Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS Method fails w/ Alias, Invalid Response, Type mismatch from dns to http, acme-challenge file not found 404? #4840

Closed
pingram3541 opened this issue Oct 24, 2023 · 5 comments
Closed

DNS Method fails w/ Alias, Invalid Response, Type mismatch from dns to http, acme-challenge file not found 404? #4840

pingram3541 opened this issue Oct 24, 2023 · 5 comments

Comments

@pingram3541
Copy link

Steps to reproduce

Run [OK 🟢]:
acme.sh --issue --dns dns_cf -d domain.com -w $HOME/public_html/domain.com

Run [FAIL 🔴]:
acme.sh --issue --dns dns_cf -d domain.com -d www.domain.com -w $HOME/public_html/domain.com

Error: Invalid status, www.domain.com:Verify error detail:X.23.23.23: Invalid response from https://www.domain.com/.well-known/acme-challenge/ep6ej_LQgjwt-bv_MhWLsqPgFBsxiYFgAxTd6Fe5mcc: 404

We are using DNS method but it appears to skip using it for the alias and skips right on to http-01 method writing token to a file path that doesn't exist resulting in 404 and ultimately verification failure.

_currentRoot different?

[Tue Oct 24 07:52:17 EDT 2023] d='domain.com'
[Tue Oct 24 07:52:17 EDT 2023] Check for domain='domain.com'
[Tue Oct 24 07:52:17 EDT 2023] _currentRoot='dns_cf'
[Tue Oct 24 07:52:17 EDT 2023] d='www.domain.com'
[Tue Oct 24 07:52:17 EDT 2023] Check for domain='www.domain.com'
[Tue Oct 24 07:52:17 EDT 2023] _currentRoot='/home/server/public_html/domain.com'

Already ran acme.sh --upgrade

Debug log

[Tue Oct 24 06:29:06 EDT 2023] Lets find script dir.
[Tue Oct 24 06:29:06 EDT 2023] _SCRIPT_='/home/server/.acme.sh/acme.sh'
[Tue Oct 24 06:29:06 EDT 2023] _script='/home/server/.acme.sh/acme.sh'
[Tue Oct 24 06:29:06 EDT 2023] _script_home='/home/server/.acme.sh'
[Tue Oct 24 06:29:06 EDT 2023] Using config home:/home/server/.acme.sh
[Tue Oct 24 06:29:06 EDT 2023] LE_WORKING_DIR='/home/server/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.7
[Tue Oct 24 06:29:06 EDT 2023] Running cmd: issue
[Tue Oct 24 06:29:06 EDT 2023] _main_domain='domain.com'
[Tue Oct 24 06:29:06 EDT 2023] _alt_domains='www.domain.com'
[Tue Oct 24 06:29:06 EDT 2023] Using config home:/home/server/.acme.sh
[Tue Oct 24 06:29:06 EDT 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Tue Oct 24 06:29:06 EDT 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Oct 24 06:29:06 EDT 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Tue Oct 24 06:29:06 EDT 2023] _ACME_SERVER_PATH='directory'
[Tue Oct 24 06:29:06 EDT 2023] DOMAIN_PATH='/home/server/.acme.sh/domain.com_ecc'
[Tue Oct 24 06:29:06 EDT 2023] 'dns_cf,/home/server/public_html/domain.com' does not contain 'dns'
[Tue Oct 24 06:29:06 EDT 2023] Le_NextRenewTime
[Tue Oct 24 06:29:06 EDT 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Oct 24 06:29:06 EDT 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Oct 24 06:29:06 EDT 2023] GET
[Tue Oct 24 06:29:06 EDT 2023] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Oct 24 06:29:06 EDT 2023] timeout=
[Tue Oct 24 06:29:06 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.F4QbOvYZ7a  -g '
[Tue Oct 24 06:29:06 EDT 2023] ret='0'
[Tue Oct 24 06:29:06 EDT 2023] response='{
  "PvEFJqOeb38": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Tue Oct 24 06:29:06 EDT 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Oct 24 06:29:06 EDT 2023] ACME_NEW_AUTHZ
[Tue Oct 24 06:29:06 EDT 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Oct 24 06:29:06 EDT 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Oct 24 06:29:06 EDT 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Oct 24 06:29:06 EDT 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Tue Oct 24 06:29:06 EDT 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Oct 24 06:29:06 EDT 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Oct 24 06:29:06 EDT 2023] _on_before_issue
[Tue Oct 24 06:29:06 EDT 2023] _chk_main_domain='domain.com'
[Tue Oct 24 06:29:06 EDT 2023] _chk_alt_domains='www.domain.com'
[Tue Oct 24 06:29:06 EDT 2023] 'dns_cf,/home/server/public_html/domain.com' does not contain 'no'
[Tue Oct 24 06:29:06 EDT 2023] Le_LocalAddress
[Tue Oct 24 06:29:06 EDT 2023] d='domain.com'
[Tue Oct 24 06:29:06 EDT 2023] Check for domain='domain.com'
[Tue Oct 24 06:29:06 EDT 2023] _currentRoot='dns_cf'
[Tue Oct 24 06:29:06 EDT 2023] d='www.domain.com'
[Tue Oct 24 06:29:06 EDT 2023] Check for domain='www.domain.com'
[Tue Oct 24 06:29:06 EDT 2023] _currentRoot='/home/server/public_html/domain.com'
[Tue Oct 24 06:29:06 EDT 2023] d
[Tue Oct 24 06:29:06 EDT 2023] 'dns_cf,/home/server/public_html/domain.com' does not contain 'apache'
[Tue Oct 24 06:29:06 EDT 2023] _saved_account_key_hash='qm7nQ3A1vfOZlaOv83LpGU82YGTBwQ9xwFg+X/uf418='
[Tue Oct 24 06:29:06 EDT 2023] _saved_account_key_hash is not changed, skip register account.
[Tue Oct 24 06:29:06 EDT 2023] Read key length:ec-256
[Tue Oct 24 06:29:06 EDT 2023] _createcsr
[Tue Oct 24 06:29:06 EDT 2023] domain='domain.com'
[Tue Oct 24 06:29:06 EDT 2023] domainlist='www.domain.com'
[Tue Oct 24 06:29:06 EDT 2023] csrkey='/home/server/.acme.sh/domain.com_ecc/domain.com.key'
[Tue Oct 24 06:29:06 EDT 2023] csr='/home/server/.acme.sh/domain.com_ecc/domain.com.csr'
[Tue Oct 24 06:29:06 EDT 2023] csrconf='/home/server/.acme.sh/domain.com_ecc/domain.com.csr.conf'
[Tue Oct 24 06:29:06 EDT 2023] _is_idn_d='www.domain.com'
[Tue Oct 24 06:29:06 EDT 2023] _idn_temp
[Tue Oct 24 06:29:06 EDT 2023] domainlist='www.domain.com'
[Tue Oct 24 06:29:06 EDT 2023] seg='domain'
[Tue Oct 24 06:29:06 EDT 2023] _is_idn_d='domain.com'
[Tue Oct 24 06:29:06 EDT 2023] _idn_temp
[Tue Oct 24 06:29:07 EDT 2023] seg='www'
[Tue Oct 24 06:29:07 EDT 2023] Multi domain='DNS:domain.com,DNS:www.domain.com'
[Tue Oct 24 06:29:07 EDT 2023] _is_idn_d='domain.com'
[Tue Oct 24 06:29:07 EDT 2023] _idn_temp
[Tue Oct 24 06:29:07 EDT 2023] _csr_cn='domain.com'
[Tue Oct 24 06:29:07 EDT 2023] seg='domain'
[Tue Oct 24 06:29:07 EDT 2023] Getting domain auth token for each domain
[Tue Oct 24 06:29:07 EDT 2023] seg='domain'
[Tue Oct 24 06:29:07 EDT 2023] _is_idn_d='domain.com'
[Tue Oct 24 06:29:07 EDT 2023] _idn_temp
[Tue Oct 24 06:29:07 EDT 2023] d='www.domain.com'
[Tue Oct 24 06:29:07 EDT 2023] seg='www'
[Tue Oct 24 06:29:07 EDT 2023] _is_idn_d='www.domain.com'
[Tue Oct 24 06:29:07 EDT 2023] _idn_temp
[Tue Oct 24 06:29:07 EDT 2023] d
[Tue Oct 24 06:29:07 EDT 2023] _identifiers='{"type":"dns","value":"domain.com"},{"type":"dns","value":"www.domain.com"}'
[Tue Oct 24 06:29:07 EDT 2023] _notBefore
[Tue Oct 24 06:29:07 EDT 2023] _notAfter
[Tue Oct 24 06:29:07 EDT 2023] =======Begin Send Signed Request=======
[Tue Oct 24 06:29:07 EDT 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Oct 24 06:29:07 EDT 2023] payload='{"identifiers": [{"type":"dns","value":"domain.com"},{"type":"dns","value":"www.domain.com"}]}'
[Tue Oct 24 06:29:07 EDT 2023] EC key
[Tue Oct 24 06:29:07 EDT 2023] Let's try ASN1 OID
[Tue Oct 24 06:29:07 EDT 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Oct 24 06:29:07 EDT 2023] HEAD
[Tue Oct 24 06:29:07 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Oct 24 06:29:07 EDT 2023] body
[Tue Oct 24 06:29:07 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:07 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g  -I  '
[Tue Oct 24 06:29:07 EDT 2023] _ret='0'
[Tue Oct 24 06:29:07 EDT 2023] _headers='HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Oct 2023 10:29:07 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: _s_5u1NQJnpZubR9SmHRDJlwlqYruCJzcgimng8apwT2upXnr8g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Tue Oct 24 06:29:07 EDT 2023] _CACHED_NONCE='_s_5u1NQJnpZubR9SmHRDJlwlqYruCJzcgimng8apwT2upXnr8g'
[Tue Oct 24 06:29:07 EDT 2023] nonce='_s_5u1NQJnpZubR9SmHRDJlwlqYruCJzcgimng8apwT2upXnr8g'
[Tue Oct 24 06:29:07 EDT 2023] POST
[Tue Oct 24 06:29:07 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Oct 24 06:29:07 EDT 2023] body='{"protected": "eyJub25jZSI6ICJfc181dTFOUUpucEN1YlI5U21IWURKbHdscVlydUNKemNnaW1uZzRhcHdUMnVwWG5yOGciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXZpLmxldHNlbmNyeXB0Lm9yZy9hY21lL24ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXZpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM3MzA1MDk0NiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Im1vdG9tb250YWdlLmNvbSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoid3d3Lm1vdG9tb250YWdlLmNvbSJ9XX0", "signature": "qrZxC5-5nkkT2Bj2ikTJOY3_H7513B6vx_6hPHEZiJvmyWgkgNUY9vdYRZ9PW5xQ-EbGHp3voXwwzR1qxnyoPg"}'
[Tue Oct 24 06:29:07 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:07 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:07 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g '
[Tue Oct 24 06:29:08 EDT 2023] _ret='0'
[Tue Oct 24 06:29:08 EDT 2023] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Date: Tue, 24 Oct 2023 10:29:08 GMT
Content-Type: application/json
Content-Length: 483
Connection: keep-alive
Boulder-Requester: 1373050946
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1243050946/218286300656
Replay-Nonce: _s_5u1NQJnpZubR9SmHRDJlwlqYruCJzcgimng8apwT2upXnr8g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Tue Oct 24 06:29:08 EDT 2023] code='201'
[Tue Oct 24 06:29:08 EDT 2023] original='{
  "status": "pending",
  "expires": "2023-10-31T10:29:08Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "domain.com"
    },
    {
      "type": "dns",
      "value": "www.domain.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236123876",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239123146"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1373050123/217123300656"
}'
[Tue Oct 24 06:29:08 EDT 2023] response='{"status":"pending","expires":"2023-10-31T10:29:08Z","identifiers":[{"type":"dns","value":"domain.com"},{"type":"dns","value":"www.domain.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/276912308876","https://acme-v02.api.letsencrypt.org/acme/authz-v3/276912304146"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1373012346/217123300656"}'
[Tue Oct 24 06:29:08 EDT 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1371230946/217123300656'
[Tue Oct 24 06:29:08 EDT 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1373123946/217123300656'
[Tue Oct 24 06:29:08 EDT 2023] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876,https://acme-v02.api.letsencrypt.org/acme/authz-v3/276912304146'
[Tue Oct 24 06:29:08 EDT 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876'
[Tue Oct 24 06:29:08 EDT 2023] =======Begin Send Signed Request=======
[Tue Oct 24 06:29:08 EDT 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876'
[Tue Oct 24 06:29:08 EDT 2023] payload
[Tue Oct 24 06:29:08 EDT 2023] Use cached jwk for file: /home/server/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Tue Oct 24 06:29:08 EDT 2023] Use _CACHED_NONCE='_s_123NQapKQxCuYx0Wi_EI7_e5-zzFdmBP2e6e148b-vAAzmiE'
[Tue Oct 24 06:29:08 EDT 2023] nonce='_s_123NQapKQxCuYx0Wi_EI7_e5-zzFdmBP2e6e148b-vAAzmiE'
[Tue Oct 24 06:29:08 EDT 2023] POST
[Tue Oct 24 06:29:08 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876'
[Tue Oct 24 06:29:08 EDT 2023] body='{"protected": "eyJub25jZSI6ICJfc181dTFOUWFwS1233VZeDBXaV9FSTdfZTUtenpGZG1CUDJlNmUxNDhiLXZBQXptaUUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI3NjkzNjgwODg3NiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM3MzA1MDk0NiJ9", "payload": "", "signature": "miss9iHD-Tl555LVvf4S6E48eYFo3spMp123sJ69ZN2H7_BcLpqYVeGnFbG_JO6Ek7V6Lq9IfKKEXNFA97XOVg"}'
[Tue Oct 24 06:29:08 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:08 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:08 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g '
[Tue Oct 24 06:29:08 EDT 2023] _ret='0'
[Tue Oct 24 06:29:08 EDT 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Oct 2023 10:29:08 GMT
Content-Type: application/json
Content-Length: 505
Connection: keep-alive
Boulder-Requester: 1373050946
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wo123auKSotbM8LfsT1Wnb-P3y3Fg423rrmQRLzj_r4s0AnTR8Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Tue Oct 24 06:29:08 EDT 2023] code='200'
[Tue Oct 24 06:29:08 EDT 2023] original='{
  "identifier": {
    "type": "dns",
    "value": "domain.com"
  },
  "status": "valid",
  "expires": "2023-11-23T10:19:28Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/271236808876/yk3JBA",
      "token": "Cp1237IEIzHZ2bX2YKxkgEC2PDRwCGe29d5kNmbdpjQ",
      "validationRecord": [
        {
          "hostname": "domain.com"
        }
      ],
      "validated": "2023-10-24T10:19:28Z"
    }
  ]
}'
[Tue Oct 24 06:29:08 EDT 2023] response='{"identifier":{"type":"dns","value":"domain.com"},"status":"valid","expires":"2023-11-23T10:19:28Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271236808876/yk3JBA","token":"Cp1237IEIzHZ2bX2YKxkgEC2PDRwCGe29d5kNmbdpjQ","validationRecord":[{"hostname":"domain.com"}],"validated":"2023-10-24T10:19:28Z"}]}'
[Tue Oct 24 06:29:08 EDT 2023] response='{"identifier":{"type":"dns","value":"domain.com"},"status":"valid","expires":"2023-11-23T10:19:28Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271236808876/yk3JBA","token":"Cp1237IEIzHZ2bX2YKxkgEC2PDRwCGe29d5kNmbdpjQ","validationRecord":[{"hostname":"domain.com"}],"validated":"2023-10-24T10:19:28Z"}]}'
[Tue Oct 24 06:29:08 EDT 2023] _d='domain.com'
[Tue Oct 24 06:29:08 EDT 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:08 EDT 2023] =======Begin Send Signed Request=======
[Tue Oct 24 06:29:08 EDT 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:08 EDT 2023] payload
[Tue Oct 24 06:29:08 EDT 2023] Use cached jwk for file: /home/server/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Tue Oct 24 06:29:08 EDT 2023] Use _CACHED_NONCE='wo123auKSotbM8LfsT1Wnb-P3y3Fg423rrmQRLzj_r4s0AnTR8Q'
[Tue Oct 24 06:29:08 EDT 2023] nonce='wo123auKSotbM8LfsT1Wnb-P3y3Fg423rrmQRLzj_r4s0AnTR8Q'
[Tue Oct 24 06:29:08 EDT 2023] POST
[Tue Oct 24 06:29:08 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:08 EDT 2023] body='{"protected": "ey12325jZSI6ICJ3b1lLOWF1S1NvdGJNOExmc1QxV25iLVAzeTNGZzQyM3JybVFSTHpqX3I0czBBblRSOFEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI3NjkzOTAwNDE0NiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM3MzA1MDk0NiJ9", "payload": "", "signature": "00yu_bt-123fMk077a3kaK8ff98gwdmQQcAnOy_mRnzQRWsAggRDBZnIqbVvo9cecBHIGqbD-2a489O-EJ7OLQ"}'
[Tue Oct 24 06:29:08 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:08 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:08 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g '
[Tue Oct 24 06:29:09 EDT 2023] _ret='0'
[Tue Oct 24 06:29:09 EDT 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Oct 2023 10:29:09 GMT
Content-Type: application/json
Content-Length: 803
Connection: keep-alive
Boulder-Requester: 1373050946
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: IA123RVVEdXVpBUeDB8tcllxxDFplKGNFNhom8A24cPR77G07ec
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Tue Oct 24 06:29:09 EDT 2023] code='200'
[Tue Oct 24 06:29:09 EDT 2023] original='{
  "identifier": {
    "type": "dns",
    "value": "www.domain.com"
  },
  "status": "pending",
  "expires": "2023-10-31T10:29:08Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w",
      "token": "vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/cIGFXg",
      "token": "vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/jtXBWw",
      "token": "vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"
    }
  ]
}'
[Tue Oct 24 06:29:09 EDT 2023] response='{"identifier":{"type":"dns","value":"www.domain.com"},"status":"pending","expires":"2023-10-31T10:29:08Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/cIGFXg","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/jtXBWw","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"}]}'
[Tue Oct 24 06:29:09 EDT 2023] response='{"identifier":{"type":"dns","value":"www.domain.com"},"status":"pending","expires":"2023-10-31T10:29:08Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/cIGFXg","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/jtXBWw","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"}]}'
[Tue Oct 24 06:29:09 EDT 2023] _d='www.domain.com'
[Tue Oct 24 06:29:09 EDT 2023] _authorizations_map='www.domain.com,{"identifier":{"type":"dns","value":"www.domain.com"},"status":"pending","expires":"2023-10-31T10:29:08Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/cIGFXg","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/jtXBWw","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146
domain.com,{"identifier":{"type":"dns","value":"domain.com"},"status":"valid","expires":"2023-11-23T10:19:28Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271236808876/yk3JBA","token":"Cp1237IEIzHZ2bX2YKxkgEC2PDRwCGe29d5kNmbdpjQ","validationRecord":[{"hostname":"domain.com"}],"validated":"2023-10-24T10:19:28Z"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876
'
[Tue Oct 24 06:29:09 EDT 2023] d='domain.com'
[Tue Oct 24 06:29:09 EDT 2023] Getting webroot for domain='domain.com'
[Tue Oct 24 06:29:09 EDT 2023] _w='dns_cf'
[Tue Oct 24 06:29:09 EDT 2023] _currentRoot='dns_cf'
[Tue Oct 24 06:29:09 EDT 2023] _is_idn_d='domain.com'
[Tue Oct 24 06:29:09 EDT 2023] _idn_temp
[Tue Oct 24 06:29:09 EDT 2023] _candidates='domain.com,{"identifier":{"type":"dns","value":"domain.com"},"status":"valid","expires":"2023-11-23T10:19:28Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271236808876/yk3JBA","token":"Cp1237IEIzHZ2bX2YKxkgEC2PDRwCGe29d5kNmbdpjQ","validationRecord":[{"hostname":"domain.com"}],"validated":"2023-10-24T10:19:28Z"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876'
[Tue Oct 24 06:29:09 EDT 2023] response='{"identifier":{"type":"dns","value":"domain.com"},"status":"valid","expires":"2023-11-23T10:19:28Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271236808876/yk3JBA","token":"Cp1237IEIzHZ2bX2YKxkgEC2PDRwCGe29d5kNmbdpjQ","validationRecord":[{"hostname":"domain.com"}],"validated":"2023-10-24T10:19:28Z"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876'
[Tue Oct 24 06:29:09 EDT 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876'
[Tue Oct 24 06:29:09 EDT 2023] domain.com is already valid.
[Tue Oct 24 06:29:09 EDT 2023] keyauthorization='verified_ok'
[Tue Oct 24 06:29:09 EDT 2023] entry='"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271236808876/yk3JBA","token":"Cp1237IEIzHZ2bX2YKxkgEC2PDRwCGe29d5kNmbdpjQ","validationRecord":[{"hostname":"domain.com"'
[Tue Oct 24 06:29:09 EDT 2023] dvlist='domain.com#verified_ok##dns-01#dns_cf#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876'
[Tue Oct 24 06:29:09 EDT 2023] d='www.domain.com'
[Tue Oct 24 06:29:09 EDT 2023] Getting webroot for domain='www.domain.com'
[Tue Oct 24 06:29:09 EDT 2023] _w='/home/server/public_html/domain.com'
[Tue Oct 24 06:29:09 EDT 2023] _currentRoot='/home/server/public_html/domain.com'
[Tue Oct 24 06:29:09 EDT 2023] _is_idn_d='www.domain.com'
[Tue Oct 24 06:29:09 EDT 2023] _idn_temp
[Tue Oct 24 06:29:09 EDT 2023] _candidates='www.domain.com,{"identifier":{"type":"dns","value":"www.domain.com"},"status":"pending","expires":"2023-10-31T10:29:08Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/cIGFXg","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/jtXBWw","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:09 EDT 2023] response='{"identifier":{"type":"dns","value":"www.domain.com"},"status":"pending","expires":"2023-10-31T10:29:08Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/cIGFXg","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/jtXBWw","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:09 EDT 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:09 EDT 2023] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"'
[Tue Oct 24 06:29:09 EDT 2023] token='vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U'
[Tue Oct 24 06:29:09 EDT 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w'
[Tue Oct 24 06:29:09 EDT 2023] keyauthorization='vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U.PGmxUHd5LjO64wGpTRoanvCot8wrJYa9TRWw_F5_5TI'
[Tue Oct 24 06:29:09 EDT 2023] dvlist='www.domain.com#vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U.PGmxUHd5LjO64wGpTRoanvCot8wrJYa9TRWw_F5_5TI#https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w#http-01#/home/server/public_html/domain.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:09 EDT 2023] d
[Tue Oct 24 06:29:09 EDT 2023] vlist='domain.com#verified_ok##dns-01#dns_cf#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876,www.domain.com#vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U.PGmxUHd5LjO64wGpTRoanvCot8wrJYa9TRWw_F5_5TI#https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w#http-01#/home/server/public_html/domain.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146,'
[Tue Oct 24 06:29:09 EDT 2023] d='domain.com'
[Tue Oct 24 06:29:09 EDT 2023] domain.com is already verified, skip dns-01.
[Tue Oct 24 06:29:09 EDT 2023] d='www.domain.com'
[Tue Oct 24 06:29:09 EDT 2023] ok, let's start to verify
[Tue Oct 24 06:29:09 EDT 2023] domain.com is already verified, skip dns-01.
[Tue Oct 24 06:29:09 EDT 2023] Verifying: www.domain.com
[Tue Oct 24 06:29:09 EDT 2023] d='www.domain.com'
[Tue Oct 24 06:29:09 EDT 2023] keyauthorization='vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U.PGmxUHd5LjO64wGpTRoanvCot8wrJYa9TRWw_F5_5TI'
[Tue Oct 24 06:29:09 EDT 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w'
[Tue Oct 24 06:29:09 EDT 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:09 EDT 2023] _currentRoot='/home/server/public_html/domain.com'
[Tue Oct 24 06:29:09 EDT 2023] wellknown_path='/home/server/public_html/domain.com/.well-known/acme-challenge'
[Tue Oct 24 06:29:09 EDT 2023] writing token:vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U to /home/server/public_html/domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U
[Tue Oct 24 06:29:09 EDT 2023] Trigger domain validation.
[Tue Oct 24 06:29:09 EDT 2023] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w'
[Tue Oct 24 06:29:09 EDT 2023] _t_key_authz='vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U.PGmxUHd5LjO64wGpTRoanvCot8wrJYa9TRWw_F5_5TI'
[Tue Oct 24 06:29:09 EDT 2023] _t_vtype='http-01'
[Tue Oct 24 06:29:09 EDT 2023] =======Begin Send Signed Request=======
[Tue Oct 24 06:29:09 EDT 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w'
[Tue Oct 24 06:29:09 EDT 2023] payload='{}'
[Tue Oct 24 06:29:09 EDT 2023] Use cached jwk for file: /home/server/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Tue Oct 24 06:29:09 EDT 2023] Use _CACHED_NONCE='IA123RVVEdXVpBUeDB8tcllxxDFplKGNFNhom8A24cPR77G07ec'
[Tue Oct 24 06:29:09 EDT 2023] nonce='IA123RVVEdXVpBUeDB8tcllxxDFplKGNFNhom8A24cPR77G07ec'
[Tue Oct 24 06:29:09 EDT 2023] POST
[Tue Oct 24 06:29:09 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w'
[Tue Oct 24 06:29:09 EDT 2023] body='{"protected": "ey12325jZSI6ICJJQXZtUlJWVkVkWFZwQlVlREI4dGNsbHh4REZwbEtHTkZOaG9tOEEyNGNQUjc3RzA3ZWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI3NjkzOTAwNDE0Ni92NS1nMXciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEzNzMwNTA5NDYifQ", "payload": "e30", "signature": "xL123bS-D7AV8A9Izj-eockV9TkfsceIYgEoHGtCQUdgnqzpbXLIg4dZLzky8BJT9d-SMWV4Wzsy78amf6NYzQ"}'
[Tue Oct 24 06:29:09 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:09 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:09 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g '
[Tue Oct 24 06:29:10 EDT 2023] _ret='0'
[Tue Oct 24 06:29:10 EDT 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Oct 2023 10:29:10 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1373050946
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w
Replay-Nonce: _s_123NQ3w_7bNVhBPoP5V3Tc0EGZyTTE_lbbW5nMMIveKX7ig0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Tue Oct 24 06:29:10 EDT 2023] code='200'
[Tue Oct 24 06:29:10 EDT 2023] original='{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w",
  "token": "vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"
}'
[Tue Oct 24 06:29:10 EDT 2023] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"}'
[Tue Oct 24 06:29:10 EDT 2023] trigger validation code: 200
[Tue Oct 24 06:29:10 EDT 2023] Lets check the status of the authz
[Tue Oct 24 06:29:10 EDT 2023] original='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"}'
[Tue Oct 24 06:29:10 EDT 2023] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U"}'
[Tue Oct 24 06:29:10 EDT 2023] status='pending'
[Tue Oct 24 06:29:10 EDT 2023] Pending, The CA is processing your order, please just wait. (1/30)
[Tue Oct 24 06:29:10 EDT 2023] sleep 2 secs to verify again
[Tue Oct 24 06:29:13 EDT 2023] checking
[Tue Oct 24 06:29:13 EDT 2023] =======Begin Send Signed Request=======
[Tue Oct 24 06:29:13 EDT 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:13 EDT 2023] payload
[Tue Oct 24 06:29:13 EDT 2023] Use cached jwk for file: /home/server/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Tue Oct 24 06:29:13 EDT 2023] Use _CACHED_NONCE='_s_123NQ3w_7bNVhBPoP5V3Tc0EGZyTTE_lbbW5nMMIveKX7ig0'
[Tue Oct 24 06:29:13 EDT 2023] nonce='_s_123NQ3w_7bNVhBPoP5V3Tc0EGZyTTE_lbbW5nMMIveKX7ig0'
[Tue Oct 24 06:29:13 EDT 2023] POST
[Tue Oct 24 06:29:13 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146'
[Tue Oct 24 06:29:13 EDT 2023] body='{"protected": "ey12325jZSI6ICJfc181dTFOUTN3XzdiTlZoQlBvUDVWM1RjMEVHWnlUVEVfbGJiVzVuTU1JdmVLWDdpZzAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI3NjkzOTAwNDE0NiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM3MzA1MDk0NiJ9", "payload": "", "signature": "Tc123FjuczAEtPyJWtv7hM7iguRRkxYNWjAD8h_dbEgMm8sC2gYnzri592CDu-60hgwO5K4ehg7YIvx8YNHWkw"}'
[Tue Oct 24 06:29:13 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:13 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:13 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g '
[Tue Oct 24 06:29:13 EDT 2023] _ret='0'
[Tue Oct 24 06:29:13 EDT 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Oct 2023 10:29:13 GMT
Content-Type: application/json
Content-Length: 1432
Connection: keep-alive
Boulder-Requester: 1373050946
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 3H123CDNEJ_BA_C98tMbUF0gPySD5dBP1gACJQZ5wfNUDXFOOyI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Tue Oct 24 06:29:13 EDT 2023] code='200'
[Tue Oct 24 06:29:13 EDT 2023] original='{
  "identifier": {
    "type": "dns",
    "value": "www.domain.com"
  },
  "status": "invalid",
  "expires": "2023-10-31T10:29:08Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "123.23.23.23: Invalid response from https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w",
      "token": "vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U",
      "validationRecord": [
        {
          "url": "http://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U",
          "hostname": "www.domain.com",
          "port": "80",
          "addressesResolved": [
            "X.23.23.23",
            "X.23.23.24"
          ],
          "addressUsed": "X.23.23.23"
        },
        {
          "url": "https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U",
          "hostname": "www.domain.com",
          "port": "443",
          "addressesResolved": [
            "X.23.23.23",
            "X.23.23.24"
          ],
          "addressUsed": "X.23.23.23"
        }
      ],
      "validated": "2023-10-24T10:29:10Z"
    }
  ]
}'
[Tue Oct 24 06:29:13 EDT 2023] response='{"identifier":{"type":"dns","value":"www.domain.com"},"status":"invalid","expires":"2023-10-31T10:29:08Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"X.23.23.23: Invalid response from https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","validationRecord":[{"url":"http://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","hostname":"www.domain.com","port":"80","addressesResolved":["X.23.23.23","X.23.23.24"],"addressUsed":"X.23.23.23"},{"url":"https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","hostname":"www.domain.com","port":"443","addressesResolved":["X.23.23.23","X.23.23.24"],"addressUsed":"X.23.23.23"}],"validated":"2023-10-24T10:29:10Z"}]}'
[Tue Oct 24 06:29:13 EDT 2023] original='{"identifier":{"type":"dns","value":"www.domain.com"},"status":"invalid","expires":"2023-10-31T10:29:08Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"X.23.23.23: Invalid response from https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","validationRecord":[{"url":"http://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","hostname":"www.domain.com","port":"80","addressesResolved":["X.23.23.23","X.23.23.24"],"addressUsed":"X.23.23.23"},{"url":"https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","hostname":"www.domain.com","port":"443","addressesResolved":["X.23.23.23","X.23.23.24"],"addressUsed":"X.23.23.23"}],"validated":"2023-10-24T10:29:10Z"}]}'
[Tue Oct 24 06:29:13 EDT 2023] response='{"identifier":{"type":"dns","value":"www.domain.com"},"status":"invalid","expires":"2023-10-31T10:29:08Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"X.23.23.23: Invalid response from https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w","token":"vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","validationRecord":[{"url":"http://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","hostname":"www.domain.com","port":"80","addressesResolved":["X.23.23.23","X.23.23.24"],"addressUsed":"X.23.23.23"},{"url":"https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U","hostname":"www.domain.com","port":"443","addressesResolved":["X.23.23.23","X.23.23.24"],"addressUsed":"X.23.23.23"}],"validated":"2023-10-24T10:29:10Z"}]}'
[Tue Oct 24 06:29:13 EDT 2023] status='invalid
invalid'
[Tue Oct 24 06:29:13 EDT 2023] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"X.23.23.23: Invalid response fromhttps://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U: 404","status": 403'
[Tue Oct 24 06:29:13 EDT 2023] errordetail='X.23.23.23: Invalid response from https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U: 404'
[Tue Oct 24 06:29:13 EDT 2023] Invalid status, www.domain.com:Verify error detail:X.23.23.23: Invalid response from https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U: 404
[Tue Oct 24 06:29:13 EDT 2023] Debug: get token url.
[Tue Oct 24 06:29:13 EDT 2023] GET
[Tue Oct 24 06:29:13 EDT 2023] url='http://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U'
[Tue Oct 24 06:29:13 EDT 2023] timeout=1
[Tue Oct 24 06:29:13 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:13 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g  --connect-timeout 1'
<!DOCTYPE html>
<html style="height:100%">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<title> 404 Not Found
</title></head>
<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
<h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
<h2 style="margin-top:20px;font-size: 30px;">Not Found
</h2>
<p>The resource requested could not be found on this server!</p>
</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
[Tue Oct 24 06:29:14 EDT 2023] ret='0'
[Tue Oct 24 06:29:14 EDT 2023] Debugging, skip removing: /home/server/public_html/domain.com/.well-known
[Tue Oct 24 06:29:14 EDT 2023] pid
[Tue Oct 24 06:29:14 EDT 2023] No need to restore nginx, skip.
[Tue Oct 24 06:29:14 EDT 2023] _clearupdns
[Tue Oct 24 06:29:14 EDT 2023] dns_entries
[Tue Oct 24 06:29:14 EDT 2023] skip dns.
[Tue Oct 24 06:29:14 EDT 2023] _on_issue_err
[Tue Oct 24 06:29:14 EDT 2023] Please check log file for more details: /home/server/.acme.sh/acme.sh.log
[Tue Oct 24 06:29:14 EDT 2023] _chk_vlist='domain.com#verified_ok##dns-01#dns_cf#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271236808876,www.domain.com#vN132lYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U.PGmxUHd5LjO64wGpTRoanvCot8wrJYa9TRWw_F5_5TI#https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w#http-01#/home/server/public_html/domain.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/271239004146,'
[Tue Oct 24 06:29:14 EDT 2023] start to deactivate authz
[Tue Oct 24 06:29:14 EDT 2023] Trigger domain validation.
[Tue Oct 24 06:29:14 EDT 2023] _t_url
[Tue Oct 24 06:29:14 EDT 2023] _t_key_authz='verified_ok'
[Tue Oct 24 06:29:14 EDT 2023] _t_vtype
[Tue Oct 24 06:29:14 EDT 2023] =======Begin Send Signed Request=======
[Tue Oct 24 06:29:14 EDT 2023] url
[Tue Oct 24 06:29:14 EDT 2023] payload='{}'
[Tue Oct 24 06:29:14 EDT 2023] Use cached jwk for file: /home/server/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Tue Oct 24 06:29:14 EDT 2023] Use _CACHED_NONCE='3H123CDNEJ_BA_C98tMbUF0gPySD5dBP1gACJQZ5wfNUDXFOOyI'
[Tue Oct 24 06:29:14 EDT 2023] nonce='3H123CDNEJ_BA_C98tMbUF0gPySD5dBP1gACJQZ5wfNUDXFOOyI'
[Tue Oct 24 06:29:14 EDT 2023] POST
[Tue Oct 24 06:29:14 EDT 2023] _post_url
[Tue Oct 24 06:29:14 EDT 2023] body='{"protected": "ey12325jZSI6ICIzSHZXWENETkVKX0JBX0M5OHRNYlVGMGdQeVNENWRCUDFnQUNKUVo1d2ZOVURYRk9PeUkiLCAidXJsIjogIiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM3MzA1MDk0NiJ9", "payload": "e30", "signature": "ab1235fzHV7U0neUjYL_U9egdOlnLo_6csigD4GyNtqYCxMgjSg2dx2YUUlubKiQplVk6nfz0sK2VFT6ULI-xg"}'
[Tue Oct 24 06:29:14 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:14 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:14 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g '
[Tue Oct 24 06:29:14 EDT 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 3
[Tue Oct 24 06:29:14 EDT 2023] Here is the curl dump log:
[Tue Oct 24 06:29:14 EDT 2023] == Info: <url> malformed
[Tue Oct 24 06:29:14 EDT 2023] _ret='3'
[Tue Oct 24 06:29:14 EDT 2023] responseHeaders='HTTP/1.1 301 Moved Permanently
Date: Tue, 24 Oct 2023 10:29:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: https://www.domain.com/.well-known/acme-challenge/vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0T1232eFvicmisBkuYLcDLuX1OwYptGS1eYojVbSyPkq174m78HLUBoEh%2FDoeoK%2B94a488nu0Y%2FH2%2FLEjX1HaSJaXSf6nVGgVb9xitC9obClLF1NHz2X%2B4arfUiFm4pk%2BGe6Yj7y"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81b18999ed9a0acf-LAS
alt-svc: h3=":443"; ma=86400

HTTP/1.1 404 Not Found
Date: Tue, 24 Oct 2023 10:29:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
vary: User-Agent
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kU123D25Dt0DvlPxoYPGcBUGld31g0kxM5o4ocG4x5S06b0%2BQd7KW7e57WWsTfXH4794aiKThbWHzLnArObDUWAhLlWkrwtH%2BavoQ6bXG2ml%2FUiHscBrcgWfCqJ8z9aROheFsw5L"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81b1899cbc240adb-LAS
alt-svc: h3=":443"; ma=86400
'
[Tue Oct 24 06:29:14 EDT 2023] code='404'
[Tue Oct 24 06:29:14 EDT 2023] original
[Tue Oct 24 06:29:14 EDT 2023] response
[Tue Oct 24 06:29:14 EDT 2023] Trigger domain validation.
[Tue Oct 24 06:29:14 EDT 2023] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w'
[Tue Oct 24 06:29:14 EDT 2023] _t_key_authz='vN123IYqz0UkxX8OAEUI0f6a9rqRJAIkak38BqMVi8U.PGmxUHd5LjO64wGpTRoanvCot8wrJYa9TRWw_F5_5TI'
[Tue Oct 24 06:29:14 EDT 2023] _t_vtype
[Tue Oct 24 06:29:14 EDT 2023] =======Begin Send Signed Request=======
[Tue Oct 24 06:29:14 EDT 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w'
[Tue Oct 24 06:29:14 EDT 2023] payload='{}'
[Tue Oct 24 06:29:14 EDT 2023] Use cached jwk for file: /home/server/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Tue Oct 24 06:29:14 EDT 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Oct 24 06:29:14 EDT 2023] HEAD
[Tue Oct 24 06:29:14 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Oct 24 06:29:14 EDT 2023] body
[Tue Oct 24 06:29:14 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:14 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:14 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g  -I  '
[Tue Oct 24 06:29:15 EDT 2023] _ret='0'
[Tue Oct 24 06:29:15 EDT 2023] _headers='HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Oct 2023 10:29:15 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: _s_123NQTyA3gs8AHnou0VChMvFJI9aG3vaktgqogeimlKF3kXI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Tue Oct 24 06:29:15 EDT 2023] _CACHED_NONCE='_s_123NQTyA3gs8AHnou0VChMvFJI9aG3vaktgqogeimlKF3kXI'
[Tue Oct 24 06:29:15 EDT 2023] nonce='_s_123NQTyA3gs8AHnou0VChMvFJI9aG3vaktgqogeimlKF3kXI'
[Tue Oct 24 06:29:15 EDT 2023] POST
[Tue Oct 24 06:29:15 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/271239004146/v5-g1w'
[Tue Oct 24 06:29:15 EDT 2023] body='{"protected": "ey12325jZSI6ICJfc181dTFOUVR5QTNnczhBSG5vdTBWQ2hNdkZKSTlhRzN2YWt0Z3FvZ2VpbWxLRjNrWEkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm24Zy9hY21lL2NoYWxsLXYzLzI3NjkzOTAwNDE0Ni92NS1nMXciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEzNzMwNTA5NDYifQ", "payload": "e30", "signature": "bm123d9-kApU9r1QHaIw8vtWOx1sXwriy1i6vjKWzDgnK24ctdU1L4x531ajipSymXjODzpF45VgisdlDcibHg"}'
[Tue Oct 24 06:29:15 EDT 2023] _postContentType='application/jose+json'
[Tue Oct 24 06:29:15 EDT 2023] Http already initialized.
[Tue Oct 24 06:29:15 EDT 2023] _CURL='curl --silent --dump-header /home/server/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.it3qQ9oZAu  -g '
[Tue Oct 24 06:29:15 EDT 2023] _ret='0'
[Tue Oct 24 06:29:15 EDT 2023] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 24 Oct 2023 10:29:15 GMT
Content-Type: application/problem+json
Content-Length: 144
Connection: keep-alive
Boulder-Requester: 1373050946
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: IA123RVV1F9b1Bpz481h3JdDPCFD3q4pRIPOyjF409p9d0nr7UM
'
[Tue Oct 24 06:29:15 EDT 2023] code='400'
[Tue Oct 24 06:29:15 EDT 2023] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Tue Oct 24 06:29:15 EDT 2023] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Tue Oct 24 06:29:15 EDT 2023] socat doesn't exist.
[Tue Oct 24 06:29:15 EDT 2023] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
@github-actions
Copy link

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

@pingram3541
Copy link
Author

Already ran acme.sh --upgrade thx

@Neilpang
Copy link
Member

Are the "domain.com" and "www.domain.com" using the same webroot folder?

@pingram3541
Copy link
Author

Yes, php handles the rest.

@pingram3541
Copy link
Author

Turns out this particular domain was a sibling to the web root folder and not inside /public_html/ as originally expected. Very odd it still succeeded anyway, except when used w/ the additional www alias. In any case, removing /public_html/ from the path and everything issued as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pingram3541 @Neilpang