A pure Unix shell script implementing ACME client protocol

Overview

An ACME Shell script: acme.sh

LetsEncrypt Shellcheck PebbleStrict DockerHub

Join the chat at https://gitter.im/acme-sh/Lobby Docker stars Docker pulls

  • An ACME protocol client written purely in Shell (Unix shell) language.
  • Full ACME protocol implementation.
  • Support ACME v1 and ACME v2
  • Support ACME v2 wildcard certs
  • Simple, powerful and very easy to use. You only need 3 minutes to learn it.
  • Bash, dash and sh compatible.
  • Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
  • Just one script to issue, renew and install your certificates automatically.
  • DOES NOT require root/sudoer access.
  • Docker friendly
  • IPv6 support
  • Cron job notifications for renewal or error etc.

It's probably the easiest & smartest shell script to automatically issue & renew the free certificates from Let's Encrypt.

Wiki: https://github.com/acmesh-official/acme.sh/wiki

For Docker Fans: acme.sh 💕 Docker

Twitter: @neilpangxa

中文说明

Who:

Tested OS

NO Status Platform
1 MacOS Mac OSX
2 Windows Windows (cygwin with curl, openssl and crontab included)
3 FreeBSD FreeBSD
4 Solaris Solaris
5 Ubuntu Ubuntu
6 pfsense
7 OpenBSD
8 Debian
9 CentOS
10 openSUSE
11 Alpine Linux (with curl)
12 Archlinux
13 fedora
14 Kali Linux
15 Oracle Linux
16 Proxmox: See Proxmox VE Wiki. Version 4.x, 5.0, 5.1, version 5.2 and up
17 ----- Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
18 Mageia
19 ----- OpenWRT: Tested and working. See wiki page
20 Gentoo Linux
21 ClearLinux

For all build statuses, check our weekly build project:

https://github.com/acmesh-official/acmetest

Supported CA

Supported modes

1. How to install

1. Install online

Check this project: https://github.com/acmesh-official/get.acme.sh

curl https://get.acme.sh | sh -s [email protected]

Or:

wget -O -  https://get.acme.sh | sh -s [email protected]

2. Or, Install from git

Clone this project and launch installation:

git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m [email protected]

You don't have to be root then, although it is recommended.

Advanced Installation: https://github.com/acmesh-official/acme.sh/wiki/How-to-install

The installer will perform 3 actions:

  1. Create and copy acme.sh to your home dir ($HOME): ~/.acme.sh/. All certs will be placed in this folder too.
  2. Create alias for: acme.sh=~/.acme.sh/acme.sh.
  3. Create daily cron job to check and renew the certs if needed.

Cron entry example:

0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null

After the installation, you must close the current terminal and reopen it to make the alias take effect.

Ok, you are ready to issue certs now.

Show help message:

[email protected]:~# acme.sh -h

2. Just issue a cert

Example 1: Single domain.

acme.sh --issue -d example.com -w /home/wwwroot/example.com

or:

acme.sh --issue -d example.com -w /home/username/public_html

or:

acme.sh --issue -d example.com -w /var/www/html

Example 2: Multiple domains in the same cert.

acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com

The parameter /home/wwwroot/example.com or /home/username/public_html or /var/www/html is the web root folder where you host your website files. You MUST have write access to this folder.

Second argument "example.com" is the main domain you want to issue the cert for. You must have at least one domain there.

You must point and bind all the domains to the same webroot dir: /home/wwwroot/example.com.

The certs will be placed in ~/.acme.sh/example.com/

The certs will be renewed automatically every 60 days.

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

3. Install the cert to Apache/Nginx etc.

After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers. You MUST use this command to copy the certs to the target files, DO NOT use the certs files in ~/.acme.sh/ folder, they are for internal use only, the folder structure may change in the future.

Apache example:

acme.sh --install-cert -d example.com \
--cert-file      /path/to/certfile/in/apache/cert.pem  \
--key-file       /path/to/keyfile/in/apache/key.pem  \
--fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \
--reloadcmd     "service apache2 force-reload"

Nginx example:

acme.sh --install-cert -d example.com \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"

Only the domain is required, all the other parameters are optional.

The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission.

Install/copy the cert/key to the production Apache or Nginx path.

The cert will be renewed every 60 days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: service apache2 force-reload or service nginx force-reload.

Please take care: The reloadcmd is very important. The cert can be automatically renewed, but, without a correct 'reloadcmd' the cert may not be flushed to your server(like nginx or apache), then your website will not be able to show renewed cert in 60 days.

4. Use Standalone server to issue cert

(requires you to be root/sudoer or have permission to listen on port 80 (TCP))

Port 80 (TCP) MUST be free to listen on, otherwise you will be prompted to free it and try again.

acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

5. Use Standalone ssl server to issue cert

(requires you to be root/sudoer or have permission to listen on port 443 (TCP))

Port 443 (TCP) MUST be free to listen on, otherwise you will be prompted to free it and try again.

acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

6. Use Apache mode

(requires you to be root/sudoer, since it is required to interact with Apache server)

If you are running a web server, it is recommended to use the Webroot mode.

Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder.

Just set string "apache" as the second argument and it will force use of apache plugin automatically.

acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com

This apache mode is only to issue the cert, it will not change your apache config files. You will need to configure your website config files to use the cert by yourself. We don't want to mess with your apache server, don't worry.

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

7. Use Nginx mode

(requires you to be root/sudoer, since it is required to interact with Nginx server)

If you are running a web server, it is recommended to use the Webroot mode.

Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder.

Just set string "nginx" as the second argument.

It will configure nginx server automatically to verify the domain and then restore the nginx config to the original version.

So, the config is not changed.

acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com

This nginx mode is only to issue the cert, it will not change your nginx config files. You will need to configure your website config files to use the cert by yourself. We don't want to mess with your nginx server, don't worry.

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

8. Automatic DNS API integration

If your DNS provider supports API access, we can use that API to automatically issue the certs.

You don't have to do anything manually!

Currently acme.sh supports most of the dns providers:

https://github.com/acmesh-official/acme.sh/wiki/dnsapi

9. Use DNS manual mode:

See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode first.

If your dns provider doesn't support any api access, you can add the txt record by hand.

acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com

You should get an output like below:

Add the following txt record:
Domain:_acme-challenge.example.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c

Add the following txt record:
Domain:_acme-challenge.www.example.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Please add those txt records to the domains. Waiting for the dns to take effect.

Then just rerun with renew argument:

acme.sh --renew -d example.com

Ok, it's done.

Take care, this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert.

Please use dns api mode instead.

10. Issue ECC certificates

Let's Encrypt can now issue ECDSA certificates.

And we support them too!

Just set the keylength parameter with a prefix ec-.

For example:

Single domain ECC certificate

acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256

SAN multi domain ECC certificate

acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256

Please look at the keylength parameter above.

Valid values are:

  1. ec-256 (prime256v1, "ECDSA P-256")
  2. ec-384 (secp384r1, "ECDSA P-384")
  3. ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)

11. Issue Wildcard certificates

It's simple, just give a wildcard domain as the -d parameter.

acme.sh  --issue -d example.com  -d '*.example.com'  --dns dns_cf

12. How to renew the certs

No, you don't need to renew the certs manually. All the certs will be renewed automatically every 60 days.

However, you can also force to renew a cert:

acme.sh --renew -d example.com --force

or, for ECC cert:

acme.sh --renew -d example.com --force --ecc

13. How to stop cert renewal

To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:

acme.sh --remove -d example.com [--ecc]

The cert/key file is not removed from the disk.

You can remove the respective directory (e.g. ~/.acme.sh/example.com) by yourself.

14. How to upgrade acme.sh

acme.sh is in constant development, so it's strongly recommended to use the latest code.

You can update acme.sh to the latest code:

acme.sh --upgrade

You can also enable auto upgrade:

acme.sh --upgrade --auto-upgrade

Then acme.sh will be kept up to date automatically.

Disable auto upgrade:

acme.sh --upgrade --auto-upgrade 0

15. Issue a cert from an existing CSR

https://github.com/acmesh-official/acme.sh/wiki/Issue-a-cert-from-existing-CSR

16. Send notifications in cronjob

https://github.com/acmesh-official/acme.sh/wiki/notify

17. Under the Hood

Speak ACME language using shell, directly to "Let's Encrypt".

TODO:

18. Acknowledgments

  1. Acme-tiny: https://github.com/diafygi/acme-tiny
  2. ACME protocol: https://github.com/ietf-wg-acme/acme

Contributors

Code Contributors

This project exists thanks to all the people who contribute. [Contribute].

Financial Contributors

Become a financial contributor and help us sustain our community. [Contribute]

Individuals

Organizations

Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]

19. License & Others

License is GPLv3

Please Star and Fork me.

Issues and pull requests are welcome.

20. Donate

Your donation makes acme.sh better:

  1. PayPal/Alipay(支付宝)/Wechat(微信): https://donate.acme.sh/

Donate List

Comments
  • ec-256  issue

    ec-256 issue

    # acme.sh --issue -d nas.fernandomiguel.net  --dns dns_cf  --dnssleep 10 --certpath /usr/syno/etc/certificate/system/default/cert.pem --keypath /usr/syno/etc/certificate/system/default/privkey.pem --fullchainpath /usr/syno/etc/certificate/system/default/fullchain.pem  -k ec-256 --debug 2
    [Fri Nov  4 11:01:03 GMT 2016] Lets find script dir.
    [Fri Nov  4 11:01:03 GMT 2016] _SCRIPT_='/volume1/@appstore/.acme.sh/acme.sh'
    [Fri Nov  4 11:01:03 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
    [Fri Nov  4 11:01:03 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
    grep: /volume1/@appstore/.acme.sh/: Is a directory
    grep: /volume1/@appstore/.acme.sh/: Is a directory
    /volume1/@appstore/.acme.sh/acme.sh: line 1225: /volume1/@appstore/.acme.sh/: Is a directory
    grep: /volume1/@appstore/.acme.sh/: Is a directory
    [Fri Nov  4 11:01:03 GMT 2016] 
    grep: /volume1/@appstore/.acme.sh/: Is a directory
    grep: /volume1/@appstore/.acme.sh/: Is a directory
    /volume1/@appstore/.acme.sh/acme.sh: line 1225: /volume1/@appstore/.acme.sh/: Is a directory
    grep: /volume1/@appstore/.acme.sh/: Is a directory
    [Fri Nov  4 11:01:03 GMT 2016] 
    https://github.com/Neilpang/acme.sh
    v2.6.3
    [Fri Nov  4 11:01:03 GMT 2016] Using api: 
    [Fri Nov  4 11:01:03 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas.fernandomiguel.net_ecc'
    [Fri Nov  4 11:01:03 GMT 2016] 1:Le_Domain='nas.fernandomiguel.net'
    [Fri Nov  4 11:01:03 GMT 2016] 2:Le_Alt='no'
    [Fri Nov  4 11:01:03 GMT 2016] 3:Le_Webroot='dns_cf'
    [Fri Nov  4 11:01:03 GMT 2016] 4:Le_PreHook=''
    [Fri Nov  4 11:01:03 GMT 2016] 5:Le_PostHook=''
    [Fri Nov  4 11:01:03 GMT 2016] 6:Le_RenewHook=''
    [Fri Nov  4 11:01:03 GMT 2016] options='s/^Le_LocalAddress.*$//'
    [Fri Nov  4 11:01:03 GMT 2016] Using sed  -i
    [Fri Nov  4 11:01:04 GMT 2016] 7:Le_API='https://acme-v01.api.letsencrypt.org'
    [Fri Nov  4 11:01:04 GMT 2016] _on_before_issue
    [Fri Nov  4 11:01:04 GMT 2016] 'dns_cf' does not contain 'no'
    [Fri Nov  4 11:01:04 GMT 2016] Le_LocalAddress
    [Fri Nov  4 11:01:04 GMT 2016] Check for domain='nas.fernandomiguel.net'
    [Fri Nov  4 11:01:04 GMT 2016] _currentRoot='dns_cf'
    [Fri Nov  4 11:01:04 GMT 2016] 'dns_cf' does not contain 'apache'
    [Fri Nov  4 11:01:04 GMT 2016] config file is empty, can not read CA_KEY_HASH
    [Fri Nov  4 11:01:04 GMT 2016] _saved_account_key_hash
    [Fri Nov  4 11:01:04 GMT 2016] EC key
    [Fri Nov  4 11:01:06 GMT 2016] AGREEMENT
    [Fri Nov  4 11:01:06 GMT 2016] Registering account
    [Fri Nov  4 11:01:06 GMT 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
    [Fri Nov  4 11:01:06 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: XXXX"], "agreement": ""}'
    [Fri Nov  4 11:01:06 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
    [Fri Nov  4 11:01:06 GMT 2016] Get nonce.
    [Fri Nov  4 11:01:06 GMT 2016] GET
    [Fri Nov  4 11:01:06 GMT 2016] url='https://acme-v01.api.letsencrypt.org/directory'
    [Fri Nov  4 11:01:06 GMT 2016] timeout
    [Fri Nov  4 11:01:06 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header  --trace-ascii /tmp/tmp.XXX '
    [Fri Nov  4 11:01:06 GMT 2016] ret='0'
    [Fri Nov  4 11:01:07 GMT 2016] _headers='HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/json
    Content-Length: 280
    Boulder-Request-Id: XXX
    Replay-Nonce: XXX
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Fri, 04 Nov 2016 11:01:06 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Fri, 04 Nov 2016 11:01:06 GMT
    Connection: keep-alive
    '
    [Fri Nov  4 11:01:07 GMT 2016] _CACHED_NONCE='XXX'
    [Fri Nov  4 11:01:07 GMT 2016] nonce='XXX'
    Error Signing Data
    13172:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
    Error: offset too large
    printf: usage: printf [-v var] format [arguments]
    [Fri Nov  4 11:01:07 GMT 2016] POST
    [Fri Nov  4 11:01:07 GMT 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
    [Fri Nov  4 11:01:07 GMT 2016] body='{"header": {"alg": "ES256", "jwk": {"crv": "", "kty": "EC", "x": "0XXX", "y": "SBIUEfbgqVAOQ3e1aNoFOLE1do9fiTjgj7WivSy0_x8"}}, "protected": "eyXXXX", "payload": "eyJXXX", "signature": ""}'
    [Fri Nov  4 11:01:07 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header  --trace-ascii /tmp/tmp.XXX '
    [Fri Nov  4 11:01:07 GMT 2016] _ret='0'
    [Fri Nov  4 11:01:07 GMT 2016] original='{
      "type": "urn:acme:error:malformed",
      "detail": "Parse error reading JWS",
      "status": 400
    }'
    [Fri Nov  4 11:01:07 GMT 2016] responseHeaders='HTTP/1.1 400 Bad Request
    Server: nginx
    Content-Type: application/problem+json
    Content-Length: 96
    Boulder-Request-Id: XXX
    Replay-Nonce: XXX
    Expires: Fri, 04 Nov 2016 11:01:07 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Fri, 04 Nov 2016 11:01:07 GMT
    Connection: close
    '
    [Fri Nov  4 11:01:07 GMT 2016] response='{"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
    [Fri Nov  4 11:01:07 GMT 2016] code='400'
    [Fri Nov  4 11:01:07 GMT 2016] Register account Error: {"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
    [Fri Nov  4 11:01:07 GMT 2016] _on_issue_err
    [Fri Nov  4 11:01:07 GMT 2016] Please use add '--debug' or '--log' to check more details.
    [Fri Nov  4 11:01:07 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
    
    
    opened by FernandoMiguel 62
  • issuing a cert without parent level domain fails

    issuing a cert without parent level domain fails

    If there is an A record test.example.com, but no record example.com the following fails with a CAA SERVFAIL error acme.sh --standalone --staging --issue -d test.example.com -w /home/wwwroot/test.example.com

    If example.com is created with an independent A record, the above works. Perhaps acme.sh is incorrectly assuming test.example.com belongs to a cert for example.com?

    The following has no issues with a similar setup: https://github.com/kvaps/docker-letsencrypt-webroot

    opened by mikkelfj 49
  • Error, can not get domain token

    Error, can not get domain token

    latest attempt on 2.2.5 gives me following error

    acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2
    
    [Mon May 30 18:51:44 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Mon May 30 18:51:44 UTC 2016] Le_NextRenewTime
    [Mon May 30 18:51:44 UTC 2016] OK
    [Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
    [Mon May 30 18:51:44 UTC 2016] OK
    [Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
    [Mon May 30 18:51:44 UTC 2016] OK
    [Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
    [Mon May 30 18:51:44 UTC 2016] OK
    [Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
    [Mon May 30 18:51:44 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
    [Mon May 30 18:51:44 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
    [Mon May 30 18:51:44 UTC 2016] RSA key
    [Mon May 30 18:51:44 UTC 2016] pub_exp='010001'
    [Mon May 30 18:51:44 UTC 2016] let exists=0
    [Mon May 30 18:51:44 UTC 2016] uselet='1'
    [Mon May 30 18:51:44 UTC 2016] _URGLY_PRINTF
    [Mon May 30 18:51:44 UTC 2016] e='AQAB'
    [Mon May 30 18:51:44 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
    [Mon May 30 18:51:44 UTC 2016] let exists=0
    [Mon May 30 18:51:44 UTC 2016] uselet='1'
    [Mon May 30 18:51:44 UTC 2016] _URGLY_PRINTF
    [Mon May 30 18:51:47 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
    [Mon May 30 18:51:47 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
    [Mon May 30 18:51:47 UTC 2016] Skip register account key
    [Mon May 30 18:51:47 UTC 2016] Creating csr
    [Mon May 30 18:51:47 UTC 2016] Single domain='acme.domain.com'
    [Mon May 30 18:51:47 UTC 2016] Verify each domain
    [Mon May 30 18:51:47 UTC 2016] Getting webroot for domain='acme.domain.com'
    [Mon May 30 18:51:47 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
    [Mon May 30 18:51:47 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
    [Mon May 30 18:51:47 UTC 2016] Getting token for domain='acme.domain.com'
    [Mon May 30 18:51:47 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Mon May 30 18:51:47 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
    [Mon May 30 18:51:47 UTC 2016] RSA key
    [Mon May 30 18:51:47 UTC 2016] pub_exp='010001'
    [Mon May 30 18:51:47 UTC 2016] let exists=0
    [Mon May 30 18:51:47 UTC 2016] uselet='1'
    [Mon May 30 18:51:47 UTC 2016] _URGLY_PRINTF
    [Mon May 30 18:51:47 UTC 2016] e='AQAB'
    [Mon May 30 18:51:47 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
    [Mon May 30 18:51:47 UTC 2016] let exists=0
    [Mon May 30 18:51:47 UTC 2016] uselet='1'
    [Mon May 30 18:51:47 UTC 2016] _URGLY_PRINTF
    [Mon May 30 18:51:49 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
    [Mon May 30 18:51:49 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
    [Mon May 30 18:51:50 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
    [Mon May 30 18:51:50 UTC 2016] GET
    [Mon May 30 18:51:50 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
    [Mon May 30 18:51:50 UTC 2016] curl exists=0
    [Mon May 30 18:51:53 UTC 2016] nonce
    [Mon May 30 18:51:53 UTC 2016] protected='{"nonce": "", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
    [Mon May 30 18:51:53 UTC 2016] protected64='eyJub25jZSI6ICIiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJuX0c3alBvdXM3SjFUTFdGcWlra3pjUURLMlJ5VDBUcUJBX0EwOUxFRzV0SVV1Q2JWRkNKTGNCNWgxSFR1WTZncGttbHRTdWF2VS1HRS13TVNNQ1p0aERQT3Ffbm1SbXZSbVB1RktZRmNLS2xXV3VPNmFQZ05sS0J3a2tYVXYtd3JFTG1xU20xeVRBRHppbVF5R2Zxb2FiMGRzZF9DUHZ6c3dNaTZXQW5EYVd1bWdweml3a3NvZGJOYkx2d3g0NnZqZE5WcGV4eV9hdVJFQUV2NnVpaHRCRlhKNHdBcllRVy1LVlFrLU44SDZ2Z3MxVUFLallhR1ItSHZaV1lNM1JRa1MzM1FXU3gyZ21GSFY2eGFaUFZhdEM2MHIwblBQcWpZak1uRnRGM2NQOUNrekpRazJKMURpUlJqb0JuNnluaEJhY3owMllVdHdsYk1Zcm1mOUVUVlEifX0'
    [Mon May 30 18:51:53 UTC 2016] sig='hyYMIC9TQ9nqCXEUNpa2ZVaaGDnX8v42ldjvsSTsGtamLOCOgndgolIDe2gMMT2mJg1jgnRqGU3ao2hOWv_zpI19-ZUEuGpi7fwfyO0tDqtP1lu4MKMl72sPOZ9UgLpIWCgaExrjYgHZ7KECsmlelR3UrWvSqOE7MXjtG78159vZnOqFl8MV8-kXrnqPuHwoOjSaqLCCCZPsBhftVdl9XAlF5KKROh2hgUewh6MAK6Z-FSaEJqVNnA_dHZK5fHNBhQqkhLUAv3jOGpcjRJjZX4_Kkp4i4f6UQ_Ll6f89ilfOqWxme36M9wM2j7LIFpcfgzjTF8GQjdgTLUI82KgAMA'
    [Mon May 30 18:51:53 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICIiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJuX0c3alBvdXM3SjFUTFdGcWlra3pjUURLMlJ5VDBUcUJBX0EwOUxFRzV0SVV1Q2JWRkNKTGNCNWgxSFR1WTZncGttbHRTdWF2VS1HRS13TVNNQ1p0aERQT3Ffbm1SbXZSbVB1RktZRmNLS2xXV3VPNmFQZ05sS0J3a2tYVXYtd3JFTG1xU20xeVRBRHppbVF5R2Zxb2FiMGRzZF9DUHZ6c3dNaTZXQW5EYVd1bWdweml3a3NvZGJOYkx2d3g0NnZqZE5WcGV4eV9hdVJFQUV2NnVpaHRCRlhKNHdBcllRVy1LVlFrLU44SDZ2Z3MxVUFLallhR1ItSHZaV1lNM1JRa1MzM1FXU3gyZ21GSFY2eGFaUFZhdEM2MHIwblBQcWpZak1uRnRGM2NQOUNrekpRazJKMURpUlJqb0JuNnluaEJhY3owMllVdHdsYk1Zcm1mOUVUVlEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ", "signature": "hyYMIC9TQ9nqCXEUNpa2ZVaaGDnX8v42ldjvsSTsGtamLOCOgndgolIDe2gMMT2mJg1jgnRqGU3ao2hOWv_zpI19-ZUEuGpi7fwfyO0tDqtP1lu4MKMl72sPOZ9UgLpIWCgaExrjYgHZ7KECsmlelR3UrWvSqOE7MXjtG78159vZnOqFl8MV8-kXrnqPuHwoOjSaqLCCCZPsBhftVdl9XAlF5KKROh2hgUewh6MAK6Z-FSaEJqVNnA_dHZK5fHNBhQqkhLUAv3jOGpcjRJjZX4_Kkp4i4f6UQ_Ll6f89ilfOqWxme36M9wM2j7LIFpcfgzjTF8GQjdgTLUI82KgAMA"}'
    [Mon May 30 18:51:53 UTC 2016] POST
    [Mon May 30 18:51:53 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Mon May 30 18:51:53 UTC 2016] curl exists=0
    [Mon May 30 18:51:56 UTC 2016] original
    [Mon May 30 18:51:56 UTC 2016] responseHeaders
    [Mon May 30 18:51:56 UTC 2016] response
    [Mon May 30 18:51:56 UTC 2016] code
    [Mon May 30 18:51:56 UTC 2016] entry
    [Mon May 30 18:51:56 UTC 2016] Error, can not get domain token acme.domain.com
    [Mon May 30 18:51:56 UTC 2016] pid
    
    opened by centminmod 41
  • Support for AWS Route 53?

    Support for AWS Route 53?

    I wanted to check to see what your thoughts are in regards to the dnsapi plugins. I wrote a AWS Route 53 API plugin but it uses the python awscli tool and jq to parse JSON and I wasn't sure if you had strict requirements for using only bash or if 3rd party libraries could be a requirement. This probably needs some additional error checking but it's worked decently for me so far: https://gist.github.com/mbentley/d5da0bf962f050dd07ec

    opened by mbentley 39
  • FYI, pfsense doesn't work

    FYI, pfsense doesn't work

    [2.2.6-RELEASE][[email protected]]/root/le: bash ./le.sh issue /root/certs/ example.com o.example,e.example.com,s.example.com,j.example.com
    Use default length 2048
    Generating RSA private key, 2048 bit long modulus
    ................................+++
    ....+++
    e is 65537 (0x10001)
    Use default length 2048
    Generating RSA private key, 2048 bit long modulus
    .............................................+++
    .........................................................................................+++
    e is 65537 (0x10001)
    Multi domain=DNS:o.example.com,DNS:e.example.com,DNS:s.example.com,DNS:j.example.com
    error on line -1 of /dev/fd/63
    675592508:error:02001002:system library:fopen:No such file or directory:/usr/pfSensesrc/src.RELENG_2_2/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:169:fopen('/dev/fd/63','rb')
    675592508:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/pfSensesrc/src.RELENG_2_2/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:172:
    675592508:error:0E078072:configuration file routines:DEF_LOAD:no such file:/usr/pfSensesrc/src.RELENG_2_2/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:197:
    Create CSR error.
    
    opened by mrPsycho 39
  • Unable to add TXT record to IDN domain on reg.ru

    Unable to add TXT record to IDN domain on reg.ru

    reg.ru service list unixcode domains not in IDN format.

    [Wed May 4 02:39:40 PM +06 2022] Found domain api file: /opt/acme.sh/dnsapi/dns_regru.sh [Wed May 4 02:39:40 PM +06 2022] Adding txt value: noS-_iHLO_Dpcwk-fDnJJFa0VijUCJHixjux3NYGKdA for domain: _acme-challenge.сайт.рф [Wed May 4 02:39:41 PM +06 2022] First detect the root zone [Wed May 4 02:39:41 PM +06 2022] service/get_list [Wed May 4 02:39:41 PM +06 2022] data='username=user&password=password&output_format=xml&servtype=domain' [Wed May 4 02:39:41 PM +06 2022] POST [Wed May 4 02:39:41 PM +06 2022] _post_url='https://api.reg.ru/api/regru2/service/get_list' [Wed May 4 02:39:41 PM +06 2022] _CURL='curl --silent --dump-header /opt/acme.sh/http.header -L -g ' [Wed May 4 02:39:41 PM +06 2022] _ret='0' [Wed May 4 02:39:41 PM +06 2022] response='<opt charset="utf-8" result="success"> <answer> <services creation_date="2009-07-03" dname="site.ru" expiration_date="2022-07-03" service_id="426667" servtype="domain" state="A" subtype="" uplink_service_id="0" /> <services creation_date="2018-06-29" dname="сайт.рф" expiration_date="2022-06-29" service_id="37861501" servtype="domain" state="A" subtype="" uplink_service_id="0" /> </answer> <messagestore language="ru"> <_messages></_messages> </messagestore> </opt>' [Wed May 4 02:39:41 PM +06 2022] invalid domain [Wed May 4 02:39:41 PM +06 2022] Error add txt for domain:_acme-challenge.сайт.рф

    so I add fix for this error.

    opened by Spider84 35
  • nginx 模式查找server_name问题

    nginx 模式查找server_name问题

    现在的nginx模式是beta模式,而且在我的机器上找不到已经存在的servername, 所以我想问这个查找模式是不是只在nginx.conf中查找servername,我的配置文件在/etc/nginx/sites-available目录下,是不是这个原因找不到。如果不是这个原因,我一会贴上调试输出。

    opened by ColinZeb 35
  • Verify error:Invalid response from [domain]

    Verify error:Invalid response from [domain]

    Hi Neil,

    Something seems to have changed since the last time I renewed certs. This time around I'm getting an error.

    I run this command:

    acme.sh --renew -d domain.tld -d www.domain.tld --force
    

    But then it errors after the "Standalone mode server" line:

    ...
    [Tue May 30 18:17:17 UTC 2017] The new-authz request is ok.
    [Tue May 30 18:17:17 UTC 2017] Verifying:domain.tld
    [Tue May 30 18:17:17 UTC 2017] Standalone mode server
    [Tue May 30 18:17:22 UTC 2017] domain.tld:Verify error:Invalid response from http://domain.tld/.well-known/acme-challenge/qEp9FiogrSkAOM3TYzfhDDKo1J_6abK8FQ5qbtaQY9w: 
    GET / HTTP/1.1
    User-Agent: acme.sh client: https://github.com/Neilpang/acme.sh
    Host: localhost:14927
    Accept: */*
    

    I am trying to troubleshoot it with the web host too, but they're not finding the issue. At first they thought it was because of my http --> https redirect rules, but when these are commented out in .htaccess, the error still happens.

    I've looked at --debug but I'm not knowledgeable enough with this kind of thing to know if there's anything there or not.

    Any suggestions?

    opened by wion 32
  • Register account Error on OpenWrt

    Register account Error on OpenWrt

    我之前已经成功在 OpenWrt 上生成了证书文件,最近发现脚本却失效了,总是在 Registering account 时报错。 尝试删除各种配置文件重新生成依旧失败,请问该如何诊断问题?

    日志记录如下:

    [email protected]:~# ./acme.sh --registeraccount --test --debug 2
    [Tue Dec 13 15:31:35 CST 2016] Lets find script dir.
    [Tue Dec 13 15:31:35 CST 2016] _SCRIPT_='./acme.sh'
    [Tue Dec 13 15:31:35 CST 2016] _script='/root/.acme.sh/acme.sh'
    [Tue Dec 13 15:31:35 CST 2016] _script_home='/root/.acme.sh'
    [Tue Dec 13 15:31:35 CST 2016] Using default home:/root/.acme.sh
    [Tue Dec 13 15:31:35 CST 2016] LE_WORKING_DIR='/root/.acme.sh'
    https://github.com/Neilpang/acme.sh
    v2.6.5
    [Tue Dec 13 15:31:35 CST 2016] Using stage api:https://acme-staging.api.letsencrypt.org
    [Tue Dec 13 15:31:35 CST 2016] RSA key
    [Tue Dec 13 15:31:42 CST 2016] AGREEMENT
    [Tue Dec 13 15:31:42 CST 2016] Registering account
    [Tue Dec 13 15:31:42 CST 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
    [Tue Dec 13 15:31:42 CST 2016] payload='{"resource": "new-reg", "agreement": ""}'
    [Tue Dec 13 15:31:42 CST 2016] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Tue Dec 13 15:31:42 CST 2016] Get nonce.
    [Tue Dec 13 15:31:42 CST 2016] GET
    [Tue Dec 13 15:31:42 CST 2016] url='https://acme-staging.api.letsencrypt.org/directory'
    [Tue Dec 13 15:31:42 CST 2016] timeout
    [Tue Dec 13 15:31:42 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.eyCJgk '
    [Tue Dec 13 15:31:46 CST 2016] ret='0'
    [Tue Dec 13 15:31:46 CST 2016] _headers='HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/json
    Content-Length: 372
    Boulder-Request-Id: IMu6DWEb_FLHtoZFWxWMc0ZnE3uJM1ekx_tF6MbSCq8
    Replay-Nonce: Sglh_FkSL0Rx5Jl21ilH9YjVznRNCUEYYHuPKQKJsmw
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Tue, 13 Dec 2016 07:31:46 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 13 Dec 2016 07:31:46 GMT
    Connection: keep-alive
    '
    [Tue Dec 13 15:31:46 CST 2016] _CACHED_NONCE='Sglh_FkSL0Rx5Jl21ilH9YjVznRNCUEYYHuPKQKJsmw'
    [Tue Dec 13 15:31:46 CST 2016] nonce='Sglh_FkSL0Rx5Jl21ilH9YjVznRNCUEYYHuPKQKJsmw'
    [Tue Dec 13 15:31:46 CST 2016] POST
    [Tue Dec 13 15:31:46 CST 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
    [Tue Dec 13 15:31:47 CST 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "-ihQHbAKpL89FFme3LqGvtEoV08Lrl94bNcRW3muquhtGiK5SpG3XGvzZmvcC4o4
    I5J2MI7KMMS5ozjf3bKS5NiptBR4OuCShipoS4y0ymuBvffGDUcABXnf7gCONW7K
    VYK0aU4QHfK_Sp4kOz-AtpRnDiQw7jHxJAbS4sCzzrL3RJ03Yf7r6hhivMFNdMg8
    BuFMccz_l7GQMsqBZHGgOxjetQF1BQR5vISZpUmwZQwObx7UKJhn0l20IlvPI22w
    qFe-Ptp5h25-_mUfrAvyLromhga-ktXiUoPy9cinkRDsk8geFZSzKqEyWd8fMUMx
    6_5xYvmYJ5XPDWtR2WjLPQ"}}, "protected": "eyJub25jZSI6ICJTZ2xoX0ZrU0wwUng1SmwyMWlsSDlZalZ6blJOQ1VFWVlIdVBL
    UUtKc213IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJr
    dHkiOiAiUlNBIiwgIm4iOiAiLWloUUhiQUtwTDg5RkZtZTNMcUd2dEVvVjA4THJs
    OTRiTmNSVzNtdXF1aHRHaUs1U3BHM1hHdnpabXZjQzRvNApJNUoyTUk3S01NUzVv
    empmM2JLUzVOaXB0QlI0T3VDU2hpcG9TNHkweW11QnZmZkdEVWNBQlhuZjdnQ09O
    VzdLClZZSzBhVTRRSGZLX1NwNGtPei1BdHBSbkRpUXc3akh4SkFiUzRzQ3p6ckwz
    UkowM1lmN3I2aGhpdk1GTmRNZzgKQnVGTWNjel9sN0dRTXNxQlpIR2dPeGpldFFG
    MUJRUjV2SVNacFVtd1pRd09ieDdVS0pobjBsMjBJbHZQSTIydwpxRmUtUHRwNWgy
    NS1fbVVmckF2eUxyb21oZ2Eta3RYaVVvUHk5Y2lua1JEc2s4Z2VGWlN6S3FFeVdk
    OGZNVU14CjZfNXhZdm1ZSjVYUERXdFIyV2pMUFEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctcmVnIiwgImFncmVlbWVudCI6ICIifQ", "signature": "Gt6-9LmdNKHL0dh5PYhJAaHe7QXpu5y556SN8rgdms7tQ9i3g0CmNQGIZZWadoYb
    gcI1oUu_jkxVLWSpY6rWy6V0qzXPohKWvOn8K9ytCZ021YDWVkT7QnXPPXv7vcnA
    tUDzXqm9FArk2M3VyjJ4gK-u8m0DMb-1xsc1ojR5E8ZwCUtbyDXeKv-OdRxlXSYr
    ftICYHHNscIad4g-5Wma6PG6TWVy2KBCaX16s10Npy2Rqi8wwpG7uWbrqptnrTOI
    fER6kFph_WI0j6vUrsjkyQijOVpAXZJY0JBl7iwLeOcz2vsQTJHcGdC4MJxwnI46
    awYkCcRKDDUTRN4_Vc5mMA"}'
    [Tue Dec 13 15:31:47 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.zEBcYz '
    [Tue Dec 13 15:31:49 CST 2016] _ret='0'
    [Tue Dec 13 15:31:49 CST 2016] original='{
      "type": "urn:acme:error:malformed",
      "detail": "Parse error reading JWS",
      "status": 400
    }'
    [Tue Dec 13 15:31:49 CST 2016] responseHeaders='HTTP/1.1 100 Continue
    Expires: Tue, 13 Dec 2016 07:31:48 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 400 Bad Request
    Server: nginx
    Content-Type: application/problem+json
    Content-Length: 96
    Boulder-Request-Id: tt6n075L2qfTnX6IgF5IuZiZune1KMy0rSgE5s5POgY
    Replay-Nonce: -Fyab7Cfq99fuyCFdD-K0sWHSU5-MYKsN1GcfKnpVAI
    Expires: Tue, 13 Dec 2016 07:31:49 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Tue, 13 Dec 2016 07:31:49 GMT
    Connection: close
    '
    [Tue Dec 13 15:31:49 CST 2016] response='{"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
    [Tue Dec 13 15:31:49 CST 2016] code='400'
    [Tue Dec 13 15:31:49 CST 2016] Register account Error: {"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
    
    
    opened by CzBiX 31
  • DNS mode: use dns over https to poll the dns status, instead of a fixed sleep time

    DNS mode: use dns over https to poll the dns status, instead of a fixed sleep time

    In dns mode, we need to wait for the txt record to take effect.

    Currently, we have a sleep time, It looks silly.

    we will use dns over https to poll the dns status.

    There are 2 alternatives we can use:

    1. https://developers.google.com/speed/public-dns/docs/dns-over-https
    2. https://developers.cloudflare.com/1.1.1.1/dns-over-https/
    enhancement 
    opened by Neilpang 30
  • Unable to register for ZeroSSL CA

    Unable to register for ZeroSSL CA

    Steps to reproduce

    Registering f. ZeroSSL CA;

    neither this variant: acme.sh --register-account -m [email protected] --server zerossl nor that variant: acme.sh --register-account --server zerossl
    --eab-kid xxxxxxxxxxxx
    --eab-hmac-key xxxxxxxxx

    for the latter a screenshot is made ...

    opened by maxmueller0 28
  • 华为云的参数怎么写啊 dns_api(dns_huaweicloud): Error getting token.

    华为云的参数怎么写啊 dns_api(dns_huaweicloud): Error getting token.

    是这3个参数吗 我填了 出错无法添加解析 dns_api(dns_huaweicloud): Error getting token.

    dns_huaweicloud export HUAWEICLOUD_Username="h1657" export HUAWEICLOUD_Password="233" export HUAWEICLOUD_DomainName="ack.com"

    opened by qian9008 1
  • I cannot issue a certificate

    I cannot issue a certificate

    Steps to reproduce

    I use ubuntu20.04 which is installed on a virtual machine on Synology NAS.

    DNS configuration: I use Cloudflare: image

    1. Install acme.sh sudo -i sudo apt-get install git bc wget curl socat

    2. Clone repo cd /tmp/ git clone https://github.com/Neilpang/acme.sh.git

    3. Install acme.sh client: cd acme.sh/ ./acme.sh --install

    4. In my ~/.bashrc file, I made sure that . "/root/.acme.sh/acme.sh.env" is added there

    5. Close the terminal and reopened it.

    6. Create /.well-known/acme-challenge/ directory: sudo -i acme.sh cd /var/www/example.com/html mkdir -vp ${D}/.well-known/acme-challenge/ chown -R www-data:www-data ${D}/var/www/example.com/html/.well-known/acme-challenge chmod -R 0555 ${D}/var/www/example.com/html/.well-known/acme-challenge

    7. Create a directory to store SSL certicate mkdir -p /etc/nginx/ssl/example.com/

    8. Generate your dhparams.pem file cd etc/nginx/ssl/example.com/ openssl dhparam -out dhparams.pem 4096

    9. Issue a certificate for example.com domain acme.sh --issue -w /var/www/example.com/html/ -d example.com -d www.example.com -k 4096

    From this point forward, continue with the debug file below:

    Debug log

    [email protected]:~/.acme.sh/example.com# acme.sh --issue -w /var/www/example.com/html/ -d example.com -d www.example.com -k 4096 --debug
    [Mon 05 Dec 2022 01:15:48 AM GMT] Lets find script dir.
    [Mon 05 Dec 2022 01:15:48 AM GMT] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Mon 05 Dec 2022 01:15:48 AM GMT] _script='/root/.acme.sh/acme.sh'
    [Mon 05 Dec 2022 01:15:48 AM GMT] _script_home='/root/.acme.sh'
    [Mon 05 Dec 2022 01:15:48 AM GMT] Using config home:/root/.acme.sh
    https://github.com/acmesh-official/acme.sh
    v3.0.5
    [Mon 05 Dec 2022 01:15:48 AM GMT] Running cmd: issue
    [Mon 05 Dec 2022 01:15:48 AM GMT] _main_domain='example.com'
    [Mon 05 Dec 2022 01:15:48 AM GMT] _alt_domains='www.example.com'
    [Mon 05 Dec 2022 01:15:48 AM GMT] Using config home:/root/.acme.sh
    [Mon 05 Dec 2022 01:15:48 AM GMT] default_acme_server
    [Mon 05 Dec 2022 01:15:48 AM GMT] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
    [Mon 05 Dec 2022 01:15:48 AM GMT] DOMAIN_PATH='/root/.acme.sh/example.com'
    [Mon 05 Dec 2022 01:15:48 AM GMT] Le_NextRenewTime
    [Mon 05 Dec 2022 01:15:48 AM GMT] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
    [Mon 05 Dec 2022 01:15:48 AM GMT] _init api for server: https://acme.zerossl.com/v2/DV90
    [Mon 05 Dec 2022 01:15:48 AM GMT] GET
    [Mon 05 Dec 2022 01:15:48 AM GMT] url='https://acme.zerossl.com/v2/DV90'
    [Mon 05 Dec 2022 01:15:48 AM GMT] timeout=
    [Mon 05 Dec 2022 01:15:48 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Mon 05 Dec 2022 01:15:49 AM GMT] ret='0'
    [Mon 05 Dec 2022 01:15:49 AM GMT] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
    [Mon 05 Dec 2022 01:15:49 AM GMT] ACME_NEW_AUTHZ
    [Mon 05 Dec 2022 01:15:49 AM GMT] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
    [Mon 05 Dec 2022 01:15:49 AM GMT] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
    [Mon 05 Dec 2022 01:15:49 AM GMT] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
    [Mon 05 Dec 2022 01:15:49 AM GMT] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20221001_Certificate_Subscriber_Agreement_v_2_5_click.pdf'
    [Mon 05 Dec 2022 01:15:49 AM GMT] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
    [Mon 05 Dec 2022 01:15:49 AM GMT] Using CA: https://acme.zerossl.com/v2/DV90
    [Mon 05 Dec 2022 01:15:49 AM GMT] _on_before_issue
    [Mon 05 Dec 2022 01:15:49 AM GMT] _chk_main_domain='example.com'
    [Mon 05 Dec 2022 01:15:49 AM GMT] _chk_alt_domains='www.example.com'
    [Mon 05 Dec 2022 01:15:49 AM GMT] Le_LocalAddress
    [Mon 05 Dec 2022 01:15:49 AM GMT] d='example.com'
    [Mon 05 Dec 2022 01:15:49 AM GMT] Check for domain='example.com'
    [Mon 05 Dec 2022 01:15:49 AM GMT] _currentRoot='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:49 AM GMT] d='www.example.com'
    [Mon 05 Dec 2022 01:15:49 AM GMT] Check for domain='www.example.com'
    [Mon 05 Dec 2022 01:15:49 AM GMT] _currentRoot='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:49 AM GMT] d
    [Mon 05 Dec 2022 01:15:49 AM GMT] _saved_account_key_hash is not changed, skip register account.
    [Mon 05 Dec 2022 01:15:49 AM GMT] Read key length:4096
    [Mon 05 Dec 2022 01:15:49 AM GMT] _createcsr
    [Mon 05 Dec 2022 01:15:49 AM GMT] Multi domain='DNS:example.com,DNS:www.example.com'
    [Mon 05 Dec 2022 01:15:49 AM GMT] Getting domain auth token for each domain
    [Mon 05 Dec 2022 01:15:49 AM GMT] d='www.example.com'
    [Mon 05 Dec 2022 01:15:49 AM GMT] d
    [Mon 05 Dec 2022 01:15:49 AM GMT] url='https://acme.zerossl.com/v2/DV90/newOrder'
    [Mon 05 Dec 2022 01:15:49 AM GMT] payload='{"identifiers": [{"type":"dns","value":"example.com"},{"type":"dns","value":"www.example.com"}]}'
    [Mon 05 Dec 2022 01:15:49 AM GMT] RSA key
    [Mon 05 Dec 2022 01:15:49 AM GMT] HEAD
    [Mon 05 Dec 2022 01:15:49 AM GMT] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
    [Mon 05 Dec 2022 01:15:49 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
    [Mon 05 Dec 2022 01:15:51 AM GMT] _ret='0'
    [Mon 05 Dec 2022 01:15:51 AM GMT] POST
    [Mon 05 Dec 2022 01:15:51 AM GMT] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
    [Mon 05 Dec 2022 01:15:51 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Mon 05 Dec 2022 01:15:53 AM GMT] _ret='0'
    [Mon 05 Dec 2022 01:15:53 AM GMT] code='201'
    [Mon 05 Dec 2022 01:15:53 AM GMT] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/ES4MDXVREp_fXIypOrAc3Q'
    [Mon 05 Dec 2022 01:15:53 AM GMT] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/ES4MDXVREp_fXIypOrAc3Q/finalize'
    [Mon 05 Dec 2022 01:15:53 AM GMT] url='https://acme.zerossl.com/v2/DV90/authz/3TcT7Zxh6QXmqFVAWzcR9g'
    [Mon 05 Dec 2022 01:15:53 AM GMT] payload
    [Mon 05 Dec 2022 01:15:53 AM GMT] POST
    [Mon 05 Dec 2022 01:15:53 AM GMT] _post_url='https://acme.zerossl.com/v2/DV90/authz/3TcT7Zxh6QXmqFVAWzcR9g'
    [Mon 05 Dec 2022 01:15:53 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Mon 05 Dec 2022 01:15:55 AM GMT] _ret='0'
    [Mon 05 Dec 2022 01:15:55 AM GMT] code='200'
    [Mon 05 Dec 2022 01:15:55 AM GMT] url='https://acme.zerossl.com/v2/DV90/authz/V2KA0FmWXI5VXr5wzHSvDA'
    [Mon 05 Dec 2022 01:15:55 AM GMT] payload
    [Mon 05 Dec 2022 01:15:55 AM GMT] POST
    [Mon 05 Dec 2022 01:15:55 AM GMT] _post_url='https://acme.zerossl.com/v2/DV90/authz/V2KA0FmWXI5VXr5wzHSvDA'
    [Mon 05 Dec 2022 01:15:55 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Mon 05 Dec 2022 01:15:56 AM GMT] _ret='0'
    [Mon 05 Dec 2022 01:15:56 AM GMT] code='200'
    [Mon 05 Dec 2022 01:15:56 AM GMT] d='example.com'
    [Mon 05 Dec 2022 01:15:56 AM GMT] Getting webroot for domain='example.com'
    [Mon 05 Dec 2022 01:15:56 AM GMT] _w='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:56 AM GMT] _currentRoot='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:56 AM GMT] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/F0hqfLRxS8ASdEmM4jnCCA","status":"pending","token":"awoeFaY1cmw_t2X85bOiALX4rBY5nVfWO6xvoDSpTRs"'
    [Mon 05 Dec 2022 01:15:56 AM GMT] token='awoeFaY1cmw_t2X85bOiALX4rBY5nVfWO6xvoDSpTRs'
    [Mon 05 Dec 2022 01:15:56 AM GMT] uri='https://acme.zerossl.com/v2/DV90/chall/F0hqfLRxS8ASdEmM4jnCCA'
    [Mon 05 Dec 2022 01:15:56 AM GMT] keyauthorization='awoeFaY1cmw_t2X85bOiALX4rBY5nVfWO6xvoDSpTRs.UT85iea8Uxh7-bBhzN3HD1ppsI06J9X9OmY-8YQOW7I'
    [Mon 05 Dec 2022 01:15:56 AM GMT] dvlist='example.com#awoeFaY1cmw_t2X85bOiALX4rBY5nVfWO6xvoDSpTRs.UT85iea8Uxh7-bBhzN3HD1ppsI06J9X9OmY-8YQOW7I#https://acme.zerossl.com/v2/DV90/chall/F0hqfLRxS8ASdEmM4jnCCA#http-01#/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:56 AM GMT] d='www.example.com'
    [Mon 05 Dec 2022 01:15:56 AM GMT] Getting webroot for domain='www.example.com'
    [Mon 05 Dec 2022 01:15:56 AM GMT] _w='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:56 AM GMT] _currentRoot='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:56 AM GMT] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/5sGhV3I9sz1qeF3Wh7DCyg","status":"pending","token":"olw0qQClXDiPsT2f0L-ndMKU2vmU0pp_zT-Knge8hlc"'
    [Mon 05 Dec 2022 01:15:56 AM GMT] token='olw0qQClXDiPsT2f0L-ndMKU2vmU0pp_zT-Knge8hlc'
    [Mon 05 Dec 2022 01:15:56 AM GMT] uri='https://acme.zerossl.com/v2/DV90/chall/5sGhV3I9sz1qeF3Wh7DCyg'
    [Mon 05 Dec 2022 01:15:56 AM GMT] keyauthorization='olw0qQClXDiPsT2f0L-ndMKU2vmU0pp_zT-Knge8hlc.UT85iea8Uxh7-bBhzN3HD1ppsI06J9X9OmY-8YQOW7I'
    [Mon 05 Dec 2022 01:15:56 AM GMT] dvlist='www.example.com#olw0qQClXDiPsT2f0L-ndMKU2vmU0pp_zT-Knge8hlc.UT85iea8Uxh7-bBhzN3HD1ppsI06J9X9OmY-8YQOW7I#https://acme.zerossl.com/v2/DV90/chall/5sGhV3I9sz1qeF3Wh7DCyg#http-01#/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:56 AM GMT] d
    [Mon 05 Dec 2022 01:15:56 AM GMT] vlist='example.com#awoeFaY1cmw_t2X85bOiALX4rBY5nVfWO6xvoDSpTRs.UT85iea8Uxh7-bBhzN3HD1ppsI06J9X9OmY-8YQOW7I#https://acme.zerossl.com/v2/DV90/chall/F0hqfLRxS8ASdEmM4jnCCA#http-01#/var/www/example.com/html/,www.example.com#olw0qQClXDiPsT2f0L-ndMKU2vmU0pp_zT-Knge8hlc.UT85iea8Uxh7-bBhzN3HD1ppsI06J9X9OmY-8YQOW7I#https://acme.zerossl.com/v2/DV90/chall/5sGhV3I9sz1qeF3Wh7DCyg#http-01#/var/www/example.com/html/,'
    [Mon 05 Dec 2022 01:15:57 AM GMT] d='example.com'
    [Mon 05 Dec 2022 01:15:57 AM GMT] d='www.example.com'
    [Mon 05 Dec 2022 01:15:57 AM GMT] ok, let's start to verify
    [Mon 05 Dec 2022 01:15:57 AM GMT] Verifying: example.com
    [Mon 05 Dec 2022 01:15:57 AM GMT] d='example.com'
    [Mon 05 Dec 2022 01:15:57 AM GMT] keyauthorization='awoeFaY1cmw_t2X85bOiALX4rBY5nVfWO6xvoDSpTRs.UT85iea8Uxh7-bBhzN3HD1ppsI06J9X9OmY-8YQOW7I'
    [Mon 05 Dec 2022 01:15:57 AM GMT] uri='https://acme.zerossl.com/v2/DV90/chall/F0hqfLRxS8ASdEmM4jnCCA'
    [Mon 05 Dec 2022 01:15:57 AM GMT] _currentRoot='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:15:57 AM GMT] wellknown_path='/var/www/example.com/html//.well-known/acme-challenge'
    [Mon 05 Dec 2022 01:15:57 AM GMT] writing token:awoeFaY1cmw_t2X85bOiALX4rBY5nVfWO6xvoDSpTRs to /var/www/example.com/html//.well-known/acme-challenge/awoeFaY1cmw_t2X85bOiALX4rBY5nVfWO6xvoDSpTRs
    [Mon 05 Dec 2022 01:15:57 AM GMT] Changing owner/group of .well-known to www-data:www-data
    [Mon 05 Dec 2022 01:15:57 AM GMT] url='https://acme.zerossl.com/v2/DV90/chall/F0hqfLRxS8ASdEmM4jnCCA'
    [Mon 05 Dec 2022 01:15:57 AM GMT] payload='{}'
    [Mon 05 Dec 2022 01:15:57 AM GMT] POST
    [Mon 05 Dec 2022 01:15:57 AM GMT] _post_url='https://acme.zerossl.com/v2/DV90/chall/F0hqfLRxS8ASdEmM4jnCCA'
    [Mon 05 Dec 2022 01:15:57 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Mon 05 Dec 2022 01:15:58 AM GMT] _ret='0'
    [Mon 05 Dec 2022 01:15:58 AM GMT] code='200'
    [Mon 05 Dec 2022 01:15:58 AM GMT] trigger validation code: 200
    [Mon 05 Dec 2022 01:15:58 AM GMT] Processing, The CA is processing your order, please just wait. (1/30)
    [Mon 05 Dec 2022 01:15:58 AM GMT] sleep 2 secs to verify again
    [Mon 05 Dec 2022 12:05:06 AM GMT] Processing, The CA is processing your order, please just wait. (29/30)
    [Mon 05 Dec 2022 12:05:14 AM GMT] example.com:Timeout
    [Mon 05 Dec 2022 12:05:14 AM GMT] Please add '--debug' or '--log' to check more details.
    [Mon 05 Dec 2022 12:05:14 AM GMT] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    

    Port 80 is open:

    [email protected]:~/.acme.sh/example.com# netstat -tulpn | grep LISTEN | grep :80
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      12563/nginx: master
    tcp6       0      0 :::80                   :::*                    LISTEN      12563/nginx: master
    
    [email protected]:~/.acme.sh/example.com# ss -tulpn | grep LISTEN | grep :80
    tcp   LISTEN 0      511                           0.0.0.0:80        0.0.0.0:*    users:(("nginx",pid=12586,fd=6),("nginx",pid=12585,fd=6),("nginx",pid=12563,fd=6))
    tcp   LISTEN 0      511                              [::]:80           [::]:*    users:(("nginx",pid=12586,fd=7),("nginx",pid=12585,fd=7),("nginx",pid=12563,fd=7))
    

    The issue: The process never ended up with success. I never got .cer file.

    The log file

    [Mon 05 Dec 2022 01:46:19 AM GMT] Running cmd: issue
    [Mon 05 Dec 2022 01:46:19 AM GMT] _main_domain='example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] _alt_domains='www.example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] Using config home:/root/.acme.sh
    [Mon 05 Dec 2022 01:46:19 AM GMT] default_acme_server
    [Mon 05 Dec 2022 01:46:19 AM GMT] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
    [Mon 05 Dec 2022 01:46:19 AM GMT] DOMAIN_PATH='/root/.acme.sh/example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] Le_NextRenewTime
    [Mon 05 Dec 2022 01:46:19 AM GMT] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
    [Mon 05 Dec 2022 01:46:19 AM GMT] _init api for server: https://acme.zerossl.com/v2/DV90
    [Mon 05 Dec 2022 01:46:19 AM GMT] GET
    [Mon 05 Dec 2022 01:46:19 AM GMT] url='https://acme.zerossl.com/v2/DV90'
    [Mon 05 Dec 2022 01:46:19 AM GMT] timeout=
    [Mon 05 Dec 2022 01:46:19 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Mon 05 Dec 2022 01:46:19 AM GMT] ret='0'
    [Mon 05 Dec 2022 01:46:19 AM GMT] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
    [Mon 05 Dec 2022 01:46:19 AM GMT] ACME_NEW_AUTHZ
    [Mon 05 Dec 2022 01:46:19 AM GMT] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
    [Mon 05 Dec 2022 01:46:19 AM GMT] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
    [Mon 05 Dec 2022 01:46:19 AM GMT] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
    [Mon 05 Dec 2022 01:46:19 AM GMT] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20221001_Certificate_Subscriber_Agreement_v_2_5_click.pdf'
    [Mon 05 Dec 2022 01:46:19 AM GMT] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
    [Mon 05 Dec 2022 01:46:19 AM GMT] Using CA: https://acme.zerossl.com/v2/DV90
    [Mon 05 Dec 2022 01:46:19 AM GMT] _on_before_issue
    [Mon 05 Dec 2022 01:46:19 AM GMT] _chk_main_domain='example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] _chk_alt_domains='www.example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] Le_LocalAddress
    [Mon 05 Dec 2022 01:46:19 AM GMT] d='example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] Check for domain='example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] _currentRoot='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:46:19 AM GMT] d='www.example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] Check for domain='www.example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] d='www.example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] Check for domain='www.example.com'
    [Mon 05 Dec 2022 01:46:19 AM GMT] _currentRoot='/var/www/example.com/html/'
    [Mon 05 Dec 2022 01:46:19 AM GMT] d
    [Mon 05 Dec 2022 01:46:19 AM GMT] _saved_account_key_hash is not changed, skip register account.
    [Mon 05 Dec 2022 01:46:19 AM GMT] Read key length:4096
    [Mon 05 Dec 2022 01:46:19 AM GMT] _createcsr
    [Mon 05 Dec 2022 01:46:20 AM GMT] Multi domain='DNS:example.com,DNS:www.example.com'
    [Mon 05 Dec 2022 01:46:20 AM GMT] Getting domain auth token for each domain
    [Mon 05 Dec 2022 01:46:20 AM GMT] d='www.example.com'
    [Mon 05 Dec 2022 01:46:20 AM GMT] d
    [Mon 05 Dec 2022 01:46:20 AM GMT] url='https://acme.zerossl.com/v2/DV90/newOrder'
    [Mon 05 Dec 2022 01:46:20 AM GMT] payload='{"identifiers": [{"type":"dns","value":"example.com"},{"type":"dns","value":"www.example.com"}]}'
    [Mon 05 Dec 2022 01:46:20 AM GMT] RSA key
    [Mon 05 Dec 2022 01:46:20 AM GMT] HEAD
    [Mon 05 Dec 2022 01:46:20 AM GMT] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
    [Mon 05 Dec 2022 01:46:20 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
    [Mon 05 Dec 2022 01:53:13 AM GMT] Running cmd: upgrade
    [Mon 05 Dec 2022 01:53:13 AM GMT] Using config home:/root/.acme.sh
    [Mon 05 Dec 2022 01:53:13 AM GMT] default_acme_server
    [Mon 05 Dec 2022 01:53:13 AM GMT] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
    [Mon 05 Dec 2022 01:53:13 AM GMT] GET
    [Mon 05 Dec 2022 01:53:13 AM GMT] url='https://api.github.com/repos/acmesh-official/acme.sh/git/refs/heads/master'
    [Mon 05 Dec 2022 01:53:13 AM GMT] timeout=
    [Mon 05 Dec 2022 01:53:13 AM GMT] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Mon 05 Dec 2022 01:53:13 AM GMT] ret='0'
    [Mon 05 Dec 2022 01:53:13 AM GMT] Already uptodate!
    [Mon 05 Dec 2022 01:53:13 AM GMT] Upgrade success!
    
    

    As you see above, acme.sh --upgrade already updated.

    opened by jessicana 1
  • Add Support for Keyhelp DNS Api

    Add Support for Keyhelp DNS Api

    Hello, I was working on getting acme.sh working with keyhelps dns api. I had it working for sometime already with jq for the json handling. Now I have it working with basic tools like grep, sed, tr and so on and would like to share it.

    Should I just make a PR?

    Reference for the API: https://app.swaggerhub.com/apis-docs/keyhelp/api/2.4

    opened by benklett 1
  • wget read timeout 3 is too low

    wget read timeout 3 is too low

    We have experienced random issues with both LE and ZeroSSL causing weird _wget_out commnad not found -error.

    The real reason seems to be too low --read-timeout value for wget HEAD request (when getting nonce)

      _WGET="$_WGET --read-timeout=3.0  --tries=2  "
    

    I changed 3.0 to 10.0 and problem disappeared.

    I suggest making this configurable via env variable or at least raising it.

    opened by dlt- 1
Releases(v3.0.5)
Premier ACME client library for Go

acmez - ACME client library for Go ACMEz ("ack-measy" or "acme-zee", whichever you prefer) is a fully-compliant RFC 8555 (ACME) implementation in pure

Matt Holt 182 Nov 26, 2022
CoAP Client/Server implementing RFC 7252 for the Go Language

Canopus Canopus is a client/server implementation of the Constrained Application Protocol (CoAP) Updates 25.11.2016 I've added basic dTLS Support base

Zubair Hamed 150 Nov 18, 2022
gproxy is a tiny service/library for creating lets-encrypt/acme secured gRPC and http reverse proxies

gproxy is a reverse proxy service AND library for creating flexible, expression-based, lets-encrypt/acme secured gRPC/http reverse proxies GProxy as a

null 16 Sep 11, 2022
null 11 Jun 23, 2022
wire protocol for multiplexing connections or streams into a single connection, based on a subset of the SSH Connection Protocol

qmux qmux is a wire protocol for multiplexing connections or streams into a single connection. It is based on the SSH Connection Protocol, which is th

Jeff Lindsay 202 Nov 30, 2022
A simple tool to convert socket5 proxy protocol to http proxy protocol

Socket5 to HTTP 这是一个超简单的 Socket5 代理转换成 HTTP 代理的小工具。 如何安装? Golang 用户 # Required Go 1.17+ go install github.com/mritd/[email protected] Docker 用户 docker pull m

mritd 7 Sep 7, 2022
Proxy Unix applications in the terminal

cliProxy Description This wrapper binary uses pseudo-terminals on Mac and Linux to imitate TTY sessions for the hard coded binary specified by the var

Dwight Hohnstein 109 Nov 9, 2022
Support for Unix domain sockets in Go HTTP clients

unixtransport This package adds support for Unix domain sockets in Go HTTP clients. t := &http.Transport{...} unixtransport.Register(t) client := &h

Peter Bourgon 62 Nov 20, 2022
Fetches one or more DNS zones via AXFR and dumps in Unix hosts format for local use

axfr2hosts About axfr2hosts is a tool meant to do a DNS zone transfer in a form of AXFR transaction of one or more zones towards a single DNS server a

Dinko Korunic 8 Aug 9, 2022
Simple forwarding a unix domain socket to a local port.

WaziApp Proxy WaziApp proxy is a simple http proxy that is intended to listen on the WaziApp unix socket /var/lib/waziapp/proxy.sock and forwards to a

Waziup 0 Nov 18, 2021
A simple cli tool to convert unix timestamps or human readable dates.

now A simple cli tool to convert unix timestamps or human readable dates. Install go install github.com/gloomyzerg/now Usage now #output now unix time

Kwazii 0 Nov 23, 2021
Simple Relay between a Unix socket and a TCP socket, and vice versa.

Simple TCP <-> Unix Relay simpletcpunixrelay is a program which exposes a TCP endpoint as a Unix socket and vice versa. Usecase Let's say you are runn

Antoine Catton 1 Nov 23, 2022
Event driven modular status-bar for dwm; written in Go & uses Unix sockets for signaling.

dwmstat A simple event-driven modular status-bar for dwm. It is written in Go & uses Unix sockets for signaling. The status bar is conceptualized as a

Navaz Alani 1 Dec 25, 2021
Golang unix-socket wrapper

Sockunx Golang unix-socket wrapper Server Running server server, e := sockunx.NewServer("/path/to/your/socks.sock", 512) if e != nil { log.Fatal(e

Surya Dewangga 0 Jan 17, 2022
A reverse proxy implementing IRC-over-WebSockets

webircproxy webircproxy is a reverse proxy that accepts IRCv3-over-WebSocket connections, then forwards them to a conventional ircd that speaks the no

Ergo.Chat 3 Dec 22, 2021
Implementing SPEEDEX price computation engine in Golang as a standalone binary that exchanges can call

speedex-standalone Implementing SPEEDEX price computation engine in Golang as a standalone binary that exchanges can call. Notes from Geoff About Tato

Samuel Wong 1 Dec 1, 2021
Anaximander is an ISP probing tool implementing several reduction techniques to cut down the number of probes launched in order to map an Autonomous System

Anaximander is an ISP probing tool implementing several reduction techniques to cut down the number of probes launched in order to map an Autonomous System, while still keeping high discovery levels.

null 2 Jun 21, 2022
Pure-Go HBase client

Golang HBase client This is a pure Go client for HBase. Current status: beta. Supported Versions HBase >= 1.0 Installation go get github.com/tsuna/goh

Benoit Sigoure 659 Nov 18, 2022