Acme.sh supports ACME v2 wildcard now

Client dev
37

Hi,

Thanks for this client! I’m quite new using ACME :slight_smile:

@Neilpang
Got an issue on my side when trying to create a wildcard cert using AWS (–dns dns_aws). It works when not using wildcard. However as soon as I insert the wildcard I got an “Le_OrderFinalize not found.” error:

[root@server .acme.sh]# acme.sh --issue --dns dns_aws -d "*.domain.com" -d "domain.com" -d "www.domain.com" -w /root/domain.com --standalone --force --test
[Tue Jan 23 18:48:36 UTC 2018] Standalone mode.
[Tue Jan 23 18:48:36 UTC 2018] Standalone mode.
....
[Tue Jan 23 18:33:47 UTC 2018] Multi domain='DNS:*.domain.com,DNS:domain.com,DNS:www.domain.com'
[Tue Jan 23 18:33:47 UTC 2018] Getting domain auth token for each domain
[Tue Jan 23 18:33:47 UTC 2018] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Tue Jan 23 18:33:47 UTC 2018] payload='{"identifiers": [{"type":"dns","value":"*.domain.com"},{"type":"dns","value":"domain.com"},{"type":"dns","value":"www.domain.com"}]}'
[Tue Jan 23 18:33:47 UTC 2018] RSA key
[Tue Jan 23 18:33:47 UTC 2018] HEAD
[Tue Jan 23 18:33:47 UTC 2018] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jan 23 18:33:47 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Jan 23 18:33:47 UTC 2018] _ret='0'
[Tue Jan 23 18:33:47 UTC 2018] POST
[Tue Jan 23 18:33:47 UTC 2018] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Tue Jan 23 18:33:47 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Jan 23 18:33:48 UTC 2018] _ret='0'
[Tue Jan 23 18:33:48 UTC 2018] code='400'
[Tue Jan 23 18:33:48 UTC 2018] Le_OrderFinalize
[Tue Jan 23 18:33:48 UTC 2018] Le_OrderFinalize not found.
[Tue Jan 23 18:48:36 UTC 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log

If I remove the *.domain.com, it works but uses the acme v1 staging.

[root@server .acme.sh]# acme.sh --issue --dns dns_aws  -d "domain.com" -d "www.domain.com" -w /root/domain.com --standalone --force --test
[Tue Jan 23 18:52:39 UTC 2018] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Tue Jan 23 18:52:40 UTC 2018] Multi domain='DNS:domain.com,DNS:www.domain.com'
[Tue Jan 23 18:52:40 UTC 2018] Getting domain auth token for each domain
[Tue Jan 23 18:52:40 UTC 2018] Getting webroot for domain='domain.com'
[Tue Jan 23 18:52:40 UTC 2018] Getting new-authz for domain='domain.com'
[Tue Jan 23 18:52:41 UTC 2018] The new-authz request is ok.
[Tue Jan 23 18:52:41 UTC 2018] Getting webroot for domain='www.domain.com'
[Tue Jan 23 18:52:41 UTC 2018] Getting new-authz for domain='www.domain.com'
[Tue Jan 23 18:52:42 UTC 2018] The new-authz request is ok.
[Tue Jan 23 18:52:42 UTC 2018] domain.com is already verified, skip dns-01.
[Tue Jan 23 18:52:42 UTC 2018] www.domain.com is already verified, skip http-01.
[Tue Jan 23 18:52:42 UTC 2018] Verify finished, start to sign.
[Tue Jan 23 18:52:43 UTC 2018] Cert success.

And fails if I force the v02 staging server.

[root@server .acme.sh]# acme.sh --issue --dns dns_aws  -d "domain.com" -d "www.domain.com" -w /root/domain.com --standalone --force --server https://acme-staging-v02.api.letsencrypt.org/directory
[Tue Jan 23 18:54:48 UTC 2018] Multi domain='DNS:domain.com,DNS:www.domain.com'
[Tue Jan 23 18:54:48 UTC 2018] Getting domain auth token for each domain
[Tue Jan 23 18:54:49 UTC 2018] Le_OrderFinalize not found.
[Tue Jan 23 18:54:49 UTC 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log

Any pointer for what the cause could be (rate limit? because 400 Bad request does not tell me much)

Thanks for any help.