search

kristapsdz / acme-client-portable

portable version of acme-client, a secure ACME client
https://kristaps.bsd.lv/acme-client
ISC License
101 stars 21 forks source link

Cert updates doesn't work with -m #31

Closed AMDmi3 closed 7 years ago

AMDmi3 commented 7 years ago

I'm trying to maintain multiple certificates, so I'm using -m key. Obtaining a certificate seem to work fine

acme-client: /usr/local/etc/ssl/acme/domain.org: creating directory
acme-client: /usr/local/etc/ssl/acme/private/domain.org: creating directory
acme-client: /usr/local/etc/acme/domain.org: creating directory
acme-client: /usr/local/etc/ssl/acme/private/domain.org/privkey.pem: generating RSA domain key
acme-client: /usr/local/etc/acme/domain.org/privkey.pem: generating RSA account key
acme-client: adding SAN: domain.org
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 1:2::3:4
acme-client: acme-v01.api.letsencrypt.org: DNS: 1:2::3:4
acme-client: acme-v01.api.letsencrypt.org: DNS: 1.2.3.4
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: domain.org
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: domain.org
acme-client: /usr/local/www/acme/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: created
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY/1588909670: challenge
acme-client: /usr/local/www/acme/UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU: created
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ/1588909727: challenge
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY/1588909670: status
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ/1588909727: status
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-cert: certificate
acme-client: http://cert.int-x3.letsencrypt.org/: full chain
acme-client: cert.int-x3.letsencrypt.org: DNS: 2a00:1e48:1:41::bc2b:4c33
acme-client: cert.int-x3.letsencrypt.org: DNS: 2a00:1e48:1:41::bc2b:4c3a
acme-client: cert.int-x3.letsencrypt.org: DNS: 87.245.196.83
acme-client: cert.int-x3.letsencrypt.org: DNS: 87.245.196.99
acme-client: /usr/local/etc/ssl/acme/domain.org/cert.pem: linked to cert-1500654343.pem
acme-client: /usr/local/etc/ssl/acme/domain.org/chain.pem: linked to chain-1500654343.pem
acme-client: /usr/local/etc/ssl/acme/domain.org/fullchain.pem: linked to fullchain-1500654343.pem
acme-client: /usr/local/etc/ssl/acme/domain.org/chain.pem: created
acme-client: /usr/local/etc/ssl/acme/domain.org/cert.pem: created
acme-client: /usr/local/etc/ssl/acme/domain.org/fullchain.pem: created

but trying to update it fails:

acme-client: /usr/local/etc/acme/domain.org/privkey.pem: account key exists (not creating)
acme-client: /usr/local/etc/ssl/acme/private/domain.org/privkey.pem: domain key exists (not creating)
acme-client: adding SAN: domain.org
acme-client: /usr/local/etc/ssl/acme/domain.org/cert.pem: domain not listed: domain.org
acme-client: bad exit: revokeproc(26165): 1

I'm using the same command for both:

/usr/local/bin/acme-client -vNnb -m domain.org domain.org
tbrowder commented 7 years ago

Hm, have you tried the whole thing without the repeated domain name? That may be causing a subtle error.

AMDmi3 commented 7 years ago

Oh, -m does not require an argument. I though it did, so first domain.org was intended to be -m argument, e.g. a string appended to paths. Cannot check the solution any more, since I've switched to certbot.