain.de'
++ cut -s '-d ' -f2-
+ morenames=www.domain.de
+ '[' 0 -lt 1 ']'
+ alias=domain.de
+ export alias
+ [[ -z www.domain.de ]]
+ echo 'Processing domain.de with alternative names: www.domain.de'
Processing domain.de with alternative names: www.domain.de
+ '[' tb = '*.' ']'
+ local certdir=/etc/ssl/reksys/domain.de
+ cert=/etc/ssl/reksys/domain.de/cert.pem
+ chain=/etc/ssl/reksys/domain.de/chain.pem
+ force_renew=no
++ date +%s
+ timestamp=1521110104
+ [[ ! -e /etc/ssl/reksys/domain.de ]]
+ [[ -n '' ]]
+ certconfig=/etc/ssl/reksys/domain.de/config
+ '[' -f /etc/ssl/reksys/domain.de/config ']'
+ verify_config
+ [[ http-01 == \h\t\t\p\-\0\1 ]]
+ [[ http-01 = \d\n\s\-\0\1 ]]
+ [[ http-01 = \h\t\t\p\-\0\1 ]]
+ [[ ! -d /srv/http/dehydrated ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ 2 == \a\u\t\o ]]
+ [[ 2 == \1 ]]
+ [[ 2 == \2 ]]
+ hookscript_bricker_hook
+ [[ -n '' ]]
+ export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER
+ skip=no
+ local csr=
+ [[ -n '' ]]
+ [[ -e /etc/ssl/reksys/domain.de/cert.pem ]]
+ printf ' + Checking domain name(s) of existing cert...'
 + Checking domain name(s) of existing cert...++ openssl x509 -in /etc/ssl/reksys/domain.de/cert.pem -text -noout
++ grep DNS:
++ _sed s/DNS://g
++ tr -d ' '
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r s/DNS://g
++ tr , '\n'
++ tr '\n' ' '
++ sort -u
++ _sed 's/ $//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/ $//'
+ certnames='domain.de www.domain.de'
++ echo domain.de www.domain.de
++ tr ' ' '\n'
++ sort -u
++ tr '\n' ' '
++ _sed 's/ $//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/ $//'
++ _sed 's/^ //'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/^ //'
+ givennames='domain.de www.domain.de'
+ [[ domain.de www.domain.de = \t\b\-\i\t\f\.\d\e\ \w\w\w\.\t\b\-\i\t\f\.\d\e ]]
+ echo ' unchanged.'
 unchanged.
+ [[ -e /etc/ssl/reksys/domain.de/cert.pem ]]
+ echo ' + Checking expire date of existing cert...'
 + Checking expire date of existing cert...
++ openssl x509 -enddate -noout -in /etc/ssl/reksys/domain.de/cert.pem
++ cut -d= -f2-
+ valid='Apr  3 22:05:12 2018 GMT'
+ printf ' + Valid till %s ' 'Apr  3 22:05:12 2018 GMT'
 + Valid till Apr  3 22:05:12 2018 GMT + openssl x509 -checkend 2592000 -noout -in /etc/ssl/reksys/domain.de/cert.pem
Certificate will expire
+ echo '(Less than 30 days). Renewing!'
(Less than 30 days). Renewing!
+ local update_ocsp
+ update_ocsp=no
+ [[ ! no = \y\e\s ]]
+ update_ocsp=yes
+ [[ -z '' ]]
+ [[ '' = \y\e\s ]]
+ sign_domain /etc/ssl/reksys/domain.de 1521110104 domain.de www.domain.de
+ local certdir=/etc/ssl/reksys/domain.de
+ shift
+ timestamp=1521110104
+ shift
+ domain=domain.de
+ altnames='domain.de www.domain.de'
+ export altnames
+ echo ' + Signing domains...'
 + Signing domains...
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ local privkey=privkey.pem
+ [[ ! -e /etc/ssl/reksys/domain.de/cert-1521110104.csr ]]
+ [[ ! -r /etc/ssl/reksys/domain.de/privkey.pem ]]
+ [[ yes = \y\e\s ]]
+ echo ' + Generating private key...'
 + Generating private key...
+ privkey=privkey-1521110104.pem
+ case "${KEY_ALGO}" in
+ _openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521110104.pem
+ set +e
++ openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521110104.pem
+ out=
+ res=0
+ set -e
+ [[ 0 -ne 0 ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.pem ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ [[ ! -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ [[ no = \y\e\s ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ echo ' + Generating signing request...'
 + Generating signing request...
+ SAN=
+ for altname in ${altnames}
+ SAN='DNS:domain.de, '
+ for altname in ${altnames}
+ SAN='DNS:domain.de, DNS:www.domain.de, '
+ SAN='DNS:domain.de, DNS:www.domain.de'
+ local tmp_openssl_cnf
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ tmp_openssl_cnf=/tmp/dehydrated-cLPxsl
+ cat /etc/ssl/openssl.cnf
+ printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.de, DNS:www.domain.de'
+ '[' no = yes ']'
+ SUBJ=/CN=domain.de/
+ [[ Linux = \M\I\N\G\W ]]
+ openssl req -new -sha256 -key /etc/ssl/reksys/domain.de/privkey-1521110104.pem -out /etc/ssl/reksys/domain.de/cert-1521110104.csr -subj /CN=domain.de/ -reqexts SAN -config /tmp/dehydrated-cLPxsl
+ rm -f /tmp/dehydrated-cLPxsl
+ crt_path=/etc/ssl/reksys/domain.de/cert-1521110104.pem
+ sign_csr '-----BEGIN CERTIFICATE REQUEST-----
MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAAQS1Nm9UE4byVuXzn6tec6aoarTyHe9lQmWH2A9uGW7z8oN25D7G2A4
...
0Lf3LaJc1FG6WcUEHhlhpOU1A+F+wzfiefkO0SLVvj1aEkeVAjBAdHpFotmL8u0Q
QKyysfUpz8bxGgA2tY98GSrL7vSyrqX4pGKv6sdqNl+RuyAIc/M=
-----END CERTIFICATE REQUEST-----' domain.de www.domain.de
+ csr='-----BEGIN CERTIFICATE REQUEST-----
MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAAQS1Nm9UE4byVuXzn6tec6aoarTyHe9lQmWH2A9uGW7z8oN25D7G2A4
...
0Lf3LaJc1FG6WcUEHhlhpOU1A+F+wzfiefkO0SLVvj1aEkeVAjBAdHpFotmL8u0Q
QKyysfUpz8bxGgA2tY98GSrL7vSyrqX4pGKv6sdqNl+RuyAIc/M=
-----END CERTIFICATE REQUEST-----'
+ :
+ shift 1
+ export 'altnames=domain.de www.domain.de'
+ altnames='domain.de www.domain.de'
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ [[ -n '' ]]
+ local -a challenge_identifiers challenge_uris challenge_tokens authorizations keyauths deploy_args
+ [[ 2 -eq 2 ]]
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' domain.de
+ challenge_identifiers+='{"type": "dns", "value": "domain.de"}, '
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' www.domain.de
+ challenge_identifiers+='{"type": "dns", "value": "www.domain.de"}, '
+ challenge_identifiers='[{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]'
+ echo ' + Requesting new certificate order from CA...'
 + Requesting new certificate order from CA...
++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}'
+++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}'
+++ urlbase64
+++ openssl base64 -e
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ tr -d '\n\r'
++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19
++ [[ 2 -eq 1 ]]
+++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce
+++ awk -F ': ' '{print $2}'
+++ tr -d '\n\r'
+++ grep Replay-Nonce:
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempcont=/tmp/dehydrated-G0Ruem
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempheaders=/tmp/dehydrated-MG8i31
+++ [[ -n '' ]]
+++ set +e
+++ [[ head = \h\e\a\d ]]
++++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-G0Ruem https://acme-v02.api.letsencrypt.org/acme/new-nonce -I
+++ statuscode=204
+++ touch /tmp/dehydrated-MG8i31
+++ curlret=0
+++ set -e
+++ [[ ! 0 = \0 ]]
+++ [[ ! 2 = \2 ]]
+++ echo 'checking pipe 4'
checking pipe 4
+++ echo 'using pipe 4'
using pipe 4
+++ cat /tmp/dehydrated-MG8i31
+++ echo 'getting curl output'
getting curl output
+++ cat /tmp/dehydrated-G0Ruem
+++ echo 'deleting temp files'
deleting temp files
+++ rm -f /tmp/dehydrated-G0Ruem
+++ rm -f /tmp/dehydrated-MG8i31
++ nonce=7THrq5H6UPDCLVzRxJqfgMQ-Nvb7mMSMj6ctDrSFl08
++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}'
++ [[ 2 -eq 1 ]]
++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]]
++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "7THrq5H6UPDCLVzRxJqfgMQ-Nvb7mMSMj6ctDrSFl08"}'
+++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "7THrq5H6UPDCLVzRxJqfgMQ-Nvb7mMSMj6ctDrSFl08"}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ
+++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19
+++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+++ urlbase64
+++ openssl base64 -e
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ tr -d '\n\r'
++ signed64=aJWcBpn2kjTLpODS5vGr-1MPCS05LTfydmWyzzeTLaj6WpQMk3DwYeTXSJ8XF-HfvlO45MDVwih745e26bwXf9Czne1MkPH3eCAfHp6D-DFdgaL2WxDJSs7EXP0Oix7Hsm1_fZEYlPEMciWh17s_RkmrXJX2ge_JX0HsrOCzEtYllK-ZEtTlEr_jbcOp-hd6dGOQw4lU7NLHIZ9lpNrXUlYCCSLSmMa7oJ0WHmJ1KjpwKbz5SycTU4PrbRmtXmaehYm7IU-0X1ISM55tkz3_wVsA_LJSe4q8gR0cSUBOPNmcS1YC0JPzkuIgGZxRfwlZKG5GJGVXMlGZAKou3g-HUM7DdbP28gS0MXvVcPUrQnT-u5UyeBbbja4cXZ-Qd9-8Jvyq3vph0395dUTqm0xlpSg0iDTaxjGch1puM9k9ek8xnu7A-E_HJpNepzlvUWNry4YOBkXOi641Da_fTGToB58N7HVWErgmZUtRjT6J7UQkb8_fv4-em9jsUQSbHgThcLfqm839v2NoiBaOMhxBkeSXB8Wa1wyVLX12Gh4sOniaJFAfdRblnLVyCDrKahJBI622AzOD4FCD04kh2hdnF1LWfWc3Vf9_6QqfT0YpBbQglEWo7KVOZa1p4C_ribSWAY0AkLOTWsaiE-7M2PQTYLpxc-axNtD9cRvYcpEK-Hg
++ [[ 2 -eq 1 ]]
++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "aJWcBpn2kjTLpODS5vGr-1MPCS05LTfydmWyzzeTLaj6WpQMk3DwYeTXSJ8XF-HfvlO45MDVwih745e26bwXf9Czne1MkPH3eCAfHp6D-DFdgaL2WxDJSs7EXP0Oix7Hsm1_fZEYlPEMciWh17s_RkmrXJX2ge_JX0HsrOCzEtYllK-ZEtTlEr_jbcOp-hd6dGOQw4lU7NLHIZ9lpNrXUlYCCSLSmMa7oJ0WHmJ1KjpwKbz5SycTU4PrbRmtXmaehYm7IU-0X1ISM55tkz3_wVsA_LJSe4q8gR0cSUBOPNmcS1YC0JPzkuIgGZxRfwlZKG5GJGVXMlGZAKou3g-HUM7DdbP28gS0MXvVcPUrQnT-u5UyeBbbja4cXZ-Qd9-8Jvyq3vph0395dUTqm0xlpSg0iDTaxjGch1puM9k9ek8xnu7A-E_HJpNepzlvUWNry4YOBkXOi641Da_fTGToB58N7HVWErgmZUtRjT6J7UQkb8_fv4-em9jsUQSbHgThcLfqm839v2NoiBaOMhxBkeSXB8Wa1wyVLX12Gh4sOniaJFAfdRblnLVyCDrKahJBI622AzOD4FCD04kh2hdnF1LWfWc3Vf9_6QqfT0YpBbQglEWo7KVOZa1p4C_ribSWAY0AkLOTWsaiE-7M2PQTYLpxc-axNtD9cRvYcpEK-Hg"}'
++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "aJWcBpn2kjTLpODS5vGr-1MPCS05LTfydmWyzzeTLaj6WpQMk3DwYeTXSJ8XF-HfvlO45MDVwih745e26bwXf9Czne1MkPH3eCAfHp6D-DFdgaL2WxDJSs7EXP0Oix7Hsm1_fZEYlPEMciWh17s_RkmrXJX2ge_JX0HsrOCzEtYllK-ZEtTlEr_jbcOp-hd6dGOQw4lU7NLHIZ9lpNrXUlYCCSLSmMa7oJ0WHmJ1KjpwKbz5SycTU4PrbRmtXmaehYm7IU-0X1ISM55tkz3_wVsA_LJSe4q8gR0cSUBOPNmcS1YC0JPzkuIgGZxRfwlZKG5GJGVXMlGZAKou3g-HUM7DdbP28gS0MXvVcPUrQnT-u5UyeBbbja4cXZ-Qd9-8Jvyq3vph0395dUTqm0xlpSg0iDTaxjGch1puM9k9ek8xnu7A-E_HJpNepzlvUWNry4YOBkXOi641Da_fTGToB58N7HVWErgmZUtRjT6J7UQkb8_fv4-em9jsUQSbHgThcLfqm839v2NoiBaOMhxBkeSXB8Wa1wyVLX12Gh4sOniaJFAfdRblnLVyCDrKahJBI622AzOD4FCD04kh2hdnF1LWfWc3Vf9_6QqfT0YpBbQglEWo7KVOZa1p4C_ribSWAY0AkLOTWsaiE-7M2PQTYLpxc-axNtD9cRvYcpEK-Hg"}'
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-enUC9f
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-cD2Yk0
++ [[ -n '' ]]
++ set +e
++ [[ post = \h\e\a\d ]]
++ [[ post = \g\e\t ]]
++ [[ post = \p\o\s\t ]]
+++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-enUC9f https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-cD2Yk0 -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "aJWcBpn2kjTLpODS5vGr-1MPCS05LTfydmWyzzeTLaj6WpQMk3DwYeTXSJ8XF-HfvlO45MDVwih745e26bwXf9Czne1MkPH3eCAfHp6D-DFdgaL2WxDJSs7EXP0Oix7Hsm1_fZEYlPEMciWh17s_RkmrXJX2ge_JX0HsrOCzEtYllK-ZEtTlEr_jbcOp-hd6dGOQw4lU7NLHIZ9lpNrXUlYCCSLSmMa7oJ0WHmJ1KjpwKbz5SycTU4PrbRmtXmaehYm7IU-0X1ISM55tkz3_wVsA_LJSe4q8gR0cSUBOPNmcS1YC0JPzkuIgGZxRfwlZKG5GJGVXMlGZAKou3g-HUM7DdbP28gS0MXvVcPUrQnT-u5UyeBbbja4cXZ-Qd9-8Jvyq3vph0395dUTqm0xlpSg0iDTaxjGch1puM9k9ek8xnu7A-E_HJpNepzlvUWNry4YOBkXOi641Da_fTGToB58N7HVWErgmZUtRjT6J7UQkb8_fv4-em9jsUQSbHgThcLfqm839v2NoiBaOMhxBkeSXB8Wa1wyVLX12Gh4sOniaJFAfdRblnLVyCDrKahJBI622AzOD4FCD04kh2hdnF1LWfWc3Vf9_6QqfT0YpBbQglEWo7KVOZa1p4C_ribSWAY0AkLOTWsaiE-7M2PQTYLpxc-axNtD9cRvYcpEK-Hg"}'
++ statuscode=201
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ echo 'checking pipe 4'
checking pipe 4
++ echo 'using pipe 4'
using pipe 4
++ cat /tmp/dehydrated-cD2Yk0
cat: Schreibfehler: Datenübergabe unterbrochen (broken pipe)
+ result=
+ remove_lock
+ rm -f /opt/dehydrated/lock

#!/usr/bin/env bash # dehydrated by lukas2511 # Source: https://dehydrated.de # # This script is licensed under The MIT License (see LICENSE for more information). { true >&4; } 2>/dev/null || true set -e set -u set -o pipefail [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f

+ set -e + set -u + set -o pipefail + [[ -n '' ]] + [[ -z '' ]] + shopt -s nullglob + set -f + umask 077 + VERSION=git-master-after-0.6.1 + SOURCE=/opt/dehydrated/dehydrated + '[' -h /opt/dehydrated/dehydrated ']' +++ dirname /opt/dehydrated/dehydrated ++ cd -P /opt/dehydrated ++ pwd + SCRIPTDIR=/opt/dehydrated + BASEDIR=/opt/dehydrated + ORIGARGS='-c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de' ++ uname + OSTYPE=Linux + [[ ! '' = \N\O\O\P ]] + main -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de + COMMAND= + [[ -z -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de ]] + (( 9 )) + case "${1}" in + set_command sign_domains + [[ -z '' ]] + COMMAND=sign_domains + shift 1 + (( 8 )) + case "${1}" in + shift 1 + check_parameters /etc/ssl/reksys + [[ -z /etc/ssl/reksys ]] + [[ / = \- ]] + PARAM_CERTDIR=/etc/ssl/reksys + shift 1 + (( 6 )) + case "${1}" in + shift 1 + check_parameters secp384r1 + [[ -z secp384r1 ]] + [[ s = \- ]] + PARAM_KEY_ALGO=secp384r1 + shift 1 + (( 4 )) + case "${1}" in + shift 1 + check_parameters domain.de + [[ -z domain.de ]] + [[ t = \- ]] + [[ -z '' ]] + PARAM_DOMAIN=domain.de + shift 1 + (( 2 )) + case "${1}" in + shift 1 + check_parameters www.domain.de + [[ -z www.domain.de ]] + [[ w = \- ]] + [[ -z domain.de ]] + PARAM_DOMAIN='domain.de www.domain.de' + shift 1 + (( 0 )) + case "${COMMAND}" in + command_sign_domains + init_system + load_config + [[ -z '' ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /etc/dehydrated/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /usr/local/etc/dehydrated/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /opt/reksys/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /opt/dehydrated/config ]] + BASEDIR=/opt/dehydrated + CONFIG=/opt/dehydrated/config + break + CA=https://acme-v02.api.letsencrypt.org/directory + OLDCA= + CERTDIR= + ACCOUNTDIR= + CHALLENGETYPE=http-01 + CONFIG_D= + CURL_OPTS= + DOMAINS_D= + DOMAINS_TXT= + HOOK= + HOOK_CHAIN=no + RENEW_DAYS=30 + KEYSIZE=4096 + WELLKNOWN= + PRIVATE_KEY_RENEW=yes + PRIVATE_KEY_ROLLOVER=no + KEY_ALGO=rsa + OPENSSL=openssl + OPENSSL_CNF= + CONTACT_EMAIL= + LOCKFILE= + OCSP_MUST_STAPLE=no + OCSP_FETCH=no + IP_VERSION= + CHAINCACHE= + AUTO_CLEANUP=no + DEHYDRATED_USER= + DEHYDRATED_GROUP= + API=auto + [[ -z /opt/dehydrated/config ]] + [[ -f /opt/dehydrated/config ]] + echo '# INFO: Using main config file /opt/dehydrated/config' # INFO: Using main config file /opt/dehydrated/config ++ dirname /opt/dehydrated/config + BASEDIR=/opt/dehydrated + . /opt/dehydrated/config ++ CHALLENGETYPE=http-01 ++ WELLKNOWN=/srv/http/dehydrated ++ KEYSIZE=4096 ++ PRIVATE_KEY_RENEW=yes ++ KEY_ALGO=rsa + [[ -n '' ]] + [[ -n '' ]] + [[ -n '' ]] + check_dependencies + openssl version + _sed '' + command -v grep + command -v mktemp + command -v diff + set +e ++ curl -V ++ head -n1 ++ awk '{print $2}' + CURL_VERSION=7.58.0 + retcode=0 + set -e + [[ ! 0 = \0 ]] + [[ /opt/dehydrated != \/ ]] + BASEDIR=/opt/dehydrated + [[ -d /opt/dehydrated ]] + [[ -z '' ]] + [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]] + OLDCA=https://acme-v01.api.letsencrypt.org/directory ++ echo https://acme-v02.api.letsencrypt.org/directory ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: + CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo + [[ -z '' ]] + ACCOUNTDIR=/opt/dehydrated/accounts + [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]] + [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]] + ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem + ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json + [[ -f /opt/dehydrated/private_key.pem ]] + [[ -f /opt/dehydrated/private_key.json ]] + [[ -z '' ]] + CERTDIR=/opt/dehydrated/certs + [[ -z '' ]] + CHAINCACHE=/opt/dehydrated/chains + [[ -z '' ]] + DOMAINS_TXT=/opt/dehydrated/domains.txt + [[ -z /srv/http/dehydrated ]] + [[ -z '' ]] + LOCKFILE=/opt/dehydrated/lock + [[ -z '' ]] ++ openssl version -d ++ cut '-d"' -f2 + OPENSSL_CNF=/etc/ssl/openssl.cnf + [[ -n '' ]] + [[ -n '' ]] + [[ -n '' ]] + [[ -n /etc/ssl/reksys ]] + CERTDIR=/etc/ssl/reksys + [[ -n '' ]] + [[ -n secp384r1 ]] + KEY_ALGO=secp384r1 + [[ -n '' ]] + [[ -n '' ]] + '[' '!' '' = noverify ']' + verify_config + [[ http-01 == \h\t\t\p\-\0\1 ]] + [[ http-01 = \d\n\s\-\0\1 ]] + [[ http-01 = \h\t\t\p\-\0\1 ]] + [[ ! -d /srv/http/dehydrated ]] + [[ secp384r1 == \r\s\a ]] + [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]] + [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]] + [[ -n '' ]] + [[ auto == \a\u\t\o ]] + store_configvars + __KEY_ALGO=secp384r1 + __OCSP_MUST_STAPLE=no + __PRIVATE_KEY_RENEW=yes + __KEYSIZE=4096 + __CHALLENGETYPE=http-01 + __HOOK= + __WELLKNOWN=/srv/http/dehydrated + __HOOK_CHAIN=no + __OPENSSL_CNF=/etc/ssl/openssl.cnf + __RENEW_DAYS=30 + __IP_VERSION= + [[ -n /opt/dehydrated/lock ]] ++ dirname /opt/dehydrated/lock + LOCKDIR=/opt/dehydrated + [[ -w /opt/dehydrated ]] + trap remove_lock EXIT ++ http_request get https://acme-v02.api.letsencrypt.org/directory +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-I5qVXc +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-mryB4k ++ [[ -n '' ]] ++ set +e ++ [[ get = \h\e\a\d ]] ++ [[ get = \g\e\t ]] +++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -L -s -w '%{http_code}' -o /tmp/dehydrated-I5qVXc -D /tmp/dehydrated-mryB4k https://acme-v02.api.letsencrypt.org/directory ++ statuscode=200 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ echo 'checking pipe 4' checking pipe 4 ++ echo 'using pipe 4' using pipe 4 ++ cat /tmp/dehydrated-mryB4k ++ echo 'getting curl output' getting curl output ++ cat /tmp/dehydrated-I5qVXc ++ echo 'deleting temp files' deleting temp files ++ rm -f /tmp/dehydrated-I5qVXc ++ rm -f /tmp/dehydrated-mryB4k + CA_DIRECTORY='{ "Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' + [[ auto = \a\u\t\o ]] + grep -q newOrder + API=2 + [[ 2 -eq 1 ]] ++ printf %s '{ "Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newOrder ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' newOrder ++ filter='s/.*"newOrder": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"newOrder": *"$[^"]*$".*/\1/p' + CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order ++ printf %s '{ "Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newNonce ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' newNonce ++ filter='s/.*"newNonce": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"newNonce": *"$[^"]*$".*/\1/p' + CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce ++ printf %s '{ "Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newAccount ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' newAccount ++ filter='s/.*"newAccount": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"newAccount": *"$[^"]*$".*/\1/p' + CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct ++ printf %s '{ "Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value termsOfService ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' termsOfService ++ filter='s/.*"termsOfService": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"termsOfService": *"$[^"]*$".*/\1/p' + CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf ++ printf %s '{ "Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value revokeCert ++ local filter +++ printf 's/.*"%s": *"$[^"]*$".*/\\1/p' revokeCert ++ filter='s/.*"revokeCert": *"$[^"]*$".*/\1/p' ++ sed -n 's/.*"revokeCert": *"$[^"]*$".*/\1/p' + CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert + CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct + export WELLKNOWN BASEDIR CERTDIR CONFIG COMMAND + register_new_key=no + [[ -n '' ]] + [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]] + openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check ++ hex2bin ++ urlbase64 ++ tr -d '\n\r' +++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text ++ _sed -e 's:=*$::g' -e y:+/:-_: +++ awk '/publicExponent/ {print $2}' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: +++ cat +++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' ++ openssl base64 -e ++ printf %x 65537 ++ printf -- '\x01\x00\x01' + pubExponent64=AQAB ++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus ++ cut -d= -f2 ++ hex2bin ++ urlbase64 +++ cat +++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' +++ [[ Linux = \L\i\n\u\x ]] ++ _sed -e 's:=*$::g' -e y:+/:-_: +++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' ++ [[ Linux = \L\i\n\u\x ]] ++ openssl base64 -e ++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ tr -d '\n\r' ++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3' + pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM ++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM ++ openssl dgst -sha256 -binary ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: + thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI + [[ no = \y\e\s ]] + [[ sign_domains = \r\e\g\i\s\t\e\r ]] + [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]] ++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ++ get_json_int_value id ++ local filter +++ printf 's/.*"%s": *$[0-9]*$.*/\\1/p' id ++ filter='s/.*"id": *$[0-9]*$.*/\1/p' ++ sed -n 's/.*"id": *$[0-9]*$.*/\1/p' + ACCOUNT_ID=4935574 + [[ 2 -eq 1 ]] + ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574 + hookscript_bricker_hook + [[ -n '' ]] + [[ -n '' ]] + '[' '!' -d /opt/dehydrated/chains ']' + [[ -n domain.de www.domain.de ]] ++ _mktemp ++ mktemp /tmp/dehydrated-XXXXXX + DOMAINS_TXT=/tmp/dehydrated-FgkSDL + [[ -n '' ]] + printf -- 'domain.de www.domain.de' + ORIGIFS=' ' + IFS=' ' ++ tr -d '\r' ++ awk '{print tolower($0)}' ++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' ++ grep -vE '^(#|$)' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' + for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true)) + reset_configvars + KEY_ALGO=secp384r1 + OCSP_MUST_STAPLE=no + PRIVATE_KEY_RENEW=yes + KEYSIZE=4096 + CHALLENGETYPE=http-01 + HOOK= + WELLKNOWN=/srv/http/dehydrated + HOOK_CHAIN=no + OPENSSL_CNF=/etc/ssl/openssl.cnf + RENEW_DAYS=30 + IP_VERSION= + IFS=' ' ++ grep -Eo '>[^ ]+' ++ true + alias= ++ _sed -e 's/>[^ ]+[ ]*//g' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/>[^ ]+[ ]*//g' + line='domain.de www.domain.de' ++ grep -Eo '>' ++ awk 'END {print NR}' ++ true + aliascount=0 + '[' 0 -gt 1 ']' ++ printf '%s\n' 'domain.de www.domain.de' ++ cut '-d ' -f1 + domain=domain.de ++ printf '%s\n' 'domain.de www.domain.de' ++ cut -s '-d ' -f2- + morenames=www.domain.de + '[' 0 -lt 1 ']' + alias=domain.de + export alias + [[ -z www.domain.de ]] + echo 'Processing domain.de with alternative names: www.domain.de' Processing domain.de with alternative names: www.domain.de + '[' tb = '*.' ']' + local certdir=/etc/ssl/reksys/domain.de + cert=/etc/ssl/reksys/domain.de/cert.pem + chain=/etc/ssl/reksys/domain.de/chain.pem + force_renew=no ++ date +%s + timestamp=1521111302 + [[ ! -e /etc/ssl/reksys/domain.de ]] + [[ -n '' ]] + certconfig=/etc/ssl/reksys/domain.de/config + '[' -f /etc/ssl/reksys/domain.de/config ']' + verify_config + [[ http-01 == \h\t\t\p\-\0\1 ]] + [[ http-01 = \d\n\s\-\0\1 ]] + [[ http-01 = \h\t\t\p\-\0\1 ]] + [[ ! -d /srv/http/dehydrated ]] + [[ secp384r1 == \r\s\a ]] + [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]] + [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]] + [[ -n '' ]] + [[ 2 == \a\u\t\o ]] + [[ 2 == \1 ]] + [[ 2 == \2 ]] + hookscript_bricker_hook + [[ -n '' ]] + export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER + skip=no + local csr= + [[ -n '' ]] + [[ -e /etc/ssl/reksys/domain.de/cert.pem ]] + printf ' + Checking domain name(s) of existing cert...' + Checking domain name(s) of existing cert...++ openssl x509 -in /etc/ssl/reksys/domain.de/cert.pem -text -noout ++ grep DNS: ++ _sed s/DNS://g ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r s/DNS://g ++ tr -d ' ' ++ tr , '\n' ++ sort -u ++ _sed 's/ $//' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/ $//' ++ tr '\n' ' ' + certnames='domain.de www.domain.de' ++ echo domain.de www.domain.de ++ tr ' ' '\n' ++ sort -u ++ tr '\n' ' ' ++ _sed 's/ $//' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/ $//' ++ _sed 's/^ //' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/^ //' + givennames='domain.de www.domain.de' + [[ domain.de www.domain.de = \t\b\-\i\t\f\.\d\e\ \w\w\w\.\t\b\-\i\t\f\.\d\e ]] + echo ' unchanged.' unchanged. + [[ -e /etc/ssl/reksys/domain.de/cert.pem ]] + echo ' + Checking expire date of existing cert...' + Checking expire date of existing cert... ++ openssl x509 -enddate -noout -in /etc/ssl/reksys/domain.de/cert.pem ++ cut -d= -f2- + valid='Apr 3 22:05:12 2018 GMT' + printf ' + Valid till %s ' 'Apr 3 22:05:12 2018 GMT' + Valid till Apr 3 22:05:12 2018 GMT + openssl x509 -checkend 2592000 -noout -in /etc/ssl/reksys/domain.de/cert.pem Certificate will expire + echo '(Less than 30 days). Renewing!' (Less than 30 days). Renewing! + local update_ocsp + update_ocsp=no + [[ ! no = \y\e\s ]] + update_ocsp=yes + [[ -z '' ]] + [[ '' = \y\e\s ]] + sign_domain /etc/ssl/reksys/domain.de 1521111302 domain.de www.domain.de + local certdir=/etc/ssl/reksys/domain.de + shift + timestamp=1521111302 + shift + domain=domain.de + altnames='domain.de www.domain.de' + export altnames + echo ' + Signing domains...' + Signing domains... + [[ 2 -eq 1 ]] + [[ 2 -eq 2 ]] + [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]] + local privkey=privkey.pem + [[ ! -e /etc/ssl/reksys/domain.de/cert-1521111302.csr ]] + [[ ! -r /etc/ssl/reksys/domain.de/privkey.pem ]] + [[ yes = \y\e\s ]] + echo ' + Generating private key...' + Generating private key... + privkey=privkey-1521111302.pem + case "${KEY_ALGO}" in + _openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521111302.pem + set +e ++ openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521111302.pem + out= + res=0 + set -e + [[ 0 -ne 0 ]] + [[ -r /etc/ssl/reksys/domain.de/privkey.pem ]] + [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]] + [[ ! -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]] + [[ no = \y\e\s ]] + [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]] + echo ' + Generating signing request...' + Generating signing request... + SAN= + for altname in ${altnames} + SAN='DNS:domain.de, ' + for altname in ${altnames} + SAN='DNS:domain.de, DNS:www.domain.de, ' + SAN='DNS:domain.de, DNS:www.domain.de' + local tmp_openssl_cnf ++ _mktemp ++ mktemp /tmp/dehydrated-XXXXXX + tmp_openssl_cnf=/tmp/dehydrated-72OBhF + cat /etc/ssl/openssl.cnf + printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.de, DNS:www.domain.de' + '[' no = yes ']' + SUBJ=/CN=domain.de/ + [[ Linux = \M\I\N\G\W ]] + openssl req -new -sha256 -key /etc/ssl/reksys/domain.de/privkey-1521111302.pem -out /etc/ssl/reksys/domain.de/cert-1521111302.csr -subj /CN=domain.de/ -reqexts SAN -config /tmp/dehydrated-72OBhF + rm -f /tmp/dehydrated-72OBhF + crt_path=/etc/ssl/reksys/domain.de/cert-1521111302.pem + sign_csr '-----BEGIN CERTIFICATE REQUEST----- MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr gQQAIgNiAAS16k4FBwJC+I/vujHqCZb6+v4SO0crMmIC68ismpjh6oDHXB7IGRGf ... 1nVuuav+aivS+STAZFQbLcGrqBOFDItDack+4yti55F/UIdWAjBHJD7WqFC56nm/ 8SAy6FgipsC2m3Hy2KC5z7aUQh5ZODVz2cgONRib4EDtTX5ra5A= -----END CERTIFICATE REQUEST-----' domain.de www.domain.de + csr='-----BEGIN CERTIFICATE REQUEST----- MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr gQQAIgNiAAS16k4FBwJC+I/vujHqCZb6+v4SO0crMmIC68ismpjh6oDHXB7IGRGf ... 1nVuuav+aivS+STAZFQbLcGrqBOFDItDack+4yti55F/UIdWAjBHJD7WqFC56nm/ 8SAy6FgipsC2m3Hy2KC5z7aUQh5ZODVz2cgONRib4EDtTX5ra5A= -----END CERTIFICATE REQUEST-----' + : + shift 1 + export 'altnames=domain.de www.domain.de' + altnames='domain.de www.domain.de' + [[ 2 -eq 1 ]] + [[ 2 -eq 2 ]] + [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]] + [[ -n '' ]] + local -a challenge_identifiers challenge_uris challenge_tokens authorizations keyauths deploy_args + [[ 2 -eq 2 ]] + for altname in ${altnames} ++ printf '{"type": "dns", "value": "%s"}, ' domain.de + challenge_identifiers+='{"type": "dns", "value": "domain.de"}, ' + for altname in ${altnames} ++ printf '{"type": "dns", "value": "%s"}, ' www.domain.de + challenge_identifiers+='{"type": "dns", "value": "www.domain.de"}, ' + challenge_identifiers='[{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]' + echo ' + Requesting new certificate order from CA...' + Requesting new certificate order from CA... ++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}' +++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}' +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19 ++ [[ 2 -eq 1 ]] +++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce +++ grep Replay-Nonce: +++ awk -F ': ' '{print $2}' +++ tr -d '\n\r' ++++ _mktemp ++++ mktemp /tmp/dehydrated-XXXXXX +++ tempcont=/tmp/dehydrated-HqxbIU ++++ _mktemp ++++ mktemp /tmp/dehydrated-XXXXXX +++ tempheaders=/tmp/dehydrated-spf8YA +++ [[ -n '' ]] +++ set +e +++ [[ head = \h\e\a\d ]] ++++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-HqxbIU https://acme-v02.api.letsencrypt.org/acme/new-nonce -I +++ statuscode=204 +++ touch /tmp/dehydrated-spf8YA +++ curlret=0 +++ set -e +++ [[ ! 0 = \0 ]] +++ [[ ! 2 = \2 ]] +++ echo 'checking pipe 4' checking pipe 4 +++ echo 'using pipe 4' using pipe 4 +++ cat /tmp/dehydrated-spf8YA +++ echo 'getting curl output' getting curl output +++ cat /tmp/dehydrated-HqxbIU +++ echo 'deleting temp files' deleting temp files +++ rm -f /tmp/dehydrated-HqxbIU +++ rm -f /tmp/dehydrated-spf8YA ++ nonce=QERa8pVhhvNWH8qt8JL6czKyp_IrG-FlEDlO5Sg_KxI ++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}' ++ [[ 2 -eq 1 ]] ++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]] ++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "QERa8pVhhvNWH8qt8JL6czKyp_IrG-FlEDlO5Sg_KxI"}' +++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "QERa8pVhhvNWH8qt8JL6czKyp_IrG-FlEDlO5Sg_KxI"}' +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ +++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem +++ urlbase64 +++ openssl base64 -e +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ tr -d '\n\r' +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: +++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19 ++ signed64=npm3fZvoJr0vtdwBVPvaz2gZGDGDAh98B74Zlmr8Yb5AJoTjIwE8IMTZkwVfOS0qEahnyDHLugsLVh5HsIwFOJoKApQLNCHDaMJCBp7EqA5SLVHuInWVANLGLW9QHGOircmx8UB42yVhMZypWfLKC9ls9fc9OaAyFifHPP9oH01BCSsOup8iVDoRx6StgOzmP-hKyQxUkwyFBE3d98y2qikdRCiUZE0HLNOeP8xUNBjeDCYNclMp5HDB6OA2oreWcSJE2Ma6Q4wmXJhyURz7w2ZTsNpjQBSGv6uUJziHAclay1CyORytmqSFLW76MK-JRCUHli3vkPSDsLOPrK5uT-tU53EyROhDXfv4vupHnhyBn3XwGVYR5axTSY8hTx4e4gRxkYsGa6rnz6ZUnF99_hOgcifCSuJBO-GkK8naFWWVx1u6oPUQCO49mwCeFF21m7JELghpgWx0fWF-D2f0St2AH_P9RfzHzyKjwuJ9t8igN5e93k73IUSz_S0E7lg-5J4qFIvIfBfxK5LyFH3Piyra4jsNZz_7FKR9whHDTg0WrAUYnDvP0Rp2kEK9KAaSU7fyJrj5aJhoZPvlQBKePRVF3wCtcn7_XNtsyShPK9JlfvQFCQYuHrkE769a3DAH9m6Bl1RP4iN_juEKBt02vgk2jMKDS2ha1ZaAjZDWImw ++ [[ 2 -eq 1 ]] ++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "npm3fZvoJr0vtdwBVPvaz2gZGDGDAh98B74Zlmr8Yb5AJoTjIwE8IMTZkwVfOS0qEahnyDHLugsLVh5HsIwFOJoKApQLNCHDaMJCBp7EqA5SLVHuInWVANLGLW9QHGOircmx8UB42yVhMZypWfLKC9ls9fc9OaAyFifHPP9oH01BCSsOup8iVDoRx6StgOzmP-hKyQxUkwyFBE3d98y2qikdRCiUZE0HLNOeP8xUNBjeDCYNclMp5HDB6OA2oreWcSJE2Ma6Q4wmXJhyURz7w2ZTsNpjQBSGv6uUJziHAclay1CyORytmqSFLW76MK-JRCUHli3vkPSDsLOPrK5uT-tU53EyROhDXfv4vupHnhyBn3XwGVYR5axTSY8hTx4e4gRxkYsGa6rnz6ZUnF99_hOgcifCSuJBO-GkK8naFWWVx1u6oPUQCO49mwCeFF21m7JELghpgWx0fWF-D2f0St2AH_P9RfzHzyKjwuJ9t8igN5e93k73IUSz_S0E7lg-5J4qFIvIfBfxK5LyFH3Piyra4jsNZz_7FKR9whHDTg0WrAUYnDvP0Rp2kEK9KAaSU7fyJrj5aJhoZPvlQBKePRVF3wCtcn7_XNtsyShPK9JlfvQFCQYuHrkE769a3DAH9m6Bl1RP4iN_juEKBt02vgk2jMKDS2ha1ZaAjZDWImw"}' ++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "npm3fZvoJr0vtdwBVPvaz2gZGDGDAh98B74Zlmr8Yb5AJoTjIwE8IMTZkwVfOS0qEahnyDHLugsLVh5HsIwFOJoKApQLNCHDaMJCBp7EqA5SLVHuInWVANLGLW9QHGOircmx8UB42yVhMZypWfLKC9ls9fc9OaAyFifHPP9oH01BCSsOup8iVDoRx6StgOzmP-hKyQxUkwyFBE3d98y2qikdRCiUZE0HLNOeP8xUNBjeDCYNclMp5HDB6OA2oreWcSJE2Ma6Q4wmXJhyURz7w2ZTsNpjQBSGv6uUJziHAclay1CyORytmqSFLW76MK-JRCUHli3vkPSDsLOPrK5uT-tU53EyROhDXfv4vupHnhyBn3XwGVYR5axTSY8hTx4e4gRxkYsGa6rnz6ZUnF99_hOgcifCSuJBO-GkK8naFWWVx1u6oPUQCO49mwCeFF21m7JELghpgWx0fWF-D2f0St2AH_P9RfzHzyKjwuJ9t8igN5e93k73IUSz_S0E7lg-5J4qFIvIfBfxK5LyFH3Piyra4jsNZz_7FKR9whHDTg0WrAUYnDvP0Rp2kEK9KAaSU7fyJrj5aJhoZPvlQBKePRVF3wCtcn7_XNtsyShPK9JlfvQFCQYuHrkE769a3DAH9m6Bl1RP4iN_juEKBt02vgk2jMKDS2ha1ZaAjZDWImw"}' +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-iO9JdR +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-rXx9pq ++ [[ -n '' ]] ++ set +e ++ [[ post = \h\e\a\d ]] ++ [[ post = \g\e\t ]] ++ [[ post = \p\o\s\t ]] +++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-iO9JdR https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-rXx9pq -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "npm3fZvoJr0vtdwBVPvaz2gZGDGDAh98B74Zlmr8Yb5AJoTjIwE8IMTZkwVfOS0qEahnyDHLugsLVh5HsIwFOJoKApQLNCHDaMJCBp7EqA5SLVHuInWVANLGLW9QHGOircmx8UB42yVhMZypWfLKC9ls9fc9OaAyFifHPP9oH01BCSsOup8iVDoRx6StgOzmP-hKyQxUkwyFBE3d98y2qikdRCiUZE0HLNOeP8xUNBjeDCYNclMp5HDB6OA2oreWcSJE2Ma6Q4wmXJhyURz7w2ZTsNpjQBSGv6uUJziHAclay1CyORytmqSFLW76MK-JRCUHli3vkPSDsLOPrK5uT-tU53EyROhDXfv4vupHnhyBn3XwGVYR5axTSY8hTx4e4gRxkYsGa6rnz6ZUnF99_hOgcifCSuJBO-GkK8naFWWVx1u6oPUQCO49mwCeFF21m7JELghpgWx0fWF-D2f0St2AH_P9RfzHzyKjwuJ9t8igN5e93k73IUSz_S0E7lg-5J4qFIvIfBfxK5LyFH3Piyra4jsNZz_7FKR9whHDTg0WrAUYnDvP0Rp2kEK9KAaSU7fyJrj5aJhoZPvlQBKePRVF3wCtcn7_XNtsyShPK9JlfvQFCQYuHrkE769a3DAH9m6Bl1RP4iN_juEKBt02vgk2jMKDS2ha1ZaAjZDWImw"}' ++ statuscode=201 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ echo 'checking pipe 4' checking pipe 4 ++ echo 'using pipe 4' using pipe 4 ++ cat /tmp/dehydrated-rXx9pq cat: Schreibfehler: Datenübergabe unterbrochen (broken pipe) + result= + remove_lock + rm -f /opt/dehydrated/lock

dehydrated-io / dehydrated

dehydrated with broken pipe in cat... #507