Acme / Certbot BIND9 RFC 2136

Hi folks,

So i am building my own Name Servers using BIND as I am a small ISP and need SSL Certs for certain services like Mail etc.

However I am trying to get RFC2136 working with ACME & Certbot but I keep getting a Error dns_request_getresponse: expected a TSIG or SIG(0)

I have created a HMAC SHA 512 secret placed it in /etc/bind/named.conf.certbot,

Example as follows,

key "certbot." {
algorithm hmac-sha512;
secret "OBIusITYMc5Mp1+sNX8fAxVmA5uKb3";
};

zone "_acme-challenge.domain.uk" {
type master;
file "/var/lib/bind/db.domain.uk";
allow-query { any; };
update-policy {
grant certbot. name _acme-challenge.domain.uk. txt;
};
};

Created a file under /var/lib/bind,

$ORIGIN .
$TTL 300 ; 5 minutes
_acme-challenge.domain.uk IN SOA ns1.domain.ul.uk. contact.domain.uk. (
2024083101 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.domain.uk.
$TTL 60 ; 1 minute
TXT "127.0.0.1

Configured Permissions

Placed ```
include "/etc/bind/named.conf.certbot"; under /etc/bind/named.conf

Checked for syntax errors and restarted Bind9 but Acme package keeps complaining about TSIG or SIG ?

Regards

Jack

your bind server requires credential to apply change from network(even if it's from localhost)

2 Likes

NS1 is on premise, NS2 is in another location, Can you shed some light on requires change from network ?

Regards

https://certbot-dns-rfc2136.readthedocs.io/en/stable/
do you have tsig key for nameservers?

3 Likes

I used the following to generate the key on ns1,

rndc-confgen -a -A hmac-sha512 -k "certbot." -c /etc/bind/certbot.key

Did the rest of the configuration as mentioned above, Acme on Package i took the key i generated with the following and added it as follows in the screenshot.

Regards

you HAVE TO revoke that TSIG key, and make a new one because you exposed private key

have you checked dns_rfc2136_secret option in rfc2136 plugin?

3 Likes

The key is a example, It is not the actual key, Yep look at the above screeenshot.

Acme Package on pfSense keeps complaining about the following which doesn't make sense to me,

[Sat Aug 31 13:48:35 BST 2024] adding _acme-challenge.domain.uk. 60 in txt "hFKMQ6kT8reXe4gXWv1SxJz8lyzSSsCzoYsTyfLJCmM"
dns_request_getresponse: expected a TSIG or SIG(0)
[Sat Aug 31 13:48:35 BST 2024] error updating domain
[Sat Aug 31 13:48:35 BST 2024] Error add txt for domain:_acme-challenge.domain.uk
[Sat Aug 31 13:48:35 BST 2024] Please check log file for more details: /tmp/acme/domain/acme_issuecert.log

Regards

can we see that log file? /tmp/acme/domain/acme_issuecert.log

3 Likes

Here is the log for you,

[Sat Aug 31 13:50:52 BST 2024] code='200'
[Sat Aug 31 13:50:52 BST 2024] original='{
  "type": "dns-01",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812117793/gEzewQ",
  "status": "pending",
  "token": "e47n6h7UfwkDpF2Z2P6Dx5xkYqanIr3FwW31hyHU0yA"
}'
[Sat Aug 31 13:50:52 BST 2024] _json_decode
[Sat Aug 31 13:50:52 BST 2024] _j_str='{
  "type": "dns-01",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812117793/gEzewQ",
  "status": "pending",
  "token": "e47n6h7UfwkDpF2Z2P6Dx5xkYqanIr3FwW31hyHU0yA"
}'
[Sat Aug 31 13:50:52 BST 2024] response='{"type":"dns-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812117793/gEzewQ","status":"pending","token":"e47n6h7UfwkDpF2Z2P6Dx5xkYqanIr3FwW31hyHU0yA"}'
[Sat Aug 31 13:50:52 BST 2024] pid
[Sat Aug 31 13:50:52 BST 2024] No need to restore nginx, skip.
[Sat Aug 31 13:50:52 BST 2024] _clearupdns
[Sat Aug 31 13:50:52 BST 2024] dns_entries
[Sat Aug 31 13:50:52 BST 2024] skip dns.
[Sat Aug 31 13:52:34 BST 2024] readlink exists=0
[Sat Aug 31 13:52:34 BST 2024] dirname exists=0
[Sat Aug 31 13:52:34 BST 2024] Lets find script dir.
[Sat Aug 31 13:52:34 BST 2024] _SCRIPT_='/usr/local/pkg/acme/acme.sh'
[Sat Aug 31 13:52:34 BST 2024] _script='/usr/local/pkg/acme/acme.sh'
[Sat Aug 31 13:52:34 BST 2024] _script_home='/usr/local/pkg/acme'
[Sat Aug 31 13:52:34 BST 2024] Using config home:/tmp/acme/domain
[Sat Aug 31 13:52:34 BST 2024] ACCOUNT_CONF_PATH='/tmp/acme/domain/accountconf.conf'
[Sat Aug 31 13:52:34 BST 2024] APP
[Sat Aug 31 13:52:34 BST 2024] 3:LOG_FILE='/tmp/acme/domain/acme_issuecert.log'
[Sat Aug 31 13:52:34 BST 2024] APP
[Sat Aug 31 13:52:34 BST 2024] 4:LOG_LEVEL='3'
[Sat Aug 31 13:52:34 BST 2024] LE_WORKING_DIR='/tmp/acme/domain'
[Sat Aug 31 13:52:34 BST 2024] Running cmd: issue
[Sat Aug 31 13:52:34 BST 2024] _main_domain='domain.uk'
[Sat Aug 31 13:52:34 BST 2024] _alt_domains='no'
[Sat Aug 31 13:52:34 BST 2024] Using config home:/tmp/acme/domain
[Sat Aug 31 13:52:34 BST 2024] ACCOUNT_CONF_PATH='/tmp/acme/domain/accountconf.conf'
[Sat Aug 31 13:52:34 BST 2024] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sat Aug 31 13:52:34 BST 2024] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org'
[Sat Aug 31 13:52:34 BST 2024] _ACME_SERVER_PATH='directory'
[Sat Aug 31 13:52:34 BST 2024] CA_CONF='/tmp/acme/domain/ca/acme-staging-v02.api.letsencrypt.org/directory/ca.conf'
[Sat Aug 31 13:52:34 BST 2024] DOMAIN_PATH='/tmp/acme/domain/domai.uk'
[Sat Aug 31 13:52:34 BST 2024] 'dns_nsupdate' does not contain 'dns'
[Sat Aug 31 13:52:34 BST 2024] Le_NextRenewTime
[Sat Aug 31 13:52:34 BST 2024] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sat Aug 31 13:52:34 BST 2024] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Sat Aug 31 13:52:34 BST 2024] GET
[Sat Aug 31 13:52:34 BST 2024] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sat Aug 31 13:52:34 BST 2024] timeout=
[Sat Aug 31 13:52:34 BST 2024] curl exists=0
[Sat Aug 31 13:52:34 BST 2024] wget exists=127
[Sat Aug 31 13:52:34 BST 2024] _CURL='curl --silent --dump-header /tmp/acme/domain/http.header  -L  -g '
[Sat Aug 31 13:52:34 BST 2024] ret='0'
[Sat Aug 31 13:52:34 BST 2024] _json_decode
[Sat Aug 31 13:52:34 BST 2024] _j_str='{
  "BQGbbI05JZk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Aug 31 13:52:34 BST 2024] response='{
  "BQGbbI05JZk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Aug 31 13:52:34 BST 2024] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Sat Aug 31 13:52:34 BST 2024] ACME_NEW_AUTHZ
[Sat Aug 31 13:52:34 BST 2024] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sat Aug 31 13:52:34 BST 2024] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Sat Aug 31 13:52:34 BST 2024] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Aug 31 13:52:34 BST 2024] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf'
[Sat Aug 31 13:52:34 BST 2024] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Aug 31 13:52:34 BST 2024] OK
[Sat Aug 31 13:52:34 BST 2024] 1:Le_Domain='domain.uk'
[Sat Aug 31 13:52:34 BST 2024] OK
[Sat Aug 31 13:52:34 BST 2024] 2:Le_Alt='no'
[Sat Aug 31 13:52:34 BST 2024] OK
[Sat Aug 31 13:52:34 BST 2024] 3:Le_Webroot='dns_nsupdate'
[Sat Aug 31 13:52:34 BST 2024] OK
[Sat Aug 31 13:52:34 BST 2024] 4:Le_PreHook=''
[Sat Aug 31 13:52:34 BST 2024] OK
[Sat Aug 31 13:52:34 BST 2024] 5:Le_PostHook=''
[Sat Aug 31 13:52:34 BST 2024] OK
[Sat Aug 31 13:52:34 BST 2024] 6:Le_RenewHook=''
[Sat Aug 31 13:52:34 BST 2024] OK
[Sat Aug 31 13:52:34 BST 2024] 7:Le_API='https://acme-staging-v02.api.letsencrypt.org/directory'
[Sat Aug 31 13:52:34 BST 2024] Using CA: https://acme-staging-v02.api.letsencrypt.org/directory
[Sat Aug 31 13:52:34 BST 2024] _on_before_issue
[Sat Aug 31 13:52:34 BST 2024] _chk_main_domain='domain.uk'
[Sat Aug 31 13:52:34 BST 2024] _chk_alt_domains
[Sat Aug 31 13:52:34 BST 2024] 'dns_nsupdate' does not contain 'no'
[Sat Aug 31 13:52:34 BST 2024] Le_LocalAddress
[Sat Aug 31 13:52:34 BST 2024] d='domain.uk'
[Sat Aug 31 13:52:34 BST 2024] Check for domain='domain.uk'
[Sat Aug 31 13:52:34 BST 2024] _currentRoot='dns_nsupdate'
[Sat Aug 31 13:52:34 BST 2024] d
[Sat Aug 31 13:52:34 BST 2024] 'dns_nsupdate' does not contain 'apache'
[Sat Aug 31 13:52:34 BST 2024] _saved_account_key_hash='FZ3ID+al+56h8rnhbygDz+KfymwpZBsHezX5eT5gkXc='
[Sat Aug 31 13:52:34 BST 2024] base64 single line.
[Sat Aug 31 13:52:34 BST 2024] _saved_account_key_hash is not changed, skip register account.
[Sat Aug 31 13:52:34 BST 2024] Read key length:2048
[Sat Aug 31 13:52:34 BST 2024] Using pre generated key: /tmp/acme/domain/domain.uk/domain.uk.key.next
[Sat Aug 31 13:52:34 BST 2024] Generate next pre-generate key.
[Sat Aug 31 13:52:34 BST 2024] _createkey for file:/tmp/acme/domain/domain.uk/domain.uk.key.next
[Sat Aug 31 13:52:34 BST 2024] Use length 2048
[Sat Aug 31 13:52:34 BST 2024] Using RSA: 2048
[Sat Aug 31 13:52:35 BST 2024] _createcsr
[Sat Aug 31 13:52:35 BST 2024] domain='domain.uk'
[Sat Aug 31 13:52:35 BST 2024] domainlist
[Sat Aug 31 13:52:35 BST 2024] csrkey='/tmp/acme/domain/domain.uk/domain.uk.key'
[Sat Aug 31 13:52:35 BST 2024] csr='/tmp/acme/domain/domain.uk/domain.uk.csr'
[Sat Aug 31 13:52:35 BST 2024] csrconf='/tmp/acme/domain/domain.uk/domain.uk.csr.conf'
[Sat Aug 31 13:52:35 BST 2024] Single domain='domain.uk'
[Sat Aug 31 13:52:35 BST 2024] seg='domain'
[Sat Aug 31 13:52:35 BST 2024] _is_idn_d='domain.uk'
[Sat Aug 31 13:52:35 BST 2024] _idn_temp
[Sat Aug 31 13:52:35 BST 2024] _is_idn_d='domain.uk'
[Sat Aug 31 13:52:35 BST 2024] _idn_temp
[Sat Aug 31 13:52:35 BST 2024] _csr_cn='domain.uk'
[Sat Aug 31 13:52:35 BST 2024] seg='domain'
[Sat Aug 31 13:52:35 BST 2024] OK
[Sat Aug 31 13:52:35 BST 2024] 8:Le_Keylength='2048'
[Sat Aug 31 13:52:35 BST 2024] Getting domain auth token for each domain
[Sat Aug 31 13:52:35 BST 2024] seg='domain'
[Sat Aug 31 13:52:35 BST 2024] _is_idn_d='domain.uk'
[Sat Aug 31 13:52:35 BST 2024] _idn_temp
[Sat Aug 31 13:52:35 BST 2024] d
[Sat Aug 31 13:52:35 BST 2024] _identifiers='{"type":"dns","value":"domain.uk"}'
[Sat Aug 31 13:52:35 BST 2024] _notBefore
[Sat Aug 31 13:52:35 BST 2024] _notAfter
[Sat Aug 31 13:52:35 BST 2024] STEP 1, Ordering a Certificate
[Sat Aug 31 13:52:35 BST 2024] =======Begin Send Signed Request=======
[Sat Aug 31 13:52:35 BST 2024] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sat Aug 31 13:52:35 BST 2024] payload='{"identifiers": [{"type":"dns","value":"domain.uk"}]}'
[Sat Aug 31 13:52:35 BST 2024] RSA key
[Sat Aug 31 13:52:35 BST 2024] pub_exp='010001'
[Sat Aug 31 13:52:35 BST 2024] [Sat Aug 31 13:52:35 BST 2024] xxd exists=127base64 single line.

[Sat Aug 31 13:52:35 BST 2024] _URGLY_PRINTF='1'
[Sat Aug 31 13:52:35 BST 2024] e='AQAB'
[Sat Aug 31 13:52:35 BST 2024] modulus='974062FDE81C149FA553BAD66F0E5ECD4168EB3AC950B32267507933655921C0BEBEB489E73B62A65AAD1770DB21925E94C2C528E6A5D9563D70F5C1C6025230ECC9E11B83C6DCF40C0A25666503D4590A345D59B81CED349255D7C55C4C81589E926E368E2649D72BE6A589C2414312A50F3525CD398CDDAE2250D6B60AF86A81366697D3A8EF76DF10E7E2079730715E979B228D514558A5A07981EFA422D531023234E30547A014E5A5DC978566289872890A7E15C95F6CC494AF45BBB0B27BB00182AD59E6D28AB40F195894663239755382BBC11D5636FBA7C2DC3DF8FCEFD58D78C537C90491B5A1F01375654E79EB89BB46E2D8CA7083895A24B6FD8D1EFF18F2F071F8D39D9CD5CE749DB07A201A25B840A4B761E6FAE90EE8392615E61B68439BF1DCFEBF247056B9F1D41556AD7CFE4E994949F7C0554B9BC31925D973230F93AAA7DE2C32F8F7C30D2E9E589901FDE64A4D7D784F6D45CDE907F330D2F7E132141FC3561AB3959AE0A256EFA94C4979BBDD6DB5A6B9EBA3DEB49593A2C03C87305F0FAEB05253FFF0041ED9D259A87EA13D426E8F147778020B4DF647F9F339747E5600F8416DF6CFBA25D871B5636E19468019F9952237125CA94B4EF5A3934CEFDC1D5A9A81B2B1F2A4B1838BCF619E082BF987A35F3F8524C1D32975C00C23821439E6F44F945B8EBF90F376A05F9096193E3F577FDDA47FCF'
[Sat Aug 31 13:52:35 BST 2024] base64 single line.
[Sat Aug 31 13:52:35 BST 2024] xxd exists=127
[Sat Aug 31 13:52:35 BST 2024] _URGLY_PRINTF='1'
[Sat Aug 31 13:52:35 BST 2024] n='l0Bi_egcFJ-lU7rWbw5ezUFo6zrJULMiZ1B5M2VZIcC-vrSJ5ztiplqtF3DbIZJelMLFKOal2VY9cPXBxgJSMOzJ4RuDxtz0DAolZmUD1FkKNF1ZuBztNJJV18VcTIFYnpJuNo4mSdcr5qWJwkFDEqUPNSXNOYzdriJQ1rYK-GqBNmaX06jvdt8Q5-IHlzBxXpebIo1RRViloHmB76Qi1TECMjTjBUegFOWl3JeFZiiYcokKfhXJX2zElK9Fu7Cye7ABgq1Z5tKKtA8ZWJRmMjl1U4K7wR1WNvunwtw9-Pzv1Y14xTfJBJG1ofATdWVOeeuJu0bi2Mpwg4laJLb9jR7_GPLwcfjTnZzVznSdsHogGiW4QKS3Yeb66Q7oOSYV5htoQ5vx3P6_JHBWufHUFVatfP5OmUlJ98BVS5vDGSXZcyMPk6qn3iwy-PfDDS6eWJkB_eZKTX14T21FzekH8zDS9-EyFB_DVhqzlZrgolbvqUxJebvdbbWmueuj3rSVk6LAPIcwXw-usFJT__AEHtnSWah-oT1Cbo8Ud3gCC032R_nzOXR-VgD4QW32z7ol2HG1Y24ZRoAZ-ZUiNxJcqUtO9aOTTO_cHVqagbKx8qSxg4vPYZ4IK_mHo18_hSTB0yl1wAwjghQ55vRPlFuOv5DzdqBfkJYZPj9Xf92kf88'
[Sat Aug 31 13:52:35 BST 2024] jwk='{"e": "AQAB", "kty": "RSA", "n": "l0Bi_egcFJ-lU7rWbw5ezUFo6zrJULMiZ1B5M2VZIcC-vrSJ5ztiplqtF3DbIZJelMLFKOal2VY9cPXBxgJSMOzJ4RuDxtz0DAolZmUD1FkKNF1ZuBztNJJV18VcTIFYnpJuNo4mSdcr5qWJwkFDEqUPNSXNOYzdriJQ1rYK-GqBNmaX06jvdt8Q5-IHlzBxXpebIo1RRViloHmB76Qi1TECMjTjBUegFOWl3JeFZiiYcokKfhXJX2zElK9Fu7Cye7ABgq1Z5tKKtA8ZWJRmMjl1U4K7wR1WNvunwtw9-Pzv1Y14xTfJBJG1ofATdWVOeeuJu0bi2Mpwg4laJLb9jR7_GPLwcfjTnZzVznSdsHogGiW4QKS3Yeb66Q7oOSYV5htoQ5vx3P6_JHBWufHUFVatfP5OmUlJ98BVS5vDGSXZcyMPk6qn3iwy-PfDDS6eWJkB_eZKTX14T21FzekH8zDS9-EyFB_DVhqzlZrgolbvqUxJebvdbbWmueuj3rSVk6LAPIcwXw-usFJT__AEHtnSWah-oT1Cbo8Ud3gCC032R_nzOXR-VgD4QW32z7ol2HG1Y24ZRoAZ-ZUiNxJcqUtO9aOTTO_cHVqagbKx8qSxg4vPYZ4IK_mHo18_hSTB0yl1wAwjghQ55vRPlFuOv5DzdqBfkJYZPj9Xf92kf88"}'
[Sat Aug 31 13:52:35 BST 2024] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "l0Bi_egcFJ-lU7rWbw5ezUFo6zrJULMiZ1B5M2VZIcC-vrSJ5ztiplqtF3DbIZJelMLFKOal2VY9cPXBxgJSMOzJ4RuDxtz0DAolZmUD1FkKNF1ZuBztNJJV18VcTIFYnpJuNo4mSdcr5qWJwkFDEqUPNSXNOYzdriJQ1rYK-GqBNmaX06jvdt8Q5-IHlzBxXpebIo1RRViloHmB76Qi1TECMjTjBUegFOWl3JeFZiiYcokKfhXJX2zElK9Fu7Cye7ABgq1Z5tKKtA8ZWJRmMjl1U4K7wR1WNvunwtw9-Pzv1Y14xTfJBJG1ofATdWVOeeuJu0bi2Mpwg4laJLb9jR7_GPLwcfjTnZzVznSdsHogGiW4QKS3Yeb66Q7oOSYV5htoQ5vx3P6_JHBWufHUFVatfP5OmUlJ98BVS5vDGSXZcyMPk6qn3iwy-PfDDS6eWJkB_eZKTX14T21FzekH8zDS9-EyFB_DVhqzlZrgolbvqUxJebvdbbWmueuj3rSVk6LAPIcwXw-usFJT__AEHtnSWah-oT1Cbo8Ud3gCC032R_nzOXR-VgD4QW32z7ol2HG1Y24ZRoAZ-ZUiNxJcqUtO9aOTTO_cHVqagbKx8qSxg4vPYZ4IK_mHo18_hSTB0yl1wAwjghQ55vRPlFuOv5DzdqBfkJYZPj9Xf92kf88"}}'
[Sat Aug 31 13:52:35 BST 2024] base64 single line.
[Sat Aug 31 13:52:35 BST 2024] payload64='eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InJvdXRlOTQudWsifV19'
[Sat Aug 31 13:52:35 BST 2024] _request_retry_times='1'
[Sat Aug 31 13:52:35 BST 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Aug 31 13:52:35 BST 2024] HEAD
[Sat Aug 31 13:52:35 BST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Aug 31 13:52:35 BST 2024] body
[Sat Aug 31 13:52:35 BST 2024] _postContentType='application/jose+json'
[Sat Aug 31 13:52:35 BST 2024] curl exists=0
[Sat Aug 31 13:52:35 BST 2024] wget exists=127
[Sat Aug 31 13:52:35 BST 2024] _CURL='curl --silent --dump-header /tmp/acme/domain/http.header  -L  -g  -I  '
[Sat Aug 31 13:52:35 BST 2024] _ret='0'
[Sat Aug 31 13:52:35 BST 2024] _headers='HTTP/2 200 
server: nginx
date: Sat, 31 Aug 2024 12:52:35 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: vfo-J0TvRmkpj4luxbZoxj5ARbsd3_LXSx8p-8aM_9vNjsxHYV8
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Sat Aug 31 13:52:35 BST 2024] _CACHED_NONCE='vfo-J0TvRmkpj4luxbZoxj5ARbsd3_LXSx8p-8aM_9vNjsxHYV8'
[Sat Aug 31 13:52:35 BST 2024] nonce='vfo-J0TvRmkpj4luxbZoxj5ARbsd3_LXSx8p-8aM_9vNjsxHYV8'
[Sat Aug 31 13:52:35 BST 2024] protected='{"nonce": "vfo-J0TvRmkpj4luxbZoxj5ARbsd3_LXSx8p-8aM_9vNjsxHYV8", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "alg": "RS256", "kid": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/161503273"}'
[Sat Aug 31 13:52:35 BST 2024] base64 single line.
[Sat Aug 31 13:52:35 BST 2024] protected64='eyJub25jZSI6ICJ2Zm8tSjBUdlJta3BqNGx1eGJab3hqNUFSYnNkM19MWFN4OHAtOGFNXzl2TmpzeEhZVjgiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE2MTUwMzI3MyJ9'
[Sat Aug 31 13:52:35 BST 2024] base64 single line.
[Sat Aug 31 13:52:35 BST 2024] _sig_t='Z3g1Wu4buX1Z6BoLw779jlTD/kuUNBYGk7ccbak+75XDh0Pb01cuqhwxrj9BVYnbRdfJzyWRV2wYpQZwP/G4aYuH/fbDOX24SSD9DV0+8ywmUtWElWt255iT1HA022+3Q7UzSs3aGwPj8OET+AIf94bvfPDALxkIwgZHkxnAzDCaUIozUGjPtAJeXn1QRZFAeBI0RO9Zyae8Ocg+4PTwTceotUNKr81y2CgX9CoWIS244dWTFGwnhaeqG01LFPXlkoLCS4VzRwTJpF9KqtZ3Wn+PgS0CtVXc4fbZWYpNC5oIoLe+P2ljLg8LAkZLj/MM3U5r5/JNSJfAsURxwWoQqIQaP+PMavdKoOwKe0zidqouP0glB7h7izjUBboCdZPaG9TgPnouSKL3Lp28MHHwacenoxAl9X7VWtt9LtuRI107uVKcSqAxLy6wt7abMNIPDOTF85oM6rOoqt2jc+2m6IgnLRC3+cI+iDOWJDX6bPnHW6AUGeScQTvuIkfSV4eN0ANl+hPFkD8I81rrZjsfwWA3jmK5r31zVMPJXiEMWCgEHqdoP4Bkw8O4l+q6tGDMLJgV0A2RD84Xl9efUbv1OXE8BoJQAyuPtIaFFZETR2InHTP45AbOYQL/NWj7f28ZAsFfbmsGdKJ37FosO94+eQa16kh9LyyJD6ftYF/n+kE='
[Sat Aug 31 13:52:35 BST 2024] sig='Z3g1Wu4buX1Z6BoLw779jlTD_kuUNBYGk7ccbak-75XDh0Pb01cuqhwxrj9BVYnbRdfJzyWRV2wYpQZwP_G4aYuH_fbDOX24SSD9DV0-8ywmUtWElWt255iT1HA022-3Q7UzSs3aGwPj8OET-AIf94bvfPDALxkIwgZHkxnAzDCaUIozUGjPtAJeXn1QRZFAeBI0RO9Zyae8Ocg-4PTwTceotUNKr81y2CgX9CoWIS244dWTFGwnhaeqG01LFPXlkoLCS4VzRwTJpF9KqtZ3Wn-PgS0CtVXc4fbZWYpNC5oIoLe-P2ljLg8LAkZLj_MM3U5r5_JNSJfAsURxwWoQqIQaP-PMavdKoOwKe0zidqouP0glB7h7izjUBboCdZPaG9TgPnouSKL3Lp28MHHwacenoxAl9X7VWtt9LtuRI107uVKcSqAxLy6wt7abMNIPDOTF85oM6rOoqt2jc-2m6IgnLRC3-cI-iDOWJDX6bPnHW6AUGeScQTvuIkfSV4eN0ANl-hPFkD8I81rrZjsfwWA3jmK5r31zVMPJXiEMWCgEHqdoP4Bkw8O4l-q6tGDMLJgV0A2RD84Xl9efUbv1OXE8BoJQAyuPtIaFFZETR2InHTP45AbOYQL_NWj7f28ZAsFfbmsGdKJ37FosO94-eQa16kh9LyyJD6ftYF_n-kE'
[Sat Aug 31 13:52:35 BST 2024] body='{"protected": "eyJub25jZSI6ICJ2Zm8tSjBUdlJta3BqNGx1eGJab3hqNUFSYnNkM19MWFN4OHAtOGFNXzl2TmpzeEhZVjgiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE2MTUwMzI3MyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InJvdXRlOTQudWsifV19", "signature": "Z3g1Wu4buX1Z6BoLw779jlTD_kuUNBYGk7ccbak-75XDh0Pb01cuqhwxrj9BVYnbRdfJzyWRV2wYpQZwP_G4aYuH_fbDOX24SSD9DV0-8ywmUtWElWt255iT1HA022-3Q7UzSs3aGwPj8OET-AIf94bvfPDALxkIwgZHkxnAzDCaUIozUGjPtAJeXn1QRZFAeBI0RO9Zyae8Ocg-4PTwTceotUNKr81y2CgX9CoWIS244dWTFGwnhaeqG01LFPXlkoLCS4VzRwTJpF9KqtZ3Wn-PgS0CtVXc4fbZWYpNC5oIoLe-P2ljLg8LAkZLj_MM3U5r5_JNSJfAsURxwWoQqIQaP-PMavdKoOwKe0zidqouP0glB7h7izjUBboCdZPaG9TgPnouSKL3Lp28MHHwacenoxAl9X7VWtt9LtuRI107uVKcSqAxLy6wt7abMNIPDOTF85oM6rOoqt2jc-2m6IgnLRC3-cI-iDOWJDX6bPnHW6AUGeScQTvuIkfSV4eN0ANl-hPFkD8I81rrZjsfwWA3jmK5r31zVMPJXiEMWCgEHqdoP4Bkw8O4l-q6tGDMLJgV0A2RD84Xl9efUbv1OXE8BoJQAyuPtIaFFZETR2InHTP45AbOYQL_NWj7f28ZAsFfbmsGdKJ37FosO94-eQa16kh9LyyJD6ftYF_n-kE"}'
[Sat Aug 31 13:52:35 BST 2024] POST
[Sat Aug 31 13:52:35 BST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Sat Aug 31 13:52:35 BST 2024] body='{"protected": "eyJub25jZSI6ICJ2Zm8tSjBUdlJta3BqNGx1eGJab3hqNUFSYnNkM19MWFN4OHAtOGFNXzl2TmpzeEhZVjgiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE2MTUwMzI3MyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InJvdXRlOTQudWsifV19", "signature": "Z3g1Wu4buX1Z6BoLw779jlTD_kuUNBYGk7ccbak-75XDh0Pb01cuqhwxrj9BVYnbRdfJzyWRV2wYpQZwP_G4aYuH_fbDOX24SSD9DV0-8ywmUtWElWt255iT1HA022-3Q7UzSs3aGwPj8OET-AIf94bvfPDALxkIwgZHkxnAzDCaUIozUGjPtAJeXn1QRZFAeBI0RO9Zyae8Ocg-4PTwTceotUNKr81y2CgX9CoWIS244dWTFGwnhaeqG01LFPXlkoLCS4VzRwTJpF9KqtZ3Wn-PgS0CtVXc4fbZWYpNC5oIoLe-P2ljLg8LAkZLj_MM3U5r5_JNSJfAsURxwWoQqIQaP-PMavdKoOwKe0zidqouP0glB7h7izjUBboCdZPaG9TgPnouSKL3Lp28MHHwacenoxAl9X7VWtt9LtuRI107uVKcSqAxLy6wt7abMNIPDOTF85oM6rOoqt2jc-2m6IgnLRC3-cI-iDOWJDX6bPnHW6AUGeScQTvuIkfSV4eN0ANl-hPFkD8I81rrZjsfwWA3jmK5r31zVMPJXiEMWCgEHqdoP4Bkw8O4l-q6tGDMLJgV0A2RD84Xl9efUbv1OXE8BoJQAyuPtIaFFZETR2InHTP45AbOYQL_NWj7f28ZAsFfbmsGdKJ37FosO94-eQa16kh9LyyJD6ftYF_n-kE"}'
[Sat Aug 31 13:52:35 BST 2024] _postContentType='application/jose+json'
[Sat Aug 31 13:52:35 BST 2024] Http already initialized.
[Sat Aug 31 13:52:35 BST 2024] _CURL='curl --silent --dump-header /tmp/acme/domain/http.header  -L  -g '
[Sat Aug 31 13:52:36 BST 2024] _ret='0'
[Sat Aug 31 13:52:36 BST 2024] responseHeaders='HTTP/2 201 
server: nginx
date: Sat, 31 Aug 2024 12:52:36 GMT
content-type: application/json
content-length: 349
boulder-requester: 161503273
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-staging-v02.api.letsencrypt.org/acme/order/161503273/18772417523
replay-nonce: VFujB6i1XUbR3RMVlHBkTrUUvwK1iWooYLTnpU0VG4ndS6SGD9k
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Sat Aug 31 13:52:36 BST 2024] code='201'
[Sat Aug 31 13:52:36 BST 2024] original='{
  "status": "pending",
  "expires": "2024-09-07T12:52:36Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "domain.uk"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/161503273/18772417523"
}'
[Sat Aug 31 13:52:36 BST 2024] _json_decode
[Sat Aug 31 13:52:36 BST 2024] _j_str='{
  "status": "pending",
  "expires": "2024-09-07T12:52:36Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "domain.uk"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/161503273/18772417523"
}'
[Sat Aug 31 13:52:36 BST 2024] response='{"status":"pending","expires":"2024-09-07T12:52:36Z","identifiers":[{"type":"dns","value":"domain.uk"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/161503273/18772417523"}'
[Sat Aug 31 13:52:36 BST 2024] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/161503273/18772417523'
[Sat Aug 31 13:52:36 BST 2024] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/161503273/18772417523'
[Sat Aug 31 13:52:36 BST 2024] OK
[Sat Aug 31 13:52:36 BST 2024] 9:Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/161503273/18772417523'
[Sat Aug 31 13:52:36 BST 2024] _json_decode
[Sat Aug 31 13:52:36 BST 2024] _j_str='{"status":"pending","expires":"2024-09-07T12:52:36Z","identifiers":[{"type":"dns","value":"domain.uk"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/161503273/18772417523"}'
[Sat Aug 31 13:52:36 BST 2024] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463'
[Sat Aug 31 13:52:36 BST 2024] STEP 2, Get the authorizations of each domain
[Sat Aug 31 13:52:36 BST 2024] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463'
[Sat Aug 31 13:52:36 BST 2024] =======Begin Send Signed Request=======
[Sat Aug 31 13:52:36 BST 2024] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463'
[Sat Aug 31 13:52:36 BST 2024] payload
[Sat Aug 31 13:52:36 BST 2024] Use cached jwk for file: /tmp/acme/domain/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key
[Sat Aug 31 13:52:36 BST 2024] base64 single line.
[Sat Aug 31 13:52:36 BST 2024] payload64
[Sat Aug 31 13:52:36 BST 2024] _request_retry_times='1'
[Sat Aug 31 13:52:36 BST 2024] Use _CACHED_NONCE='VFujB6i1XUbR3RMVlHBkTrUUvwK1iWooYLTnpU0VG4ndS6SGD9k'
[Sat Aug 31 13:52:36 BST 2024] nonce='VFujB6i1XUbR3RMVlHBkTrUUvwK1iWooYLTnpU0VG4ndS6SGD9k'
[Sat Aug 31 13:52:36 BST 2024] protected='{"nonce": "VFujB6i1XUbR3RMVlHBkTrUUvwK1iWooYLTnpU0VG4ndS6SGD9k", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463", "alg": "RS256", "kid": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/161503273"}'
[Sat Aug 31 13:52:36 BST 2024] base64 single line.
[Sat Aug 31 13:52:36 BST 2024] protected64='eyJub25jZSI6ICJWRnVqQjZpMVhVYlIzUk1WbEhCa1RyVVV2d0sxaVdvb1lMVG5wVTBWRzRuZFM2U0dEOWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTM4MTIxMzU0NjMiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYxNTAzMjczIn0'
[Sat Aug 31 13:52:36 BST 2024] base64 single line.
[Sat Aug 31 13:52:36 BST 2024] _sig_t='NM/f+4ES/WOYltJsNjvjVJjPAdPUWD1bwL4ZJKPYqF0YzmmTpKAQyxu0IDboyAJFjhCf12hyXkn/qa1EwzsN9tCDxrwnrwJBJalYPoRi4MWP3WsLYQ2EcmNdbiAScHuwCdX2+Q+4taOHOL+rtNRDPsmoJmsn6zU36S/Wuv+ruBNGAAaJOz8k0BjeHt7oWwejz5MqH5OypXRE70WXyKKne0q1RU90agpQaE/jD2IsjWNRMQski/YF+BicgSo5De+bHflhWg1PX6BQiCUcjM7eKc0HoRS/RAnbCJd7ZtKD36yYae00cm03XzCdBWUBvAybjDbaZsJ7lbnRJe5AbSpVXqPhtSos0Tf8SOIOyCz0EaiLGicvLek4MHmVFHb4cdy1zNEVHn4cg1e6UggbRpZItJiPaj+92tSlAn0XRjrAxIzBEPpNR7Jf5qOdLbH39g5+onBucmzSFtlR5UY7csbIx2MQGxw9SPdpQCsjTcG77B5iWAz+ZN8yOiUwOgMHt/sPkdlQTjdNiAQ6AImixT241zZ2koxBR14d1YjIgffJetSrNcjbzRSXsGbX1W1Dy7zs+hfKysL/AonV+KFt+iwuhGvG5fN43QBsUoigtClTkQ3tNzk5EUr5lrt9invg/ViSB6QG6kC1+MWOT0few4LIxqTGRIBrEK0H2ybs3s4HFqI='
[Sat Aug 31 13:52:36 BST 2024] sig='NM_f-4ES_WOYltJsNjvjVJjPAdPUWD1bwL4ZJKPYqF0YzmmTpKAQyxu0IDboyAJFjhCf12hyXkn_qa1EwzsN9tCDxrwnrwJBJalYPoRi4MWP3WsLYQ2EcmNdbiAScHuwCdX2-Q-4taOHOL-rtNRDPsmoJmsn6zU36S_Wuv-ruBNGAAaJOz8k0BjeHt7oWwejz5MqH5OypXRE70WXyKKne0q1RU90agpQaE_jD2IsjWNRMQski_YF-BicgSo5De-bHflhWg1PX6BQiCUcjM7eKc0HoRS_RAnbCJd7ZtKD36yYae00cm03XzCdBWUBvAybjDbaZsJ7lbnRJe5AbSpVXqPhtSos0Tf8SOIOyCz0EaiLGicvLek4MHmVFHb4cdy1zNEVHn4cg1e6UggbRpZItJiPaj-92tSlAn0XRjrAxIzBEPpNR7Jf5qOdLbH39g5-onBucmzSFtlR5UY7csbIx2MQGxw9SPdpQCsjTcG77B5iWAz-ZN8yOiUwOgMHt_sPkdlQTjdNiAQ6AImixT241zZ2koxBR14d1YjIgffJetSrNcjbzRSXsGbX1W1Dy7zs-hfKysL_AonV-KFt-iwuhGvG5fN43QBsUoigtClTkQ3tNzk5EUr5lrt9invg_ViSB6QG6kC1-MWOT0few4LIxqTGRIBrEK0H2ybs3s4HFqI'
[Sat Aug 31 13:52:36 BST 2024] body='{"protected": "eyJub25jZSI6ICJWRnVqQjZpMVhVYlIzUk1WbEhCa1RyVVV2d0sxaVdvb1lMVG5wVTBWRzRuZFM2U0dEOWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTM4MTIxMzU0NjMiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYxNTAzMjczIn0", "payload": "", "signature": "NM_f-4ES_WOYltJsNjvjVJjPAdPUWD1bwL4ZJKPYqF0YzmmTpKAQyxu0IDboyAJFjhCf12hyXkn_qa1EwzsN9tCDxrwnrwJBJalYPoRi4MWP3WsLYQ2EcmNdbiAScHuwCdX2-Q-4taOHOL-rtNRDPsmoJmsn6zU36S_Wuv-ruBNGAAaJOz8k0BjeHt7oWwejz5MqH5OypXRE70WXyKKne0q1RU90agpQaE_jD2IsjWNRMQski_YF-BicgSo5De-bHflhWg1PX6BQiCUcjM7eKc0HoRS_RAnbCJd7ZtKD36yYae00cm03XzCdBWUBvAybjDbaZsJ7lbnRJe5AbSpVXqPhtSos0Tf8SOIOyCz0EaiLGicvLek4MHmVFHb4cdy1zNEVHn4cg1e6UggbRpZItJiPaj-92tSlAn0XRjrAxIzBEPpNR7Jf5qOdLbH39g5-onBucmzSFtlR5UY7csbIx2MQGxw9SPdpQCsjTcG77B5iWAz-ZN8yOiUwOgMHt_sPkdlQTjdNiAQ6AImixT241zZ2koxBR14d1YjIgffJetSrNcjbzRSXsGbX1W1Dy7zs-hfKysL_AonV-KFt-iwuhGvG5fN43QBsUoigtClTkQ3tNzk5EUr5lrt9invg_ViSB6QG6kC1-MWOT0few4LIxqTGRIBrEK0H2ybs3s4HFqI"}'
[Sat Aug 31 13:52:36 BST 2024] POST
[Sat Aug 31 13:52:36 BST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463'
[Sat Aug 31 13:52:36 BST 2024] body='{"protected": "eyJub25jZSI6ICJWRnVqQjZpMVhVYlIzUk1WbEhCa1RyVVV2d0sxaVdvb1lMVG5wVTBWRzRuZFM2U0dEOWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTM4MTIxMzU0NjMiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYxNTAzMjczIn0", "payload": "", "signature": "NM_f-4ES_WOYltJsNjvjVJjPAdPUWD1bwL4ZJKPYqF0YzmmTpKAQyxu0IDboyAJFjhCf12hyXkn_qa1EwzsN9tCDxrwnrwJBJalYPoRi4MWP3WsLYQ2EcmNdbiAScHuwCdX2-Q-4taOHOL-rtNRDPsmoJmsn6zU36S_Wuv-ruBNGAAaJOz8k0BjeHt7oWwejz5MqH5OypXRE70WXyKKne0q1RU90agpQaE_jD2IsjWNRMQski_YF-BicgSo5De-bHflhWg1PX6BQiCUcjM7eKc0HoRS_RAnbCJd7ZtKD36yYae00cm03XzCdBWUBvAybjDbaZsJ7lbnRJe5AbSpVXqPhtSos0Tf8SOIOyCz0EaiLGicvLek4MHmVFHb4cdy1zNEVHn4cg1e6UggbRpZItJiPaj-92tSlAn0XRjrAxIzBEPpNR7Jf5qOdLbH39g5-onBucmzSFtlR5UY7csbIx2MQGxw9SPdpQCsjTcG77B5iWAz-ZN8yOiUwOgMHt_sPkdlQTjdNiAQ6AImixT241zZ2koxBR14d1YjIgffJetSrNcjbzRSXsGbX1W1Dy7zs-hfKysL_AonV-KFt-iwuhGvG5fN43QBsUoigtClTkQ3tNzk5EUr5lrt9invg_ViSB6QG6kC1-MWOT0few4LIxqTGRIBrEK0H2ybs3s4HFqI"}'
[Sat Aug 31 13:52:36 BST 2024] _postContentType='application/jose+json'
[Sat Aug 31 13:52:36 BST 2024] Http already initialized.
[Sat Aug 31 13:52:36 BST 2024] _CURL='curl --silent --dump-header /tmp/acme/domain/http.header  -L  -g '
[Sat Aug 31 13:52:37 BST 2024] _ret='0'
[Sat Aug 31 13:52:37 BST 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Sat, 31 Aug 2024 12:52:37 GMT
content-type: application/json
content-length: 815
boulder-requester: 161503273
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: vfo-J0TvfjHlz2bMKE551YAvMUFYuZqkrhfz2naON64CEGmUrLI
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Sat Aug 31 13:52:37 BST 2024] code='200'
[Sat Aug 31 13:52:37 BST 2024] original='{
  "identifier": {
    "type": "dns",
    "value": "domain.uk"
  },
  "status": "pending",
  "expires": "2024-09-07T12:52:36Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/18bUeQ",
      "status": "pending",
      "token": "ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"
    },
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw",
      "status": "pending",
      "token": "ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/AUEJVQ",
      "status": "pending",
      "token": "ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"
    }
  ]
}'
[Sat Aug 31 13:52:37 BST 2024] _json_decode
[Sat Aug 31 13:52:37 BST 2024] _j_str='{
  "identifier": {
    "type": "dns",
    "value": "domain.uk"
  },
  "status": "pending",
  "expires": "2024-09-07T12:52:36Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/18bUeQ",
      "status": "pending",
      "token": "ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"
    },
    {
      "type": "dns-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw",
      "status": "pending",
      "token": "ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/AUEJVQ",
      "status": "pending",
      "token": "ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"
    }
  ]
}'
[Sat Aug 31 13:52:37 BST 2024] response='{"identifier":{"type":"dns","value":"domain.uk"},"status":"pending","expires":"2024-09-07T12:52:36Z","challenges":[{"type":"http-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/18bUeQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"dns-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"tls-alpn-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/AUEJVQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"}]}'
[Sat Aug 31 13:52:37 BST 2024] response='{"identifier":{"type":"dns","value":domain.uk"},"status":"pending","expires":"2024-09-07T12:52:36Z","challenges":[{"type":"http-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/18bUeQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"dns-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"tls-alpn-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/AUEJVQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"}]}'
[Sat Aug 31 13:52:37 BST 2024] _d='domain.uk'
[Sat Aug 31 13:52:37 BST 2024] _authorizations_map='domain.uk,{"identifier":{"type":"dns","value":"domain.uk"},"status":"pending","expires":"2024-09-07T12:52:36Z","challenges":[{"type":"http-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/18bUeQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"dns-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"tls-alpn-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/AUEJVQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"}]}#https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463
'
[Sat Aug 31 13:52:37 BST 2024] d='domain.uk'
[Sat Aug 31 13:52:37 BST 2024] Getting webroot for domain='domain.uk'
[Sat Aug 31 13:52:37 BST 2024] _w='dns_nsupdate'
[Sat Aug 31 13:52:37 BST 2024] _currentRoot='dns_nsupdate'
[Sat Aug 31 13:52:37 BST 2024] _is_idn_d='rdomain.uk'
[Sat Aug 31 13:52:37 BST 2024] _idn_temp
[Sat Aug 31 13:52:37 BST 2024] _candidates='domain.uk,{"identifier":{"type":"dns","value":"domain.uk"},"status":"pending","expires":"2024-09-07T12:52:36Z","challenges":[{"type":"http-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/18bUeQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"dns-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"tls-alpn-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/AUEJVQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"}]}#https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463'
[Sat Aug 31 13:52:37 BST 2024] response='{"identifier":{"type":"dns","value":"domain.uk"},"status":"pending","expires":"2024-09-07T12:52:36Z","challenges":[{"type":"http-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/18bUeQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"dns-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"},{"type":"tls-alpn-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/AUEJVQ","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"}]}#https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463'
[Sat Aug 31 13:52:37 BST 2024] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463'
[Sat Aug 31 13:52:37 BST 2024] base64 single line.
[Sat Aug 31 13:52:37 BST 2024] entry='"type":"dns-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"'
[Sat Aug 31 13:52:37 BST 2024] token='ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs'
[Sat Aug 31 13:52:37 BST 2024] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw'
[Sat Aug 31 13:52:37 BST 2024] keyauthorization='ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs.Gs37H2DRQn4anpJP0dteohxeHULcMh5JS5ssdIbWSlM'
[Sat Aug 31 13:52:37 BST 2024] dvlist='domain.uk#ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs.Gs37H2DRQn4anpJP0dteohxeHULcMh5JS5ssdIbWSlM#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw#dns-01#dns_nsupdate#https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463'
[Sat Aug 31 13:52:37 BST 2024] d
[Sat Aug 31 13:52:37 BST 2024] vlist='domain.uk#ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs.Gs37H2DRQn4anpJP0dteohxeHULcMh5JS5ssdIbWSlM#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw#dns-01#dns_nsupdate#https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463,'
[Sat Aug 31 13:52:37 BST 2024] d='domain.uk'
[Sat Aug 31 13:52:37 BST 2024] _d_alias
[Sat Aug 31 13:52:37 BST 2024] txtdomain='_acme-challenge.domain.uk'
[Sat Aug 31 13:52:37 BST 2024] base64 single line.
[Sat Aug 31 13:52:37 BST 2024] txt='F93-7roSbnc3rfj9muIr3C5aVkahuRGFQFiSpc-FdFI'
[Sat Aug 31 13:52:37 BST 2024] d_api='/usr/local/pkg/acme/dnsapi/dns_nsupdate.sh'
[Sat Aug 31 13:52:37 BST 2024] dns_entry='domain.uk,_acme-challenge.domain.uk,,dns_nsupdate,F93-7roSbnc3rfj9muIr3C5aVkahuRGFQFiSpc-FdFI,/usr/local/pkg/acme/dnsapi/dns_nsupdate.sh'
[Sat Aug 31 13:52:37 BST 2024] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Sat Aug 31 13:52:37 BST 2024] dns_nsupdate_add exists=0
[Sat Aug 31 13:52:37 BST 2024] Adding txt value: F93-7roSbnc3rfj9muIr3C5aVkahuRGFQFiSpc-FdFI for domain:  _acme-challenge.domain.uk
[Sat Aug 31 13:52:37 BST 2024] APP
[Sat Aug 31 13:52:37 BST 2024] 5:NSUPDATE_SERVER='ns1.domain.uk'
[Sat Aug 31 13:52:37 BST 2024] APP
[Sat Aug 31 13:52:37 BST 2024] 6:NSUPDATE_SERVER_PORT=''
[Sat Aug 31 13:52:37 BST 2024] APP
[Sat Aug 31 13:52:37 BST 2024] 7:NSUPDATE_KEY='/tmp/acme/domain/domain.uknsupdate_acme-challenge.domain.uk.key'
[Sat Aug 31 13:52:37 BST 2024] APP
[Sat Aug 31 13:52:37 BST 2024] 8:NSUPDATE_ZONE=''
[Sat Aug 31 13:52:37 BST 2024] adding _acme-challenge.domain.uk. 60 in txt "F93-7roSbnc3rfj9muIr3C5aVkahuRGFQFiSpc-FdFI"
[Sat Aug 31 13:52:37 BST 2024] error updating domain
[Sat Aug 31 13:52:37 BST 2024] Error add txt for domain:_acme-challenge.domain.uk
[Sat Aug 31 13:52:37 BST 2024] _on_issue_err
[Sat Aug 31 13:52:37 BST 2024] Please check log file for more details: /tmp/acme/domain/acme_issuecert.log
[Sat Aug 31 13:52:37 BST 2024] _chk_vlist='domain.uk.uk#ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs.Gs37H2DRQn4anpJP0dteohxeHULcMh5JS5ssdIbWSlM#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw#dns-01#dns_nsupdate#https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463,'
[Sat Aug 31 13:52:37 BST 2024] start to deactivate authz
[Sat Aug 31 13:52:37 BST 2024] Trigger domain validation.
[Sat Aug 31 13:52:37 BST 2024] _t_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw'
[Sat Aug 31 13:52:37 BST 2024] _t_key_authz='ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs.Gs37H2DRQn4anpJP0dteohxeHULcMh5JS5ssdIbWSlM'
[Sat Aug 31 13:52:37 BST 2024] _t_vtype
[Sat Aug 31 13:52:37 BST 2024] =======Begin Send Signed Request=======
[Sat Aug 31 13:52:37 BST 2024] url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw'
[Sat Aug 31 13:52:37 BST 2024] payload='{}'
[Sat Aug 31 13:52:37 BST 2024] Use cached jwk for file: /tmp/acme/domain/ca/acme-staging-v02.api.letsencrypt.org/directory/account.key
[Sat Aug 31 13:52:37 BST 2024] base64 single line.
[Sat Aug 31 13:52:37 BST 2024] payload64='e30'
[Sat Aug 31 13:52:37 BST 2024] _request_retry_times='1'
[Sat Aug 31 13:52:37 BST 2024] Use _CACHED_NONCE='vfo-J0TvfjHlz2bMKE551YAvMUFYuZqkrhfz2naON64CEGmUrLI'
[Sat Aug 31 13:52:37 BST 2024] nonce='vfo-J0TvfjHlz2bMKE551YAvMUFYuZqkrhfz2naON64CEGmUrLI'
[Sat Aug 31 13:52:37 BST 2024] protected='{"nonce": "vfo-J0TvfjHlz2bMKE551YAvMUFYuZqkrhfz2naON64CEGmUrLI", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw", "alg": "RS256", "kid": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/161503273"}'
[Sat Aug 31 13:52:37 BST 2024] base64 single line.
[Sat Aug 31 13:52:37 BST 2024] protected64='eyJub25jZSI6ICJ2Zm8tSjBUdmZqSGx6MmJNS0U1NTFZQXZNVUZZdVpxa3JoZnoybmFPTjY0Q0VHbVVyTEkiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTM4MTIxMzU0NjMvaHBFTER3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE2MTUwMzI3MyJ9'
[Sat Aug 31 13:52:37 BST 2024] base64 single line.
[Sat Aug 31 13:52:37 BST 2024] _sig_t='FkRiy7U2h9RGIiziq5LU9NeGSJln9tIRLLGVDvlYo2Gp4PB/eaLi2zxZMn2GEfP9SGOn7hmxE9hbkd7bQkuFKSIwCUgnrrAVQ3IZ/IrCFH401qZ/Vbi56mGb260pIZhIpY2xV8lLya+7x9KxkUKEkn42wTqPyXOypl4e4Wws4ENwrg1npmn8dGxVxM5l1s8raRToUIHzB3ueibZnkv6wGiQsW43nbPFnfr9E3fb9vDF995h4fxpqW1IdgAuaH766GKPLaMdFowOcNtu+E3ep7QVB64/s9uUr5cdtu4LvrJs3g7TF1GWMi56Cn7aOiMqOcZ+/xg4C2Gesbz6Mij75xCdOO36asmC7VUK03MEMprZKk3l3gwXCz7xIo9ak3/dcV08K5GfrsMwwtOfbuzcQKAtRqNQwwjPTqANswue3jWpZLdKx97QFlEH8AQ9jw6vjSsEqNpTMrGbwp/GrG2Y9kzx6B5G1Ivp4iUQgC7b4PfIFeC8d+rPpQ7tOesTHK7EgZ5obK/L6UsS5G1fAf9ajx05rCkpk5ivYOpTS6p55X9nHSV+TGsADegxts4I7Zl40wSEaZAG70hI0xSK7mns/d70lb99SOYGKwGIKAZjCuG7U++28kvjjWk6jLNPrV7Rj6uPzDAl4xjcrsbzSzDnkgZMQZGAfHPLQZkQtV+czkdw='
[Sat Aug 31 13:52:37 BST 2024] sig='FkRiy7U2h9RGIiziq5LU9NeGSJln9tIRLLGVDvlYo2Gp4PB_eaLi2zxZMn2GEfP9SGOn7hmxE9hbkd7bQkuFKSIwCUgnrrAVQ3IZ_IrCFH401qZ_Vbi56mGb260pIZhIpY2xV8lLya-7x9KxkUKEkn42wTqPyXOypl4e4Wws4ENwrg1npmn8dGxVxM5l1s8raRToUIHzB3ueibZnkv6wGiQsW43nbPFnfr9E3fb9vDF995h4fxpqW1IdgAuaH766GKPLaMdFowOcNtu-E3ep7QVB64_s9uUr5cdtu4LvrJs3g7TF1GWMi56Cn7aOiMqOcZ-_xg4C2Gesbz6Mij75xCdOO36asmC7VUK03MEMprZKk3l3gwXCz7xIo9ak3_dcV08K5GfrsMwwtOfbuzcQKAtRqNQwwjPTqANswue3jWpZLdKx97QFlEH8AQ9jw6vjSsEqNpTMrGbwp_GrG2Y9kzx6B5G1Ivp4iUQgC7b4PfIFeC8d-rPpQ7tOesTHK7EgZ5obK_L6UsS5G1fAf9ajx05rCkpk5ivYOpTS6p55X9nHSV-TGsADegxts4I7Zl40wSEaZAG70hI0xSK7mns_d70lb99SOYGKwGIKAZjCuG7U--28kvjjWk6jLNPrV7Rj6uPzDAl4xjcrsbzSzDnkgZMQZGAfHPLQZkQtV-czkdw'
[Sat Aug 31 13:52:37 BST 2024] body='{"protected": "eyJub25jZSI6ICJ2Zm8tSjBUdmZqSGx6MmJNS0U1NTFZQXZNVUZZdVpxa3JoZnoybmFPTjY0Q0VHbVVyTEkiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTM4MTIxMzU0NjMvaHBFTER3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE2MTUwMzI3MyJ9", "payload": "e30", "signature": "FkRiy7U2h9RGIiziq5LU9NeGSJln9tIRLLGVDvlYo2Gp4PB_eaLi2zxZMn2GEfP9SGOn7hmxE9hbkd7bQkuFKSIwCUgnrrAVQ3IZ_IrCFH401qZ_Vbi56mGb260pIZhIpY2xV8lLya-7x9KxkUKEkn42wTqPyXOypl4e4Wws4ENwrg1npmn8dGxVxM5l1s8raRToUIHzB3ueibZnkv6wGiQsW43nbPFnfr9E3fb9vDF995h4fxpqW1IdgAuaH766GKPLaMdFowOcNtu-E3ep7QVB64_s9uUr5cdtu4LvrJs3g7TF1GWMi56Cn7aOiMqOcZ-_xg4C2Gesbz6Mij75xCdOO36asmC7VUK03MEMprZKk3l3gwXCz7xIo9ak3_dcV08K5GfrsMwwtOfbuzcQKAtRqNQwwjPTqANswue3jWpZLdKx97QFlEH8AQ9jw6vjSsEqNpTMrGbwp_GrG2Y9kzx6B5G1Ivp4iUQgC7b4PfIFeC8d-rPpQ7tOesTHK7EgZ5obK_L6UsS5G1fAf9ajx05rCkpk5ivYOpTS6p55X9nHSV-TGsADegxts4I7Zl40wSEaZAG70hI0xSK7mns_d70lb99SOYGKwGIKAZjCuG7U--28kvjjWk6jLNPrV7Rj6uPzDAl4xjcrsbzSzDnkgZMQZGAfHPLQZkQtV-czkdw"}'
[Sat Aug 31 13:52:37 BST 2024] POST
[Sat Aug 31 13:52:37 BST 2024] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw'
[Sat Aug 31 13:52:37 BST 2024] body='{"protected": "eyJub25jZSI6ICJ2Zm8tSjBUdmZqSGx6MmJNS0U1NTFZQXZNVUZZdVpxa3JoZnoybmFPTjY0Q0VHbVVyTEkiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTM4MTIxMzU0NjMvaHBFTER3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE2MTUwMzI3MyJ9", "payload": "e30", "signature": "FkRiy7U2h9RGIiziq5LU9NeGSJln9tIRLLGVDvlYo2Gp4PB_eaLi2zxZMn2GEfP9SGOn7hmxE9hbkd7bQkuFKSIwCUgnrrAVQ3IZ_IrCFH401qZ_Vbi56mGb260pIZhIpY2xV8lLya-7x9KxkUKEkn42wTqPyXOypl4e4Wws4ENwrg1npmn8dGxVxM5l1s8raRToUIHzB3ueibZnkv6wGiQsW43nbPFnfr9E3fb9vDF995h4fxpqW1IdgAuaH766GKPLaMdFowOcNtu-E3ep7QVB64_s9uUr5cdtu4LvrJs3g7TF1GWMi56Cn7aOiMqOcZ-_xg4C2Gesbz6Mij75xCdOO36asmC7VUK03MEMprZKk3l3gwXCz7xIo9ak3_dcV08K5GfrsMwwtOfbuzcQKAtRqNQwwjPTqANswue3jWpZLdKx97QFlEH8AQ9jw6vjSsEqNpTMrGbwp_GrG2Y9kzx6B5G1Ivp4iUQgC7b4PfIFeC8d-rPpQ7tOesTHK7EgZ5obK_L6UsS5G1fAf9ajx05rCkpk5ivYOpTS6p55X9nHSV-TGsADegxts4I7Zl40wSEaZAG70hI0xSK7mns_d70lb99SOYGKwGIKAZjCuG7U--28kvjjWk6jLNPrV7Rj6uPzDAl4xjcrsbzSzDnkgZMQZGAfHPLQZkQtV-czkdw"}'
[Sat Aug 31 13:52:37 BST 2024] _postContentType='application/jose+json'
[Sat Aug 31 13:52:37 BST 2024] Http already initialized.
[Sat Aug 31 13:52:37 BST 2024] _CURL='curl --silent --dump-header /tmp/acme/domain/http.header  -L  -g '
[Sat Aug 31 13:52:37 BST 2024] _ret='0'
[Sat Aug 31 13:52:37 BST 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Sat, 31 Aug 2024 12:52:37 GMT
content-type: application/json
content-length: 193
boulder-requester: 161503273
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/13812135463>;rel="up"
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw
replay-nonce: VFujB6i1Gj9UXVGZtCBP2Gip24W5U0wZDJQCsFzinwHOc366KPo
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Sat Aug 31 13:52:37 BST 2024] code='200'
[Sat Aug 31 13:52:37 BST 2024] original='{
  "type": "dns-01",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw",
  "status": "pending",
  "token": "ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"
}'
[Sat Aug 31 13:52:37 BST 2024] _json_decode
[Sat Aug 31 13:52:37 BST 2024] _j_str='{
  "type": "dns-01",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw",
  "status": "pending",
  "token": "ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"
}'
[Sat Aug 31 13:52:37 BST 2024] response='{"type":"dns-01","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/13812135463/hpELDw","status":"pending","token":"ExZOHBOLdZQNMQwI53B9xUHYKu_HzSBAYS_UuXFciGs"}'
[Sat Aug 31 13:52:37 BST 2024] pid
[Sat Aug 31 13:52:37 BST 2024] No need to restore nginx, skip.
[Sat Aug 31 13:52:37 BST 2024] _clearupdns
[Sat Aug 31 13:52:37 BST 2024] dns_entries
[Sat Aug 31 13:52:37 BST 2024] skip dns.

Regards

Just tested with Certbot. The error I get is this,
Encountered exception during recovery: certbot.errors.PluginError: Encountered error deleting TXT record: The peer didn't know the key we used
Encountered error adding TXT record: The peer didn't know the key we used

looks like bind may have some different config but I'm not really dns guy:
and I don't think it's safe to post bind config here

3 Likes

Ok so i figured it out, had to change a config in the .ini file,

Log from ns1,
client @0x7f6cd0193368 10.20.30.1#63916/key certbot: updating zone '_acme-challenge.domain.uk/IN': adding an RR at '_acme-challenge.domain' TXT "3>
Aug 31 14:36:21 ns1 named[47423]: client @0x7f6cc000caf8 10.20.30.1#17954/key certbot: updating zone '_acme-challenge.domain.uk/IN': adding an RR at '_acme-challenge.domain.uk' TXT "d>
Aug 31 14:37:26 ns1 named[47423]: client @0x7f6cc000caf8 10.20.30.1#45713/key certbot: updating zone '_acme-challenge.domain.uk/IN': deleting an RR at _acme-challenge.domain.uk TXT
Aug 31 14:37:26 ns1 named[47423]: client @0x7f6cc400b538 10.20.30.1#21166/key certbot: updating zone '_acme-challenge.domain.uk/IN': deleting an RR at _acme-challenge.domain.uk TXT

Log from Certbot,

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/route94.uk/fullchain.pem
Key is saved at: /etc/letsencrypt/live/route94.uk/privkey.pem
This certificate expires on 2024-11-29.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.


If you like Certbot, please consider supporting our work by:

1 Like

contraindication!

1 Like

Doesn't work with Acme though but works with Certbot.

1 Like

Hi @violetdragon92,

There are other Free ACME Certificate Authorities.

ACME CA Comparison - Posh-ACME

2 Likes

Issue I am having, is I can't generate them on my BIND9 Name Servers, they all report the same error with Acme Package but works with Certbot. Error dns_request_getresponse: expected a TSIG or SIG(0)

I guess these Free SSL Certificates are free for a reason as they are limited to what you run.

There are also many more ACME clients to choose from

3 Likes

Doesn't work, already followed that.

All I keep getting is dns_request_getresponse: expected a TSIG or SIG(0) which is implemented and works with Certbot but not Acme.

It seems that Lets Encrypt makes it impossible to get these Certificates on your own servers

I personally would not come that conclusion.

3 Likes

Then you have a valid Let's Encrypt cert. Why can't you just use that? It's free

Note that acme.sh by default gets a cert from ZeroSSL. You have to specify --server letsencrypt to get one from LE. I don't think that was affecting your problem just fyi.

Certbot is an ACME Client and so is acme.sh. There are numerous ACME Clients that can get certs from Let's Encrypt which is the ACME Server.

5 Likes