search

dehydrated-io / dehydrated

letsencrypt/acme client implemented as a shell-script – just add water
https://dehydrated.io
MIT License
5.96k stars 716 forks source link

DNS-01 failed with multiple -d calls #601

Closed TB1234 closed 5 years ago

TB1234 commented 5 years ago

I call dehydrated from the command line for every domain. If I try to get a wildard certificate this failed with the message "Challenge is invalid".

That's my call: /opt/dehydrated/dehydrated -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh

I have a hook script which sets the token to the nameserver. This works and make no problems if you have only a single domain.

So you can see, I have the domain twice in the call. Once alone and once with wildcard. The result of this call looks like that:

Processing domain.info with alternative names: *.domain.info
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for domain.info
 + Handling authorization for domain.info
 + 2 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for domain.info authorization...
 + Cleaning challenge tokens...
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.domain.info",
    "status": 400
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/sIuPB8ocWGvOy_2-01tST_k8OY5cyz0wBPABASwvSFg/7932386848",
  "token": "AjNkNX6i-Nv8j8bpbTU6u3X6Fs0S4r7x4b4Sgr76cqY"
})

For me, it looks like dehydrated call the hook script twice and in this case the wildcard (*.) is removed. So both challenges have the same name which will result in the problem, that the frist challenge will be deleted if the second one is added. So the first one is invalid.

I called the script with bash -x:

 bash -x /opt/dehydrated/dehydrated -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh
+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ exec
+ exec
+ VERSION=git-master-after-0.6.2
+ SOURCE=/opt/dehydrated/dehydrated
+ '[' -h /opt/dehydrated/dehydrated ']'
+++ dirname /opt/dehydrated/dehydrated
++ cd -P /opt/dehydrated
++ pwd
+ SCRIPTDIR=/opt/dehydrated
+ BASEDIR=/opt/dehydrated
+ ORIGARGS='-c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d '*.domain.info' -k /opt/dehydrated/hook.sh
+ COMMAND=
+ [[ -z -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh ]]
+ ((  13  ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ ((  12  ))
+ case "${1}" in
+ shift 1
+ check_parameters dns-01
+ [[ -z dns-01 ]]
+ [[ d = \- ]]
+ PARAM_CHALLENGETYPE=dns-01
+ shift 1
+ ((  10  ))
+ case "${1}" in
+ shift 1
+ check_parameters /etc/ssl/reksys
+ [[ -z /etc/ssl/reksys ]]
+ [[ / = \- ]]
+ PARAM_CERTDIR=/etc/ssl/reksys
+ shift 1
+ ((  8  ))
+ case "${1}" in
+ shift 1
+ check_parameters secp384r1
+ [[ -z secp384r1 ]]
+ [[ s = \- ]]
+ PARAM_KEY_ALGO=secp384r1
+ shift 1
+ ((  6  ))
+ case "${1}" in
+ shift 1
+ check_parameters domain.info
+ [[ -z domain.info ]]
+ [[ s = \- ]]
+ [[ -z '' ]]
+ PARAM_DOMAIN=domain.info
+ shift 1
+ ((  4  ))
+ case "${1}" in
+ shift 1
+ check_parameters '*.domain.info'
+ [[ -z *.domain.info ]]
+ [[ * = \- ]]
+ [[ -z domain.info ]]
+ PARAM_DOMAIN='domain.info *.domain.info'
+ shift 1
+ ((  2  ))
+ case "${1}" in
+ shift 1
+ check_parameters /opt/dehydrated/hook.sh
+ [[ -z /opt/dehydrated/hook.sh ]]
+ [[ / = \- ]]
+ PARAM_HOOK=/opt/dehydrated/hook.sh
+ shift 1
+ ((  0  ))
+ case "${COMMAND}" in
+ command_sign_domains
+ init_system
+ load_config
+ [[ -z '' ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /usr/local/etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/reksys/webserver/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/dehydrated/config ]]
+ BASEDIR=/opt/dehydrated
+ CONFIG=/opt/dehydrated/config
+ break
+ CA=https://acme-v02.api.letsencrypt.org/directory
+ OLDCA=
+ CERTDIR=
+ ALPNCERTDIR=
+ ACCOUNTDIR=
+ CHALLENGETYPE=http-01
+ CONFIG_D=
+ CURL_OPTS=
+ DOMAINS_D=
+ DOMAINS_TXT=
+ HOOK=
+ HOOK_CHAIN=no
+ RENEW_DAYS=30
+ KEYSIZE=4096
+ WELLKNOWN=
+ PRIVATE_KEY_RENEW=yes
+ PRIVATE_KEY_ROLLOVER=no
+ KEY_ALGO=rsa
+ OPENSSL=openssl
+ OPENSSL_CNF=
+ CONTACT_EMAIL=
+ LOCKFILE=
+ OCSP_MUST_STAPLE=no
+ OCSP_FETCH=no
+ OCSP_DAYS=5
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP=no
+ DEHYDRATED_USER=
+ DEHYDRATED_GROUP=
+ API=auto
+ [[ -z /opt/dehydrated/config ]]
+ [[ -f /opt/dehydrated/config ]]
+ echo '# INFO: Using main config file /opt/dehydrated/config'
# INFO: Using main config file /opt/dehydrated/config
++ dirname /opt/dehydrated/config
+ BASEDIR=/opt/dehydrated
+ . /opt/dehydrated/config
++ CHALLENGETYPE=http-01
++ WELLKNOWN=/srv/http/dehydrated
++ KEYSIZE=4096
++ PRIVATE_KEY_RENEW=yes
++ KEY_ALGO=secp384r1
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ check_dependencies
+ openssl version
+ _sed ''
+ command -v grep
+ command -v mktemp
+ command -v diff
+ set +e
++ curl -V
++ head -n1
++ awk '{print $2}'
+ CURL_VERSION=7.61.1
+ retcode=0
+ set -e
+ [[ ! 0 = \0 ]]
+ [[ /opt/dehydrated != \/ ]]
+ BASEDIR=/opt/dehydrated
+ [[ -d /opt/dehydrated ]]
+ [[ -z '' ]]
+ [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]]
+ OLDCA=https://acme-v01.api.letsencrypt.org/directory
++ echo https://acme-v02.api.letsencrypt.org/directory
++ urlbase64
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ openssl base64 -e
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo
+ [[ -z '' ]]
+ ACCOUNTDIR=/opt/dehydrated/accounts
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]]
+ [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]]
+ ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+ ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
+ [[ -f /opt/dehydrated/private_key.pem ]]
+ [[ -f /opt/dehydrated/private_key.json ]]
+ [[ -z '' ]]
+ CERTDIR=/opt/dehydrated/certs
+ [[ -z '' ]]
+ ALPNCERTDIR=/opt/dehydrated/alpn-certs
+ [[ -z '' ]]
+ CHAINCACHE=/opt/dehydrated/chains
+ [[ -z '' ]]
+ DOMAINS_TXT=/opt/dehydrated/domains.txt
+ [[ -z /srv/http/dehydrated ]]
+ [[ -z '' ]]
+ LOCKFILE=/opt/dehydrated/lock
+ [[ -z '' ]]
++ openssl version -d
++ cut '-d"' -f2
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ HOOK=/opt/dehydrated/hook.sh
+ [[ -n /etc/ssl/reksys ]]
+ CERTDIR=/etc/ssl/reksys
+ [[ -n '' ]]
+ [[ -n dns-01 ]]
+ CHALLENGETYPE=dns-01
+ [[ -n secp384r1 ]]
+ KEY_ALGO=secp384r1
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' '' = noverify ']'
+ verify_config
+ [[ dns-01 == \h\t\t\p\-\0\1 ]]
+ [[ dns-01 == \d\n\s\-\0\1 ]]
+ [[ dns-01 = \d\n\s\-\0\1 ]]
+ [[ -z /opt/dehydrated/hook.sh ]]
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ auto == \a\u\t\o ]]
+ [[ 5 =~ ^[0-9]+$ ]]
+ store_configvars
+ __KEY_ALGO=secp384r1
+ __OCSP_MUST_STAPLE=no
+ __PRIVATE_KEY_RENEW=yes
+ __KEYSIZE=4096
+ __CHALLENGETYPE=dns-01
+ __HOOK=/opt/dehydrated/hook.sh
+ __WELLKNOWN=/srv/http/dehydrated
+ __HOOK_CHAIN=no
+ __OPENSSL_CNF=/etc/ssl/openssl.cnf
+ __RENEW_DAYS=30
+ __IP_VERSION=
+ [[ -n /opt/dehydrated/lock ]]
++ dirname /opt/dehydrated/lock
+ LOCKDIR=/opt/dehydrated
+ [[ -w /opt/dehydrated ]]
+ trap remove_lock EXIT
++ http_request get https://acme-v02.api.letsencrypt.org/directory
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-q9EtsQ
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-I1e4lX
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-q9EtsQ -D /tmp/dehydrated-I1e4lX https://acme-v02.api.letsencrypt.org/directory
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-q9EtsQ
++ rm -f /tmp/dehydrated-q9EtsQ
++ rm -f /tmp/dehydrated-I1e4lX
+ CA_DIRECTORY='{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
+ [[ auto = \a\u\t\o ]]
+ grep -q newOrder
+ API=2
+ [[ 2 -eq 1 ]]
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newOrder
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newOrder
++ filter='s/.*"newOrder": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newOrder": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newNonce
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newNonce
++ filter='s/.*"newNonce": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newNonce": *"\([^"]*\)".*/\1/p'
+ CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newAccount
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newAccount
++ filter='s/.*"newAccount": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newAccount": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value termsOfService
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' termsOfService
++ filter='s/.*"termsOfService": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"termsOfService": *"\([^"]*\)".*/\1/p'
+ CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value revokeCert
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' revokeCert
++ filter='s/.*"revokeCert": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"revokeCert": *"\([^"]*\)".*/\1/p'
+ CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert
+ CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct
+ export WELLKNOWN BASEDIR CERTDIR ALPNCERTDIR CONFIG COMMAND
+ register_new_key=no
+ [[ -n '' ]]
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]]
+ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check
++ hex2bin
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
+++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text
+++ awk '/publicExponent/ {print $2}'
++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ cat
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf %x 65537
++ printf -- '\x01\x00\x01'
+ pubExponent64=AQAB
++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus
++ hex2bin
++ cut -d= -f2
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
+++ cat
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3'
+ pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ openssl dgst -sha256 -binary
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ [[ no = \y\e\s ]]
+ [[ sign_domains = \r\e\g\i\s\t\e\r ]]
+ [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]]
++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
++ get_json_int_value id
++ local filter
+++ printf 's/.*"%s": *\([0-9]*\).*/\\1/p' id
++ filter='s/.*"id": *\([0-9]*\).*/\1/p'
++ sed -n 's/.*"id": *\([0-9]*\).*/\1/p'
+ ACCOUNT_ID=4935574
+ [[ 2 -eq 1 ]]
+ ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574
+ hookscript_bricker_hook
+ [[ -n /opt/dehydrated/hook.sh ]]
+ /opt/dehydrated/hook.sh this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
+ [[ -n /opt/dehydrated/hook.sh ]]
+ /opt/dehydrated/hook.sh startup_hook
+ '[' '!' -d /opt/dehydrated/chains ']'
+ [[ -n domain.info *.domain.info ]]
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ DOMAINS_TXT=/tmp/dehydrated-C5wIKt
+ [[ -n '' ]]
+ printf -- 'domain.info *.domain.info'
+ ORIGIFS='
'
+ IFS='
'
++ tr -d '\r'
++ awk '{print tolower($0)}'
++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ [[ Linux = \L\i\n\u\x ]]
++ grep -vE '^(#|$)'
++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
+ for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true))
+ reset_configvars
+ KEY_ALGO=secp384r1
+ OCSP_MUST_STAPLE=no
+ PRIVATE_KEY_RENEW=yes
+ KEYSIZE=4096
+ CHALLENGETYPE=dns-01
+ HOOK=/opt/dehydrated/hook.sh
+ WELLKNOWN=/srv/http/dehydrated
+ HOOK_CHAIN=no
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ RENEW_DAYS=30
+ IP_VERSION=
+ IFS='
'
++ grep -Eo '>[^ ]+'
++ true
+ alias=
++ _sed -e 's/>[^ ]+[ ]*//g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/>[^ ]+[ ]*//g'
+ line='domain.info *.domain.info'
++ grep -Eo '>'
++ awk 'END {print NR}'
++ true
+ aliascount=0
+ '[' 0 -gt 1 ']'
++ printf '%s\n' 'domain.info *.domain.info'
++ cut '-d ' -f1
+ domain=domain.info
++ printf '%s\n' 'domain.info *.domain.info'
++ cut -s '-d ' -f2-
+ morenames='*.domain.info'
+ '[' 0 -lt 1 ']'
+ alias=domain.info
+ export alias
+ [[ -z *.domain.info ]]
+ echo 'Processing domain.info with alternative names: *.domain.info'
Processing domain.info with alternative names: *.domain.info
+ '[' sw = '*.' ']'
+ local certdir=/etc/ssl/reksys/domain.info
+ cert=/etc/ssl/reksys/domain.info/cert.pem
+ chain=/etc/ssl/reksys/domain.info/chain.pem
+ force_renew=no
++ date +%s
+ timestamp=1538635752
+ [[ ! -e /etc/ssl/reksys/domain.info ]]
+ [[ -n '' ]]
+ certconfig=/etc/ssl/reksys/domain.info/config
+ '[' -f /etc/ssl/reksys/domain.info/config ']'
+ verify_config
+ [[ dns-01 == \h\t\t\p\-\0\1 ]]
+ [[ dns-01 == \d\n\s\-\0\1 ]]
+ [[ dns-01 = \d\n\s\-\0\1 ]]
+ [[ -z /opt/dehydrated/hook.sh ]]
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ 2 == \a\u\t\o ]]
+ [[ 2 == \1 ]]
+ [[ 2 == \2 ]]
+ [[ 5 =~ ^[0-9]+$ ]]
+ hookscript_bricker_hook
+ [[ -n /opt/dehydrated/hook.sh ]]
+ /opt/dehydrated/hook.sh this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
+ export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER
+ skip=no
+ local csr=
+ [[ -n /opt/dehydrated/hook.sh ]]
++ /opt/dehydrated/hook.sh generate_csr domain.info /etc/ssl/reksys/domain.info 'domain.info *.domain.info'
+ csr=
+ grep -qE '\-----BEGIN (NEW )?CERTIFICATE REQUEST-----'
+ csr=
+ [[ -e /etc/ssl/reksys/domain.info/cert.pem ]]
+ [[ -e /etc/ssl/reksys/domain.info/cert.pem ]]
+ local update_ocsp
+ update_ocsp=no
+ [[ ! no = \y\e\s ]]
+ update_ocsp=yes
+ [[ -z '' ]]
+ [[ '' = \y\e\s ]]
+ sign_domain /etc/ssl/reksys/domain.info 1538635752 domain.info '*.domain.info'
+ local certdir=/etc/ssl/reksys/domain.info
+ shift
+ timestamp=1538635752
+ shift
+ domain=domain.info
+ altnames='domain.info *.domain.info'
+ export altnames
+ echo ' + Signing domains...'
 + Signing domains...
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ local privkey=privkey.pem
+ [[ ! -e /etc/ssl/reksys/domain.info/cert-1538635752.csr ]]
+ [[ ! -r /etc/ssl/reksys/domain.info/privkey.pem ]]
+ echo ' + Generating private key...'
 + Generating private key...
+ privkey=privkey-1538635752.pem
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ local tmp_privkey=/tmp/dehydrated-erQcHt
+ case "${KEY_ALGO}" in
+ _openssl ecparam -genkey -name secp384r1 -out /tmp/dehydrated-erQcHt
+ set +e
++ openssl ecparam -genkey -name secp384r1 -out /tmp/dehydrated-erQcHt
+ out=
+ res=0
+ set -e
+ [[ 0 -ne 0 ]]
+ cat /tmp/dehydrated-erQcHt
+ rm /tmp/dehydrated-erQcHt
+ [[ -r /etc/ssl/reksys/domain.info/privkey.pem ]]
+ [[ ! -r /etc/ssl/reksys/domain.info/privkey.roll.pem ]]
+ [[ no = \y\e\s ]]
+ [[ -r /etc/ssl/reksys/domain.info/privkey.roll.pem ]]
+ echo ' + Generating signing request...'
 + Generating signing request...
+ SAN=
+ for altname in ${altnames}
+ SAN='DNS:domain.info, '
+ for altname in ${altnames}
+ SAN='DNS:domain.info, DNS:*.domain.info, '
+ SAN='DNS:domain.info, DNS:*.domain.info'
+ local tmp_openssl_cnf
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ tmp_openssl_cnf=/tmp/dehydrated-FdLi0a
+ cat /etc/ssl/openssl.cnf
+ printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.info, DNS:*.domain.info'
+ '[' no = yes ']'
+ SUBJ=/CN=domain.info/
+ [[ Linux = \M\I\N\G\W ]]
+ openssl req -new -sha256 -key /etc/ssl/reksys/domain.info/privkey-1538635752.pem -out /etc/ssl/reksys/domain.info/cert-1538635752.csr -subj /CN=domain.info/ -reqexts SAN -config /tmp/dehydrated-FdLi0a
+ rm -f /tmp/dehydrated-FdLi0a
+ crt_path=/etc/ssl/reksys/domain.info/cert-1538635752.pem
+ sign_csr '-----BEGIN CERTIFICATE REQUEST-----
MIIBVTCB3AIBADAbMRkwFwYDVQQDDBBzd2ltZmFzaGlvbi5pbmZvMHYwEAYHKoZI
zj0CAQYFK4EEACIDYgAE4XM95dlmHTEKy96G3nLeYRW4x2OU3KnWBnIdikveLi/W
ngWKw/F6iaCSM/eofPEUVR3ZBdx2v4WspNkV28APuMh93uxStFvs5I5+W04kxkQN
o16Qb9/fM+KBBXv/N5G+oEIwQAYJKoZIhvcNAQkOMTMwMTAvBgNVHREEKDAmghBz
d2ltZmFzaGlvbi5pbmZvghIqLnN3aW1mYXNoaW9uLmluZm8wCgYIKoZIzj0EAwID
aAAwZQIxAPAQVmH9m3/ETU8A3VGFPPVAQlVakggyQCk8Dz+4iG2sUrBtW8R+2BzA
fIRKengLEgIwdPcf47ST5vNdsLouM1foospAQk3nP/70Atp8kkvPwICxm86lJVtW
IM6urT5EnbAZ
-----END CERTIFICATE REQUEST-----' domain.info '*.domain.info'
+ csr='-----BEGIN CERTIFICATE REQUEST-----
MIIBVTCB3AIBADAbMRkwFwYDVQQDDBBzd2ltZmFzaGlvbi5pbmZvMHYwEAYHKoZI
zj0CAQYFK4EEACIDYgAE4XM95dlmHTEKy96G3nLeYRW4x2OU3KnWBnIdikveLi/W
ngWKw/F6iaCSM/eofPEUVR3ZBdx2v4WspNkV28APuMh93uxStFvs5I5+W04kxkQN
o16Qb9/fM+KBBXv/N5G+oEIwQAYJKoZIhvcNAQkOMTMwMTAvBgNVHREEKDAmghBz
d2ltZmFzaGlvbi5pbmZvghIqLnN3aW1mYXNoaW9uLmluZm8wCgYIKoZIzj0EAwID
aAAwZQIxAPAQVmH9m3/ETU8A3VGFPPVAQlVakggyQCk8Dz+4iG2sUrBtW8R+2BzA
fIRKengLEgIwdPcf47ST5vNdsLouM1foospAQk3nP/70Atp8kkvPwICxm86lJVtW
IM6urT5EnbAZ
-----END CERTIFICATE REQUEST-----'
+ :
+ shift 1
+ export 'altnames=domain.info *.domain.info'
+ altnames='domain.info *.domain.info'
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ [[ -n '' ]]
+ local -a challenge_names challenge_uris challenge_tokens authorizations keyauths deploy_args
+ [[ 2 -eq 2 ]]
+ local challenge_identifiers=
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' domain.info
+ challenge_identifiers+='{"type": "dns", "value": "domain.info"}, '
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' '*.domain.info'
+ challenge_identifiers+='{"type": "dns", "value": "*.domain.info"}, '
+ challenge_identifiers='[{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]'
+ echo ' + Requesting new certificate order from CA...'
 + Requesting new certificate order from CA...
++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]}'
+++ urlbase64
+++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]}'
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19
++ [[ 2 -eq 1 ]]
+++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce
+++ grep -i '^Replay-Nonce:'
+++ awk -F ': ' '{print $2}'
+++ tr -d '\n\r'
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempcont=/tmp/dehydrated-GAc3dP
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempheaders=/tmp/dehydrated-oStB4S
+++ [[ -n '' ]]
+++ set +e
+++ [[ head = \h\e\a\d ]]
++++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-GAc3dP https://acme-v02.api.letsencrypt.org/acme/new-nonce -I
+++ statuscode=204
+++ touch /tmp/dehydrated-oStB4S
+++ curlret=0
+++ set -e
+++ [[ ! 0 = \0 ]]
+++ [[ ! 2 = \2 ]]
+++ cat /tmp/dehydrated-GAc3dP
+++ rm -f /tmp/dehydrated-GAc3dP
+++ rm -f /tmp/dehydrated-oStB4S
++ nonce=LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0
++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}'
++ [[ 2 -eq 1 ]]
++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]]
++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0"}'
+++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0"}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ
+++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19
+++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ signed64=SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s
++ [[ 2 -eq 1 ]]
++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}'
++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}'
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-mv4uct
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-1U874i
++ [[ -n '' ]]
++ set +e
++ [[ post = \h\e\a\d ]]
++ [[ post = \g\e\t ]]
++ [[ post = \p\o\s\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-mv4uct https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-1U874i -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}'
++ statuscode=201
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-mv4uct
++ rm -f /tmp/dehydrated-mv4uct
++ rm -f /tmp/dehydrated-1U874i
+ result='{
  "status": "pending",
  "expires": "2018-10-11T06:46:25Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.domain.info"
    },
    {
      "type": "dns",
      "value": "domain.info"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",
    "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627"
}'
++ echo '{' '"status":' '"pending",' '"expires":' '"2018-10-11T06:46:25Z",' '"identifiers":' '[' '{' '"type":' '"dns",' '"value":' '"*.domain.info"' '},' '{' '"type":' '"dns",' '"value":' '"domain.info"' '}' '],' '"authorizations":' '[' '"https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",' '"https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"' '],' '"finalize":' '"https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627"' '}'
++ get_json_array_value authorizations
++ local filter
+++ printf 's/.*"%s": *\\[\([^]]*\)\\].*/\\1/p' authorizations
++ filter='s/.*"authorizations": *\[\([^]]*\)\].*/\1/p'
++ sed -n 's/.*"authorizations": *\[\([^]]*\)\].*/\1/p'
+ order_authorizations=' "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ", "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc" '
++ echo '{
  "status": "pending",
  "expires": "2018-10-11T06:46:25Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.domain.info"
    },
    {
      "type": "dns",
      "value": "domain.info"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",
    "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627"
}'
++ get_json_string_value finalize
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' finalize
++ filter='s/.*"finalize": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"finalize": *"\([^"]*\)".*/\1/p'
+ finalize=https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627
+ local idx=0
+ for uri in ${order_authorizations}
++ echo '"https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",'
++ _sed -e 's/\"(.*)".*/\1/'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/\"(.*)".*/\1/'
+ authorizations[${idx}]=https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ
+ idx=1
+ for uri in ${order_authorizations}
++ echo '"https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"'
++ _sed -e 's/\"(.*)".*/\1/'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/\"(.*)".*/\1/'
+ authorizations[${idx}]=https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc
+ idx=2
+ echo ' + Received 2 authorizations URLs from the CA'
 + Received 2 authorizations URLs from the CA
+ local idx=0
+ for authorization in ${authorizations[*]}
+ [[ 2 -eq 2 ]]
++ clean_json
++ tr -d '\r\n'
++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
++ [[ Linux = \L\i\n\u\x ]]
+++ echo https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ
++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+++ _sed -e 's/\"(.*)".*/\1/'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/\"(.*)".*/\1/'
++ http_request get https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-rmwFTE
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-K7COFr
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-rmwFTE -D /tmp/dehydrated-K7COFr https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-rmwFTE
++ rm -f /tmp/dehydrated-rmwFTE
++ rm -f /tmp/dehydrated-K7COFr
+ response='{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}'
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}'
++ get_json_dict_value identifier
++ local filter
++ get_json_string_value value
++ local filter
+++ printf 's/.*"%s": *{\([^}]*\)}.*/\\1/p' identifier
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' value
++ filter='s/.*"identifier": *{\([^}]*\)}.*/\1/p'
++ sed -n 's/.*"identifier": *{\([^}]*\)}.*/\1/p'
++ filter='s/.*"value": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"value": *"\([^"]*\)".*/\1/p'
+ identifier=domain.info
+ echo ' + Handling authorization for domain.info'
 + Handling authorization for domain.info
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}'
++ _sed 's/"challenges": \[\{.*\}\]//'
++ [[ Linux = \L\i\n\u\x ]]
++ get_json_string_value status
++ sed -r 's/"challenges": \[\{.*\}\]//'
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status
++ filter='s/.*"status": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p'
+ '[' pending = valid ']'
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}'
++ _sed 's/.*"challenges": \[(\{.*\})\].*/\1/'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/.*"challenges": \[(\{.*\})\].*/\1/'
+ challenges='{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}'
++ _sed -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\
\2/g'
++ grep '"dns-01"'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\
\2/g'
+ challenge='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
+ '[' -z '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}' ']'
+ challenge_names[${idx}]=domain.info
++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
++ get_json_string_value token
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' token
++ filter='s/.*"token": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"token": *"\([^"]*\)".*/\1/p'
+ challenge_tokens[${idx}]=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc
+ [[ 2 -eq 2 ]]
++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
++ _sed 's/"validationRecord": ?\[[^]]+\]//g'
++ get_json_string_value url
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/"validationRecord": ?\[[^]]+\]//g'
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' url
++ filter='s/.*"url": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"url": *"\([^"]*\)".*/\1/p'
+ challenge_uris[${idx}]=https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800
+ keyauth=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ case "${CHALLENGETYPE}" in
++ printf %s TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
++ openssl dgst -sha256 -binary
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ keyauth_hook=ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE
+ keyauths[${idx}]=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ deploy_args[${idx}]='domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE'
+ idx=1
+ for authorization in ${authorizations[*]}
+ [[ 2 -eq 2 ]]
++ clean_json
++ tr -d '\r\n'
+++ echo https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc
++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
++ [[ Linux = \L\i\n\u\x ]]
+++ _sed -e 's/\"(.*)".*/\1/'
++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/\"(.*)".*/\1/'
++ http_request get https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-FStchJ
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-dTdRNh
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-FStchJ -D /tmp/dehydrated-dTdRNh https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-FStchJ
++ rm -f /tmp/dehydrated-FStchJ
++ rm -f /tmp/dehydrated-dTdRNh
+ response='{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}'
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}'
++ get_json_dict_value identifier
++ local filter
++ get_json_string_value value
++ local filter
+++ printf 's/.*"%s": *{\([^}]*\)}.*/\\1/p' identifier
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' value
++ filter='s/.*"identifier": *{\([^}]*\)}.*/\1/p'
++ sed -n 's/.*"identifier": *{\([^}]*\)}.*/\1/p'
++ filter='s/.*"value": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"value": *"\([^"]*\)".*/\1/p'
+ identifier=domain.info
+ echo ' + Handling authorization for domain.info'
 + Handling authorization for domain.info
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}'
++ _sed 's/"challenges": \[\{.*\}\]//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/"challenges": \[\{.*\}\]//'
++ get_json_string_value status
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status
++ filter='s/.*"status": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p'
+ '[' pending = valid ']'
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}'
++ _sed 's/.*"challenges": \[(\{.*\})\].*/\1/'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/.*"challenges": \[(\{.*\})\].*/\1/'
+ challenges='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}'
++ _sed -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\
\2/g'
++ grep '"dns-01"'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\
\2/g'
+ challenge='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}'
+ '[' -z '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}' ']'
+ challenge_names[${idx}]=domain.info
++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}'
++ get_json_string_value token
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' token
++ filter='s/.*"token": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"token": *"\([^"]*\)".*/\1/p'
+ challenge_tokens[${idx}]=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo
+ [[ 2 -eq 2 ]]
++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}'
++ _sed 's/"validationRecord": ?\[[^]]+\]//g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/"validationRecord": ?\[[^]]+\]//g'
++ get_json_string_value url
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' url
++ filter='s/.*"url": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"url": *"\([^"]*\)".*/\1/p'
+ challenge_uris[${idx}]=https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997
+ keyauth=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ case "${CHALLENGETYPE}" in
++ printf %s uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
++ openssl dgst -sha256 -binary
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ keyauth_hook=nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs
+ keyauths[${idx}]=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ deploy_args[${idx}]='domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs'
+ idx=2
+ local num_pending_challenges=2
+ echo ' + 2 pending challenge(s)'
 + 2 pending challenge(s)
+ [[ 2 -ne 0 ]]
+ echo ' + Deploying challenge tokens...'
 + Deploying challenge tokens...
+ [[ -n /opt/dehydrated/hook.sh ]]
+ [[ no = \y\e\s ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ local idx=0
+ '[' 0 -lt 2 ']'
+ /opt/dehydrated/hook.sh deploy_challenge domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE
+ idx=1
+ '[' 1 -lt 2 ']'
+ /opt/dehydrated/hook.sh deploy_challenge domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs
+ idx=2
+ '[' 2 -lt 2 ']'
+ local idx=0
+ '[' 0 -lt 2 ']'
+ echo ' + Responding to challenge for domain.info authorization...'
 + Responding to challenge for domain.info authorization...
+ [[ 2 -eq 1 ]]
++ signed_request https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 '{"keyAuthorization": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI"}'
++ clean_json
++ tr -d '\r\n'
++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+++ printf %s '{"keyAuthorization": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI"}'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ payload64=eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9
++ [[ 2 -eq 1 ]]
+++ grep -i '^Replay-Nonce:'
+++ tr -d '\n\r'
+++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ awk -F ': ' '{print $2}'
+++ tempcont=/tmp/dehydrated-NWOJLR
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempheaders=/tmp/dehydrated-0WoWI3
+++ [[ -n '' ]]
+++ set +e
+++ [[ head = \h\e\a\d ]]
++++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-NWOJLR https://acme-v02.api.letsencrypt.org/acme/new-nonce -I
+++ statuscode=204
+++ touch /tmp/dehydrated-0WoWI3
+++ curlret=0
+++ set -e
+++ [[ ! 0 = \0 ]]
+++ [[ ! 2 = \2 ]]
+++ cat /tmp/dehydrated-NWOJLR
+++ rm -f /tmp/dehydrated-NWOJLR
+++ rm -f /tmp/dehydrated-0WoWI3
++ nonce=Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA
++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}'
++ [[ 2 -eq 1 ]]
++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]]
++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "nonce": "Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA"}'
+++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "nonce": "Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA"}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0
+++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0.eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9
+++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ signed64=FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc
++ [[ 2 -eq 1 ]]
++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}'
++ http_request post https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}'
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-pT5sN5
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-knMqWY
++ [[ -n '' ]]
++ set +e
++ [[ post = \h\e\a\d ]]
++ [[ post = \g\e\t ]]
++ [[ post = \p\o\s\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-pT5sN5 https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 -D /tmp/dehydrated-knMqWY -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}'
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-pT5sN5
++ rm -f /tmp/dehydrated-pT5sN5
++ rm -f /tmp/dehydrated-knMqWY
+ result='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
++ printf '%s\n' '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
++ get_json_string_value status
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status
++ filter='s/.*"status": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p'
+ reqstatus=pending
+ [[ pending = \p\e\n\d\i\n\g ]]
+ sleep 1
++ http_request get https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-ZoElTz
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-WrCSkv
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-ZoElTz -D /tmp/dehydrated-WrCSkv https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-ZoElTz
++ rm -f /tmp/dehydrated-ZoElTz
++ rm -f /tmp/dehydrated-WrCSkv
+ result='{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
}'
++ printf '%s\n' '{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
}'
++ get_json_string_value status
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status
++ filter='s/.*"status": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p'
+ reqstatus=invalid
+ [[ invalid = \p\e\n\d\i\n\g ]]
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]]
+ [[ invalid = \v\a\l\i\d ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ /opt/dehydrated/hook.sh invalid_challenge '*.domain.info' '{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
}'
+ break
+ [[ 2 -ne 0 ]]
+ echo ' + Cleaning challenge tokens...'
 + Cleaning challenge tokens...
+ [[ -n /opt/dehydrated/hook.sh ]]
+ [[ no = \y\e\s ]]
+ local idx=0
+ '[' 0 -lt 2 ']'
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ [[ no != \y\e\s ]]
+ /opt/dehydrated/hook.sh clean_challenge domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE
+ idx=1
+ '[' 1 -lt 2 ']'
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ [[ no != \y\e\s ]]
+ /opt/dehydrated/hook.sh clean_challenge domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs
+ idx=2
+ '[' 2 -lt 2 ']'
+ [[ invalid != \v\a\l\i\d ]]
+ echo ' + Challenge validation has failed :('
 + Challenge validation has failed :(
+ _exiterr 'Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
})'
+ echo 'ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
})'
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
})
+ exit 1
+ remove_lock
+ rm -f /opt/dehydrated/lock
TB1234 commented 5 years ago

I fixed the problem by myself. You need multiple TXT records for the domain. Then this worked. So I modified my script not do delete the old tokens until the cleanup is called...