Acme.sh standalone Ading a secondary subdomain same public ip

Help
#1

Id like to add another subdomain running on the same IP address but different physical host however in trying ./acme.sh/acme.sh --issue --staging --log -d mysub.domain.com -d myothersub.domain.com --standalone --httpport 8081

I get no idea if its tested correctly, changing back to the existing script not including the other subdomain again i get red writting crying of version changes, my cert is due for renewal in 7 days and im not sure how i can get difinitive answer on whether it will pass, im using the --staging command to test adding another subdomain. Im reading acme.sh supports v1 and v2 so why the red writting.

My domain is:
mysub.domain.com
I ran this command:
./acme.sh/acme.sh --issue --staging --log -d mysub.domain.com -d --standalone --httpport 8081
It produced this output:
[Fri 1 May 2020 15:50:16 AEST] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Fri 1 May 2020 15:50:18 AEST] Standalone mode.
[Fri 1 May 2020 15:50:18 AEST] Registering account
[Fri 1 May 2020 15:50:20 AEST] Register account Error: {“type”:“urn:acme:error:unauthorized”,“detail”:“Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See End of Life Plan for ACMEv1 for details.”,“status”: 403}
[Fri 1 May 2020 15:50:20 AEST] Please check log file for more details: /Users/macmedic/.acme.sh/acme.sh.log
My web server is (include version):
apache
The operating system my web server runs on is (include version):
osx 10.11.6
My hosting provider, if applicable, is:
vps
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 2.8.0

#2

Try upgrading to 2.8.6
./acme.sh/acme.sh --upgrade

1 Like
#3

Hi Rg305 thanks for that i did it its now v 2.8.6
but still get the below response :
[Sun 3 May 2020 14:26:22 AEST] _postContentType=‘application/jose+json’

[Sun 3 May 2020 14:26:22 AEST] _CURL='curl -L --silent --dump-header /Users/user/.acme.sh/http.header --trace-ascii /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/tmp.XT3PhevC -g ’

[Sun 3 May 2020 14:26:24 AEST] _ret=‘0’

[Sun 3 May 2020 14:26:24 AEST] original=’{

“type”: “urn:acme:error:unauthorized”,

“detail”: “Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See End of Life Plan for ACMEv1 for details.”,

“status”: 403

}’

[Sun 3 May 2020 14:26:24 AEST] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 403 Forbidden

Server: nginx

Date: Sun, 03 May 2020 04:26:23 GMT

Content-Type: application/problem+json

Content-Length: 280

Connection: keep-alive

Cache-Control: public, max-age=0, no-cache

Replay-Nonce: 0002Z740LyAMErFTM56eidhTceVhgijuNNZs3Sg9G3g8VkM

[Sun 3 May 2020 14:26:24 AEST] response=’{“type”:“urn:acme:error:unauthorized”,“detail”:“Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See End of Life Plan for ACMEv1 for details.”,“status”: 403}’

[Sun 3 May 2020 14:26:24 AEST] code=‘403’

[Sun 3 May 2020 14:26:24 AEST] Register account Error: {“type”:“urn:acme:error:unauthorized”,“detail”:“Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See End of Life Plan for ACMEv1 for details.”,“status”: 403}

[Sun 3 May 2020 14:26:24 AEST] _on_issue_err

[Sun 3 May 2020 14:26:24 AEST] Please check log file for more details: /Users/user/.acme.sh/acme.sh.log

[Sun 3 May 2020 14:26:24 AEST] _chk_vlist

[Sun 3 May 2020 14:26:24 AEST] Diagnosis versions:

#4

Please show outputs of:
curl --version
cat /root/.acme.sh/http.header
/root/.acme.sh/acme.sh --update-account

1 Like
#5

bash-3.2# curl --version
curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets

bash-3.2# cat http.header
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 May 2020 06:45:46 GMT
Content-Type: application/pkix-cert
Content-Length: 1174
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Replay-Nonce: 0101k1ZIL0uWFm1ie53OG6K_WE-l-a3b9KpqLZhMfDHOL0E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

bash-3.2# /Users/user/.acme.sh/acme.sh --update-account
[Mon 4 May 2020 08:52:44 AEST] Account key is not found at: /Users/user/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key

yet:
bash-3.2# pwd
/Users/user/.acme.sh/ca/acme-v01.api.letsencrypt.org

Contains
bash-3.2# ls -la
total 24
drwxr-xr-x 5 root staff 170 7 Dec 2018 .
drwxr-xr-x 4 root staff 136 1 May 15:25 …
-rw-r–r-- 1 root staff 577 7 Dec 2018 account.json
-rw------- 1 root staff 1675 7 Dec 2018 account.key
-rw-r–r-- 1 root staff 128 7 Dec 2018 ca.conf

#6

The permissions may be incorrect…
I would back up that file (or move it elsewhere).
Then rerun the renewal request - it should recreate the account key (as new).

1 Like
#7

The first path has “v02”, the second one has “v01”.

I have no idea what to do about this issue, though.

Your first post was about the staging environment, but this one is about the production environment…

2 Likes