A pure Unix shell script implementing ACME client protocol

Related tags

Network shell bash letsencrypt acme-client acme posix certbot acme-protocol posix-sh ash zerossl buypass
Overview

An ACME Shell script: acme.sh

LetsEncrypt Shellcheck PebbleStrict DockerHub

Join the chat at https://gitter.im/acme-sh/Lobby Docker stars Docker pulls

  • An ACME protocol client written purely in Shell (Unix shell) language.
  • Full ACME protocol implementation.
  • Support ACME v1 and ACME v2
  • Support ACME v2 wildcard certs
  • Simple, powerful and very easy to use. You only need 3 minutes to learn it.
  • Bash, dash and sh compatible.
  • Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
  • Just one script to issue, renew and install your certificates automatically.
  • DOES NOT require root/sudoer access.
  • Docker friendly
  • IPv6 support
  • Cron job notifications for renewal or error etc.

It's probably the easiest & smartest shell script to automatically issue & renew the free certificates from Let's Encrypt.

Wiki: https://github.com/acmesh-official/acme.sh/wiki

For Docker Fans: acme.sh 💕 Docker

Twitter: @neilpangxa

中文说明

Who:

Tested OS

NO Status Platform
1 MacOS Mac OSX
2 Windows Windows (cygwin with curl, openssl and crontab included)
3 FreeBSD FreeBSD
4 Solaris Solaris
5 Ubuntu Ubuntu
6 pfsense
7 OpenBSD
8 Debian
9 CentOS
10 openSUSE
11 Alpine Linux (with curl)
12 Archlinux
13 fedora
14 Kali Linux
15 Oracle Linux
16 Proxmox: See Proxmox VE Wiki. Version 4.x, 5.0, 5.1, version 5.2 and up
17 ----- Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
18 Mageia
19 ----- OpenWRT: Tested and working. See wiki page
20 Gentoo Linux
21 ClearLinux

For all build statuses, check our weekly build project:

https://github.com/acmesh-official/acmetest

Supported CA

Supported modes

1. How to install

1. Install online

Check this project: https://github.com/acmesh-official/get.acme.sh

curl https://get.acme.sh | sh -s [email protected]

Or:

wget -O -  https://get.acme.sh | sh -s [email protected]

2. Or, Install from git

Clone this project and launch installation:

git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m [email protected]

You don't have to be root then, although it is recommended.

Advanced Installation: https://github.com/acmesh-official/acme.sh/wiki/How-to-install

The installer will perform 3 actions:

  1. Create and copy acme.sh to your home dir ($HOME): ~/.acme.sh/. All certs will be placed in this folder too.
  2. Create alias for: acme.sh=~/.acme.sh/acme.sh.
  3. Create daily cron job to check and renew the certs if needed.

Cron entry example:

0 0 * * * "/home/user/.acme.sh"/acme.sh --cron --home "/home/user/.acme.sh" > /dev/null

After the installation, you must close the current terminal and reopen it to make the alias take effect.

Ok, you are ready to issue certs now.

Show help message:

root@v1:~# acme.sh -h

2. Just issue a cert

Example 1: Single domain.

acme.sh --issue -d example.com -w /home/wwwroot/example.com

or:

acme.sh --issue -d example.com -w /home/username/public_html

or:

acme.sh --issue -d example.com -w /var/www/html

Example 2: Multiple domains in the same cert.

acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com

The parameter /home/wwwroot/example.com or /home/username/public_html or /var/www/html is the web root folder where you host your website files. You MUST have write access to this folder.

Second argument "example.com" is the main domain you want to issue the cert for. You must have at least one domain there.

You must point and bind all the domains to the same webroot dir: /home/wwwroot/example.com.

The certs will be placed in ~/.acme.sh/example.com/

The certs will be renewed automatically every 60 days.

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

3. Install the cert to Apache/Nginx etc.

After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers. You MUST use this command to copy the certs to the target files, DO NOT use the certs files in ~/.acme.sh/ folder, they are for internal use only, the folder structure may change in the future.

Apache example:

acme.sh --install-cert -d example.com \
--cert-file      /path/to/certfile/in/apache/cert.pem  \
--key-file       /path/to/keyfile/in/apache/key.pem  \
--fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \
--reloadcmd     "service apache2 force-reload"

Nginx example:

acme.sh --install-cert -d example.com \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"

Only the domain is required, all the other parameters are optional.

The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission.

Install/copy the cert/key to the production Apache or Nginx path.

The cert will be renewed every 60 days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: service apache2 force-reload or service nginx force-reload.

Please take care: The reloadcmd is very important. The cert can be automatically renewed, but, without a correct 'reloadcmd' the cert may not be flushed to your server(like nginx or apache), then your website will not be able to show renewed cert in 60 days.

4. Use Standalone server to issue cert

(requires you to be root/sudoer or have permission to listen on port 80 (TCP))

Port 80 (TCP) MUST be free to listen on, otherwise you will be prompted to free it and try again.

acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

5. Use Standalone ssl server to issue cert

(requires you to be root/sudoer or have permission to listen on port 443 (TCP))

Port 443 (TCP) MUST be free to listen on, otherwise you will be prompted to free it and try again.

acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

6. Use Apache mode

(requires you to be root/sudoer, since it is required to interact with Apache server)

If you are running a web server, it is recommended to use the Webroot mode.

Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder.

Just set string "apache" as the second argument and it will force use of apache plugin automatically.

acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com

This apache mode is only to issue the cert, it will not change your apache config files. You will need to configure your website config files to use the cert by yourself. We don't want to mess with your apache server, don't worry.

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

7. Use Nginx mode

(requires you to be root/sudoer, since it is required to interact with Nginx server)

If you are running a web server, it is recommended to use the Webroot mode.

Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder.

Just set string "nginx" as the second argument.

It will configure nginx server automatically to verify the domain and then restore the nginx config to the original version.

So, the config is not changed.

acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com

This nginx mode is only to issue the cert, it will not change your nginx config files. You will need to configure your website config files to use the cert by yourself. We don't want to mess with your nginx server, don't worry.

More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert

8. Automatic DNS API integration

If your DNS provider supports API access, we can use that API to automatically issue the certs.

You don't have to do anything manually!

Currently acme.sh supports most of the dns providers:

https://github.com/acmesh-official/acme.sh/wiki/dnsapi

9. Use DNS manual mode:

See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode first.

If your dns provider doesn't support any api access, you can add the txt record by hand.

acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com

You should get an output like below:

Add the following txt record:
Domain:_acme-challenge.example.com
Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c

Add the following txt record:
Domain:_acme-challenge.www.example.com
Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Please add those txt records to the domains. Waiting for the dns to take effect.

Then just rerun with renew argument:

acme.sh --renew -d example.com

Ok, it's done.

Take care, this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert.

Please use dns api mode instead.

10. Issue ECC certificates

Let's Encrypt can now issue ECDSA certificates.

And we support them too!

Just set the keylength parameter with a prefix ec-.

For example:

Single domain ECC certificate

acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256

SAN multi domain ECC certificate

acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256

Please look at the keylength parameter above.

Valid values are:

  1. ec-256 (prime256v1, "ECDSA P-256")
  2. ec-384 (secp384r1, "ECDSA P-384")
  3. ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)

11. Issue Wildcard certificates

It's simple, just give a wildcard domain as the -d parameter.

acme.sh  --issue -d example.com  -d '*.example.com'  --dns dns_cf

12. How to renew the certs

No, you don't need to renew the certs manually. All the certs will be renewed automatically every 60 days.

However, you can also force to renew a cert:

acme.sh --renew -d example.com --force

or, for ECC cert:

acme.sh --renew -d example.com --force --ecc

13. How to stop cert renewal

To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:

acme.sh --remove -d example.com [--ecc]

The cert/key file is not removed from the disk.

You can remove the respective directory (e.g. ~/.acme.sh/example.com) by yourself.

14. How to upgrade acme.sh

acme.sh is in constant development, so it's strongly recommended to use the latest code.

You can update acme.sh to the latest code:

acme.sh --upgrade

You can also enable auto upgrade:

acme.sh --upgrade --auto-upgrade

Then acme.sh will be kept up to date automatically.

Disable auto upgrade:

acme.sh --upgrade --auto-upgrade 0

15. Issue a cert from an existing CSR

https://github.com/acmesh-official/acme.sh/wiki/Issue-a-cert-from-existing-CSR

16. Send notifications in cronjob

https://github.com/acmesh-official/acme.sh/wiki/notify

17. Under the Hood

Speak ACME language using shell, directly to "Let's Encrypt".

TODO:

18. Acknowledgments

  1. Acme-tiny: https://github.com/diafygi/acme-tiny
  2. ACME protocol: https://github.com/ietf-wg-acme/acme

Contributors

Code Contributors

This project exists thanks to all the people who contribute. [Contribute].

Financial Contributors

Become a financial contributor and help us sustain our community. [Contribute]

Individuals

Organizations

Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]

19. License & Others

License is GPLv3

Please Star and Fork me.

Issues and pull requests are welcome.

20. Donate

Your donation makes acme.sh better:

  1. PayPal/Alipay(支付宝)/Wechat(微信): https://donate.acme.sh/

Donate List

Comments
  • ec-256 issue

    ec-256 issue 

    # acme.sh --issue -d nas.fernandomiguel.net  --dns dns_cf  --dnssleep 10 --certpath /usr/syno/etc/certificate/system/default/cert.pem --keypath /usr/syno/etc/certificate/system/default/privkey.pem --fullchainpath /usr/syno/etc/certificate/system/default/fullchain.pem  -k ec-256 --debug 2
[Fri Nov  4 11:01:03 GMT 2016] Lets find script dir.
[Fri Nov  4 11:01:03 GMT 2016] _SCRIPT_='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov  4 11:01:03 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov  4 11:01:03 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
/volume1/@appstore/.acme.sh/acme.sh: line 1225: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov  4 11:01:03 GMT 2016] 
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
/volume1/@appstore/.acme.sh/acme.sh: line 1225: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov  4 11:01:03 GMT 2016] 
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri Nov  4 11:01:03 GMT 2016] Using api: 
[Fri Nov  4 11:01:03 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas.fernandomiguel.net_ecc'
[Fri Nov  4 11:01:03 GMT 2016] 1:Le_Domain='nas.fernandomiguel.net'
[Fri Nov  4 11:01:03 GMT 2016] 2:Le_Alt='no'
[Fri Nov  4 11:01:03 GMT 2016] 3:Le_Webroot='dns_cf'
[Fri Nov  4 11:01:03 GMT 2016] 4:Le_PreHook=''
[Fri Nov  4 11:01:03 GMT 2016] 5:Le_PostHook=''
[Fri Nov  4 11:01:03 GMT 2016] 6:Le_RenewHook=''
[Fri Nov  4 11:01:03 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Fri Nov  4 11:01:03 GMT 2016] Using sed  -i
[Fri Nov  4 11:01:04 GMT 2016] 7:Le_API='https://acme-v01.api.letsencrypt.org'
[Fri Nov  4 11:01:04 GMT 2016] _on_before_issue
[Fri Nov  4 11:01:04 GMT 2016] 'dns_cf' does not contain 'no'
[Fri Nov  4 11:01:04 GMT 2016] Le_LocalAddress
[Fri Nov  4 11:01:04 GMT 2016] Check for domain='nas.fernandomiguel.net'
[Fri Nov  4 11:01:04 GMT 2016] _currentRoot='dns_cf'
[Fri Nov  4 11:01:04 GMT 2016] 'dns_cf' does not contain 'apache'
[Fri Nov  4 11:01:04 GMT 2016] config file is empty, can not read CA_KEY_HASH
[Fri Nov  4 11:01:04 GMT 2016] _saved_account_key_hash
[Fri Nov  4 11:01:04 GMT 2016] EC key
[Fri Nov  4 11:01:06 GMT 2016] AGREEMENT
[Fri Nov  4 11:01:06 GMT 2016] Registering account
[Fri Nov  4 11:01:06 GMT 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Fri Nov  4 11:01:06 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: XXXX"], "agreement": ""}'
[Fri Nov  4 11:01:06 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Fri Nov  4 11:01:06 GMT 2016] Get nonce.
[Fri Nov  4 11:01:06 GMT 2016] GET
[Fri Nov  4 11:01:06 GMT 2016] url='https://acme-v01.api.letsencrypt.org/directory'
[Fri Nov  4 11:01:06 GMT 2016] timeout
[Fri Nov  4 11:01:06 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header  --trace-ascii /tmp/tmp.XXX '
[Fri Nov  4 11:01:06 GMT 2016] ret='0'
[Fri Nov  4 11:01:07 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 280
Boulder-Request-Id: XXX
Replay-Nonce: XXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 11:01:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 11:01:06 GMT
Connection: keep-alive
'
[Fri Nov  4 11:01:07 GMT 2016] _CACHED_NONCE='XXX'
[Fri Nov  4 11:01:07 GMT 2016] nonce='XXX'
Error Signing Data
13172:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
Error: offset too large
printf: usage: printf [-v var] format [arguments]
[Fri Nov  4 11:01:07 GMT 2016] POST
[Fri Nov  4 11:01:07 GMT 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Fri Nov  4 11:01:07 GMT 2016] body='{"header": {"alg": "ES256", "jwk": {"crv": "", "kty": "EC", "x": "0XXX", "y": "SBIUEfbgqVAOQ3e1aNoFOLE1do9fiTjgj7WivSy0_x8"}}, "protected": "eyXXXX", "payload": "eyJXXX", "signature": ""}'
[Fri Nov  4 11:01:07 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header  --trace-ascii /tmp/tmp.XXX '
[Fri Nov  4 11:01:07 GMT 2016] _ret='0'
[Fri Nov  4 11:01:07 GMT 2016] original='{
  "type": "urn:acme:error:malformed",
  "detail": "Parse error reading JWS",
  "status": 400
}'
[Fri Nov  4 11:01:07 GMT 2016] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 96
Boulder-Request-Id: XXX
Replay-Nonce: XXX
Expires: Fri, 04 Nov 2016 11:01:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 11:01:07 GMT
Connection: close
'
[Fri Nov  4 11:01:07 GMT 2016] response='{"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
[Fri Nov  4 11:01:07 GMT 2016] code='400'
[Fri Nov  4 11:01:07 GMT 2016] Register account Error: {"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
[Fri Nov  4 11:01:07 GMT 2016] _on_issue_err
[Fri Nov  4 11:01:07 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Fri Nov  4 11:01:07 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
    opened by FernandoMiguel 62
  • issuing a cert without parent level domain fails

    issuing a cert without parent level domain fails

    If there is an A record test.example.com, but no record example.com the following fails with a CAA SERVFAIL error acme.sh --standalone --staging --issue -d test.example.com -w /home/wwwroot/test.example.com

    If example.com is created with an independent A record, the above works. Perhaps acme.sh is incorrectly assuming test.example.com belongs to a cert for example.com?

    The following has no issues with a similar setup: https://github.com/kvaps/docker-letsencrypt-webroot

    opened by mikkelfj 49
  • Error, can not get domain token

    Error, can not get domain token

    latest attempt on 2.2.5 gives me following error

    acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2

[Mon May 30 18:51:44 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Mon May 30 18:51:44 UTC 2016] Le_NextRenewTime
[Mon May 30 18:51:44 UTC 2016] OK
[Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
[Mon May 30 18:51:44 UTC 2016] OK
[Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
[Mon May 30 18:51:44 UTC 2016] OK
[Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
[Mon May 30 18:51:44 UTC 2016] OK
[Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
[Mon May 30 18:51:44 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
[Mon May 30 18:51:44 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
[Mon May 30 18:51:44 UTC 2016] RSA key
[Mon May 30 18:51:44 UTC 2016] pub_exp='010001'
[Mon May 30 18:51:44 UTC 2016] let exists=0
[Mon May 30 18:51:44 UTC 2016] uselet='1'
[Mon May 30 18:51:44 UTC 2016] _URGLY_PRINTF
[Mon May 30 18:51:44 UTC 2016] e='AQAB'
[Mon May 30 18:51:44 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Mon May 30 18:51:44 UTC 2016] let exists=0
[Mon May 30 18:51:44 UTC 2016] uselet='1'
[Mon May 30 18:51:44 UTC 2016] _URGLY_PRINTF
[Mon May 30 18:51:47 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Mon May 30 18:51:47 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Mon May 30 18:51:47 UTC 2016] Skip register account key
[Mon May 30 18:51:47 UTC 2016] Creating csr
[Mon May 30 18:51:47 UTC 2016] Single domain='acme.domain.com'
[Mon May 30 18:51:47 UTC 2016] Verify each domain
[Mon May 30 18:51:47 UTC 2016] Getting webroot for domain='acme.domain.com'
[Mon May 30 18:51:47 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
[Mon May 30 18:51:47 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Mon May 30 18:51:47 UTC 2016] Getting token for domain='acme.domain.com'
[Mon May 30 18:51:47 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Mon May 30 18:51:47 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
[Mon May 30 18:51:47 UTC 2016] RSA key
[Mon May 30 18:51:47 UTC 2016] pub_exp='010001'
[Mon May 30 18:51:47 UTC 2016] let exists=0
[Mon May 30 18:51:47 UTC 2016] uselet='1'
[Mon May 30 18:51:47 UTC 2016] _URGLY_PRINTF
[Mon May 30 18:51:47 UTC 2016] e='AQAB'
[Mon May 30 18:51:47 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Mon May 30 18:51:47 UTC 2016] let exists=0
[Mon May 30 18:51:47 UTC 2016] uselet='1'
[Mon May 30 18:51:47 UTC 2016] _URGLY_PRINTF
[Mon May 30 18:51:49 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Mon May 30 18:51:49 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Mon May 30 18:51:50 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
[Mon May 30 18:51:50 UTC 2016] GET
[Mon May 30 18:51:50 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Mon May 30 18:51:50 UTC 2016] curl exists=0
[Mon May 30 18:51:53 UTC 2016] nonce
[Mon May 30 18:51:53 UTC 2016] protected='{"nonce": "", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Mon May 30 18:51:53 UTC 2016] protected64='eyJub25jZSI6ICIiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJuX0c3alBvdXM3SjFUTFdGcWlra3pjUURLMlJ5VDBUcUJBX0EwOUxFRzV0SVV1Q2JWRkNKTGNCNWgxSFR1WTZncGttbHRTdWF2VS1HRS13TVNNQ1p0aERQT3Ffbm1SbXZSbVB1RktZRmNLS2xXV3VPNmFQZ05sS0J3a2tYVXYtd3JFTG1xU20xeVRBRHppbVF5R2Zxb2FiMGRzZF9DUHZ6c3dNaTZXQW5EYVd1bWdweml3a3NvZGJOYkx2d3g0NnZqZE5WcGV4eV9hdVJFQUV2NnVpaHRCRlhKNHdBcllRVy1LVlFrLU44SDZ2Z3MxVUFLallhR1ItSHZaV1lNM1JRa1MzM1FXU3gyZ21GSFY2eGFaUFZhdEM2MHIwblBQcWpZak1uRnRGM2NQOUNrekpRazJKMURpUlJqb0JuNnluaEJhY3owMllVdHdsYk1Zcm1mOUVUVlEifX0'
[Mon May 30 18:51:53 UTC 2016] sig='hyYMIC9TQ9nqCXEUNpa2ZVaaGDnX8v42ldjvsSTsGtamLOCOgndgolIDe2gMMT2mJg1jgnRqGU3ao2hOWv_zpI19-ZUEuGpi7fwfyO0tDqtP1lu4MKMl72sPOZ9UgLpIWCgaExrjYgHZ7KECsmlelR3UrWvSqOE7MXjtG78159vZnOqFl8MV8-kXrnqPuHwoOjSaqLCCCZPsBhftVdl9XAlF5KKROh2hgUewh6MAK6Z-FSaEJqVNnA_dHZK5fHNBhQqkhLUAv3jOGpcjRJjZX4_Kkp4i4f6UQ_Ll6f89ilfOqWxme36M9wM2j7LIFpcfgzjTF8GQjdgTLUI82KgAMA'
[Mon May 30 18:51:53 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICIiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJuX0c3alBvdXM3SjFUTFdGcWlra3pjUURLMlJ5VDBUcUJBX0EwOUxFRzV0SVV1Q2JWRkNKTGNCNWgxSFR1WTZncGttbHRTdWF2VS1HRS13TVNNQ1p0aERQT3Ffbm1SbXZSbVB1RktZRmNLS2xXV3VPNmFQZ05sS0J3a2tYVXYtd3JFTG1xU20xeVRBRHppbVF5R2Zxb2FiMGRzZF9DUHZ6c3dNaTZXQW5EYVd1bWdweml3a3NvZGJOYkx2d3g0NnZqZE5WcGV4eV9hdVJFQUV2NnVpaHRCRlhKNHdBcllRVy1LVlFrLU44SDZ2Z3MxVUFLallhR1ItSHZaV1lNM1JRa1MzM1FXU3gyZ21GSFY2eGFaUFZhdEM2MHIwblBQcWpZak1uRnRGM2NQOUNrekpRazJKMURpUlJqb0JuNnluaEJhY3owMllVdHdsYk1Zcm1mOUVUVlEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ", "signature": "hyYMIC9TQ9nqCXEUNpa2ZVaaGDnX8v42ldjvsSTsGtamLOCOgndgolIDe2gMMT2mJg1jgnRqGU3ao2hOWv_zpI19-ZUEuGpi7fwfyO0tDqtP1lu4MKMl72sPOZ9UgLpIWCgaExrjYgHZ7KECsmlelR3UrWvSqOE7MXjtG78159vZnOqFl8MV8-kXrnqPuHwoOjSaqLCCCZPsBhftVdl9XAlF5KKROh2hgUewh6MAK6Z-FSaEJqVNnA_dHZK5fHNBhQqkhLUAv3jOGpcjRJjZX4_Kkp4i4f6UQ_Ll6f89ilfOqWxme36M9wM2j7LIFpcfgzjTF8GQjdgTLUI82KgAMA"}'
[Mon May 30 18:51:53 UTC 2016] POST
[Mon May 30 18:51:53 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Mon May 30 18:51:53 UTC 2016] curl exists=0
[Mon May 30 18:51:56 UTC 2016] original
[Mon May 30 18:51:56 UTC 2016] responseHeaders
[Mon May 30 18:51:56 UTC 2016] response
[Mon May 30 18:51:56 UTC 2016] code
[Mon May 30 18:51:56 UTC 2016] entry
[Mon May 30 18:51:56 UTC 2016] Error, can not get domain token acme.domain.com
[Mon May 30 18:51:56 UTC 2016] pid
    opened by centminmod 41
  • Support for AWS Route 53?

    Support for AWS Route 53?

    I wanted to check to see what your thoughts are in regards to the dnsapi plugins. I wrote a AWS Route 53 API plugin but it uses the python awscli tool and jq to parse JSON and I wasn't sure if you had strict requirements for using only bash or if 3rd party libraries could be a requirement. This probably needs some additional error checking but it's worked decently for me so far: https://gist.github.com/mbentley/d5da0bf962f050dd07ec

    opened by mbentley 39
  • FYI, pfsense doesn't work

    FYI, pfsense doesn't work 

    [2.2.6-RELEASE][[email protected]]/root/le: bash ./le.sh issue /root/certs/ example.com o.example,e.example.com,s.example.com,j.example.com
Use default length 2048
Generating RSA private key, 2048 bit long modulus
................................+++
....+++
e is 65537 (0x10001)
Use default length 2048
Generating RSA private key, 2048 bit long modulus
.............................................+++
.........................................................................................+++
e is 65537 (0x10001)
Multi domain=DNS:o.example.com,DNS:e.example.com,DNS:s.example.com,DNS:j.example.com
error on line -1 of /dev/fd/63
675592508:error:02001002:system library:fopen:No such file or directory:/usr/pfSensesrc/src.RELENG_2_2/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:169:fopen('/dev/fd/63','rb')
675592508:error:2006D080:BIO routines:BIO_new_file:no such file:/usr/pfSensesrc/src.RELENG_2_2/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:172:
675592508:error:0E078072:configuration file routines:DEF_LOAD:no such file:/usr/pfSensesrc/src.RELENG_2_2/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:197:
Create CSR error.
    opened by mrPsycho 39
  • Unable to add TXT record to IDN domain on reg.ru

    Unable to add TXT record to IDN domain on reg.ru

    reg.ru service list unixcode domains not in IDN format.

    [Wed May 4 02:39:40 PM +06 2022] Found domain api file: /opt/acme.sh/dnsapi/dns_regru.sh [Wed May 4 02:39:40 PM +06 2022] Adding txt value: noS-_iHLO_Dpcwk-fDnJJFa0VijUCJHixjux3NYGKdA for domain: _acme-challenge.сайт.рф [Wed May 4 02:39:41 PM +06 2022] First detect the root zone [Wed May 4 02:39:41 PM +06 2022] service/get_list [Wed May 4 02:39:41 PM +06 2022] data='username=user&password=password&output_format=xml&servtype=domain' [Wed May 4 02:39:41 PM +06 2022] POST [Wed May 4 02:39:41 PM +06 2022] _post_url='https://api.reg.ru/api/regru2/service/get_list' [Wed May 4 02:39:41 PM +06 2022] _CURL='curl --silent --dump-header /opt/acme.sh/http.header -L -g ' [Wed May 4 02:39:41 PM +06 2022] _ret='0' [Wed May 4 02:39:41 PM +06 2022] response='<opt charset="utf-8" result="success"> <answer> <services creation_date="2009-07-03" dname="site.ru" expiration_date="2022-07-03" service_id="426667" servtype="domain" state="A" subtype="" uplink_service_id="0" /> <services creation_date="2018-06-29" dname="сайт.рф" expiration_date="2022-06-29" service_id="37861501" servtype="domain" state="A" subtype="" uplink_service_id="0" /> </answer> <messagestore language="ru"> <_messages></_messages> </messagestore> </opt>' [Wed May 4 02:39:41 PM +06 2022] invalid domain [Wed May 4 02:39:41 PM +06 2022] Error add txt for domain:_acme-challenge.сайт.рф

    so I add fix for this error.

    opened by Spider84 35
  • nginx 模式查找server_name问题

    nginx 模式查找server_name问题

    现在的nginx模式是beta模式,而且在我的机器上找不到已经存在的servername, 所以我想问这个查找模式是不是只在nginx.conf中查找servername,我的配置文件在/etc/nginx/sites-available目录下,是不是这个原因找不到。如果不是这个原因,我一会贴上调试输出。

    opened by ColinZeb 35
  • Verify error:Invalid response from [domain]

    Verify error:Invalid response from [domain]

    Hi Neil,

    Something seems to have changed since the last time I renewed certs. This time around I'm getting an error.

    I run this command:

    acme.sh --renew -d domain.tld -d www.domain.tld --force

    But then it errors after the "Standalone mode server" line:

    ...
[Tue May 30 18:17:17 UTC 2017] The new-authz request is ok.
[Tue May 30 18:17:17 UTC 2017] Verifying:domain.tld
[Tue May 30 18:17:17 UTC 2017] Standalone mode server
[Tue May 30 18:17:22 UTC 2017] domain.tld:Verify error:Invalid response from http://domain.tld/.well-known/acme-challenge/qEp9FiogrSkAOM3TYzfhDDKo1J_6abK8FQ5qbtaQY9w: 
GET / HTTP/1.1
User-Agent: acme.sh client: https://github.com/Neilpang/acme.sh
Host: localhost:14927
Accept: */*

    I am trying to troubleshoot it with the web host too, but they're not finding the issue. At first they thought it was because of my http --> https redirect rules, but when these are commented out in .htaccess, the error still happens.

    I've looked at --debug but I'm not knowledgeable enough with this kind of thing to know if there's anything there or not.

    Any suggestions?

    opened by wion 32
  • Register account Error on OpenWrt

    Register account Error on OpenWrt

    我之前已经成功在 OpenWrt 上生成了证书文件,最近发现脚本却失效了,总是在 Registering account 时报错。 尝试删除各种配置文件重新生成依旧失败,请问该如何诊断问题?

    日志记录如下:

    root@openwrt:~# ./acme.sh --registeraccount --test --debug 2
[Tue Dec 13 15:31:35 CST 2016] Lets find script dir.
[Tue Dec 13 15:31:35 CST 2016] _SCRIPT_='./acme.sh'
[Tue Dec 13 15:31:35 CST 2016] _script='/root/.acme.sh/acme.sh'
[Tue Dec 13 15:31:35 CST 2016] _script_home='/root/.acme.sh'
[Tue Dec 13 15:31:35 CST 2016] Using default home:/root/.acme.sh
[Tue Dec 13 15:31:35 CST 2016] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.5
[Tue Dec 13 15:31:35 CST 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue Dec 13 15:31:35 CST 2016] RSA key
[Tue Dec 13 15:31:42 CST 2016] AGREEMENT
[Tue Dec 13 15:31:42 CST 2016] Registering account
[Tue Dec 13 15:31:42 CST 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Tue Dec 13 15:31:42 CST 2016] payload='{"resource": "new-reg", "agreement": ""}'
[Tue Dec 13 15:31:42 CST 2016] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Tue Dec 13 15:31:42 CST 2016] Get nonce.
[Tue Dec 13 15:31:42 CST 2016] GET
[Tue Dec 13 15:31:42 CST 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue Dec 13 15:31:42 CST 2016] timeout
[Tue Dec 13 15:31:42 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.eyCJgk '
[Tue Dec 13 15:31:46 CST 2016] ret='0'
[Tue Dec 13 15:31:46 CST 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 372
Boulder-Request-Id: IMu6DWEb_FLHtoZFWxWMc0ZnE3uJM1ekx_tF6MbSCq8
Replay-Nonce: Sglh_FkSL0Rx5Jl21ilH9YjVznRNCUEYYHuPKQKJsmw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 13 Dec 2016 07:31:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 13 Dec 2016 07:31:46 GMT
Connection: keep-alive
'
[Tue Dec 13 15:31:46 CST 2016] _CACHED_NONCE='Sglh_FkSL0Rx5Jl21ilH9YjVznRNCUEYYHuPKQKJsmw'
[Tue Dec 13 15:31:46 CST 2016] nonce='Sglh_FkSL0Rx5Jl21ilH9YjVznRNCUEYYHuPKQKJsmw'
[Tue Dec 13 15:31:46 CST 2016] POST
[Tue Dec 13 15:31:46 CST 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Tue Dec 13 15:31:47 CST 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "-ihQHbAKpL89FFme3LqGvtEoV08Lrl94bNcRW3muquhtGiK5SpG3XGvzZmvcC4o4
I5J2MI7KMMS5ozjf3bKS5NiptBR4OuCShipoS4y0ymuBvffGDUcABXnf7gCONW7K
VYK0aU4QHfK_Sp4kOz-AtpRnDiQw7jHxJAbS4sCzzrL3RJ03Yf7r6hhivMFNdMg8
BuFMccz_l7GQMsqBZHGgOxjetQF1BQR5vISZpUmwZQwObx7UKJhn0l20IlvPI22w
qFe-Ptp5h25-_mUfrAvyLromhga-ktXiUoPy9cinkRDsk8geFZSzKqEyWd8fMUMx
6_5xYvmYJ5XPDWtR2WjLPQ"}}, "protected": "eyJub25jZSI6ICJTZ2xoX0ZrU0wwUng1SmwyMWlsSDlZalZ6blJOQ1VFWVlIdVBL
UUtKc213IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJr
dHkiOiAiUlNBIiwgIm4iOiAiLWloUUhiQUtwTDg5RkZtZTNMcUd2dEVvVjA4THJs
OTRiTmNSVzNtdXF1aHRHaUs1U3BHM1hHdnpabXZjQzRvNApJNUoyTUk3S01NUzVv
empmM2JLUzVOaXB0QlI0T3VDU2hpcG9TNHkweW11QnZmZkdEVWNBQlhuZjdnQ09O
VzdLClZZSzBhVTRRSGZLX1NwNGtPei1BdHBSbkRpUXc3akh4SkFiUzRzQ3p6ckwz
UkowM1lmN3I2aGhpdk1GTmRNZzgKQnVGTWNjel9sN0dRTXNxQlpIR2dPeGpldFFG
MUJRUjV2SVNacFVtd1pRd09ieDdVS0pobjBsMjBJbHZQSTIydwpxRmUtUHRwNWgy
NS1fbVVmckF2eUxyb21oZ2Eta3RYaVVvUHk5Y2lua1JEc2s4Z2VGWlN6S3FFeVdk
OGZNVU14CjZfNXhZdm1ZSjVYUERXdFIyV2pMUFEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctcmVnIiwgImFncmVlbWVudCI6ICIifQ", "signature": "Gt6-9LmdNKHL0dh5PYhJAaHe7QXpu5y556SN8rgdms7tQ9i3g0CmNQGIZZWadoYb
gcI1oUu_jkxVLWSpY6rWy6V0qzXPohKWvOn8K9ytCZ021YDWVkT7QnXPPXv7vcnA
tUDzXqm9FArk2M3VyjJ4gK-u8m0DMb-1xsc1ojR5E8ZwCUtbyDXeKv-OdRxlXSYr
ftICYHHNscIad4g-5Wma6PG6TWVy2KBCaX16s10Npy2Rqi8wwpG7uWbrqptnrTOI
fER6kFph_WI0j6vUrsjkyQijOVpAXZJY0JBl7iwLeOcz2vsQTJHcGdC4MJxwnI46
awYkCcRKDDUTRN4_Vc5mMA"}'
[Tue Dec 13 15:31:47 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.zEBcYz '
[Tue Dec 13 15:31:49 CST 2016] _ret='0'
[Tue Dec 13 15:31:49 CST 2016] original='{
  "type": "urn:acme:error:malformed",
  "detail": "Parse error reading JWS",
  "status": 400
}'
[Tue Dec 13 15:31:49 CST 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 13 Dec 2016 07:31:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 96
Boulder-Request-Id: tt6n075L2qfTnX6IgF5IuZiZune1KMy0rSgE5s5POgY
Replay-Nonce: -Fyab7Cfq99fuyCFdD-K0sWHSU5-MYKsN1GcfKnpVAI
Expires: Tue, 13 Dec 2016 07:31:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 13 Dec 2016 07:31:49 GMT
Connection: close
'
[Tue Dec 13 15:31:49 CST 2016] response='{"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
[Tue Dec 13 15:31:49 CST 2016] code='400'
[Tue Dec 13 15:31:49 CST 2016] Register account Error: {"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
    opened by CzBiX 31
  • DNS mode: use dns over https to poll the dns status, instead of a fixed sleep time

    DNS mode: use dns over https to poll the dns status, instead of a fixed sleep time

    In dns mode, we need to wait for the txt record to take effect.

    Currently, we have a sleep time, It looks silly.

    we will use dns over https to poll the dns status.

    There are 2 alternatives we can use:

    1. https://developers.google.com/speed/public-dns/docs/dns-over-https
    2. https://developers.cloudflare.com/1.1.1.1/dns-over-https/
    enhancement 
    opened by Neilpang 30
  • Unable to register for ZeroSSL CA

    Unable to register for ZeroSSL CA

    Steps to reproduce

    Registering f. ZeroSSL CA;

    neither this variant: acme.sh --register-account -m [email protected] --server zerossl nor that variant: acme.sh --register-account --server zerossl
    --eab-kid xxxxxxxxxxxx
    --eab-hmac-key xxxxxxxxx

    for the latter a screenshot is made ...

    opened by maxmueller0 28
  • fixes

    fixes

    A few shellcheck fixes (some were errors). Passes acmetest/letest.sh (with the modifications at https://github.com/kstr0k/acmetest, for which I've also submitted a PR)

    opened by mralusw 0
  • Fix dns_huaweicloud: incorrect `DomainName` credential key name

    Fix dns_huaweicloud: incorrect `DomainName` credential key name

    The key is saved under HUAWEICLOUD_DomainName:

    https://github.com/acmesh-official/acme.sh/blob/a2c64e79ff1b597b15d7bf7cb17aa627e7b7eb3f/dnsapi/dns_huaweicloud.sh#L61

    but using HUAWEICLOUD_Username when reading saved credentials:

    https://github.com/acmesh-official/acme.sh/blob/a2c64e79ff1b597b15d7bf7cb17aa627e7b7eb3f/dnsapi/dns_huaweicloud.sh#L26

    opened by idawnlight 2
  • getting validation data

    getting validation data

    Hi there,

    I'm keep getting the following error . any help would be appreciated

    [root@server ~]# ~/.acme.sh/acme.sh --issue -d servername.com --standalone --debug [Wed Dec 28 00:23:26 AEDT 2022] Lets find script dir. [Wed Dec 28 00:23:26 AEDT 2022] SCRIPT='/root/.acme.sh/acme.sh' [Wed Dec 28 00:23:27 AEDT 2022] _script='/root/.acme.sh/acme.sh' [Wed Dec 28 00:23:27 AEDT 2022] _script_home='/root/.acme.sh' [Wed Dec 28 00:23:27 AEDT 2022] Using config home:/root/.acme.sh https://github.com/acmesh-official/acme.sh v3.0.5 [Wed Dec 28 00:23:27 AEDT 2022] Running cmd: issue [Wed Dec 28 00:23:27 AEDT 2022] _main_domain='servername.com' [Wed Dec 28 00:23:27 AEDT 2022] _alt_domains='no' [Wed Dec 28 00:23:27 AEDT 2022] Using config home:/root/.acme.sh [Wed Dec 28 00:23:27 AEDT 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Wed Dec 28 00:23:27 AEDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Wed Dec 28 00:23:27 AEDT 2022] DOMAIN_PATH='/root/.acme.sh/servername.com' [Wed Dec 28 00:23:27 AEDT 2022] Le_NextRenewTime [Wed Dec 28 00:23:27 AEDT 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Wed Dec 28 00:23:27 AEDT 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Wed Dec 28 00:23:27 AEDT 2022] GET [Wed Dec 28 00:23:27 AEDT 2022] url='https://acme-v02.api.letsencrypt.org/directory' [Wed Dec 28 00:23:27 AEDT 2022] timeout= [Wed Dec 28 00:23:27 AEDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed Dec 28 00:23:27 AEDT 2022] ret='0' [Wed Dec 28 00:23:27 AEDT 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Wed Dec 28 00:23:27 AEDT 2022] ACME_NEW_AUTHZ [Wed Dec 28 00:23:27 AEDT 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed Dec 28 00:23:27 AEDT 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Wed Dec 28 00:23:27 AEDT 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Wed Dec 28 00:23:27 AEDT 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf' [Wed Dec 28 00:23:27 AEDT 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Wed Dec 28 00:23:27 AEDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory [Wed Dec 28 00:23:27 AEDT 2022] _on_before_issue [Wed Dec 28 00:23:27 AEDT 2022] _chk_main_domain='servername.com' [Wed Dec 28 00:23:27 AEDT 2022] _chk_alt_domains [Wed Dec 28 00:23:27 AEDT 2022] Le_LocalAddress [Wed Dec 28 00:23:27 AEDT 2022] d='servername.com' [Wed Dec 28 00:23:27 AEDT 2022] Check for domain='servername.com' [Wed Dec 28 00:23:27 AEDT 2022] _currentRoot='no' [Wed Dec 28 00:23:27 AEDT 2022] Standalone mode. [Wed Dec 28 00:23:27 AEDT 2022] _checkport='80' [Wed Dec 28 00:23:27 AEDT 2022] _checkaddr [Wed Dec 28 00:23:28 AEDT 2022] Using: ss [Wed Dec 28 00:23:28 AEDT 2022] d [Wed Dec 28 00:23:28 AEDT 2022] _saved_account_key_hash is not changed, skip register account. [Wed Dec 28 00:23:28 AEDT 2022] Read key length:2048 [Wed Dec 28 00:23:28 AEDT 2022] _createcsr [Wed Dec 28 00:23:28 AEDT 2022] Single domain='servername.com' [Wed Dec 28 00:23:28 AEDT 2022] Getting domain auth token for each domain [Wed Dec 28 00:23:28 AEDT 2022] d [Wed Dec 28 00:23:28 AEDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed Dec 28 00:23:28 AEDT 2022] payload='{"identifiers": [{"type":"dns","value":"servername.com"}]}' [Wed Dec 28 00:23:28 AEDT 2022] RSA key [Wed Dec 28 00:23:28 AEDT 2022] HEAD [Wed Dec 28 00:23:28 AEDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Wed Dec 28 00:23:28 AEDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g -I ' [Wed Dec 28 00:23:28 AEDT 2022] _ret='0' [Wed Dec 28 00:23:29 AEDT 2022] POST [Wed Dec 28 00:23:29 AEDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed Dec 28 00:23:29 AEDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed Dec 28 00:23:29 AEDT 2022] _ret='0' [Wed Dec 28 00:23:29 AEDT 2022] code='201' [Wed Dec 28 00:23:29 AEDT 2022] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/888643737/155250946557' [Wed Dec 28 00:23:29 AEDT 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/888643737/155250946557' [Wed Dec 28 00:23:29 AEDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/190370985817' [Wed Dec 28 00:23:29 AEDT 2022] payload [Wed Dec 28 00:23:29 AEDT 2022] POST [Wed Dec 28 00:23:29 AEDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/190370985817' [Wed Dec 28 00:23:29 AEDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed Dec 28 00:23:30 AEDT 2022] _ret='0' [Wed Dec 28 00:23:30 AEDT 2022] code='200' [Wed Dec 28 00:23:30 AEDT 2022] d='servername.com' [Wed Dec 28 00:23:30 AEDT 2022] Getting webroot for domain='servername.com' [Wed Dec 28 00:23:30 AEDT 2022] _w='no' [Wed Dec 28 00:23:30 AEDT 2022] _currentRoot='no' [Wed Dec 28 00:23:30 AEDT 2022] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA","token":"f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg"' [Wed Dec 28 00:23:30 AEDT 2022] token='f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg' [Wed Dec 28 00:23:30 AEDT 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA' [Wed Dec 28 00:23:30 AEDT 2022] keyauthorization='f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg.lzT6uZjPwvf3nnSE6OXE2l1CpDz-1fsrg3EaghgZnsE' [Wed Dec 28 00:23:30 AEDT 2022] dvlist='servername.com#f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg.lzT6uZjPwvf3nnSE6OXE2l1CpDz-1fsrg3EaghgZnsE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA#http-01#no' [Wed Dec 28 00:23:30 AEDT 2022] d [Wed Dec 28 00:23:30 AEDT 2022] vlist='servername.com#f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg.lzT6uZjPwvf3nnSE6OXE2l1CpDz-1fsrg3EaghgZnsE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA#http-01#no,' [Wed Dec 28 00:23:30 AEDT 2022] d='servername.com' [Wed Dec 28 00:23:30 AEDT 2022] ok, let's start to verify [Wed Dec 28 00:23:30 AEDT 2022] Verifying: servername.com [Wed Dec 28 00:23:30 AEDT 2022] d='servername.com' [Wed Dec 28 00:23:30 AEDT 2022] keyauthorization='f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg.lzT6uZjPwvf3nnSE6OXE2l1CpDz-1fsrg3EaghgZnsE' [Wed Dec 28 00:23:30 AEDT 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA' [Wed Dec 28 00:23:30 AEDT 2022] _currentRoot='no' [Wed Dec 28 00:23:30 AEDT 2022] Standalone mode server [Wed Dec 28 00:23:30 AEDT 2022] content='f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg.lzT6uZjPwvf3nnSE6OXE2l1CpDz-1fsrg3EaghgZnsE' [Wed Dec 28 00:23:30 AEDT 2022] ncaddr [Wed Dec 28 00:23:30 AEDT 2022] startserver: 32702 [Wed Dec 28 00:23:30 AEDT 2022] Le_HTTPPort='80' [Wed Dec 28 00:23:30 AEDT 2022] Le_Listen_V4 [Wed Dec 28 00:23:30 AEDT 2022] Le_Listen_V6 [Wed Dec 28 00:23:30 AEDT 2022] _content_len='87' [Wed Dec 28 00:23:30 AEDT 2022] _NC='socat TCP-LISTEN:80,crlf,reuseaddr,fork' [Wed Dec 28 00:23:31 AEDT 2022] serverproc='1105' [Wed Dec 28 00:23:31 AEDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA' [Wed Dec 28 00:23:31 AEDT 2022] payload='{}' [Wed Dec 28 00:23:31 AEDT 2022] POST [Wed Dec 28 00:23:31 AEDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA' [Wed Dec 28 00:23:31 AEDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed Dec 28 00:23:32 AEDT 2022] _ret='0' [Wed Dec 28 00:23:32 AEDT 2022] code='200' [Wed Dec 28 00:23:32 AEDT 2022] trigger validation code: 200 [Wed Dec 28 00:23:32 AEDT 2022] Pending, The CA is processing your order, please just wait. (1/30) [Wed Dec 28 00:23:32 AEDT 2022] sleep 2 secs to verify again [Wed Dec 28 00:23:35 AEDT 2022] checking [Wed Dec 28 00:23:35 AEDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA' [Wed Dec 28 00:23:35 AEDT 2022] payload [Wed Dec 28 00:23:35 AEDT 2022] POST [Wed Dec 28 00:23:35 AEDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA' [Wed Dec 28 00:23:35 AEDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed Dec 28 00:23:36 AEDT 2022] _ret='0' [Wed Dec 28 00:23:36 AEDT 2022] code='200' [Wed Dec 28 00:23:36 AEDT 2022] servername.com:Verify error:...*: Fetching http://servername.com/.well-known/acme-challenge/f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg: Error getting validation data [Wed Dec 28 00:23:36 AEDT 2022] Debug: get token url. [Wed Dec 28 00:23:36 AEDT 2022] GET [Wed Dec 28 00:23:36 AEDT 2022] url='http://servername.com/.well-known/acme-challenge/f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg' [Wed Dec 28 00:23:36 AEDT 2022] timeout=1 [Wed Dec 28 00:23:36 AEDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g --connect-timeout 1' f8m0EOhNdkXhcCmS_3GCM_XsGqPQsxRbQG3q1ZlyWkg.lzT6uZjPwvf3nnSE6OXE2l1CpDz-1fsrg3EaghgZnsE[Wed Dec 28 00:23:37 AEDT 2022] ret='0' [Wed Dec 28 00:23:37 AEDT 2022] Skip for removelevel: [Wed Dec 28 00:23:37 AEDT 2022] pid='1105' [Wed Dec 28 00:23:37 AEDT 2022] No need to restore nginx, skip. [Wed Dec 28 00:23:37 AEDT 2022] _clearupdns [Wed Dec 28 00:23:37 AEDT 2022] dns_entries [Wed Dec 28 00:23:37 AEDT 2022] skip dns. [Wed Dec 28 00:23:37 AEDT 2022] _on_issue_err [Wed Dec 28 00:23:37 AEDT 2022] Please add '--debug' or '--log' to check more details. [Wed Dec 28 00:23:37 AEDT 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Wed Dec 28 00:23:37 AEDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA' [Wed Dec 28 00:23:37 AEDT 2022] payload='{}' [Wed Dec 28 00:23:37 AEDT 2022] POST [Wed Dec 28 00:23:37 AEDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/190370985817/uzV5fA' [Wed Dec 28 00:23:37 AEDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g ' [Wed Dec 28 00:23:38 AEDT 2022] _ret='0' [Wed Dec 28 00:23:38 AEDT 2022] code='400' [Wed Dec 28 00:23:38 AEDT 2022] Diagnosis versions: openssl:openssl OpenSSL 1.1.1c 28 May 2019 apache: apache doesn't exist. nginx: nginx doesn't exist. socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org socat version 1.7.3.2 on Aug 4 2017 04:57:10 running on Linux version #1 SMP Wed Oct 13 17:20:51 UTC 2021, release 3.10.0-1160.45.1.el7.x86_64, machine x86_64 features: #define WITH_STDIO 1 #define WITH_FDNUM 1 #define WITH_FILE 1 #define WITH_CREAT 1 #define WITH_GOPEN 1 #define WITH_TERMIOS 1 #define WITH_PIPE 1 #define WITH_UNIX 1 #define WITH_ABSTRACT_UNIXSOCKET 1 #define WITH_IP4 1 #define WITH_IP6 1 #define WITH_RAWIP 1 #define WITH_GENERICSOCKET 1 #define WITH_INTERFACE 1 #define WITH_TCP 1 #define WITH_UDP 1 #define WITH_SCTP 1 #define WITH_LISTEN 1 #define WITH_SOCKS4 1 #define WITH_SOCKS4A 1 #define WITH_PROXY 1 #define WITH_SYSTEM 1 #define WITH_EXEC 1 #define WITH_READLINE 1 #define WITH_TUN 1 #define WITH_PTY 1 #define WITH_OPENSSL 1 #undef WITH_FIPS #define WITH_LIBWRAP 1 #define WITH_SYCLS 1 #define WITH_FILAN 1 #define WITH_RETRY 1 #define WITH_MSGLEVEL 0 /debug/

    opened by amirr1361 2
  • dns api: merge knot and nsupdate

    dns api: merge knot and nsupdate

    The Knot dns server has support of nsupdate but it's tool called knsupdate. So we have two scripts that are almost the same:

    https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_nsupdate.sh And https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_knot.sh

    And they difers only by a command. Maybe it's possible to merge or reuse them?

    opened by stokito 1
  • Verify error: Connection refused

    Verify error: Connection refused

    Steps to reproduce

    acme.sh --issue -w /home/wwwroot/www.abc.xyz -d www.abc.xyz --keylength ec-256

    Debug log

    # acme.sh  --issue .....   --debug 2

[2022年 12月 25日 星期日 09:28:13 EST] Lets find script dir.
[2022年 12月 25日 星期日 09:28:13 EST] _SCRIPT_='/root/.acme.sh/acme.sh'
[2022年 12月 25日 星期日 09:28:13 EST] _script='/root/.acme.sh/acme.sh'
[2022年 12月 25日 星期日 09:28:13 EST] _script_home='/root/.acme.sh'
[2022年 12月 25日 星期日 09:28:13 EST] Using config home:/root/.acme.sh
[2022年 12月 25日 星期日 09:28:13 EST] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.5
[2022年 12月 25日 星期日 09:28:13 EST] Running cmd: issue
[2022年 12月 25日 星期日 09:28:13 EST] _main_domain='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:13 EST] _alt_domains='no'
[2022年 12月 25日 星期日 09:28:13 EST] Using config home:/root/.acme.sh
[2022年 12月 25日 星期日 09:28:13 EST] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[2022年 12月 25日 星期日 09:28:13 EST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[2022年 12月 25日 星期日 09:28:13 EST] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[2022年 12月 25日 星期日 09:28:13 EST] _ACME_SERVER_PATH='directory'
[2022年 12月 25日 星期日 09:28:13 EST] DOMAIN_PATH='/root/.acme.sh/www.abc.xyz_ecc'
[2022年 12月 25日 星期日 09:28:13 EST] '/home/wwwroot/www.abc.xyz' does not contain 'dns'
[2022年 12月 25日 星期日 09:28:13 EST] Le_NextRenewTime
[2022年 12月 25日 星期日 09:28:13 EST] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[2022年 12月 25日 星期日 09:28:13 EST] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[2022年 12月 25日 星期日 09:28:13 EST] GET
[2022年 12月 25日 星期日 09:28:13 EST] url='https://acme-v02.api.letsencrypt.org/directory'
[2022年 12月 25日 星期日 09:28:13 EST] timeout=
[2022年 12月 25日 星期日 09:28:13 EST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.XszC7olExD '
[2022年 12月 25日 星期日 09:28:13 EST] ret='0'
[2022年 12月 25日 星期日 09:28:13 EST] response='{
  "MUKo3rL2PXI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[2022年 12月 25日 星期日 09:28:13 EST] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[2022年 12月 25日 星期日 09:28:13 EST] ACME_NEW_AUTHZ
[2022年 12月 25日 星期日 09:28:13 EST] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[2022年 12月 25日 星期日 09:28:13 EST] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[2022年 12月 25日 星期日 09:28:13 EST] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[2022年 12月 25日 星期日 09:28:13 EST] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[2022年 12月 25日 星期日 09:28:13 EST] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[2022年 12月 25日 星期日 09:28:13 EST] Using CA: https://acme-v02.api.letsencrypt.org/directory
[2022年 12月 25日 星期日 09:28:13 EST] _on_before_issue
[2022年 12月 25日 星期日 09:28:13 EST] _chk_main_domain='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:13 EST] _chk_alt_domains
[2022年 12月 25日 星期日 09:28:13 EST] '/home/wwwroot/www.abc.xyz' does not contain 'no'
[2022年 12月 25日 星期日 09:28:13 EST] Le_LocalAddress
[2022年 12月 25日 星期日 09:28:13 EST] d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:13 EST] Check for domain='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:14 EST] _currentRoot='/home/wwwroot/www.abc.xyz'
[2022年 12月 25日 星期日 09:28:14 EST] d
[2022年 12月 25日 星期日 09:28:14 EST] '/home/wwwroot/www.abc.xyz' does not contain 'apache'
[2022年 12月 25日 星期日 09:28:14 EST] _saved_account_key_hash='CL979eWAihA6oK3vTm7pfwpI1rsjzwg+1/a5vHzPV2E='
[2022年 12月 25日 星期日 09:28:14 EST] _saved_account_key_hash is not changed, skip register account.
[2022年 12月 25日 星期日 09:28:14 EST] Read key length:ec-256
[2022年 12月 25日 星期日 09:28:14 EST] _createcsr
[2022年 12月 25日 星期日 09:28:14 EST] domain='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:14 EST] domainlist
[2022年 12月 25日 星期日 09:28:14 EST] csrkey='/root/.acme.sh/www.abc.xyz_ecc/www.abc.xyz.key'
[2022年 12月 25日 星期日 09:28:14 EST] csr='/root/.acme.sh/www.abc.xyz_ecc/www.abc.xyz.csr'
[2022年 12月 25日 星期日 09:28:14 EST] csrconf='/root/.acme.sh/www.abc.xyz_ecc/www.abc.xyz.csr.conf'
[2022年 12月 25日 星期日 09:28:14 EST] Single domain='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:14 EST] seg='www'
[2022年 12月 25日 星期日 09:28:14 EST] _is_idn_d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:14 EST] _idn_temp
[2022年 12月 25日 星期日 09:28:14 EST] _is_idn_d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:14 EST] _idn_temp
[2022年 12月 25日 星期日 09:28:14 EST] _csr_cn='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:14 EST] seg='www'
[2022年 12月 25日 星期日 09:28:14 EST] Getting domain auth token for each domain
[2022年 12月 25日 星期日 09:28:14 EST] seg='www'
[2022年 12月 25日 星期日 09:28:14 EST] _is_idn_d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:14 EST] _idn_temp
[2022年 12月 25日 星期日 09:28:14 EST] d
[2022年 12月 25日 星期日 09:28:14 EST] _identifiers='{"type":"dns","value":"www.abc.xyz"}'
[2022年 12月 25日 星期日 09:28:14 EST] _notBefore
[2022年 12月 25日 星期日 09:28:14 EST] _notAfter
[2022年 12月 25日 星期日 09:28:14 EST] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[2022年 12月 25日 星期日 09:28:14 EST] payload='{"identifiers": [{"type":"dns","value":"www.abc.xyz"}]}'
[2022年 12月 25日 星期日 09:28:14 EST] RSA key
[2022年 12月 25日 星期日 09:28:14 EST] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[2022年 12月 25日 星期日 09:28:14 EST] HEAD
[2022年 12月 25日 星期日 09:28:14 EST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[2022年 12月 25日 星期日 09:28:14 EST] body
[2022年 12月 25日 星期日 09:28:14 EST] _postContentType='application/jose+json'
[2022年 12月 25日 星期日 09:28:14 EST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.uRChlnqtlC  -I  '
[2022年 12月 25日 星期日 09:28:14 EST] _ret='0'
[2022年 12月 25日 星期日 09:28:14 EST] _headers='HTTP/2 200 
server: nginx
date: Sun, 25 Dec 2022 14:28:14 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 2712ziEwgUDt-hffWkJLiagPJIPvn9waMQLDBu5rYDw8KTc
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[2022年 12月 25日 星期日 09:28:14 EST] _CACHED_NONCE='2712ziEwgUDt-hffWkJLiagPJIPvn9waMQLDBu5rYDw8KTc'
[2022年 12月 25日 星期日 09:28:14 EST] nonce='2712ziEwgUDt-hffWkJLiagPJIPvn9waMQLDBu5rYDw8KTc'
[2022年 12月 25日 星期日 09:28:14 EST] POST
[2022年 12月 25日 星期日 09:28:14 EST] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[2022年 12月 25日 星期日 09:28:14 EST] body='{"protected": "eyJub25jZSI6ICIyNzEyemlFd2dVRHQtaGZmV2tKTGlhZ1BKSVB2bjl3YU1RTERCdTVyWUR3OEtUYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84ODczNjI2NjcifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Ind3dy5pbHF5MTMxNC54eXoifV19", "signature": "K2lk4F6X6IrlP6haVs-KBKAluVSHahmjD9970XgEswPiJQGTwTHYBX-ClrMS89VjCv_3uvKl-rAkEAlLKjE2g_CAgL23z-oSEAja4qlL4qsMsQ3_M7TvKSd1MRd9m_GG3zSemL39-SONghZE5T-QhgLIkzEsmYW1XwmcDNy-__GQqSdP3_fj2cRvTuZ9B9rUG5qh4O2MTxKo7Hz_lTby2QX1qKDjGr0SXMLaG4tzWeh77rWTfKxVFMppDKrXLj4E1JCcLyejrva8P48XYa8nxRaQ8NH8HCeuBy0fSpaYe5dT3NN57QUXmHMcdgIgsprBDKGeWLou7JxxifzbVag-8g"}'
[2022年 12月 25日 星期日 09:28:14 EST] _postContentType='application/jose+json'
[2022年 12月 25日 星期日 09:28:14 EST] Http already initialized.
[2022年 12月 25日 星期日 09:28:14 EST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.uRChlnqtlC '
[2022年 12月 25日 星期日 09:28:15 EST] _ret='0'
[2022年 12月 25日 星期日 09:28:15 EST] responseHeaders='HTTP/2 201 
server: nginx
date: Sun, 25 Dec 2022 14:28:15 GMT
content-type: application/json
content-length: 341
boulder-requester: 887362667
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/887362667/154866131767
replay-nonce: 2712IznRJDDGPOCJRecDxO2mgb3yuk5_ObaB7Du8puxIt2E
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[2022年 12月 25日 星期日 09:28:15 EST] code='201'
[2022年 12月 25日 星期日 09:28:15 EST] original='{
  "status": "pending",
  "expires": "2023-01-01T14:28:15Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "www.abc.xyz"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/189862369787"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/887362667/154866131767"
}'
[2022年 12月 25日 星期日 09:28:15 EST] response='{"status":"pending","expires":"2023-01-01T14:28:15Z","identifiers":[{"type":"dns","value":"www.abc.xyz"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/189862369787"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/887362667/154866131767"}'
[2022年 12月 25日 星期日 09:28:15 EST] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/887362667/154866131767'
[2022年 12月 25日 星期日 09:28:15 EST] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/887362667/154866131767'
[2022年 12月 25日 星期日 09:28:15 EST] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/189862369787'
[2022年 12月 25日 星期日 09:28:15 EST] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/189862369787'
[2022年 12月 25日 星期日 09:28:15 EST] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/189862369787'
[2022年 12月 25日 星期日 09:28:15 EST] payload
[2022年 12月 25日 星期日 09:28:15 EST] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[2022年 12月 25日 星期日 09:28:15 EST] Use _CACHED_NONCE='2712IznRJDDGPOCJRecDxO2mgb3yuk5_ObaB7Du8puxIt2E'
[2022年 12月 25日 星期日 09:28:15 EST] nonce='2712IznRJDDGPOCJRecDxO2mgb3yuk5_ObaB7Du8puxIt2E'
[2022年 12月 25日 星期日 09:28:15 EST] POST
[2022年 12月 25日 星期日 09:28:15 EST] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/189862369787'
[2022年 12月 25日 星期日 09:28:15 EST] body='{"protected": "eyJub25jZSI6ICIyNzEySXpuUkpEREdQT0NKUmVjRHhPMm1nYjN5dWs1X09iYUI3RHU4cHV4SXQyRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTg5ODYyMzY5Nzg3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84ODczNjI2NjcifQ", "payload": "", "signature": "u3NR4-B3LCOzuyBcoXnnQyGgCgSewrws_yCejIeWHtH9nF9RRh-nUD6dFdRJU9De2hwHuhTT3V5266AnRscXkTvQWZFPjnvegOuha0mWPIuk-xDYzbaY14POTesYD91iYwXkupKPWV3nJUj6nn7g4C2Vz0AVmXfRCq6NkCZrkKkGDragPom6_xAxjzstrN3wFw0WFRwF4tz1ASI0-ymcf5T7QMRHmaySzLGk_Y2VKOe7c66-gxczudeFTKBgldIHCLgnTgZbu2OYvzuyF6uRhKUt4iLM05MLnG51PQfRd_6prmLN5-E6mxjZGorpTNLkurhlzUT5m1Yrr-LBGN5OvA"}'
[2022年 12月 25日 星期日 09:28:15 EST] _postContentType='application/jose+json'
[2022年 12月 25日 星期日 09:28:15 EST] Http already initialized.
[2022年 12月 25日 星期日 09:28:15 EST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.uRChlnqtlC '
[2022年 12月 25日 星期日 09:28:15 EST] _ret='0'
[2022年 12月 25日 星期日 09:28:15 EST] responseHeaders='HTTP/2 200 
server: nginx
date: Sun, 25 Dec 2022 14:28:15 GMT
content-type: application/json
content-length: 800
boulder-requester: 887362667
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 5CA2xHIp4mCimxNSDy4HgMEVvpCO_sctrSZr_KXWuGY1NmM
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[2022年 12月 25日 星期日 09:28:15 EST] code='200'
[2022年 12月 25日 星期日 09:28:15 EST] original='{
  "identifier": {
    "type": "dns",
    "value": "www.abc.xyz"
  },
  "status": "pending",
  "expires": "2023-01-01T14:28:15Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g",
      "token": "4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/0JRRZA",
      "token": "4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/HGT1Sg",
      "token": "4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"
    }
  ]
}'
[2022年 12月 25日 星期日 09:28:15 EST] response='{"identifier":{"type":"dns","value":"www.abc.xyz"},"status":"pending","expires":"2023-01-01T14:28:15Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/0JRRZA","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/HGT1Sg","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"}]}'
[2022年 12月 25日 星期日 09:28:15 EST] response='{"identifier":{"type":"dns","value":"www.abc.xyz"},"status":"pending","expires":"2023-01-01T14:28:15Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/0JRRZA","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/HGT1Sg","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"}]}'
[2022年 12月 25日 星期日 09:28:15 EST] _d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:15 EST] _authorizations_map='www.abc.xyz,{"identifier":{"type":"dns","value":"www.abc.xyz"},"status":"pending","expires":"2023-01-01T14:28:15Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/0JRRZA","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/HGT1Sg","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"}]}
'
[2022年 12月 25日 星期日 09:28:15 EST] d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:15 EST] Getting webroot for domain='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:15 EST] _w='/home/wwwroot/www.abc.xyz'
[2022年 12月 25日 星期日 09:28:15 EST] _currentRoot='/home/wwwroot/www.abc.xyz'
[2022年 12月 25日 星期日 09:28:15 EST] _is_idn_d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:15 EST] _idn_temp
[2022年 12月 25日 星期日 09:28:15 EST] _candidates='www.abc.xyz,{"identifier":{"type":"dns","value":"www.abc.xyz"},"status":"pending","expires":"2023-01-01T14:28:15Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/0JRRZA","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/HGT1Sg","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"}]}'
[2022年 12月 25日 星期日 09:28:15 EST] response='{"identifier":{"type":"dns","value":"www.abc.xyz"},"status":"pending","expires":"2023-01-01T14:28:15Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/0JRRZA","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/HGT1Sg","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"}]}'
[2022年 12月 25日 星期日 09:28:15 EST] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"'
[2022年 12月 25日 星期日 09:28:15 EST] token='4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o'
[2022年 12月 25日 星期日 09:28:15 EST] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:15 EST] keyauthorization='4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o.FQeFrDUC0iOn-858ZdvSeManJqKhBNBkf2zoXDrkGmA'
[2022年 12月 25日 星期日 09:28:15 EST] dvlist='www.abc.xyz#4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o.FQeFrDUC0iOn-858ZdvSeManJqKhBNBkf2zoXDrkGmA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g#http-01#/home/wwwroot/www.abc.xyz'
[2022年 12月 25日 星期日 09:28:15 EST] d
[2022年 12月 25日 星期日 09:28:16 EST] vlist='www.abc.xyz#4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o.FQeFrDUC0iOn-858ZdvSeManJqKhBNBkf2zoXDrkGmA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g#http-01#/home/wwwroot/www.abc.xyz,'
[2022年 12月 25日 星期日 09:28:16 EST] d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:16 EST] ok, let's start to verify
[2022年 12月 25日 星期日 09:28:16 EST] Verifying: www.abc.xyz
[2022年 12月 25日 星期日 09:28:16 EST] d='www.abc.xyz'
[2022年 12月 25日 星期日 09:28:16 EST] keyauthorization='4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o.FQeFrDUC0iOn-858ZdvSeManJqKhBNBkf2zoXDrkGmA'
[2022年 12月 25日 星期日 09:28:16 EST] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:16 EST] _currentRoot='/home/wwwroot/www.abc.xyz'
[2022年 12月 25日 星期日 09:28:16 EST] wellknown_path='/home/wwwroot/www.abc.xyz/.well-known/acme-challenge'
[2022年 12月 25日 星期日 09:28:16 EST] writing token:4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o to /home/wwwroot/www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o
[2022年 12月 25日 星期日 09:28:16 EST] Changing owner/group of .well-known to root:root
[2022年 12月 25日 星期日 09:28:16 EST] Trigger domain validation.
[2022年 12月 25日 星期日 09:28:16 EST] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:16 EST] _t_key_authz='4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o.FQeFrDUC0iOn-858ZdvSeManJqKhBNBkf2zoXDrkGmA'
[2022年 12月 25日 星期日 09:28:16 EST] _t_vtype='http-01'
[2022年 12月 25日 星期日 09:28:16 EST] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:16 EST] payload='{}'
[2022年 12月 25日 星期日 09:28:16 EST] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[2022年 12月 25日 星期日 09:28:16 EST] Use _CACHED_NONCE='5CA2xHIp4mCimxNSDy4HgMEVvpCO_sctrSZr_KXWuGY1NmM'
[2022年 12月 25日 星期日 09:28:16 EST] nonce='5CA2xHIp4mCimxNSDy4HgMEVvpCO_sctrSZr_KXWuGY1NmM'
[2022年 12月 25日 星期日 09:28:16 EST] POST
[2022年 12月 25日 星期日 09:28:16 EST] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:16 EST] body='{"protected": "eyJub25jZSI6ICI1Q0EyeEhJcDRtQ2lteE5TRHk0SGdNRVZ2cENPX3NjdHJTWnJfS1hXdUdZMU5tTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTg5ODYyMzY5Nzg3L2VYM283ZyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODg3MzYyNjY3In0", "payload": "e30", "signature": "gooIQelPTnUNN0Ltsbf5-p2Ac8PmnTsQ4vQGg4WBZkQOPxPKaab5yFG5fxDkjS0VW1JcVorWzBuUQNmxxKMA4x5zMty4z_AOPeD-rbZhxFt3yRcFJsey5Vkt7oRX_G1OiaqTSCm3IYZOZXY42SfWLO-Dix_zuyX245K4U0MXgbK5y2aJcdNyOEEtWIyQiGEr17i6APKy-wVa8d_mzGxDwFdfGNImMXiStiW0kKiLCfgQ8bX69C6r2pqYk5aAjAE3KV_ggJ5YdRoWWoXmWGB0xemzxqJdKWKgEgDfthAW4SZ7yfmHZtd02g5rRQ-QPG1DXgCTHJIHPP5_9Al3nAuUdg"}'
[2022年 12月 25日 星期日 09:28:16 EST] _postContentType='application/jose+json'
[2022年 12月 25日 星期日 09:28:16 EST] Http already initialized.
[2022年 12月 25日 星期日 09:28:16 EST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.uRChlnqtlC '
[2022年 12月 25日 星期日 09:28:16 EST] _ret='0'
[2022年 12月 25日 星期日 09:28:16 EST] responseHeaders='HTTP/2 200 
server: nginx
date: Sun, 25 Dec 2022 14:28:16 GMT
content-type: application/json
content-length: 187
boulder-requester: 887362667
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/189862369787>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g
replay-nonce: 20F6zESpqjDcy9vAzoqQrfOb5tcH1N4Ha0DaOwF7G0EDVBM
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[2022年 12月 25日 星期日 09:28:16 EST] code='200'
[2022年 12月 25日 星期日 09:28:16 EST] original='{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g",
  "token": "4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"
}'
[2022年 12月 25日 星期日 09:28:16 EST] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"}'
[2022年 12月 25日 星期日 09:28:16 EST] trigger validation code: 200
[2022年 12月 25日 星期日 09:28:16 EST] original='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"}'
[2022年 12月 25日 星期日 09:28:16 EST] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o"}'
[2022年 12月 25日 星期日 09:28:16 EST] status='pending'
[2022年 12月 25日 星期日 09:28:16 EST] Pending, The CA is processing your order, please just wait. (1/30)
[2022年 12月 25日 星期日 09:28:16 EST] sleep 2 secs to verify again
[2022年 12月 25日 星期日 09:28:19 EST] checking
[2022年 12月 25日 星期日 09:28:19 EST] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:19 EST] payload
[2022年 12月 25日 星期日 09:28:19 EST] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[2022年 12月 25日 星期日 09:28:19 EST] Use _CACHED_NONCE='20F6zESpqjDcy9vAzoqQrfOb5tcH1N4Ha0DaOwF7G0EDVBM'
[2022年 12月 25日 星期日 09:28:19 EST] nonce='20F6zESpqjDcy9vAzoqQrfOb5tcH1N4Ha0DaOwF7G0EDVBM'
[2022年 12月 25日 星期日 09:28:19 EST] POST
[2022年 12月 25日 星期日 09:28:19 EST] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:19 EST] body='{"protected": "eyJub25jZSI6ICIyMEY2ekVTcHFqRGN5OXZBem9xUXJmT2I1dGNIMU40SGEwRGFPd0Y3RzBFRFZCTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTg5ODYyMzY5Nzg3L2VYM283ZyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODg3MzYyNjY3In0", "payload": "", "signature": "D_PdsQM4w8iCycvL7U-0j6zgF43WAoRtEbHXgjjKsK52w-R8aDjoPgIUb6UO8i1-_4n52ApZH5Q8V-oV2ltV5zwgJGcdEKgO-ePAYzI0urEIJeXCpU4Mgn6Sz94n8R5qliz9JjdPQu1woAXN5rhzPdM2hN5G8mLNKD5ugpPFMw93oq30emkfb3BiaMaLE0YlIXIZsjvEBKpToRm687lmCh6COBW032HXOUGSmqfQqzvnKB4WwV3Bu3-Yk_b8Et1fczymjjs5rPgmZ5dGBgY6t2Pf9SPqiOmFQ3zmyik9QWjC4Fe_Ed1qLYCh5lb6klAPbD-qGBKZQ-Cf2NyI8GygUA"}'
[2022年 12月 25日 星期日 09:28:19 EST] _postContentType='application/jose+json'
[2022年 12月 25日 星期日 09:28:19 EST] Http already initialized.
[2022年 12月 25日 星期日 09:28:19 EST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.uRChlnqtlC '
[2022年 12月 25日 星期日 09:28:19 EST] _ret='0'
[2022年 12月 25日 星期日 09:28:19 EST] responseHeaders='HTTP/2 200 
server: nginx
date: Sun, 25 Dec 2022 14:28:19 GMT
content-type: application/json
content-length: 780
boulder-requester: 887362667
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/189862369787>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g
replay-nonce: 1DFAtILiQtSqstb5UoUezxegiebFoK9wRrpRNdaGOuOhtEE
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[2022年 12月 25日 星期日 09:28:19 EST] code='200'
[2022年 12月 25日 星期日 09:28:19 EST] original='{
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:connection",
    "detail": "12.34.567.890: Fetching http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o: Connection refused",
    "status": 400
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g",
  "token": "4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o",
  "validationRecord": [
    {
      "url": "http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o",
      "hostname": "www.abc.xyz",
      "port": "80",
      "addressesResolved": [
        "12.34.567.890"
      ],
      "addressUsed": "12.34.567.890"
    }
  ],
  "validated": "2022-12-25T14:28:16Z"
}'
[2022年 12月 25日 星期日 09:28:19 EST] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"12.34.567.890: Fetching http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o: Connection refused","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o","validationRecord":[{"url":"http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o","hostname":"www.abc.xyz","port":"80","addressesResolved":["12.34.567.890"],"addressUsed":"12.34.567.890"}],"validated":"2022-12-25T14:28:16Z"}'
[2022年 12月 25日 星期日 09:28:20 EST] original='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"12.34.567.890: Fetching http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o: Connection refused","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o","validationRecord":[{"url":"http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o","hostname":"www.abc.xyz","port":"80","addressesResolved":["12.34.567.890"],"addressUsed":"12.34.567.890"}],"validated":"2022-12-25T14:28:16Z"}'
[2022年 12月 25日 星期日 09:28:20 EST] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"12.34.567.890: Fetching http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o: Connection refused","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g","token":"4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o","validationRecord":[{"url":"http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o","hostname":"www.abc.xyz","port":"80","addressesResolved":["12.34.567.890"],"addressUsed":"12.34.567.890"}],"validated":"2022-12-25T14:28:16Z"}'
[2022年 12月 25日 星期日 09:28:20 EST] status='invalid'
[2022年 12月 25日 星期日 09:28:20 EST] error='"error":{"type":"urn:ietf:params:acme:error:connection","detail":"12.34.567.890: Fetching http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o: Connection refused","status": 400'
[2022年 12月 25日 星期日 09:28:20 EST] errordetail='12.34.567.890: Fetching http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o: Connection refused'
[2022年 12月 25日 星期日 09:28:20 EST] www.abc.xyz:Verify error:12.34.567.890: Fetching http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o: Connection refused
[2022年 12月 25日 星期日 09:28:20 EST] Debug: get token url.
[2022年 12月 25日 星期日 09:28:20 EST] GET
[2022年 12月 25日 星期日 09:28:20 EST] url='http://www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o'
[2022年 12月 25日 星期日 09:28:20 EST] timeout=1
[2022年 12月 25日 星期日 09:28:20 EST] Http already initialized.
[2022年 12月 25日 星期日 09:28:20 EST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.uRChlnqtlC  --connect-timeout 1'
[2022年 12月 25日 星期日 09:28:20 EST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[2022年 12月 25日 星期日 09:28:20 EST] Here is the curl dump log:
[2022年 12月 25日 星期日 09:28:20 EST] == Info:   Trying 12.34.567.890:80...
== Info: connect to 12.34.567.890 port 80 failed: 拒绝连接== Info: Failed to connect to www.abc.xyz port 80: 拒绝连接== Info: Closing connection 0
[2022年 12月 25日 星期日 09:28:20 EST] ret='7'
[2022年 12月 25日 星期日 09:28:20 EST] Debugging, skip removing: /home/wwwroot/www.abc.xyz/.well-known/acme-challenge/4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o
[2022年 12月 25日 星期日 09:28:20 EST] pid
[2022年 12月 25日 星期日 09:28:20 EST] No need to restore nginx, skip.
[2022年 12月 25日 星期日 09:28:20 EST] _clearupdns
[2022年 12月 25日 星期日 09:28:20 EST] dns_entries
[2022年 12月 25日 星期日 09:28:20 EST] skip dns.
[2022年 12月 25日 星期日 09:28:20 EST] _on_issue_err
[2022年 12月 25日 星期日 09:28:20 EST] Please add '--debug' or '--log' to check more details.
[2022年 12月 25日 星期日 09:28:20 EST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[2022年 12月 25日 星期日 09:28:20 EST] _chk_vlist='www.abc.xyz#4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o.FQeFrDUC0iOn-858ZdvSeManJqKhBNBkf2zoXDrkGmA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g#http-01#/home/wwwroot/www.abc.xyz,'
[2022年 12月 25日 星期日 09:28:20 EST] start to deactivate authz
[2022年 12月 25日 星期日 09:28:20 EST] Trigger domain validation.
[2022年 12月 25日 星期日 09:28:20 EST] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:20 EST] _t_key_authz='4w3ok70LmMp3R6pJGt00QrXJsXFcKQn79UFcBmjPX0o.FQeFrDUC0iOn-858ZdvSeManJqKhBNBkf2zoXDrkGmA'
[2022年 12月 25日 星期日 09:28:20 EST] _t_vtype
[2022年 12月 25日 星期日 09:28:20 EST] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:20 EST] payload='{}'
[2022年 12月 25日 星期日 09:28:20 EST] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[2022年 12月 25日 星期日 09:28:20 EST] Use _CACHED_NONCE='1DFAtILiQtSqstb5UoUezxegiebFoK9wRrpRNdaGOuOhtEE'
[2022年 12月 25日 星期日 09:28:20 EST] nonce='1DFAtILiQtSqstb5UoUezxegiebFoK9wRrpRNdaGOuOhtEE'
[2022年 12月 25日 星期日 09:28:20 EST] POST
[2022年 12月 25日 星期日 09:28:20 EST] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/189862369787/eX3o7g'
[2022年 12月 25日 星期日 09:28:20 EST] body='{"protected": "eyJub25jZSI6ICIxREZBdElMaVF0U3FzdGI1VW9VZXp4ZWdpZWJGb0s5d1JycFJOZGFHT3VPaHRFRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTg5ODYyMzY5Nzg3L2VYM283ZyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODg3MzYyNjY3In0", "payload": "e30", "signature": "N-dPKcFt8qay0Hu7cgD9HR9Za1uRezAU3cx4g903bxNZyyqcb-D3k69Bf_4b8X-wt3tmL3vw2ZUvT_ZGElLsgsNo_r43OvGgYpKjaCAYvq5cPa2ieoZ38piyMl5Xd81fimgPbTlVZplesoqO-ebbPJ42RJ1oiTOtZPu75U54gSskpLf3TgAz0LtAu2e_vsrTn6Ba5RBAVGowqmj5L2hNCrRU81-L4Hw7-v4Sk456Ap2gIKTQGMSA9yuErmy1SGGJZyMe75ta1grqNu7NSC2oGQtzWdSfkb8MG0CuiZ_iCNNVG2alcK_4slXxQ6VLFn31UksSRIfS-sWa0q3tWKai6w"}'
[2022年 12月 25日 星期日 09:28:20 EST] _postContentType='application/jose+json'
[2022年 12月 25日 星期日 09:28:20 EST] Http already initialized.
[2022年 12月 25日 星期日 09:28:20 EST] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.uRChlnqtlC '
[2022年 12月 25日 星期日 09:28:20 EST] _ret='0'
[2022年 12月 25日 星期日 09:28:20 EST] responseHeaders='HTTP/2 400 
server: nginx
date: Sun, 25 Dec 2022 14:28:20 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 887362667
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 20F6_qfRJgMwgOMjxnQ4y2AbbSmimZwB4Dn1qHPuPKsR9jI
'
[2022年 12月 25日 星期日 09:28:20 EST] code='400'
[2022年 12月 25日 星期日 09:28:20 EST] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[2022年 12月 25日 星期日 09:28:20 EST] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[2022年 12月 25日 星期日 09:28:20 EST] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.1n  15 Mar 2022
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.1 on Feb  3 2021 12:58:17
   running on Linux version #1 SMP Debian 5.10.158-2 (2022-12-13), release 5.10.0-20-amd64, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_VSOCK 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/

    申请证书失败:Verify error: Connection refused

    opened by AAlieZZ 1
Releases(v3.0.5)
Owner
acme.sh
acme.sh
GitHub https://acme.sh
Premier ACME client library for Go

acmez - ACME client library for Go ACMEz ("ack-measy" or "acme-zee", whichever you prefer) is a fully-compliant RFC 8555 (ACME) implementation in pure

Matt Holt 183 Dec 27, 2022
gproxy is a tiny service/library for creating lets-encrypt/acme secured gRPC and http reverse proxies

gproxy is a reverse proxy service AND library for creating flexible, expression-based, lets-encrypt/acme secured gRPC/http reverse proxies GProxy as a

null 16 Sep 11, 2022
Certificator - The tool that requests certificates from ACME supporting CA, solves DNS challenges, and stores certificates in Vault

certificator The tool that requests certificates from ACME supporting CA, solves

null 11 Jun 23, 2022
CoAP Client/Server implementing RFC 7252 for the Go Language

Canopus Canopus is a client/server implementation of the Constrained Application Protocol (CoAP) Updates 25.11.2016 I've added basic dTLS Support base

Zubair Hamed 150 Nov 18, 2022
wire protocol for multiplexing connections or streams into a single connection, based on a subset of the SSH Connection Protocol

qmux qmux is a wire protocol for multiplexing connections or streams into a single connection. It is based on the SSH Connection Protocol, which is th

Jeff Lindsay 205 Dec 26, 2022
A simple tool to convert socket5 proxy protocol to http proxy protocol

Socket5 to HTTP 这是一个超简单的 Socket5 代理转换成 HTTP 代理的小工具。 如何安装? Golang 用户 # Required Go 1.17+ go install github.com/mritd/s2h@master Docker 用户 docker pull m

mritd 10 Jan 2, 2023
Proxy Unix applications in the terminal

cliProxy Description This wrapper binary uses pseudo-terminals on Mac and Linux to imitate TTY sessions for the hard coded binary specified by the var

Dwight Hohnstein 109 Nov 9, 2022
Support for Unix domain sockets in Go HTTP clients

unixtransport This package adds support for Unix domain sockets in Go HTTP clients. t := &http.Transport{...} unixtransport.Register(t) client := &h

Peter Bourgon 64 Dec 21, 2022
Fetches one or more DNS zones via AXFR and dumps in Unix hosts format for local use

axfr2hosts About axfr2hosts is a tool meant to do a DNS zone transfer in a form of AXFR transaction of one or more zones towards a single DNS server a

Dinko Korunic 8 Aug 9, 2022
Simple forwarding a unix domain socket to a local port.

WaziApp Proxy WaziApp proxy is a simple http proxy that is intended to listen on the WaziApp unix socket /var/lib/waziapp/proxy.sock and forwards to a

Waziup 0 Nov 18, 2021
A simple cli tool to convert unix timestamps or human readable dates.

now A simple cli tool to convert unix timestamps or human readable dates. Install go install github.com/gloomyzerg/now Usage now #output now unix time

Kwazii 0 Nov 23, 2021
Simple Relay between a Unix socket and a TCP socket, and vice versa.

Simple TCP <-> Unix Relay simpletcpunixrelay is a program which exposes a TCP endpoint as a Unix socket and vice versa. Usecase Let's say you are runn

Antoine Catton 1 Nov 23, 2022
Event driven modular status-bar for dwm; written in Go & uses Unix sockets for signaling.

dwmstat A simple event-driven modular status-bar for dwm. It is written in Go & uses Unix sockets for signaling. The status bar is conceptualized as a

Navaz Alani 1 Dec 25, 2021
Golang unix-socket wrapper

Sockunx Golang unix-socket wrapper Server Running server server, e := sockunx.NewServer("/path/to/your/socks.sock", 512) if e != nil { log.Fatal(e

Surya Dewangga 0 Jan 17, 2022
A reverse proxy implementing IRC-over-WebSockets

webircproxy webircproxy is a reverse proxy that accepts IRCv3-over-WebSocket connections, then forwards them to a conventional ircd that speaks the no

Ergo.Chat 3 Dec 22, 2021
Implementing SPEEDEX price computation engine in Golang as a standalone binary that exchanges can call

speedex-standalone Implementing SPEEDEX price computation engine in Golang as a standalone binary that exchanges can call. Notes from Geoff About Tato

Samuel Wong 1 Dec 1, 2021
Anaximander is an ISP probing tool implementing several reduction techniques to cut down the number of probes launched in order to map an Autonomous System

Anaximander is an ISP probing tool implementing several reduction techniques to cut down the number of probes launched in order to map an Autonomous System, while still keeping high discovery levels.

null 2 Jun 21, 2022
Pure-Go HBase client

Golang HBase client This is a pure Go client for HBase. Current status: beta. Supported Versions HBase >= 1.0 Installation go get github.com/tsuna/goh

Benoit Sigoure 665 Jan 3, 2023
Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language, in a style similar to the "net/http" library that is part of the Go standard library, including support for "middleware"; TELNETS is secure TELNET, with the TELNET protocol over a secured TLS (or SSL) connection.

go-telnet Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language. The telnet package provides a

Charles Iliya Krempeaux 217 Dec 28, 2022