Acme cert renewal no luck even after following the blog

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: rajibde.in

I ran this command: acme.sh -f -r -d rajibde.in --debug --log

It produced this output:

[Mon 3 Aug 19:42:32 IST 2020] Running cmd: renew
[Mon 3 Aug 19:42:32 IST 2020] Using config home:/root/.acme.sh
[Mon 3 Aug 19:42:32 IST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 3 Aug 19:42:32 IST 2020] DOMAIN_PATH='/root/.acme.sh/rajibde.in'
[Mon 3 Aug 19:42:32 IST 2020] e[1;32mRenew: 'rajibde.in'e[0m
[Mon 3 Aug 19:42:32 IST 2020] Le_API
[Mon 3 Aug 19:42:32 IST 2020] _main_domain='rajibde.in'
[Mon 3 Aug 19:42:32 IST 2020] _alt_domains='www.rajibde.in'
[Mon 3 Aug 19:42:32 IST 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon 3 Aug 19:42:32 IST 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon 3 Aug 19:42:32 IST 2020] GET
[Mon 3 Aug 19:42:32 IST 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon 3 Aug 19:42:32 IST 2020] timeout=
[Mon 3 Aug 19:42:33 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon 3 Aug 19:42:34 IST 2020] ret='0'
[Mon 3 Aug 19:42:34 IST 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon 3 Aug 19:42:34 IST 2020] ACME_NEW_AUTHZ
[Mon 3 Aug 19:42:34 IST 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 3 Aug 19:42:34 IST 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon 3 Aug 19:42:34 IST 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon 3 Aug 19:42:34 IST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon 3 Aug 19:42:34 IST 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon 3 Aug 19:42:34 IST 2020] ACME_VERSION='2'
[Mon 3 Aug 19:42:34 IST 2020] Le_NextRenewTime='1593715983'
[Mon 3 Aug 19:42:35 IST 2020] _on_before_issue
[Mon 3 Aug 19:42:35 IST 2020] _chk_main_domain='rajibde.in'
[Mon 3 Aug 19:42:35 IST 2020] _chk_alt_domains='www.rajibde.in'
[Mon 3 Aug 19:42:35 IST 2020] Le_LocalAddress
[Mon 3 Aug 19:42:35 IST 2020] d='rajibde.in'
[Mon 3 Aug 19:42:35 IST 2020] Check for domain='rajibde.in'
[Mon 3 Aug 19:42:35 IST 2020] _currentRoot='/var/www/rajibde'
[Mon 3 Aug 19:42:35 IST 2020] d='www.rajibde.in'
[Mon 3 Aug 19:42:35 IST 2020] Check for domain='www.rajibde.in'
[Mon 3 Aug 19:42:35 IST 2020] _currentRoot='/var/www/rajibde'
[Mon 3 Aug 19:42:35 IST 2020] d
[Mon 3 Aug 19:42:35 IST 2020] _saved_account_key_hash is not changed, skip register account.
[Mon 3 Aug 19:42:35 IST 2020] Read key length:4096
[Mon 3 Aug 19:42:35 IST 2020] _createcsr
[Mon 3 Aug 19:42:35 IST 2020] Multi domain='DNS:rajibde.in,DNS:www.rajibde.in'
[Mon 3 Aug 19:42:35 IST 2020] Getting domain auth token for each domain
[Mon 3 Aug 19:42:35 IST 2020] d='www.rajibde.in'
[Mon 3 Aug 19:42:35 IST 2020] d
[Mon 3 Aug 19:42:35 IST 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 3 Aug 19:42:35 IST 2020] payload='{"identifiers": [{"type":"dns","value":"rajibde.in"},{"type":"dns","value":"www.rajibde.in"}]}'
[Mon 3 Aug 19:42:35 IST 2020] RSA key
[Mon 3 Aug 19:42:35 IST 2020] HEAD
[Mon 3 Aug 19:42:35 IST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon 3 Aug 19:42:36 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g -I '
[Mon 3 Aug 19:42:37 IST 2020] _ret='0'
[Mon 3 Aug 19:42:37 IST 2020] POST
[Mon 3 Aug 19:42:37 IST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon 3 Aug 19:42:37 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon 3 Aug 19:42:38 IST 2020] _ret='0'
[Mon 3 Aug 19:42:38 IST 2020] code='201'
[Mon 3 Aug 19:42:38 IST 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/79803743/4511253493'
[Mon 3 Aug 19:42:38 IST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/79803743/4511253493'
[Mon 3 Aug 19:42:38 IST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6293209954'
[Mon 3 Aug 19:42:38 IST 2020] payload
[Mon 3 Aug 19:42:38 IST 2020] POST
[Mon 3 Aug 19:42:38 IST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6293209954'
[Mon 3 Aug 19:42:38 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon 3 Aug 19:42:39 IST 2020] _ret='0'
[Mon 3 Aug 19:42:39 IST 2020] code='200'
[Mon 3 Aug 19:42:40 IST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6293209955'
[Mon 3 Aug 19:42:40 IST 2020] payload
[Mon 3 Aug 19:42:40 IST 2020] POST
[Mon 3 Aug 19:42:40 IST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6293209955'
[Mon 3 Aug 19:42:40 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon 3 Aug 19:42:41 IST 2020] _ret='0'
[Mon 3 Aug 19:42:41 IST 2020] code='200'
[Mon 3 Aug 19:42:41 IST 2020] d='rajibde.in'
[Mon 3 Aug 19:42:41 IST 2020] Getting webroot for domain='rajibde.in'
[Mon 3 Aug 19:42:41 IST 2020] _w='/var/www/rajibde'
[Mon 3 Aug 19:42:41 IST 2020] _currentRoot='/var/www/rajibde'
[Mon 3 Aug 19:42:41 IST 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ","token":"HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8"'
[Mon 3 Aug 19:42:41 IST 2020] token='HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8'
[Mon 3 Aug 19:42:41 IST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ'
[Mon 3 Aug 19:42:41 IST 2020] keyauthorization='HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8.MEfOg3b8PlTjPmu4tmTEd1UqVJ4stQZBxxyPwzpLLL4'
[Mon 3 Aug 19:42:41 IST 2020] dvlist='rajibde.in#HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8.MEfOg3b8PlTjPmu4tmTEd1UqVJ4stQZBxxyPwzpLLL4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ#http-01#/var/www/rajibde'
[Mon 3 Aug 19:42:41 IST 2020] d='www.rajibde.in'
[Mon 3 Aug 19:42:41 IST 2020] Getting webroot for domain='www.rajibde.in'
[Mon 3 Aug 19:42:41 IST 2020] _w='/var/www/rajibde'
[Mon 3 Aug 19:42:41 IST 2020] _currentRoot='/var/www/rajibde'
[Mon 3 Aug 19:42:41 IST 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209955/IQtsKQ","token":"_5gbs-i4cWDGCbW_HWpuMDAt9QHl3T9WmfeGVi0YCZ4"'
[Mon 3 Aug 19:42:42 IST 2020] token='_5gbs-i4cWDGCbW_HWpuMDAt9QHl3T9WmfeGVi0YCZ4'
[Mon 3 Aug 19:42:42 IST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209955/IQtsKQ'
[Mon 3 Aug 19:42:42 IST 2020] keyauthorization='_5gbs-i4cWDGCbW_HWpuMDAt9QHl3T9WmfeGVi0YCZ4.MEfOg3b8PlTjPmu4tmTEd1UqVJ4stQZBxxyPwzpLLL4'
[Mon 3 Aug 19:42:42 IST 2020] dvlist='www.rajibde.in#_5gbs-i4cWDGCbW_HWpuMDAt9QHl3T9WmfeGVi0YCZ4.MEfOg3b8PlTjPmu4tmTEd1UqVJ4stQZBxxyPwzpLLL4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209955/IQtsKQ#http-01#/var/www/rajibde'
[Mon 3 Aug 19:42:42 IST 2020] d
[Mon 3 Aug 19:42:42 IST 2020] vlist='rajibde.in#HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8.MEfOg3b8PlTjPmu4tmTEd1UqVJ4stQZBxxyPwzpLLL4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ#http-01#/var/www/rajibde,www.rajibde.in#_5gbs-i4cWDGCbW_HWpuMDAt9QHl3T9WmfeGVi0YCZ4.MEfOg3b8PlTjPmu4tmTEd1UqVJ4stQZBxxyPwzpLLL4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209955/IQtsKQ#http-01#/var/www/rajibde,'
[Mon 3 Aug 19:42:42 IST 2020] d='rajibde.in'
[Mon 3 Aug 19:42:42 IST 2020] d='www.rajibde.in'
[Mon 3 Aug 19:42:42 IST 2020] ok, let's start to verify
[Mon 3 Aug 19:42:42 IST 2020] Verifying: rajibde.in
[Mon 3 Aug 19:42:42 IST 2020] d='rajibde.in'
[Mon 3 Aug 19:42:42 IST 2020] keyauthorization='HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8.MEfOg3b8PlTjPmu4tmTEd1UqVJ4stQZBxxyPwzpLLL4'
[Mon 3 Aug 19:42:42 IST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ'
[Mon 3 Aug 19:42:42 IST 2020] _currentRoot='/var/www/rajibde'
[Mon 3 Aug 19:42:42 IST 2020] wellknown_path='/var/www/rajibde/.well-known/acme-challenge'
[Mon 3 Aug 19:42:42 IST 2020] writing token:HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8 to /var/www/rajibde/.well-known/acme-challenge/HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8
[Mon 3 Aug 19:42:42 IST 2020] Changing owner/group of .well-known to nginx:nginx
[Mon 3 Aug 19:42:42 IST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ'
[Mon 3 Aug 19:42:42 IST 2020] payload='{}'
[Mon 3 Aug 19:42:42 IST 2020] POST
[Mon 3 Aug 19:42:42 IST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ'
[Mon 3 Aug 19:42:42 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon 3 Aug 19:42:43 IST 2020] _ret='0'
[Mon 3 Aug 19:42:43 IST 2020] code='200'
[Mon 3 Aug 19:42:44 IST 2020] trigger validation code: 200
[Mon 3 Aug 19:42:44 IST 2020] sleep 2 secs to verify
[Mon 3 Aug 19:42:46 IST 2020] checking
[Mon 3 Aug 19:42:46 IST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ'
[Mon 3 Aug 19:42:46 IST 2020] payload
[Mon 3 Aug 19:42:46 IST 2020] POST
[Mon 3 Aug 19:42:46 IST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ'
[Mon 3 Aug 19:42:46 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon 3 Aug 19:42:47 IST 2020] _ret='0'
[Mon 3 Aug 19:42:47 IST 2020] code='200'
[Mon 3 Aug 19:42:47 IST 2020] rajibde.in:Verify error:Fetching https://rajibde.in/.well-known/acme-challenge/HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8: Error getting validation data
[Mon 3 Aug 19:42:47 IST 2020] Debug: get token url.
[Mon 3 Aug 19:42:47 IST 2020] GET
[Mon 3 Aug 19:42:47 IST 2020] url='http://rajibde.in/.well-known/acme-challenge/HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8'
[Mon 3 Aug 19:42:47 IST 2020] timeout=1
[Mon 3 Aug 19:42:47 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g --connect-timeout 1'
[Mon 3 Aug 19:42:48 IST 2020] Please refer to libcurl - Error Codes for error code: 60
[Mon 3 Aug 19:42:48 IST 2020] ret='60'
[Mon 3 Aug 19:42:48 IST 2020] Debugging, skip removing: /var/www/rajibde/.well-known/acme-challenge/HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8
[Mon 3 Aug 19:42:48 IST 2020] pid
[Mon 3 Aug 19:42:48 IST 2020] No need to restore nginx, skip.
[Mon 3 Aug 19:42:48 IST 2020] _clearupdns
[Mon 3 Aug 19:42:48 IST 2020] dns_entries
[Mon 3 Aug 19:42:48 IST 2020] skip dns.
[Mon 3 Aug 19:42:48 IST 2020] _on_issue_err
[Mon 3 Aug 19:42:48 IST 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Mon 3 Aug 19:42:48 IST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ'
[Mon 3 Aug 19:42:48 IST 2020] payload='{}'
[Mon 3 Aug 19:42:48 IST 2020] POST
[Mon 3 Aug 19:42:48 IST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209954/9rogjQ'
[Mon 3 Aug 19:42:48 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon 3 Aug 19:42:49 IST 2020] _ret='0'
[Mon 3 Aug 19:42:49 IST 2020] code='400'
[Mon 3 Aug 19:42:50 IST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209955/IQtsKQ'
[Mon 3 Aug 19:42:50 IST 2020] payload='{}'
[Mon 3 Aug 19:42:50 IST 2020] POST
[Mon 3 Aug 19:42:50 IST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6293209955/IQtsKQ'
[Mon 3 Aug 19:42:50 IST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Mon 3 Aug 19:42:51 IST 2020] _ret='0'
[Mon 3 Aug 19:42:51 IST 2020] code='200'
==========================

My web server is (include version): nginx/1.14

The operating system my web server runs on is (include version): raspbian 10

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I am not using Certbot.

I have tried accessing the URL from my web - 'http://rajibde.in/.well-known/acme-challenge/HrLaiP37juVnauMaFhNqI0xeGJlOIxShANkiVELRpr8' and it perfectly redirects me to https page and downloads the file.

I have run past the forum here but nothing has helped me so far. I have been trying this for past 2 days and due to multiple attempts.....I get blocked for the day. :wink:

Please help, my cert has expired yesterday and I need to renew it at the earliest.

Cheers
Raj

1 Like
2

The HTTP connections are being redirected to HTTPS.
But the HTTPS port is not open.

1 Like
3

Having written my own acme client, I'm going to take a crack at this confusing mess of debug output. Everything in the process generally seems fine until we get to posting to the challenge url (again). Posting an empty payload to the challenge url after having already posted {} to confirm the challenge and having received a 200 seems like a bug in the client to me. The client should be posting an empty payload to the authorization url to check the status of verifying the challenge.

1 Like
4

Based on this, it seems like the challenge for www.rajibde.in was confirmed successfully (200), but the challenge for rajibde.in was not confirmed successfully (400).

2 Likes
5

This is the authorization url for rajibde.in:

This is the authorization url for www.rajibde.in:

2 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.