Closed TB1234 closed 6 years ago
Can you run bash -x dehydrated -c
and post the last few lines before it exits?
Of course, here it is:
bash -x dehydrated -c "/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1"
+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ VERSION=git-master-after-0.6.1
+ SOURCE=dehydrated
+ '[' -h dehydrated ']'
+++ dirname dehydrated
++ cd -P .
++ pwd
+ SCRIPTDIR=/opt/reksys
+ BASEDIR=/opt/reksys
+ ORIGARGS='-c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 -d www.domain.de'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c '/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' -d www.domain.de
+ COMMAND=
+ [[ -z -c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 -d www.domain.de ]]
+ (( 4 ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ (( 3 ))
+ case "${1}" in
+ echo 'Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1'
Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1
+ echo
+ command_help
+ printf 'Usage: %s [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...\n\n' dehydrated
Usage: dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...
+ printf 'Default command: help\n\n'
Default command: help
+ echo Commands:
Commands:
+ grep -e '^[[:space:]]*# Usage:' -e '^[[:space:]]*# Description:' -e '^command_.*()[[:space:]]*{' dehydrated
+ read -r usage
grep: dehydrated: Datei oder Verzeichnis nicht gefunden
+ read -r description
+ read -r command
@TB1234 please run it like this: bash -x /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1
Here it is, but also with an unkown parameter detect
?!
bash -x /opt/dehydrated/dehydrated -c "/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1"
+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ VERSION=git-master-after-0.6.1
+ SOURCE=/opt/dehydrated/dehydrated
+ '[' -h /opt/dehydrated/dehydrated ']'
+++ dirname /opt/dehydrated/dehydrated
++ cd -P /opt/dehydrated
++ pwd
+ SCRIPTDIR=/opt/dehydrated
+ BASEDIR=/opt/dehydrated
+ ORIGARGS='-c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 -d www.domain.de'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c '/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1' -d www.domain.de
+ COMMAND=
+ [[ -z -c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 -d www.domain.de ]]
+ (( 4 ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ (( 3 ))
+ case "${1}" in
+ echo 'Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1'
Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de >> /var/log/dehydrated/dehydrated.log 2>&1
+ echo
+ command_help
+ printf 'Usage: %s [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...\n\n' /opt/dehydrated/dehydrated
Usage: /opt/dehydrated/dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...
+ printf 'Default command: help\n\n'
Default command: help
+ echo Commands:
Commands:
+ grep -e '^[[:space:]]*# Usage:' -e '^[[:space:]]*# Description:' -e '^command_.*()[[:space:]]*{' /opt/dehydrated/dehydrated
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --version (-v) =~ Usage ]]
+ [[ ! # Description: Print version information =~ Description ]]
+ [[ ! command_version() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--version (-v)' 'Print version information'
--version (-v) Print version information
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --register =~ Usage ]]
+ [[ ! # Description: Register account key =~ Description ]]
+ [[ ! command_register() { =~ ^command_ ]]
+ printf ' %-32s %s\n' --register 'Register account key'
--register Register account key
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --account =~ Usage ]]
+ [[ ! # Description: Update account contact information =~ Description ]]
+ [[ ! command_account() { =~ ^command_ ]]
+ printf ' %-32s %s\n' --account 'Update account contact information'
--account Update account contact information
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --cron (-c) =~ Usage ]]
+ [[ ! # Description: Sign/renew non-existent/changed/expiring certificates. =~ Description ]]
+ [[ ! command_sign_domains() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--cron (-c)' 'Sign/renew non-existent/changed/expiring certificates.'
--cron (-c) Sign/renew non-existent/changed/expiring certificates.
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --signcsr (-s) path/to/csr.pem =~ Usage ]]
+ [[ ! # Description: Sign a given CSR, output CRT on stdout (advanced usage) =~ Description ]]
+ [[ ! command_sign_csr() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--signcsr (-s) path/to/csr.pem' 'Sign a given CSR, output CRT on stdout (advanced usage)'
--signcsr (-s) path/to/csr.pem Sign a given CSR, output CRT on stdout (advanced usage)
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --revoke (-r) path/to/cert.pem =~ Usage ]]
+ [[ ! # Description: Revoke specified certificate =~ Description ]]
+ [[ ! command_revoke() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--revoke (-r) path/to/cert.pem' 'Revoke specified certificate'
--revoke (-r) path/to/cert.pem Revoke specified certificate
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --cleanup (-gc) =~ Usage ]]
+ [[ ! # Description: Move unused certificate files to archive directory =~ Description ]]
+ [[ ! command_cleanup() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--cleanup (-gc)' 'Move unused certificate files to archive directory'
--cleanup (-gc) Move unused certificate files to archive directory
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --help (-h) =~ Usage ]]
+ [[ ! # Description: Show help text =~ Description ]]
+ [[ ! command_help() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--help (-h)' 'Show help text'
--help (-h) Show help text
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --env (-e) =~ Usage ]]
+ [[ ! # Description: Output configuration variables for use in other scripts =~ Description ]]
+ [[ ! command_env() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--env (-e)' 'Output configuration variables for use in other scripts'
--env (-e) Output configuration variables for use in other scripts
+ read -r usage
+ read -r description
+ read -r command
+ printf -- '\nParameters:\n'
Parameters:
+ grep -E -e '^[[:space:]]*# PARAM_Usage:' -e '^[[:space:]]*# PARAM_Description:' /opt/dehydrated/dehydrated
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --accept-terms =~ Usage ]]
+ [[ ! # PARAM_Description: Accept CAs terms of service =~ Description ]]
+ printf ' %-32s %s\n' --accept-terms 'Accept CAs terms of service'
--accept-terms Accept CAs terms of service
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --full-chain (-fc) =~ Usage ]]
+ [[ ! # PARAM_Description: Print full chain when using --signcsr =~ Description ]]
+ printf ' %-32s %s\n' '--full-chain (-fc)' 'Print full chain when using --signcsr'
--full-chain (-fc) Print full chain when using --signcsr
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --ipv4 (-4) =~ Usage ]]
+ [[ ! # PARAM_Description: Resolve names to IPv4 addresses only =~ Description ]]
+ printf ' %-32s %s\n' '--ipv4 (-4)' 'Resolve names to IPv4 addresses only'
--ipv4 (-4) Resolve names to IPv4 addresses only
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --ipv6 (-6) =~ Usage ]]
+ [[ ! # PARAM_Description: Resolve names to IPv6 addresses only =~ Description ]]
+ printf ' %-32s %s\n' '--ipv6 (-6)' 'Resolve names to IPv6 addresses only'
--ipv6 (-6) Resolve names to IPv6 addresses only
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --domain (-d) domain.tld =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!) =~ Description ]]
+ printf ' %-32s %s\n' '--domain (-d) domain.tld' 'Use specified domain name(s) instead of domains.txt entry (one certificate!)'
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --alias certalias =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified) =~ Description ]]
+ printf ' %-32s %s\n' '--alias certalias' 'Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)'
--alias certalias Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --keep-going (-g) =~ Usage ]]
+ [[ ! # PARAM_Description: Keep going after encountering an error while creating/renewing multiple certificates in cron mode =~ Description ]]
+ printf ' %-32s %s\n' '--keep-going (-g)' 'Keep going after encountering an error while creating/renewing multiple certificates in cron mode'
--keep-going (-g) Keep going after encountering an error while creating/renewing multiple certificates in cron mode
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --force (-x) =~ Usage ]]
+ [[ ! # PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS =~ Description ]]
+ printf ' %-32s %s\n' '--force (-x)' 'Force renew of certificate even if it is longer valid than value in RENEW_DAYS'
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --no-lock (-n) =~ Usage ]]
+ [[ ! # PARAM_Description: Don't use lockfile (potentially dangerous!) =~ Description ]]
+ printf ' %-32s %s\n' '--no-lock (-n)' 'Don'\''t use lockfile (potentially dangerous!)'
--no-lock (-n) Don't use lockfile (potentially dangerous!)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --lock-suffix example.com =~ Usage ]]
+ [[ ! # PARAM_Description: Suffix lockfile name with a string (useful for with -d) =~ Description ]]
+ printf ' %-32s %s\n' '--lock-suffix example.com' 'Suffix lockfile name with a string (useful for with -d)'
--lock-suffix example.com Suffix lockfile name with a string (useful for with -d)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --ocsp =~ Usage ]]
+ [[ ! # PARAM_Description: Sets option in CSR indicating OCSP stapling to be mandatory =~ Description ]]
+ printf ' %-32s %s\n' --ocsp 'Sets option in CSR indicating OCSP stapling to be mandatory'
--ocsp Sets option in CSR indicating OCSP stapling to be mandatory
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --privkey (-p) path/to/key.pem =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified private key instead of account key (useful for revocation) =~ Description ]]
+ printf ' %-32s %s\n' '--privkey (-p) path/to/key.pem' 'Use specified private key instead of account key (useful for revocation)'
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --config (-f) path/to/config =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified config file =~ Description ]]
+ printf ' %-32s %s\n' '--config (-f) path/to/config' 'Use specified config file'
--config (-f) path/to/config Use specified config file
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --hook (-k) path/to/hook.sh =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified script for hooks =~ Description ]]
+ printf ' %-32s %s\n' '--hook (-k) path/to/hook.sh' 'Use specified script for hooks'
--hook (-k) path/to/hook.sh Use specified script for hooks
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --out (-o) certs/directory =~ Usage ]]
+ [[ ! # PARAM_Description: Output certificates into the specified directory =~ Description ]]
+ printf ' %-32s %s\n' '--out (-o) certs/directory' 'Output certificates into the specified directory'
--out (-o) certs/directory Output certificates into the specified directory
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --challenge (-t) http-01|dns-01 =~ Usage ]]
+ [[ ! # PARAM_Description: Which challenge should be used? Currently http-01 and dns-01 are supported =~ Description ]]
+ printf ' %-32s %s\n' '--challenge (-t) http-01|dns-01' 'Which challenge should be used? Currently http-01 and dns-01 are supported'
--challenge (-t) http-01|dns-01 Which challenge should be used? Currently http-01 and dns-01 are supported
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --algo (-a) rsa|prime256v1|secp384r1 =~ Usage ]]
+ [[ ! # PARAM_Description: Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 =~ Description ]]
+ printf ' %-32s %s\n' '--algo (-a) rsa|prime256v1|secp384r1' 'Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1'
--algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
+ read -r usage
+ read -r description
+ exit 1
Oh, above there's an error in the call of dehydratet. I fixed that, but the problem is still the same:
bash -x /opt/dehydrated/dehydrated -c "/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1"
+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ VERSION=git-master-after-0.6.1
+ SOURCE=/opt/dehydrated/dehydrated
+ '[' -h /opt/dehydrated/dehydrated ']'
+++ dirname /opt/dehydrated/dehydrated
++ cd -P /opt/dehydrated
++ pwd
+ SCRIPTDIR=/opt/dehydrated
+ BASEDIR=/opt/dehydrated
+ ORIGARGS='-c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c '/opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1'
+ COMMAND=
+ [[ -z -c /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1 ]]
+ (( 2 ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ (( 1 ))
+ case "${1}" in
+ echo 'Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1'
Unknown parameter detected: /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de >> /var/log/dehydrated/dehydrated.log 2>&1
+ echo
+ command_help
+ printf 'Usage: %s [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...\n\n' /opt/dehydrated/dehydrated
Usage: /opt/dehydrated/dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...
+ printf 'Default command: help\n\n'
Default command: help
+ echo Commands:
Commands:
+ grep -e '^[[:space:]]*# Usage:' -e '^[[:space:]]*# Description:' -e '^command_.*()[[:space:]]*{' /opt/dehydrated/dehydrated
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --version (-v) =~ Usage ]]
+ [[ ! # Description: Print version information =~ Description ]]
+ [[ ! command_version() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--version (-v)' 'Print version information'
--version (-v) Print version information
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --register =~ Usage ]]
+ [[ ! # Description: Register account key =~ Description ]]
+ [[ ! command_register() { =~ ^command_ ]]
+ printf ' %-32s %s\n' --register 'Register account key'
--register Register account key
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --account =~ Usage ]]
+ [[ ! # Description: Update account contact information =~ Description ]]
+ [[ ! command_account() { =~ ^command_ ]]
+ printf ' %-32s %s\n' --account 'Update account contact information'
--account Update account contact information
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --cron (-c) =~ Usage ]]
+ [[ ! # Description: Sign/renew non-existent/changed/expiring certificates. =~ Description ]]
+ [[ ! command_sign_domains() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--cron (-c)' 'Sign/renew non-existent/changed/expiring certificates.'
--cron (-c) Sign/renew non-existent/changed/expiring certificates.
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --signcsr (-s) path/to/csr.pem =~ Usage ]]
+ [[ ! # Description: Sign a given CSR, output CRT on stdout (advanced usage) =~ Description ]]
+ [[ ! command_sign_csr() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--signcsr (-s) path/to/csr.pem' 'Sign a given CSR, output CRT on stdout (advanced usage)'
--signcsr (-s) path/to/csr.pem Sign a given CSR, output CRT on stdout (advanced usage)
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --revoke (-r) path/to/cert.pem =~ Usage ]]
+ [[ ! # Description: Revoke specified certificate =~ Description ]]
+ [[ ! command_revoke() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--revoke (-r) path/to/cert.pem' 'Revoke specified certificate'
--revoke (-r) path/to/cert.pem Revoke specified certificate
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --cleanup (-gc) =~ Usage ]]
+ [[ ! # Description: Move unused certificate files to archive directory =~ Description ]]
+ [[ ! command_cleanup() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--cleanup (-gc)' 'Move unused certificate files to archive directory'
--cleanup (-gc) Move unused certificate files to archive directory
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --help (-h) =~ Usage ]]
+ [[ ! # Description: Show help text =~ Description ]]
+ [[ ! command_help() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--help (-h)' 'Show help text'
--help (-h) Show help text
+ read -r usage
+ read -r description
+ read -r command
+ [[ ! # Usage: --env (-e) =~ Usage ]]
+ [[ ! # Description: Output configuration variables for use in other scripts =~ Description ]]
+ [[ ! command_env() { =~ ^command_ ]]
+ printf ' %-32s %s\n' '--env (-e)' 'Output configuration variables for use in other scripts'
--env (-e) Output configuration variables for use in other scripts
+ read -r usage
+ read -r description
+ read -r command
+ printf -- '\nParameters:\n'
Parameters:
+ grep -E -e '^[[:space:]]*# PARAM_Usage:' -e '^[[:space:]]*# PARAM_Description:' /opt/dehydrated/dehydrated
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --accept-terms =~ Usage ]]
+ [[ ! # PARAM_Description: Accept CAs terms of service =~ Description ]]
+ printf ' %-32s %s\n' --accept-terms 'Accept CAs terms of service'
--accept-terms Accept CAs terms of service
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --full-chain (-fc) =~ Usage ]]
+ [[ ! # PARAM_Description: Print full chain when using --signcsr =~ Description ]]
+ printf ' %-32s %s\n' '--full-chain (-fc)' 'Print full chain when using --signcsr'
--full-chain (-fc) Print full chain when using --signcsr
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --ipv4 (-4) =~ Usage ]]
+ [[ ! # PARAM_Description: Resolve names to IPv4 addresses only =~ Description ]]
+ printf ' %-32s %s\n' '--ipv4 (-4)' 'Resolve names to IPv4 addresses only'
--ipv4 (-4) Resolve names to IPv4 addresses only
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --ipv6 (-6) =~ Usage ]]
+ [[ ! # PARAM_Description: Resolve names to IPv6 addresses only =~ Description ]]
+ printf ' %-32s %s\n' '--ipv6 (-6)' 'Resolve names to IPv6 addresses only'
--ipv6 (-6) Resolve names to IPv6 addresses only
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --domain (-d) domain.tld =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!) =~ Description ]]
+ printf ' %-32s %s\n' '--domain (-d) domain.tld' 'Use specified domain name(s) instead of domains.txt entry (one certificate!)'
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --alias certalias =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified) =~ Description ]]
+ printf ' %-32s %s\n' '--alias certalias' 'Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)'
--alias certalias Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --keep-going (-g) =~ Usage ]]
+ [[ ! # PARAM_Description: Keep going after encountering an error while creating/renewing multiple certificates in cron mode =~ Description ]]
+ printf ' %-32s %s\n' '--keep-going (-g)' 'Keep going after encountering an error while creating/renewing multiple certificates in cron mode'
--keep-going (-g) Keep going after encountering an error while creating/renewing multiple certificates in cron mode
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --force (-x) =~ Usage ]]
+ [[ ! # PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS =~ Description ]]
+ printf ' %-32s %s\n' '--force (-x)' 'Force renew of certificate even if it is longer valid than value in RENEW_DAYS'
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --no-lock (-n) =~ Usage ]]
+ [[ ! # PARAM_Description: Don't use lockfile (potentially dangerous!) =~ Description ]]
+ printf ' %-32s %s\n' '--no-lock (-n)' 'Don'\''t use lockfile (potentially dangerous!)'
--no-lock (-n) Don't use lockfile (potentially dangerous!)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --lock-suffix example.com =~ Usage ]]
+ [[ ! # PARAM_Description: Suffix lockfile name with a string (useful for with -d) =~ Description ]]
+ printf ' %-32s %s\n' '--lock-suffix example.com' 'Suffix lockfile name with a string (useful for with -d)'
--lock-suffix example.com Suffix lockfile name with a string (useful for with -d)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --ocsp =~ Usage ]]
+ [[ ! # PARAM_Description: Sets option in CSR indicating OCSP stapling to be mandatory =~ Description ]]
+ printf ' %-32s %s\n' --ocsp 'Sets option in CSR indicating OCSP stapling to be mandatory'
--ocsp Sets option in CSR indicating OCSP stapling to be mandatory
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --privkey (-p) path/to/key.pem =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified private key instead of account key (useful for revocation) =~ Description ]]
+ printf ' %-32s %s\n' '--privkey (-p) path/to/key.pem' 'Use specified private key instead of account key (useful for revocation)'
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --config (-f) path/to/config =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified config file =~ Description ]]
+ printf ' %-32s %s\n' '--config (-f) path/to/config' 'Use specified config file'
--config (-f) path/to/config Use specified config file
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --hook (-k) path/to/hook.sh =~ Usage ]]
+ [[ ! # PARAM_Description: Use specified script for hooks =~ Description ]]
+ printf ' %-32s %s\n' '--hook (-k) path/to/hook.sh' 'Use specified script for hooks'
--hook (-k) path/to/hook.sh Use specified script for hooks
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --out (-o) certs/directory =~ Usage ]]
+ [[ ! # PARAM_Description: Output certificates into the specified directory =~ Description ]]
+ printf ' %-32s %s\n' '--out (-o) certs/directory' 'Output certificates into the specified directory'
--out (-o) certs/directory Output certificates into the specified directory
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --challenge (-t) http-01|dns-01 =~ Usage ]]
+ [[ ! # PARAM_Description: Which challenge should be used? Currently http-01 and dns-01 are supported =~ Description ]]
+ printf ' %-32s %s\n' '--challenge (-t) http-01|dns-01' 'Which challenge should be used? Currently http-01 and dns-01 are supported'
--challenge (-t) http-01|dns-01 Which challenge should be used? Currently http-01 and dns-01 are supported
+ read -r usage
+ read -r description
+ [[ ! # PARAM_Usage: --algo (-a) rsa|prime256v1|secp384r1 =~ Usage ]]
+ [[ ! # PARAM_Description: Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 =~ Description ]]
+ printf ' %-32s %s\n' '--algo (-a) rsa|prime256v1|secp384r1' 'Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1'
--algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
+ read -r usage
+ read -r description
+ exit 1
@TB1234 please just run it exactly like this: bash -x /opt/dehydrated/dehydrated -c -o /etc/ssl/reksys -a secp384r1 -d domain.de
your output is unusable since you are passing your actual command as parameter, which makes no sense
Oh sorry, my fault...
+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ VERSION=git-master-after-0.6.1
+ SOURCE=/opt/dehydrated/dehydrated
+ '[' -h /opt/dehydrated/dehydrated ']'
+++ dirname /opt/dehydrated/dehydrated
++ cd -P /opt/dehydrated
++ pwd
+ SCRIPTDIR=/opt/dehydrated
+ BASEDIR=/opt/dehydrated
+ ORIGARGS='-c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de
+ COMMAND=
+ [[ -z -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de ]]
+ (( 9 ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ (( 8 ))
+ case "${1}" in
+ shift 1
+ check_parameters /etc/ssl/reksys
+ [[ -z /etc/ssl/reksys ]]
+ [[ / = \- ]]
+ PARAM_CERTDIR=/etc/ssl/reksys
+ shift 1
+ (( 6 ))
+ case "${1}" in
+ shift 1
+ check_parameters secp384r1
+ [[ -z secp384r1 ]]
+ [[ s = \- ]]
+ PARAM_KEY_ALGO=secp384r1
+ shift 1
+ (( 4 ))
+ case "${1}" in
+ shift 1
+ check_parameters domain.de
+ [[ -z domain.de ]]
+ [[ t = \- ]]
+ [[ -z '' ]]
+ PARAM_DOMAIN=domain.de
+ shift 1
+ (( 2 ))
+ case "${1}" in
+ shift 1
+ check_parameters www.domain.de
+ [[ -z www.domain.de ]]
+ [[ w = \- ]]
+ [[ -z domain.de ]]
+ PARAM_DOMAIN='domain.de www.domain.de'
+ shift 1
+ (( 0 ))
+ case "${COMMAND}" in
+ command_sign_domains
+ init_system
+ load_config
+ [[ -z '' ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /usr/local/etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/reksys/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/dehydrated/config ]]
+ BASEDIR=/opt/dehydrated
+ CONFIG=/opt/dehydrated/config
+ break
+ CA=https://acme-v02.api.letsencrypt.org/directory
+ OLDCA=
+ CERTDIR=
+ ACCOUNTDIR=
+ CHALLENGETYPE=http-01
+ CONFIG_D=
+ CURL_OPTS=
+ DOMAINS_D=
+ DOMAINS_TXT=
+ HOOK=
+ HOOK_CHAIN=no
+ RENEW_DAYS=30
+ KEYSIZE=4096
+ WELLKNOWN=
+ PRIVATE_KEY_RENEW=yes
+ PRIVATE_KEY_ROLLOVER=no
+ KEY_ALGO=rsa
+ OPENSSL=openssl
+ OPENSSL_CNF=
+ CONTACT_EMAIL=
+ LOCKFILE=
+ OCSP_MUST_STAPLE=no
+ OCSP_FETCH=no
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP=no
+ DEHYDRATED_USER=
+ DEHYDRATED_GROUP=
+ API=auto
+ [[ -z /opt/dehydrated/config ]]
+ [[ -f /opt/dehydrated/config ]]
+ echo '# INFO: Using main config file /opt/dehydrated/config'
# INFO: Using main config file /opt/dehydrated/config
++ dirname /opt/dehydrated/config
+ BASEDIR=/opt/dehydrated
+ . /opt/dehydrated/config
++ CHALLENGETYPE=http-01
++ WELLKNOWN=/srv/http/dehydrated
++ KEYSIZE=4096
++ PRIVATE_KEY_RENEW=yes
++ KEY_ALGO=rsa
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ check_dependencies
+ openssl version
+ _sed ''
+ command -v grep
+ command -v mktemp
+ command -v diff
+ set +e
++ awk '{print $2}'
++ curl -V
++ head -n1
+ CURL_VERSION=7.58.0
+ retcode=0
+ set -e
+ [[ ! 0 = \0 ]]
+ [[ /opt/dehydrated != \/ ]]
+ BASEDIR=/opt/dehydrated
+ [[ -d /opt/dehydrated ]]
+ [[ -z '' ]]
+ [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]]
+ OLDCA=https://acme-v01.api.letsencrypt.org/directory
++ echo https://acme-v02.api.letsencrypt.org/directory
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo
+ [[ -z '' ]]
+ ACCOUNTDIR=/opt/dehydrated/accounts
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]]
+ [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]]
+ ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+ ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
+ [[ -f /opt/dehydrated/private_key.pem ]]
+ [[ -f /opt/dehydrated/private_key.json ]]
+ [[ -z '' ]]
+ CERTDIR=/opt/dehydrated/certs
+ [[ -z '' ]]
+ CHAINCACHE=/opt/dehydrated/chains
+ [[ -z '' ]]
+ DOMAINS_TXT=/opt/dehydrated/domains.txt
+ [[ -z /srv/http/dehydrated ]]
+ [[ -z '' ]]
+ LOCKFILE=/opt/dehydrated/lock
+ [[ -z '' ]]
++ openssl version -d
++ cut '-d"' -f2
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n /etc/ssl/reksys ]]
+ CERTDIR=/etc/ssl/reksys
+ [[ -n '' ]]
+ [[ -n secp384r1 ]]
+ KEY_ALGO=secp384r1
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' '' = noverify ']'
+ verify_config
+ [[ http-01 == \h\t\t\p\-\0\1 ]]
+ [[ http-01 = \d\n\s\-\0\1 ]]
+ [[ http-01 = \h\t\t\p\-\0\1 ]]
+ [[ ! -d /srv/http/dehydrated ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ auto == \a\u\t\o ]]
+ store_configvars
+ __KEY_ALGO=secp384r1
+ __OCSP_MUST_STAPLE=no
+ __PRIVATE_KEY_RENEW=yes
+ __KEYSIZE=4096
+ __CHALLENGETYPE=http-01
+ __HOOK=
+ __WELLKNOWN=/srv/http/dehydrated
+ __HOOK_CHAIN=no
+ __OPENSSL_CNF=/etc/ssl/openssl.cnf
+ __RENEW_DAYS=30
+ __IP_VERSION=
+ [[ -n /opt/dehydrated/lock ]]
++ dirname /opt/dehydrated/lock
+ LOCKDIR=/opt/dehydrated
+ [[ -w /opt/dehydrated ]]
+ trap remove_lock EXIT
++ http_request get https://acme-v02.api.letsencrypt.org/directory
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-B8Grah
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-aRsALy
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -L -s -w '%{http_code}' -o /tmp/dehydrated-B8Grah -D /tmp/dehydrated-aRsALy https://acme-v02.api.letsencrypt.org/directory
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-aRsALy
++ cat /tmp/dehydrated-B8Grah
++ rm -f /tmp/dehydrated-B8Grah
++ rm -f /tmp/dehydrated-aRsALy
+ CA_DIRECTORY='{
"7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
+ [[ auto = \a\u\t\o ]]
+ grep -q newOrder
+ API=2
+ [[ 2 -eq 1 ]]
++ printf %s '{
"7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newOrder
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newOrder
++ filter='s/.*"newOrder": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newOrder": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order
++ printf %s '{
"7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newNonce
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newNonce
++ filter='s/.*"newNonce": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newNonce": *"\([^"]*\)".*/\1/p'
+ CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce
++ printf %s '{
"7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newAccount
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newAccount
++ filter='s/.*"newAccount": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newAccount": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct
++ printf %s '{
"7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value termsOfService
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' termsOfService
++ filter='s/.*"termsOfService": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"termsOfService": *"\([^"]*\)".*/\1/p'
+ CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
++ printf %s '{
"7fyAybhlKz0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value revokeCert
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' revokeCert
++ filter='s/.*"revokeCert": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"revokeCert": *"\([^"]*\)".*/\1/p'
+ CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert
+ CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct
+ export WELLKNOWN BASEDIR CERTDIR CONFIG COMMAND
+ register_new_key=no
+ [[ -n '' ]]
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]]
+ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check
++ hex2bin
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
+++ awk '/publicExponent/ {print $2}'
+++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
+++ cat
++ printf %x 65537
++ printf -- '\x01\x00\x01'
+ pubExponent64=AQAB
++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus
++ cut -d= -f2
++ hex2bin
++ urlbase64
++ openssl base64 -e
+++ cat
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ tr -d '\n\r'
++ [[ Linux = \L\i\n\u\x ]]
+++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3'
+ pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ openssl dgst -sha256 -binary
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ [[ no = \y\e\s ]]
+ [[ sign_domains = \r\e\g\i\s\t\e\r ]]
+ [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]]
++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
++ get_json_int_value id
++ local filter
+++ printf 's/.*"%s": *\([0-9]*\).*/\\1/p' id
++ filter='s/.*"id": *\([0-9]*\).*/\1/p'
++ sed -n 's/.*"id": *\([0-9]*\).*/\1/p'
+ ACCOUNT_ID=4935574
+ [[ 2 -eq 1 ]]
+ ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574
+ hookscript_bricker_hook
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' -d /opt/dehydrated/chains ']'
+ [[ -n domain.de www.domain.de ]]
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ DOMAINS_TXT=/tmp/dehydrated-qsGIOe
+ [[ -n '' ]]
+ printf -- 'domain.de www.domain.de'
+ ORIGIFS='
'
+ IFS='
'
++ tr -d '\r'
++ awk '{print tolower($0)}'
++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ grep -vE '^(#|$)'
+ for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true))
+ reset_configvars
+ KEY_ALGO=secp384r1
+ OCSP_MUST_STAPLE=no
+ PRIVATE_KEY_RENEW=yes
+ KEYSIZE=4096
+ CHALLENGETYPE=http-01
+ HOOK=
+ WELLKNOWN=/srv/http/dehydrated
+ HOOK_CHAIN=no
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ RENEW_DAYS=30
+ IP_VERSION=
+ IFS='
'
++ grep -Eo '>[^ ]+'
++ true
+ alias=
++ _sed -e 's/>[^ ]+[ ]*//g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/>[^ ]+[ ]*//g'
+ line='domain.de www.domain.de'
++ grep -Eo '>'
++ awk 'END {print NR}'
++ true
+ aliascount=0
+ '[' 0 -gt 1 ']'
++ printf '%s\n' 'domain.de www.domain.de'
++ cut '-d ' -f1
+ domain=domain.de
++ printf '%s\n' 'domain.de www.domain.de'
++ cut -s '-d ' -f2-
+ morenames=www.domain.de
+ '[' 0 -lt 1 ']'
+ alias=domain.de
+ export alias
+ [[ -z www.domain.de ]]
+ echo 'Processing domain.de with alternative names: www.domain.de'
Processing domain.de with alternative names: www.domain.de
+ '[' tb = '*.' ']'
+ local certdir=/etc/ssl/reksys/domain.de
+ cert=/etc/ssl/reksys/domain.de/cert.pem
+ chain=/etc/ssl/reksys/domain.de/chain.pem
+ force_renew=no
++ date +%s
+ timestamp=1521107702
+ [[ ! -e /etc/ssl/reksys/domain.de ]]
+ [[ -n '' ]]
+ certconfig=/etc/ssl/reksys/domain.de/config
+ '[' -f /etc/ssl/reksys/domain.de/config ']'
+ verify_config
+ [[ http-01 == \h\t\t\p\-\0\1 ]]
+ [[ http-01 = \d\n\s\-\0\1 ]]
+ [[ http-01 = \h\t\t\p\-\0\1 ]]
+ [[ ! -d /srv/http/dehydrated ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ 2 == \a\u\t\o ]]
+ [[ 2 == \1 ]]
+ [[ 2 == \2 ]]
+ hookscript_bricker_hook
+ [[ -n '' ]]
+ export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER
+ skip=no
+ local csr=
+ [[ -n '' ]]
+ [[ -e /etc/ssl/reksys/domain.de/cert.pem ]]
+ printf ' + Checking domain name(s) of existing cert...'
+ Checking domain name(s) of existing cert...++ openssl x509 -in /etc/ssl/reksys/domain.de/cert.pem -text -noout
++ grep DNS:
++ _sed s/DNS://g
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r s/DNS://g
++ tr , '\n'
++ tr -d ' '
++ sort -u
++ tr '\n' ' '
++ _sed 's/ $//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/ $//'
+ certnames='domain.de www.domain.de'
++ echo domain.de www.domain.de
++ tr ' ' '\n'
++ sort -u
++ tr '\n' ' '
++ _sed 's/ $//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/ $//'
++ _sed 's/^ //'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/^ //'
+ givennames='domain.de www.domain.de'
+ [[ domain.de www.domain.de = \t\b\-\i\t\f\.\d\e\ \w\w\w\.\t\b\-\i\t\f\.\d\e ]]
+ echo ' unchanged.'
unchanged.
+ [[ -e /etc/ssl/reksys/domain.de/cert.pem ]]
+ echo ' + Checking expire date of existing cert...'
+ Checking expire date of existing cert...
++ openssl x509 -enddate -noout -in /etc/ssl/reksys/domain.de/cert.pem
++ cut -d= -f2-
+ valid='Apr 3 22:05:12 2018 GMT'
+ printf ' + Valid till %s ' 'Apr 3 22:05:12 2018 GMT'
+ Valid till Apr 3 22:05:12 2018 GMT + openssl x509 -checkend 2592000 -noout -in /etc/ssl/reksys/domain.de/cert.pem
Certificate will expire
+ echo '(Less than 30 days). Renewing!'
(Less than 30 days). Renewing!
+ local update_ocsp
+ update_ocsp=no
+ [[ ! no = \y\e\s ]]
+ update_ocsp=yes
+ [[ -z '' ]]
+ [[ '' = \y\e\s ]]
+ sign_domain /etc/ssl/reksys/domain.de 1521107702 domain.de www.domain.de
+ local certdir=/etc/ssl/reksys/domain.de
+ shift
+ timestamp=1521107702
+ shift
+ domain=domain.de
+ altnames='domain.de www.domain.de'
+ export altnames
+ echo ' + Signing domains...'
+ Signing domains...
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ local privkey=privkey.pem
+ [[ ! -e /etc/ssl/reksys/domain.de/cert-1521107702.csr ]]
+ [[ ! -r /etc/ssl/reksys/domain.de/privkey.pem ]]
+ [[ yes = \y\e\s ]]
+ echo ' + Generating private key...'
+ Generating private key...
+ privkey=privkey-1521107702.pem
+ case "${KEY_ALGO}" in
+ _openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521107702.pem
+ set +e
++ openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521107702.pem
+ out=
+ res=0
+ set -e
+ [[ 0 -ne 0 ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.pem ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ [[ ! -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ [[ no = \y\e\s ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ echo ' + Generating signing request...'
+ Generating signing request...
+ SAN=
+ for altname in ${altnames}
+ SAN='DNS:domain.de, '
+ for altname in ${altnames}
+ SAN='DNS:domain.de, DNS:www.domain.de, '
+ SAN='DNS:domain.de, DNS:www.domain.de'
+ local tmp_openssl_cnf
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ tmp_openssl_cnf=/tmp/dehydrated-CcSKF0
+ cat /etc/ssl/openssl.cnf
+ printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.de, DNS:www.domain.de'
+ '[' no = yes ']'
+ SUBJ=/CN=domain.de/
+ [[ Linux = \M\I\N\G\W ]]
+ openssl req -new -sha256 -key /etc/ssl/reksys/domain.de/privkey-1521107702.pem -out /etc/ssl/reksys/domain.de/cert-1521107702.csr -subj /CN=domain.de/ -reqexts SAN -config /tmp/dehydrated-CcSKF0
+ rm -f /tmp/dehydrated-CcSKF0
+ crt_path=/etc/ssl/reksys/domain.de/cert-1521107702.pem
+ sign_csr '-----BEGIN CERTIFICATE REQUEST-----
MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAARY2/Y8cRAXz9KayEaFiY8XJXfBthZ9NSwQF6mUNHyNK6BXYXxiC17y
...
I7+jnF+SuKAFQvVl5HRnm1nYK9lGT5nLutqygdHMQNm1FfTbAjAiu5uIbjmn9PYJ
jrnCTJ+DC+RVToZ03IuNuXU8eAqVtuFu78LFtKiHEqiPRlAkRzQ=
-----END CERTIFICATE REQUEST-----' domain.de www.domain.de
+ csr='-----BEGIN CERTIFICATE REQUEST-----
MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAARY2/Y8cRAXz9KayEaFiY8XJXfBthZ9NSwQF6mUNHyNK6BXYXxiC17y
...
I7+jnF+SuKAFQvVl5HRnm1nYK9lGT5nLutqygdHMQNm1FfTbAjAiu5uIbjmn9PYJ
jrnCTJ+DC+RVToZ03IuNuXU8eAqVtuFu78LFtKiHEqiPRlAkRzQ=
-----END CERTIFICATE REQUEST-----'
+ :
+ shift 1
+ export 'altnames=domain.de www.domain.de'
+ altnames='domain.de www.domain.de'
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ [[ -n '' ]]
+ local -a challenge_identifiers challenge_uris challenge_tokens authorizations keyauths deploy_args
+ [[ 2 -eq 2 ]]
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' domain.de
+ challenge_identifiers+='{"type": "dns", "value": "domain.de"}, '
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' www.domain.de
+ challenge_identifiers+='{"type": "dns", "value": "www.domain.de"}, '
+ challenge_identifiers='[{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]'
+ echo ' + Requesting new certificate order from CA...'
+ Requesting new certificate order from CA...
++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}'
+++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19
++ [[ 2 -eq 1 ]]
+++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce
+++ grep Replay-Nonce:
+++ awk -F ': ' '{print $2}'
+++ tr -d '\n\r'
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempcont=/tmp/dehydrated-PCKWNe
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempheaders=/tmp/dehydrated-Ur7gmS
+++ [[ -n '' ]]
+++ set +e
+++ [[ head = \h\e\a\d ]]
++++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-PCKWNe https://acme-v02.api.letsencrypt.org/acme/new-nonce -I
+++ statuscode=204
+++ touch /tmp/dehydrated-Ur7gmS
+++ curlret=0
+++ set -e
+++ [[ ! 0 = \0 ]]
+++ [[ ! 2 = \2 ]]
+++ cat /tmp/dehydrated-Ur7gmS
+++ cat /tmp/dehydrated-PCKWNe
+++ rm -f /tmp/dehydrated-PCKWNe
+++ rm -f /tmp/dehydrated-Ur7gmS
++ nonce=UT2G1O0FxgF7-v6XsqB-GcnIC1WssnoPATviVkSruhw
++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}'
++ [[ 2 -eq 1 ]]
++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]]
++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "UT2G1O0FxgF7-v6XsqB-GcnIC1WssnoPATviVkSruhw"}'
+++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "UT2G1O0FxgF7-v6XsqB-GcnIC1WssnoPATviVkSruhw"}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ
+++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19
+++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ signed64=QBzpQ9dQoIcYzNJCtv9qRofVHNOqrrHiTElFMeobXgoE-ESwMXmkB-DTuxAcW1yRx-KDl7HRafl_iSpCDZgAzrTngUQTcU_Mhk1XtetHGmevWrJhjA0t7TVuSVa7futxErmIymmARYgxaisqXb00CJSBDpaAI_tURIe47qhOmzno_EVqvtmgclpNRbhkLcb3ezVIoV0D2hUTCn5KUChAxp4pbOaivSw02oDWuFwzZ3a7i3vKPnVs6ceks2lKn5KEjpdPgW6QaNMEBn_gQQpD3fgd2YTQGqvipIcZ2ZMVxTySfIOMUlLEhtFLqycm0DwL9bbMZ_Yb7-siIa9U3MBmYGW3KYDf3UtVJx15hibIR7OtLJCG1GoVaw3JYnew47xfvYEbiOpyxkZUoBg7z8VqxSy48p3Z8WBDZHICnPig0S6rzapGcL0-EPLUVUtcjnZicL1hauCFCXHYRF0waX-sJa2oWYyZyDF4v-8m5vQSwxscCr8aQeTgytMmp_rHWeICM6TglQZJQbkgbRsDjIIdqk49BqPBJ-lN5wuuClANJs9zF8vZMXwGU6bGH5yapJuYMT8YKJuXzt7oiwClp5P9zufPY3713cYG-L0E7_lFCHs6f4ab9_j1pTJ9sFFlAhUozdN3Q73Jmgu7pPNy3xW2khDfx3GIU4sNa9v60AE4RhY
++ [[ 2 -eq 1 ]]
++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "QBzpQ9dQoIcYzNJCtv9qRofVHNOqrrHiTElFMeobXgoE-ESwMXmkB-DTuxAcW1yRx-KDl7HRafl_iSpCDZgAzrTngUQTcU_Mhk1XtetHGmevWrJhjA0t7TVuSVa7futxErmIymmARYgxaisqXb00CJSBDpaAI_tURIe47qhOmzno_EVqvtmgclpNRbhkLcb3ezVIoV0D2hUTCn5KUChAxp4pbOaivSw02oDWuFwzZ3a7i3vKPnVs6ceks2lKn5KEjpdPgW6QaNMEBn_gQQpD3fgd2YTQGqvipIcZ2ZMVxTySfIOMUlLEhtFLqycm0DwL9bbMZ_Yb7-siIa9U3MBmYGW3KYDf3UtVJx15hibIR7OtLJCG1GoVaw3JYnew47xfvYEbiOpyxkZUoBg7z8VqxSy48p3Z8WBDZHICnPig0S6rzapGcL0-EPLUVUtcjnZicL1hauCFCXHYRF0waX-sJa2oWYyZyDF4v-8m5vQSwxscCr8aQeTgytMmp_rHWeICM6TglQZJQbkgbRsDjIIdqk49BqPBJ-lN5wuuClANJs9zF8vZMXwGU6bGH5yapJuYMT8YKJuXzt7oiwClp5P9zufPY3713cYG-L0E7_lFCHs6f4ab9_j1pTJ9sFFlAhUozdN3Q73Jmgu7pPNy3xW2khDfx3GIU4sNa9v60AE4RhY"}'
++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "QBzpQ9dQoIcYzNJCtv9qRofVHNOqrrHiTElFMeobXgoE-ESwMXmkB-DTuxAcW1yRx-KDl7HRafl_iSpCDZgAzrTngUQTcU_Mhk1XtetHGmevWrJhjA0t7TVuSVa7futxErmIymmARYgxaisqXb00CJSBDpaAI_tURIe47qhOmzno_EVqvtmgclpNRbhkLcb3ezVIoV0D2hUTCn5KUChAxp4pbOaivSw02oDWuFwzZ3a7i3vKPnVs6ceks2lKn5KEjpdPgW6QaNMEBn_gQQpD3fgd2YTQGqvipIcZ2ZMVxTySfIOMUlLEhtFLqycm0DwL9bbMZ_Yb7-siIa9U3MBmYGW3KYDf3UtVJx15hibIR7OtLJCG1GoVaw3JYnew47xfvYEbiOpyxkZUoBg7z8VqxSy48p3Z8WBDZHICnPig0S6rzapGcL0-EPLUVUtcjnZicL1hauCFCXHYRF0waX-sJa2oWYyZyDF4v-8m5vQSwxscCr8aQeTgytMmp_rHWeICM6TglQZJQbkgbRsDjIIdqk49BqPBJ-lN5wuuClANJs9zF8vZMXwGU6bGH5yapJuYMT8YKJuXzt7oiwClp5P9zufPY3713cYG-L0E7_lFCHs6f4ab9_j1pTJ9sFFlAhUozdN3Q73Jmgu7pPNy3xW2khDfx3GIU4sNa9v60AE4RhY"}'
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-Qn0Nu7
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-kMe0wM
++ [[ -n '' ]]
++ set +e
++ [[ post = \h\e\a\d ]]
++ [[ post = \g\e\t ]]
++ [[ post = \p\o\s\t ]]
+++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-Qn0Nu7 https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-kMe0wM -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlVUMkcxTzBGeGdGNy12NlhzcUItR2NuSUMxV3Nzbm9QQVR2aVZrU3J1aHcifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "QBzpQ9dQoIcYzNJCtv9qRofVHNOqrrHiTElFMeobXgoE-ESwMXmkB-DTuxAcW1yRx-KDl7HRafl_iSpCDZgAzrTngUQTcU_Mhk1XtetHGmevWrJhjA0t7TVuSVa7futxErmIymmARYgxaisqXb00CJSBDpaAI_tURIe47qhOmzno_EVqvtmgclpNRbhkLcb3ezVIoV0D2hUTCn5KUChAxp4pbOaivSw02oDWuFwzZ3a7i3vKPnVs6ceks2lKn5KEjpdPgW6QaNMEBn_gQQpD3fgd2YTQGqvipIcZ2ZMVxTySfIOMUlLEhtFLqycm0DwL9bbMZ_Yb7-siIa9U3MBmYGW3KYDf3UtVJx15hibIR7OtLJCG1GoVaw3JYnew47xfvYEbiOpyxkZUoBg7z8VqxSy48p3Z8WBDZHICnPig0S6rzapGcL0-EPLUVUtcjnZicL1hauCFCXHYRF0waX-sJa2oWYyZyDF4v-8m5vQSwxscCr8aQeTgytMmp_rHWeICM6TglQZJQbkgbRsDjIIdqk49BqPBJ-lN5wuuClANJs9zF8vZMXwGU6bGH5yapJuYMT8YKJuXzt7oiwClp5P9zufPY3713cYG-L0E7_lFCHs6f4ab9_j1pTJ9sFFlAhUozdN3Q73Jmgu7pPNy3xW2khDfx3GIU4sNa9v60AE4RhY"}'
++ statuscode=201
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-kMe0wM
cat: Schreibfehler: Datenübergabe unterbrochen (broken pipe)
+ result=
+ remove_lock
+ rm -f /opt/dehydrated/lock
Hu, that looks really weird...
Can you look for this section in the code (end of http_request
method)...
if { true >&4; } 2>/dev/null; then
cat "${tempheaders}" >&4
fi
cat "${tempcont}"
rm -f "${tempcont}"
rm -f "${tempheaders}"
...and add some debug code like this...
echo "checking pipe 4" >&2
if { true >&4; } 2>/dev/null; then
echo "using pipe 4" >&2
cat "${tempheaders}" >&4
fi
echo "getting curl output" >&2
cat "${tempcont}"
echo "deleting temp files" >&2
rm -f "${tempcont}"
rm -f "${tempheaders}"
... and tell me what the result is?
Also the output of dehydrated --version
would be helpful.
Here's the version output:
# ./dehydrated --version
# INFO: Using main config file /opt/dehydrated/config
Dehydrated by Lukas Schauer
https://dehydrated.de
Dehydrated version: git-master-after-0.6.1
GIT-Revision: b93eac389395c8228be48999bf51c9f45e775a88
OS: Arch Linux
Used software:
bash: 4.4.19(1)-release
curl: curl 7.58.0
awk: GNU Awk 4.2.1, API: 2.0 (GNU MPFR 4.0.1, GNU MP 6.1.2)
sed: sed (GNU sed) 4.4
mktemp: mktemp (GNU coreutils) 8.29
grep: grep (GNU grep) 3.1
diff: diff (GNU diffutils) 3.6
openssl: OpenSSL 1.1.0g 2 Nov 2017
And here's the output including your Debug Code:
+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ VERSION=git-master-after-0.6.1
+ SOURCE=/opt/dehydrated/dehydrated
+ '[' -h /opt/dehydrated/dehydrated ']'
+++ dirname /opt/dehydrated/dehydrated
++ cd -P /opt/dehydrated
++ pwd
+ SCRIPTDIR=/opt/dehydrated
+ BASEDIR=/opt/dehydrated
+ ORIGARGS='-c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de
+ COMMAND=
+ [[ -z -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de ]]
+ (( 9 ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ (( 8 ))
+ case "${1}" in
+ shift 1
+ check_parameters /etc/ssl/reksys
+ [[ -z /etc/ssl/reksys ]]
+ [[ / = \- ]]
+ PARAM_CERTDIR=/etc/ssl/reksys
+ shift 1
+ (( 6 ))
+ case "${1}" in
+ shift 1
+ check_parameters secp384r1
+ [[ -z secp384r1 ]]
+ [[ s = \- ]]
+ PARAM_KEY_ALGO=secp384r1
+ shift 1
+ (( 4 ))
+ case "${1}" in
+ shift 1
+ check_parameters domain.de
+ [[ -z domain.de ]]
+ [[ t = \- ]]
+ [[ -z '' ]]
+ PARAM_DOMAIN=domain.de
+ shift 1
+ (( 2 ))
+ case "${1}" in
+ shift 1
+ check_parameters www.domain.de
+ [[ -z www.domain.de ]]
+ [[ w = \- ]]
+ [[ -z domain.de ]]
+ PARAM_DOMAIN='domain.de www.domain.de'
+ shift 1
+ (( 0 ))
+ case "${COMMAND}" in
+ command_sign_domains
+ init_system
+ load_config
+ [[ -z '' ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /usr/local/etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/reksys/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/dehydrated/config ]]
+ BASEDIR=/opt/dehydrated
+ CONFIG=/opt/dehydrated/config
+ break
+ CA=https://acme-v02.api.letsencrypt.org/directory
+ OLDCA=
+ CERTDIR=
+ ACCOUNTDIR=
+ CHALLENGETYPE=http-01
+ CONFIG_D=
+ CURL_OPTS=
+ DOMAINS_D=
+ DOMAINS_TXT=
+ HOOK=
+ HOOK_CHAIN=no
+ RENEW_DAYS=30
+ KEYSIZE=4096
+ WELLKNOWN=
+ PRIVATE_KEY_RENEW=yes
+ PRIVATE_KEY_ROLLOVER=no
+ KEY_ALGO=rsa
+ OPENSSL=openssl
+ OPENSSL_CNF=
+ CONTACT_EMAIL=
+ LOCKFILE=
+ OCSP_MUST_STAPLE=no
+ OCSP_FETCH=no
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP=no
+ DEHYDRATED_USER=
+ DEHYDRATED_GROUP=
+ API=auto
+ [[ -z /opt/dehydrated/config ]]
+ [[ -f /opt/dehydrated/config ]]
+ echo '# INFO: Using main config file /opt/dehydrated/config'
# INFO: Using main config file /opt/dehydrated/config
++ dirname /opt/dehydrated/config
+ BASEDIR=/opt/dehydrated
+ . /opt/dehydrated/config
++ CHALLENGETYPE=http-01
++ WELLKNOWN=/srv/http/dehydrated
++ KEYSIZE=4096
++ PRIVATE_KEY_RENEW=yes
++ KEY_ALGO=rsa
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ check_dependencies
+ openssl version
+ _sed ''
+ command -v grep
+ command -v mktemp
+ command -v diff
+ set +e
++ awk '{print $2}'
++ head -n1
++ curl -V
+ CURL_VERSION=7.58.0
+ retcode=0
+ set -e
+ [[ ! 0 = \0 ]]
+ [[ /opt/dehydrated != \/ ]]
+ BASEDIR=/opt/dehydrated
+ [[ -d /opt/dehydrated ]]
+ [[ -z '' ]]
+ [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]]
+ OLDCA=https://acme-v01.api.letsencrypt.org/directory
++ echo https://acme-v02.api.letsencrypt.org/directory
++ urlbase64
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ tr -d '\n\r'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ openssl base64 -e
+ CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo
+ [[ -z '' ]]
+ ACCOUNTDIR=/opt/dehydrated/accounts
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]]
+ [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]]
+ ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+ ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
+ [[ -f /opt/dehydrated/private_key.pem ]]
+ [[ -f /opt/dehydrated/private_key.json ]]
+ [[ -z '' ]]
+ CERTDIR=/opt/dehydrated/certs
+ [[ -z '' ]]
+ CHAINCACHE=/opt/dehydrated/chains
+ [[ -z '' ]]
+ DOMAINS_TXT=/opt/dehydrated/domains.txt
+ [[ -z /srv/http/dehydrated ]]
+ [[ -z '' ]]
+ LOCKFILE=/opt/dehydrated/lock
+ [[ -z '' ]]
++ cut '-d"' -f2
++ openssl version -d
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n /etc/ssl/reksys ]]
+ CERTDIR=/etc/ssl/reksys
+ [[ -n '' ]]
+ [[ -n secp384r1 ]]
+ KEY_ALGO=secp384r1
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' '' = noverify ']'
+ verify_config
+ [[ http-01 == \h\t\t\p\-\0\1 ]]
+ [[ http-01 = \d\n\s\-\0\1 ]]
+ [[ http-01 = \h\t\t\p\-\0\1 ]]
+ [[ ! -d /srv/http/dehydrated ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ auto == \a\u\t\o ]]
+ store_configvars
+ __KEY_ALGO=secp384r1
+ __OCSP_MUST_STAPLE=no
+ __PRIVATE_KEY_RENEW=yes
+ __KEYSIZE=4096
+ __CHALLENGETYPE=http-01
+ __HOOK=
+ __WELLKNOWN=/srv/http/dehydrated
+ __HOOK_CHAIN=no
+ __OPENSSL_CNF=/etc/ssl/openssl.cnf
+ __RENEW_DAYS=30
+ __IP_VERSION=
+ [[ -n /opt/dehydrated/lock ]]
++ dirname /opt/dehydrated/lock
+ LOCKDIR=/opt/dehydrated
+ [[ -w /opt/dehydrated ]]
+ trap remove_lock EXIT
++ http_request get https://acme-v02.api.letsencrypt.org/directory
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-KiC0gb
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-exvjsg
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -L -s -w '%{http_code}' -o /tmp/dehydrated-KiC0gb -D /tmp/dehydrated-exvjsg https://acme-v02.api.letsencrypt.org/directory
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ echo 'checking pipe 4'
checking pipe 4
++ echo 'using pipe 4'
using pipe 4
++ cat /tmp/dehydrated-exvjsg
++ echo 'getting curl output'
getting curl output
++ cat /tmp/dehydrated-KiC0gb
++ echo 'deleting temp files'
deleting temp files
++ rm -f /tmp/dehydrated-KiC0gb
++ rm -f /tmp/dehydrated-exvjsg
+ CA_DIRECTORY='{
"CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
+ [[ auto = \a\u\t\o ]]
+ grep -q newOrder
+ API=2
+ [[ 2 -eq 1 ]]
++ printf %s '{
"CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
++ get_json_string_value newOrder
}'
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newOrder
++ filter='s/.*"newOrder": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newOrder": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order
++ printf %s '{
"CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newNonce
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newNonce
++ filter='s/.*"newNonce": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newNonce": *"\([^"]*\)".*/\1/p'
+ CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce
++ printf %s '{
"CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newAccount
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newAccount
++ filter='s/.*"newAccount": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newAccount": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct
++ printf %s '{
"CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value termsOfService
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' termsOfService
++ filter='s/.*"termsOfService": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"termsOfService": *"\([^"]*\)".*/\1/p'
+ CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
++ printf %s '{
"CxMsOnJE6t0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value revokeCert
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' revokeCert
++ filter='s/.*"revokeCert": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"revokeCert": *"\([^"]*\)".*/\1/p'
+ CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert
+ CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct
+ export WELLKNOWN BASEDIR CERTDIR CONFIG COMMAND
+ register_new_key=no
+ [[ -n '' ]]
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]]
+ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check
++ hex2bin
++ urlbase64
+++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text
++ openssl base64 -e
+++ cat
++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ awk '/publicExponent/ {print $2}'
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ tr -d '\n\r'
++ [[ Linux = \L\i\n\u\x ]]
+++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf %x 65537
++ printf -- '\x01\x00\x01'
+ pubExponent64=AQAB
++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus
++ cut -d= -f2
++ urlbase64
++ hex2bin
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ cat
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3'
+ pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ urlbase64
++ openssl dgst -sha256 -binary
++ openssl base64 -e
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ tr -d '\n\r'
+ thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ [[ no = \y\e\s ]]
+ [[ sign_domains = \r\e\g\i\s\t\e\r ]]
+ [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]]
++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
++ get_json_int_value id
++ local filter
+++ printf 's/.*"%s": *\([0-9]*\).*/\\1/p' id
++ filter='s/.*"id": *\([0-9]*\).*/\1/p'
++ sed -n 's/.*"id": *\([0-9]*\).*/\1/p'
+ ACCOUNT_ID=4935574
+ [[ 2 -eq 1 ]]
+ ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574
+ hookscript_bricker_hook
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' -d /opt/dehydrated/chains ']'
+ [[ -n domain.de www.domain.de ]]
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ DOMAINS_TXT=/tmp/dehydrated-1e049T
+ [[ -n '' ]]
+ printf -- 'domain.de www.domain.de'
+ ORIGIFS='
'
+ IFS='
'
++ tr -d '\r'
++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ grep -vE '^(#|$)'
++ awk '{print tolower($0)}'
+ for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true))
+ reset_configvars
+ KEY_ALGO=secp384r1
+ OCSP_MUST_STAPLE=no
+ PRIVATE_KEY_RENEW=yes
+ KEYSIZE=4096
+ CHALLENGETYPE=http-01
+ HOOK=
+ WELLKNOWN=/srv/http/dehydrated
+ HOOK_CHAIN=no
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ RENEW_DAYS=30
+ IP_VERSION=
+ IFS='
'
++ grep -Eo '>[^ ]+'
++ true
+ alias=
++ _sed -e 's/>[^ ]+[ ]*//g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/>[^ ]+[ ]*//g'
+ line='domain.de www.domain.de'
++ grep -Eo '>'
++ awk 'END {print NR}'
++ true
+ aliascount=0
+ '[' 0 -gt 1 ']'
++ printf '%s\n' 'domain.de www.domain.de'
++ cut '-d ' -f1
+ domain=domain.de
++ printf '%s\n' 'domain.de www.domain.de'
++ cut -s '-d ' -f2-
+ morenames=www.domain.de
+ '[' 0 -lt 1 ']'
+ alias=domain.de
+ export alias
+ [[ -z www.domain.de ]]
+ echo 'Processing domain.de with alternative names: www.domain.de'
Processing domain.de with alternative names: www.domain.de
+ '[' tb = '*.' ']'
+ local certdir=/etc/ssl/reksys/domain.de
+ cert=/etc/ssl/reksys/domain.de/cert.pem
+ chain=/etc/ssl/reksys/domain.de/chain.pem
+ force_renew=no
++ date +%s
+ timestamp=1521110104
+ [[ ! -e /etc/ssl/reksys/domain.de ]]
+ [[ -n '' ]]
+ certconfig=/etc/ssl/reksys/domain.de/config
+ '[' -f /etc/ssl/reksys/domain.de/config ']'
+ verify_config
+ [[ http-01 == \h\t\t\p\-\0\1 ]]
+ [[ http-01 = \d\n\s\-\0\1 ]]
+ [[ http-01 = \h\t\t\p\-\0\1 ]]
+ [[ ! -d /srv/http/dehydrated ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ 2 == \a\u\t\o ]]
+ [[ 2 == \1 ]]
+ [[ 2 == \2 ]]
+ hookscript_bricker_hook
+ [[ -n '' ]]
+ export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER
+ skip=no
+ local csr=
+ [[ -n '' ]]
+ [[ -e /etc/ssl/reksys/domain.de/cert.pem ]]
+ printf ' + Checking domain name(s) of existing cert...'
+ Checking domain name(s) of existing cert...++ openssl x509 -in /etc/ssl/reksys/domain.de/cert.pem -text -noout
++ grep DNS:
++ _sed s/DNS://g
++ tr -d ' '
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r s/DNS://g
++ tr , '\n'
++ tr '\n' ' '
++ sort -u
++ _sed 's/ $//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/ $//'
+ certnames='domain.de www.domain.de'
++ echo domain.de www.domain.de
++ tr ' ' '\n'
++ sort -u
++ tr '\n' ' '
++ _sed 's/ $//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/ $//'
++ _sed 's/^ //'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/^ //'
+ givennames='domain.de www.domain.de'
+ [[ domain.de www.domain.de = \t\b\-\i\t\f\.\d\e\ \w\w\w\.\t\b\-\i\t\f\.\d\e ]]
+ echo ' unchanged.'
unchanged.
+ [[ -e /etc/ssl/reksys/domain.de/cert.pem ]]
+ echo ' + Checking expire date of existing cert...'
+ Checking expire date of existing cert...
++ openssl x509 -enddate -noout -in /etc/ssl/reksys/domain.de/cert.pem
++ cut -d= -f2-
+ valid='Apr 3 22:05:12 2018 GMT'
+ printf ' + Valid till %s ' 'Apr 3 22:05:12 2018 GMT'
+ Valid till Apr 3 22:05:12 2018 GMT + openssl x509 -checkend 2592000 -noout -in /etc/ssl/reksys/domain.de/cert.pem
Certificate will expire
+ echo '(Less than 30 days). Renewing!'
(Less than 30 days). Renewing!
+ local update_ocsp
+ update_ocsp=no
+ [[ ! no = \y\e\s ]]
+ update_ocsp=yes
+ [[ -z '' ]]
+ [[ '' = \y\e\s ]]
+ sign_domain /etc/ssl/reksys/domain.de 1521110104 domain.de www.domain.de
+ local certdir=/etc/ssl/reksys/domain.de
+ shift
+ timestamp=1521110104
+ shift
+ domain=domain.de
+ altnames='domain.de www.domain.de'
+ export altnames
+ echo ' + Signing domains...'
+ Signing domains...
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ local privkey=privkey.pem
+ [[ ! -e /etc/ssl/reksys/domain.de/cert-1521110104.csr ]]
+ [[ ! -r /etc/ssl/reksys/domain.de/privkey.pem ]]
+ [[ yes = \y\e\s ]]
+ echo ' + Generating private key...'
+ Generating private key...
+ privkey=privkey-1521110104.pem
+ case "${KEY_ALGO}" in
+ _openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521110104.pem
+ set +e
++ openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521110104.pem
+ out=
+ res=0
+ set -e
+ [[ 0 -ne 0 ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.pem ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ [[ ! -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ [[ no = \y\e\s ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ echo ' + Generating signing request...'
+ Generating signing request...
+ SAN=
+ for altname in ${altnames}
+ SAN='DNS:domain.de, '
+ for altname in ${altnames}
+ SAN='DNS:domain.de, DNS:www.domain.de, '
+ SAN='DNS:domain.de, DNS:www.domain.de'
+ local tmp_openssl_cnf
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ tmp_openssl_cnf=/tmp/dehydrated-cLPxsl
+ cat /etc/ssl/openssl.cnf
+ printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.de, DNS:www.domain.de'
+ '[' no = yes ']'
+ SUBJ=/CN=domain.de/
+ [[ Linux = \M\I\N\G\W ]]
+ openssl req -new -sha256 -key /etc/ssl/reksys/domain.de/privkey-1521110104.pem -out /etc/ssl/reksys/domain.de/cert-1521110104.csr -subj /CN=domain.de/ -reqexts SAN -config /tmp/dehydrated-cLPxsl
+ rm -f /tmp/dehydrated-cLPxsl
+ crt_path=/etc/ssl/reksys/domain.de/cert-1521110104.pem
+ sign_csr '-----BEGIN CERTIFICATE REQUEST-----
MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAAQS1Nm9UE4byVuXzn6tec6aoarTyHe9lQmWH2A9uGW7z8oN25D7G2A4
...
0Lf3LaJc1FG6WcUEHhlhpOU1A+F+wzfiefkO0SLVvj1aEkeVAjBAdHpFotmL8u0Q
QKyysfUpz8bxGgA2tY98GSrL7vSyrqX4pGKv6sdqNl+RuyAIc/M=
-----END CERTIFICATE REQUEST-----' domain.de www.domain.de
+ csr='-----BEGIN CERTIFICATE REQUEST-----
MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAAQS1Nm9UE4byVuXzn6tec6aoarTyHe9lQmWH2A9uGW7z8oN25D7G2A4
...
0Lf3LaJc1FG6WcUEHhlhpOU1A+F+wzfiefkO0SLVvj1aEkeVAjBAdHpFotmL8u0Q
QKyysfUpz8bxGgA2tY98GSrL7vSyrqX4pGKv6sdqNl+RuyAIc/M=
-----END CERTIFICATE REQUEST-----'
+ :
+ shift 1
+ export 'altnames=domain.de www.domain.de'
+ altnames='domain.de www.domain.de'
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ [[ -n '' ]]
+ local -a challenge_identifiers challenge_uris challenge_tokens authorizations keyauths deploy_args
+ [[ 2 -eq 2 ]]
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' domain.de
+ challenge_identifiers+='{"type": "dns", "value": "domain.de"}, '
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' www.domain.de
+ challenge_identifiers+='{"type": "dns", "value": "www.domain.de"}, '
+ challenge_identifiers='[{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]'
+ echo ' + Requesting new certificate order from CA...'
+ Requesting new certificate order from CA...
++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}'
+++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}'
+++ urlbase64
+++ openssl base64 -e
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ tr -d '\n\r'
++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19
++ [[ 2 -eq 1 ]]
+++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce
+++ awk -F ': ' '{print $2}'
+++ tr -d '\n\r'
+++ grep Replay-Nonce:
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempcont=/tmp/dehydrated-G0Ruem
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempheaders=/tmp/dehydrated-MG8i31
+++ [[ -n '' ]]
+++ set +e
+++ [[ head = \h\e\a\d ]]
++++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-G0Ruem https://acme-v02.api.letsencrypt.org/acme/new-nonce -I
+++ statuscode=204
+++ touch /tmp/dehydrated-MG8i31
+++ curlret=0
+++ set -e
+++ [[ ! 0 = \0 ]]
+++ [[ ! 2 = \2 ]]
+++ echo 'checking pipe 4'
checking pipe 4
+++ echo 'using pipe 4'
using pipe 4
+++ cat /tmp/dehydrated-MG8i31
+++ echo 'getting curl output'
getting curl output
+++ cat /tmp/dehydrated-G0Ruem
+++ echo 'deleting temp files'
deleting temp files
+++ rm -f /tmp/dehydrated-G0Ruem
+++ rm -f /tmp/dehydrated-MG8i31
++ nonce=7THrq5H6UPDCLVzRxJqfgMQ-Nvb7mMSMj6ctDrSFl08
++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}'
++ [[ 2 -eq 1 ]]
++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]]
++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "7THrq5H6UPDCLVzRxJqfgMQ-Nvb7mMSMj6ctDrSFl08"}'
+++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "7THrq5H6UPDCLVzRxJqfgMQ-Nvb7mMSMj6ctDrSFl08"}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ
+++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19
+++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+++ urlbase64
+++ openssl base64 -e
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ tr -d '\n\r'
++ signed64=aJWcBpn2kjTLpODS5vGr-1MPCS05LTfydmWyzzeTLaj6WpQMk3DwYeTXSJ8XF-HfvlO45MDVwih745e26bwXf9Czne1MkPH3eCAfHp6D-DFdgaL2WxDJSs7EXP0Oix7Hsm1_fZEYlPEMciWh17s_RkmrXJX2ge_JX0HsrOCzEtYllK-ZEtTlEr_jbcOp-hd6dGOQw4lU7NLHIZ9lpNrXUlYCCSLSmMa7oJ0WHmJ1KjpwKbz5SycTU4PrbRmtXmaehYm7IU-0X1ISM55tkz3_wVsA_LJSe4q8gR0cSUBOPNmcS1YC0JPzkuIgGZxRfwlZKG5GJGVXMlGZAKou3g-HUM7DdbP28gS0MXvVcPUrQnT-u5UyeBbbja4cXZ-Qd9-8Jvyq3vph0395dUTqm0xlpSg0iDTaxjGch1puM9k9ek8xnu7A-E_HJpNepzlvUWNry4YOBkXOi641Da_fTGToB58N7HVWErgmZUtRjT6J7UQkb8_fv4-em9jsUQSbHgThcLfqm839v2NoiBaOMhxBkeSXB8Wa1wyVLX12Gh4sOniaJFAfdRblnLVyCDrKahJBI622AzOD4FCD04kh2hdnF1LWfWc3Vf9_6QqfT0YpBbQglEWo7KVOZa1p4C_ribSWAY0AkLOTWsaiE-7M2PQTYLpxc-axNtD9cRvYcpEK-Hg
++ [[ 2 -eq 1 ]]
++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "aJWcBpn2kjTLpODS5vGr-1MPCS05LTfydmWyzzeTLaj6WpQMk3DwYeTXSJ8XF-HfvlO45MDVwih745e26bwXf9Czne1MkPH3eCAfHp6D-DFdgaL2WxDJSs7EXP0Oix7Hsm1_fZEYlPEMciWh17s_RkmrXJX2ge_JX0HsrOCzEtYllK-ZEtTlEr_jbcOp-hd6dGOQw4lU7NLHIZ9lpNrXUlYCCSLSmMa7oJ0WHmJ1KjpwKbz5SycTU4PrbRmtXmaehYm7IU-0X1ISM55tkz3_wVsA_LJSe4q8gR0cSUBOPNmcS1YC0JPzkuIgGZxRfwlZKG5GJGVXMlGZAKou3g-HUM7DdbP28gS0MXvVcPUrQnT-u5UyeBbbja4cXZ-Qd9-8Jvyq3vph0395dUTqm0xlpSg0iDTaxjGch1puM9k9ek8xnu7A-E_HJpNepzlvUWNry4YOBkXOi641Da_fTGToB58N7HVWErgmZUtRjT6J7UQkb8_fv4-em9jsUQSbHgThcLfqm839v2NoiBaOMhxBkeSXB8Wa1wyVLX12Gh4sOniaJFAfdRblnLVyCDrKahJBI622AzOD4FCD04kh2hdnF1LWfWc3Vf9_6QqfT0YpBbQglEWo7KVOZa1p4C_ribSWAY0AkLOTWsaiE-7M2PQTYLpxc-axNtD9cRvYcpEK-Hg"}'
++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "aJWcBpn2kjTLpODS5vGr-1MPCS05LTfydmWyzzeTLaj6WpQMk3DwYeTXSJ8XF-HfvlO45MDVwih745e26bwXf9Czne1MkPH3eCAfHp6D-DFdgaL2WxDJSs7EXP0Oix7Hsm1_fZEYlPEMciWh17s_RkmrXJX2ge_JX0HsrOCzEtYllK-ZEtTlEr_jbcOp-hd6dGOQw4lU7NLHIZ9lpNrXUlYCCSLSmMa7oJ0WHmJ1KjpwKbz5SycTU4PrbRmtXmaehYm7IU-0X1ISM55tkz3_wVsA_LJSe4q8gR0cSUBOPNmcS1YC0JPzkuIgGZxRfwlZKG5GJGVXMlGZAKou3g-HUM7DdbP28gS0MXvVcPUrQnT-u5UyeBbbja4cXZ-Qd9-8Jvyq3vph0395dUTqm0xlpSg0iDTaxjGch1puM9k9ek8xnu7A-E_HJpNepzlvUWNry4YOBkXOi641Da_fTGToB58N7HVWErgmZUtRjT6J7UQkb8_fv4-em9jsUQSbHgThcLfqm839v2NoiBaOMhxBkeSXB8Wa1wyVLX12Gh4sOniaJFAfdRblnLVyCDrKahJBI622AzOD4FCD04kh2hdnF1LWfWc3Vf9_6QqfT0YpBbQglEWo7KVOZa1p4C_ribSWAY0AkLOTWsaiE-7M2PQTYLpxc-axNtD9cRvYcpEK-Hg"}'
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-enUC9f
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-cD2Yk0
++ [[ -n '' ]]
++ set +e
++ [[ post = \h\e\a\d ]]
++ [[ post = \g\e\t ]]
++ [[ post = \p\o\s\t ]]
+++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-enUC9f https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-cD2Yk0 -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIjdUSHJxNUg2VVBEQ0xWelJ4SnFmZ01RLU52YjdtTVNNajZjdERyU0ZsMDgifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "aJWcBpn2kjTLpODS5vGr-1MPCS05LTfydmWyzzeTLaj6WpQMk3DwYeTXSJ8XF-HfvlO45MDVwih745e26bwXf9Czne1MkPH3eCAfHp6D-DFdgaL2WxDJSs7EXP0Oix7Hsm1_fZEYlPEMciWh17s_RkmrXJX2ge_JX0HsrOCzEtYllK-ZEtTlEr_jbcOp-hd6dGOQw4lU7NLHIZ9lpNrXUlYCCSLSmMa7oJ0WHmJ1KjpwKbz5SycTU4PrbRmtXmaehYm7IU-0X1ISM55tkz3_wVsA_LJSe4q8gR0cSUBOPNmcS1YC0JPzkuIgGZxRfwlZKG5GJGVXMlGZAKou3g-HUM7DdbP28gS0MXvVcPUrQnT-u5UyeBbbja4cXZ-Qd9-8Jvyq3vph0395dUTqm0xlpSg0iDTaxjGch1puM9k9ek8xnu7A-E_HJpNepzlvUWNry4YOBkXOi641Da_fTGToB58N7HVWErgmZUtRjT6J7UQkb8_fv4-em9jsUQSbHgThcLfqm839v2NoiBaOMhxBkeSXB8Wa1wyVLX12Gh4sOniaJFAfdRblnLVyCDrKahJBI622AzOD4FCD04kh2hdnF1LWfWc3Vf9_6QqfT0YpBbQglEWo7KVOZa1p4C_ribSWAY0AkLOTWsaiE-7M2PQTYLpxc-axNtD9cRvYcpEK-Hg"}'
++ statuscode=201
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ echo 'checking pipe 4'
checking pipe 4
++ echo 'using pipe 4'
using pipe 4
++ cat /tmp/dehydrated-cD2Yk0
cat: Schreibfehler: Datenübergabe unterbrochen (broken pipe)
+ result=
+ remove_lock
+ rm -f /opt/dehydrated/lock
My best guess is that somehow filedescriptor 4 is open when the script starts and closes on first operation (which would be the check if it's open...)
Could you try placing something like { true >&4; } 2>/dev/null || true
right at the beginning of the script (above set -e
) and see if that changes anything?
I changes the script to this:
#!/usr/bin/env bash
# dehydrated by lukas2511
# Source: https://dehydrated.de
#
# This script is licensed under The MIT License (see LICENSE for more information).
{ true >&4; } 2>/dev/null || true
set -e
set -u
set -o pipefail
[[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
[[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
But there is noch change if I see that right:
+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ VERSION=git-master-after-0.6.1
+ SOURCE=/opt/dehydrated/dehydrated
+ '[' -h /opt/dehydrated/dehydrated ']'
+++ dirname /opt/dehydrated/dehydrated
++ cd -P /opt/dehydrated
++ pwd
+ SCRIPTDIR=/opt/dehydrated
+ BASEDIR=/opt/dehydrated
+ ORIGARGS='-c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de
+ COMMAND=
+ [[ -z -c -o /etc/ssl/reksys -a secp384r1 -d domain.de -d www.domain.de ]]
+ (( 9 ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ (( 8 ))
+ case "${1}" in
+ shift 1
+ check_parameters /etc/ssl/reksys
+ [[ -z /etc/ssl/reksys ]]
+ [[ / = \- ]]
+ PARAM_CERTDIR=/etc/ssl/reksys
+ shift 1
+ (( 6 ))
+ case "${1}" in
+ shift 1
+ check_parameters secp384r1
+ [[ -z secp384r1 ]]
+ [[ s = \- ]]
+ PARAM_KEY_ALGO=secp384r1
+ shift 1
+ (( 4 ))
+ case "${1}" in
+ shift 1
+ check_parameters domain.de
+ [[ -z domain.de ]]
+ [[ t = \- ]]
+ [[ -z '' ]]
+ PARAM_DOMAIN=domain.de
+ shift 1
+ (( 2 ))
+ case "${1}" in
+ shift 1
+ check_parameters www.domain.de
+ [[ -z www.domain.de ]]
+ [[ w = \- ]]
+ [[ -z domain.de ]]
+ PARAM_DOMAIN='domain.de www.domain.de'
+ shift 1
+ (( 0 ))
+ case "${COMMAND}" in
+ command_sign_domains
+ init_system
+ load_config
+ [[ -z '' ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /usr/local/etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/reksys/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/dehydrated/config ]]
+ BASEDIR=/opt/dehydrated
+ CONFIG=/opt/dehydrated/config
+ break
+ CA=https://acme-v02.api.letsencrypt.org/directory
+ OLDCA=
+ CERTDIR=
+ ACCOUNTDIR=
+ CHALLENGETYPE=http-01
+ CONFIG_D=
+ CURL_OPTS=
+ DOMAINS_D=
+ DOMAINS_TXT=
+ HOOK=
+ HOOK_CHAIN=no
+ RENEW_DAYS=30
+ KEYSIZE=4096
+ WELLKNOWN=
+ PRIVATE_KEY_RENEW=yes
+ PRIVATE_KEY_ROLLOVER=no
+ KEY_ALGO=rsa
+ OPENSSL=openssl
+ OPENSSL_CNF=
+ CONTACT_EMAIL=
+ LOCKFILE=
+ OCSP_MUST_STAPLE=no
+ OCSP_FETCH=no
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP=no
+ DEHYDRATED_USER=
+ DEHYDRATED_GROUP=
+ API=auto
+ [[ -z /opt/dehydrated/config ]]
+ [[ -f /opt/dehydrated/config ]]
+ echo '# INFO: Using main config file /opt/dehydrated/config'
# INFO: Using main config file /opt/dehydrated/config
++ dirname /opt/dehydrated/config
+ BASEDIR=/opt/dehydrated
+ . /opt/dehydrated/config
++ CHALLENGETYPE=http-01
++ WELLKNOWN=/srv/http/dehydrated
++ KEYSIZE=4096
++ PRIVATE_KEY_RENEW=yes
++ KEY_ALGO=rsa
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ check_dependencies
+ openssl version
+ _sed ''
+ command -v grep
+ command -v mktemp
+ command -v diff
+ set +e
++ curl -V
++ head -n1
++ awk '{print $2}'
+ CURL_VERSION=7.58.0
+ retcode=0
+ set -e
+ [[ ! 0 = \0 ]]
+ [[ /opt/dehydrated != \/ ]]
+ BASEDIR=/opt/dehydrated
+ [[ -d /opt/dehydrated ]]
+ [[ -z '' ]]
+ [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]]
+ OLDCA=https://acme-v01.api.letsencrypt.org/directory
++ echo https://acme-v02.api.letsencrypt.org/directory
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo
+ [[ -z '' ]]
+ ACCOUNTDIR=/opt/dehydrated/accounts
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]]
+ [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]]
+ ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+ ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
+ [[ -f /opt/dehydrated/private_key.pem ]]
+ [[ -f /opt/dehydrated/private_key.json ]]
+ [[ -z '' ]]
+ CERTDIR=/opt/dehydrated/certs
+ [[ -z '' ]]
+ CHAINCACHE=/opt/dehydrated/chains
+ [[ -z '' ]]
+ DOMAINS_TXT=/opt/dehydrated/domains.txt
+ [[ -z /srv/http/dehydrated ]]
+ [[ -z '' ]]
+ LOCKFILE=/opt/dehydrated/lock
+ [[ -z '' ]]
++ openssl version -d
++ cut '-d"' -f2
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n /etc/ssl/reksys ]]
+ CERTDIR=/etc/ssl/reksys
+ [[ -n '' ]]
+ [[ -n secp384r1 ]]
+ KEY_ALGO=secp384r1
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' '' = noverify ']'
+ verify_config
+ [[ http-01 == \h\t\t\p\-\0\1 ]]
+ [[ http-01 = \d\n\s\-\0\1 ]]
+ [[ http-01 = \h\t\t\p\-\0\1 ]]
+ [[ ! -d /srv/http/dehydrated ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ auto == \a\u\t\o ]]
+ store_configvars
+ __KEY_ALGO=secp384r1
+ __OCSP_MUST_STAPLE=no
+ __PRIVATE_KEY_RENEW=yes
+ __KEYSIZE=4096
+ __CHALLENGETYPE=http-01
+ __HOOK=
+ __WELLKNOWN=/srv/http/dehydrated
+ __HOOK_CHAIN=no
+ __OPENSSL_CNF=/etc/ssl/openssl.cnf
+ __RENEW_DAYS=30
+ __IP_VERSION=
+ [[ -n /opt/dehydrated/lock ]]
++ dirname /opt/dehydrated/lock
+ LOCKDIR=/opt/dehydrated
+ [[ -w /opt/dehydrated ]]
+ trap remove_lock EXIT
++ http_request get https://acme-v02.api.letsencrypt.org/directory
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-I5qVXc
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-mryB4k
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -L -s -w '%{http_code}' -o /tmp/dehydrated-I5qVXc -D /tmp/dehydrated-mryB4k https://acme-v02.api.letsencrypt.org/directory
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ echo 'checking pipe 4'
checking pipe 4
++ echo 'using pipe 4'
using pipe 4
++ cat /tmp/dehydrated-mryB4k
++ echo 'getting curl output'
getting curl output
++ cat /tmp/dehydrated-I5qVXc
++ echo 'deleting temp files'
deleting temp files
++ rm -f /tmp/dehydrated-I5qVXc
++ rm -f /tmp/dehydrated-mryB4k
+ CA_DIRECTORY='{
"Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
+ [[ auto = \a\u\t\o ]]
+ grep -q newOrder
+ API=2
+ [[ 2 -eq 1 ]]
++ printf %s '{
"Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newOrder
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newOrder
++ filter='s/.*"newOrder": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newOrder": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order
++ printf %s '{
"Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newNonce
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newNonce
++ filter='s/.*"newNonce": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newNonce": *"\([^"]*\)".*/\1/p'
+ CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce
++ printf %s '{
"Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newAccount
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newAccount
++ filter='s/.*"newAccount": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newAccount": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct
++ printf %s '{
"Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value termsOfService
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' termsOfService
++ filter='s/.*"termsOfService": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"termsOfService": *"\([^"]*\)".*/\1/p'
+ CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
++ printf %s '{
"Bo3r9Vx1GGk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value revokeCert
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' revokeCert
++ filter='s/.*"revokeCert": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"revokeCert": *"\([^"]*\)".*/\1/p'
+ CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert
+ CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct
+ export WELLKNOWN BASEDIR CERTDIR CONFIG COMMAND
+ register_new_key=no
+ [[ -n '' ]]
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]]
+ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check
++ hex2bin
++ urlbase64
++ tr -d '\n\r'
+++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text
++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ awk '/publicExponent/ {print $2}'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ cat
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ openssl base64 -e
++ printf %x 65537
++ printf -- '\x01\x00\x01'
+ pubExponent64=AQAB
++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus
++ cut -d= -f2
++ hex2bin
++ urlbase64
+++ cat
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
+++ [[ Linux = \L\i\n\u\x ]]
++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ [[ Linux = \L\i\n\u\x ]]
++ openssl base64 -e
++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ tr -d '\n\r'
++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3'
+ pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ openssl dgst -sha256 -binary
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ [[ no = \y\e\s ]]
+ [[ sign_domains = \r\e\g\i\s\t\e\r ]]
+ [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]]
++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
++ get_json_int_value id
++ local filter
+++ printf 's/.*"%s": *\([0-9]*\).*/\\1/p' id
++ filter='s/.*"id": *\([0-9]*\).*/\1/p'
++ sed -n 's/.*"id": *\([0-9]*\).*/\1/p'
+ ACCOUNT_ID=4935574
+ [[ 2 -eq 1 ]]
+ ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574
+ hookscript_bricker_hook
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' -d /opt/dehydrated/chains ']'
+ [[ -n domain.de www.domain.de ]]
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ DOMAINS_TXT=/tmp/dehydrated-FgkSDL
+ [[ -n '' ]]
+ printf -- 'domain.de www.domain.de'
+ ORIGIFS='
'
+ IFS='
'
++ tr -d '\r'
++ awk '{print tolower($0)}'
++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ grep -vE '^(#|$)'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
+ for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true))
+ reset_configvars
+ KEY_ALGO=secp384r1
+ OCSP_MUST_STAPLE=no
+ PRIVATE_KEY_RENEW=yes
+ KEYSIZE=4096
+ CHALLENGETYPE=http-01
+ HOOK=
+ WELLKNOWN=/srv/http/dehydrated
+ HOOK_CHAIN=no
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ RENEW_DAYS=30
+ IP_VERSION=
+ IFS='
'
++ grep -Eo '>[^ ]+'
++ true
+ alias=
++ _sed -e 's/>[^ ]+[ ]*//g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/>[^ ]+[ ]*//g'
+ line='domain.de www.domain.de'
++ grep -Eo '>'
++ awk 'END {print NR}'
++ true
+ aliascount=0
+ '[' 0 -gt 1 ']'
++ printf '%s\n' 'domain.de www.domain.de'
++ cut '-d ' -f1
+ domain=domain.de
++ printf '%s\n' 'domain.de www.domain.de'
++ cut -s '-d ' -f2-
+ morenames=www.domain.de
+ '[' 0 -lt 1 ']'
+ alias=domain.de
+ export alias
+ [[ -z www.domain.de ]]
+ echo 'Processing domain.de with alternative names: www.domain.de'
Processing domain.de with alternative names: www.domain.de
+ '[' tb = '*.' ']'
+ local certdir=/etc/ssl/reksys/domain.de
+ cert=/etc/ssl/reksys/domain.de/cert.pem
+ chain=/etc/ssl/reksys/domain.de/chain.pem
+ force_renew=no
++ date +%s
+ timestamp=1521111302
+ [[ ! -e /etc/ssl/reksys/domain.de ]]
+ [[ -n '' ]]
+ certconfig=/etc/ssl/reksys/domain.de/config
+ '[' -f /etc/ssl/reksys/domain.de/config ']'
+ verify_config
+ [[ http-01 == \h\t\t\p\-\0\1 ]]
+ [[ http-01 = \d\n\s\-\0\1 ]]
+ [[ http-01 = \h\t\t\p\-\0\1 ]]
+ [[ ! -d /srv/http/dehydrated ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ 2 == \a\u\t\o ]]
+ [[ 2 == \1 ]]
+ [[ 2 == \2 ]]
+ hookscript_bricker_hook
+ [[ -n '' ]]
+ export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER
+ skip=no
+ local csr=
+ [[ -n '' ]]
+ [[ -e /etc/ssl/reksys/domain.de/cert.pem ]]
+ printf ' + Checking domain name(s) of existing cert...'
+ Checking domain name(s) of existing cert...++ openssl x509 -in /etc/ssl/reksys/domain.de/cert.pem -text -noout
++ grep DNS:
++ _sed s/DNS://g
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r s/DNS://g
++ tr -d ' '
++ tr , '\n'
++ sort -u
++ _sed 's/ $//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/ $//'
++ tr '\n' ' '
+ certnames='domain.de www.domain.de'
++ echo domain.de www.domain.de
++ tr ' ' '\n'
++ sort -u
++ tr '\n' ' '
++ _sed 's/ $//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/ $//'
++ _sed 's/^ //'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/^ //'
+ givennames='domain.de www.domain.de'
+ [[ domain.de www.domain.de = \t\b\-\i\t\f\.\d\e\ \w\w\w\.\t\b\-\i\t\f\.\d\e ]]
+ echo ' unchanged.'
unchanged.
+ [[ -e /etc/ssl/reksys/domain.de/cert.pem ]]
+ echo ' + Checking expire date of existing cert...'
+ Checking expire date of existing cert...
++ openssl x509 -enddate -noout -in /etc/ssl/reksys/domain.de/cert.pem
++ cut -d= -f2-
+ valid='Apr 3 22:05:12 2018 GMT'
+ printf ' + Valid till %s ' 'Apr 3 22:05:12 2018 GMT'
+ Valid till Apr 3 22:05:12 2018 GMT + openssl x509 -checkend 2592000 -noout -in /etc/ssl/reksys/domain.de/cert.pem
Certificate will expire
+ echo '(Less than 30 days). Renewing!'
(Less than 30 days). Renewing!
+ local update_ocsp
+ update_ocsp=no
+ [[ ! no = \y\e\s ]]
+ update_ocsp=yes
+ [[ -z '' ]]
+ [[ '' = \y\e\s ]]
+ sign_domain /etc/ssl/reksys/domain.de 1521111302 domain.de www.domain.de
+ local certdir=/etc/ssl/reksys/domain.de
+ shift
+ timestamp=1521111302
+ shift
+ domain=domain.de
+ altnames='domain.de www.domain.de'
+ export altnames
+ echo ' + Signing domains...'
+ Signing domains...
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ local privkey=privkey.pem
+ [[ ! -e /etc/ssl/reksys/domain.de/cert-1521111302.csr ]]
+ [[ ! -r /etc/ssl/reksys/domain.de/privkey.pem ]]
+ [[ yes = \y\e\s ]]
+ echo ' + Generating private key...'
+ Generating private key...
+ privkey=privkey-1521111302.pem
+ case "${KEY_ALGO}" in
+ _openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521111302.pem
+ set +e
++ openssl ecparam -genkey -name secp384r1 -out /etc/ssl/reksys/domain.de/privkey-1521111302.pem
+ out=
+ res=0
+ set -e
+ [[ 0 -ne 0 ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.pem ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ [[ ! -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ [[ no = \y\e\s ]]
+ [[ -r /etc/ssl/reksys/domain.de/privkey.roll.pem ]]
+ echo ' + Generating signing request...'
+ Generating signing request...
+ SAN=
+ for altname in ${altnames}
+ SAN='DNS:domain.de, '
+ for altname in ${altnames}
+ SAN='DNS:domain.de, DNS:www.domain.de, '
+ SAN='DNS:domain.de, DNS:www.domain.de'
+ local tmp_openssl_cnf
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ tmp_openssl_cnf=/tmp/dehydrated-72OBhF
+ cat /etc/ssl/openssl.cnf
+ printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.de, DNS:www.domain.de'
+ '[' no = yes ']'
+ SUBJ=/CN=domain.de/
+ [[ Linux = \M\I\N\G\W ]]
+ openssl req -new -sha256 -key /etc/ssl/reksys/domain.de/privkey-1521111302.pem -out /etc/ssl/reksys/domain.de/cert-1521111302.csr -subj /CN=domain.de/ -reqexts SAN -config /tmp/dehydrated-72OBhF
+ rm -f /tmp/dehydrated-72OBhF
+ crt_path=/etc/ssl/reksys/domain.de/cert-1521111302.pem
+ sign_csr '-----BEGIN CERTIFICATE REQUEST-----
MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAAS16k4FBwJC+I/vujHqCZb6+v4SO0crMmIC68ismpjh6oDHXB7IGRGf
...
1nVuuav+aivS+STAZFQbLcGrqBOFDItDack+4yti55F/UIdWAjBHJD7WqFC56nm/
8SAy6FgipsC2m3Hy2KC5z7aUQh5ZODVz2cgONRib4EDtTX5ra5A=
-----END CERTIFICATE REQUEST-----' domain.de www.domain.de
+ csr='-----BEGIN CERTIFICATE REQUEST-----
MIIBQjCByQIBADAUMRIwEAYDVQQDDAl0Yi1pdGYuZGUwdjAQBgcqhkjOPQIBBgUr
gQQAIgNiAAS16k4FBwJC+I/vujHqCZb6+v4SO0crMmIC68ismpjh6oDHXB7IGRGf
...
1nVuuav+aivS+STAZFQbLcGrqBOFDItDack+4yti55F/UIdWAjBHJD7WqFC56nm/
8SAy6FgipsC2m3Hy2KC5z7aUQh5ZODVz2cgONRib4EDtTX5ra5A=
-----END CERTIFICATE REQUEST-----'
+ :
+ shift 1
+ export 'altnames=domain.de www.domain.de'
+ altnames='domain.de www.domain.de'
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ [[ -n '' ]]
+ local -a challenge_identifiers challenge_uris challenge_tokens authorizations keyauths deploy_args
+ [[ 2 -eq 2 ]]
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' domain.de
+ challenge_identifiers+='{"type": "dns", "value": "domain.de"}, '
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' www.domain.de
+ challenge_identifiers+='{"type": "dns", "value": "www.domain.de"}, '
+ challenge_identifiers='[{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]'
+ echo ' + Requesting new certificate order from CA...'
+ Requesting new certificate order from CA...
++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}'
+++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.de"}, {"type": "dns", "value": "www.domain.de"}]}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19
++ [[ 2 -eq 1 ]]
+++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce
+++ grep Replay-Nonce:
+++ awk -F ': ' '{print $2}'
+++ tr -d '\n\r'
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempcont=/tmp/dehydrated-HqxbIU
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempheaders=/tmp/dehydrated-spf8YA
+++ [[ -n '' ]]
+++ set +e
+++ [[ head = \h\e\a\d ]]
++++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-HqxbIU https://acme-v02.api.letsencrypt.org/acme/new-nonce -I
+++ statuscode=204
+++ touch /tmp/dehydrated-spf8YA
+++ curlret=0
+++ set -e
+++ [[ ! 0 = \0 ]]
+++ [[ ! 2 = \2 ]]
+++ echo 'checking pipe 4'
checking pipe 4
+++ echo 'using pipe 4'
using pipe 4
+++ cat /tmp/dehydrated-spf8YA
+++ echo 'getting curl output'
getting curl output
+++ cat /tmp/dehydrated-HqxbIU
+++ echo 'deleting temp files'
deleting temp files
+++ rm -f /tmp/dehydrated-HqxbIU
+++ rm -f /tmp/dehydrated-spf8YA
++ nonce=QERa8pVhhvNWH8qt8JL6czKyp_IrG-FlEDlO5Sg_KxI
++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}'
++ [[ 2 -eq 1 ]]
++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]]
++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "QERa8pVhhvNWH8qt8JL6czKyp_IrG-FlEDlO5Sg_KxI"}'
+++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "QERa8pVhhvNWH8qt8JL6czKyp_IrG-FlEDlO5Sg_KxI"}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ
+++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+++ urlbase64
+++ openssl base64 -e
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ tr -d '\n\r'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19
++ signed64=npm3fZvoJr0vtdwBVPvaz2gZGDGDAh98B74Zlmr8Yb5AJoTjIwE8IMTZkwVfOS0qEahnyDHLugsLVh5HsIwFOJoKApQLNCHDaMJCBp7EqA5SLVHuInWVANLGLW9QHGOircmx8UB42yVhMZypWfLKC9ls9fc9OaAyFifHPP9oH01BCSsOup8iVDoRx6StgOzmP-hKyQxUkwyFBE3d98y2qikdRCiUZE0HLNOeP8xUNBjeDCYNclMp5HDB6OA2oreWcSJE2Ma6Q4wmXJhyURz7w2ZTsNpjQBSGv6uUJziHAclay1CyORytmqSFLW76MK-JRCUHli3vkPSDsLOPrK5uT-tU53EyROhDXfv4vupHnhyBn3XwGVYR5axTSY8hTx4e4gRxkYsGa6rnz6ZUnF99_hOgcifCSuJBO-GkK8naFWWVx1u6oPUQCO49mwCeFF21m7JELghpgWx0fWF-D2f0St2AH_P9RfzHzyKjwuJ9t8igN5e93k73IUSz_S0E7lg-5J4qFIvIfBfxK5LyFH3Piyra4jsNZz_7FKR9whHDTg0WrAUYnDvP0Rp2kEK9KAaSU7fyJrj5aJhoZPvlQBKePRVF3wCtcn7_XNtsyShPK9JlfvQFCQYuHrkE769a3DAH9m6Bl1RP4iN_juEKBt02vgk2jMKDS2ha1ZaAjZDWImw
++ [[ 2 -eq 1 ]]
++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "npm3fZvoJr0vtdwBVPvaz2gZGDGDAh98B74Zlmr8Yb5AJoTjIwE8IMTZkwVfOS0qEahnyDHLugsLVh5HsIwFOJoKApQLNCHDaMJCBp7EqA5SLVHuInWVANLGLW9QHGOircmx8UB42yVhMZypWfLKC9ls9fc9OaAyFifHPP9oH01BCSsOup8iVDoRx6StgOzmP-hKyQxUkwyFBE3d98y2qikdRCiUZE0HLNOeP8xUNBjeDCYNclMp5HDB6OA2oreWcSJE2Ma6Q4wmXJhyURz7w2ZTsNpjQBSGv6uUJziHAclay1CyORytmqSFLW76MK-JRCUHli3vkPSDsLOPrK5uT-tU53EyROhDXfv4vupHnhyBn3XwGVYR5axTSY8hTx4e4gRxkYsGa6rnz6ZUnF99_hOgcifCSuJBO-GkK8naFWWVx1u6oPUQCO49mwCeFF21m7JELghpgWx0fWF-D2f0St2AH_P9RfzHzyKjwuJ9t8igN5e93k73IUSz_S0E7lg-5J4qFIvIfBfxK5LyFH3Piyra4jsNZz_7FKR9whHDTg0WrAUYnDvP0Rp2kEK9KAaSU7fyJrj5aJhoZPvlQBKePRVF3wCtcn7_XNtsyShPK9JlfvQFCQYuHrkE769a3DAH9m6Bl1RP4iN_juEKBt02vgk2jMKDS2ha1ZaAjZDWImw"}'
++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "npm3fZvoJr0vtdwBVPvaz2gZGDGDAh98B74Zlmr8Yb5AJoTjIwE8IMTZkwVfOS0qEahnyDHLugsLVh5HsIwFOJoKApQLNCHDaMJCBp7EqA5SLVHuInWVANLGLW9QHGOircmx8UB42yVhMZypWfLKC9ls9fc9OaAyFifHPP9oH01BCSsOup8iVDoRx6StgOzmP-hKyQxUkwyFBE3d98y2qikdRCiUZE0HLNOeP8xUNBjeDCYNclMp5HDB6OA2oreWcSJE2Ma6Q4wmXJhyURz7w2ZTsNpjQBSGv6uUJziHAclay1CyORytmqSFLW76MK-JRCUHli3vkPSDsLOPrK5uT-tU53EyROhDXfv4vupHnhyBn3XwGVYR5axTSY8hTx4e4gRxkYsGa6rnz6ZUnF99_hOgcifCSuJBO-GkK8naFWWVx1u6oPUQCO49mwCeFF21m7JELghpgWx0fWF-D2f0St2AH_P9RfzHzyKjwuJ9t8igN5e93k73IUSz_S0E7lg-5J4qFIvIfBfxK5LyFH3Piyra4jsNZz_7FKR9whHDTg0WrAUYnDvP0Rp2kEK9KAaSU7fyJrj5aJhoZPvlQBKePRVF3wCtcn7_XNtsyShPK9JlfvQFCQYuHrkE769a3DAH9m6Bl1RP4iN_juEKBt02vgk2jMKDS2ha1ZaAjZDWImw"}'
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-iO9JdR
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-rXx9pq
++ [[ -n '' ]]
++ set +e
++ [[ post = \h\e\a\d ]]
++ [[ post = \g\e\t ]]
++ [[ post = \p\o\s\t ]]
+++ curl -A 'dehydr4ted/git-master-after-0.6.1 curl/7.58.0' -s -w '%{http_code}' -o /tmp/dehydrated-iO9JdR https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-rXx9pq -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIlFFUmE4cFZoaHZOV0g4cXQ4Skw2Y3pLeXBfSXJHLUZsRURsTzVTZ19LeEkifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInRiLWl0Zi5kZSJ9LCB7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInd3dy50Yi1pdGYuZGUifV19", "signature": "npm3fZvoJr0vtdwBVPvaz2gZGDGDAh98B74Zlmr8Yb5AJoTjIwE8IMTZkwVfOS0qEahnyDHLugsLVh5HsIwFOJoKApQLNCHDaMJCBp7EqA5SLVHuInWVANLGLW9QHGOircmx8UB42yVhMZypWfLKC9ls9fc9OaAyFifHPP9oH01BCSsOup8iVDoRx6StgOzmP-hKyQxUkwyFBE3d98y2qikdRCiUZE0HLNOeP8xUNBjeDCYNclMp5HDB6OA2oreWcSJE2Ma6Q4wmXJhyURz7w2ZTsNpjQBSGv6uUJziHAclay1CyORytmqSFLW76MK-JRCUHli3vkPSDsLOPrK5uT-tU53EyROhDXfv4vupHnhyBn3XwGVYR5axTSY8hTx4e4gRxkYsGa6rnz6ZUnF99_hOgcifCSuJBO-GkK8naFWWVx1u6oPUQCO49mwCeFF21m7JELghpgWx0fWF-D2f0St2AH_P9RfzHzyKjwuJ9t8igN5e93k73IUSz_S0E7lg-5J4qFIvIfBfxK5LyFH3Piyra4jsNZz_7FKR9whHDTg0WrAUYnDvP0Rp2kEK9KAaSU7fyJrj5aJhoZPvlQBKePRVF3wCtcn7_XNtsyShPK9JlfvQFCQYuHrkE769a3DAH9m6Bl1RP4iN_juEKBt02vgk2jMKDS2ha1ZaAjZDWImw"}'
++ statuscode=201
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ echo 'checking pipe 4'
checking pipe 4
++ echo 'using pipe 4'
using pipe 4
++ cat /tmp/dehydrated-rXx9pq
cat: Schreibfehler: Datenübergabe unterbrochen (broken pipe)
+ result=
+ remove_lock
+ rm -f /opt/dehydrated/lock
Can you try adding...
# Close weird external file descriptors
exec 3>&-
exec 4>&-
... above set -e
and see if that changes anything?
IT WORKED! :-D
The Certificate was created sucessfully. I will test it the next days but at the moment that could be the solutions for this strange problem.
Merged into master, will be in the next release unless somebody screams that this breaks lots of other stuff ¯\(ツ)/¯
Old Version: VERSION="0.4.0" -> working - no problem Vew Version: VERSION="git-master-after-0.6.1" -> throws this problem System: ArchLinux x64
I create an renew certificates with dehydrated. For this I call the script with a PHP-Script with call the paramteres. A call looks like this:
In the old version everything works fine. New certificates are created an old ones are renewed.
If this script is called in a cronjob I cot a broken pipe error:
The output of dehydrated which I pipe to a logfile is the folowing:
If I call the script directly on the bash, everything works fine.
I set the PATH and environment SHELL in the crontab. I also tried to run the command above with
/usr/bin/bash -c
but no change in the result.Any ideas? Thank you!