Yes. I edited the post.
You are not using staging v2.
I think perhaps you forgot to export BRANCH=2
when you installed.
export BRANCH=2
curl https://get.acme.sh | sh
$ acme.sh --test --issue -d "*.kngcit.ru" --dns
[Tue 16 Jan 17:52:49 AEDT 2018] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Tue 16 Jan 17:52:50 AEDT 2018] Registering account
[Tue 16 Jan 17:52:52 AEDT 2018] Registered
[Tue 16 Jan 17:52:52 AEDT 2018] ACCOUNT_THUMBPRINT='IwOdVg6z252UzF7WKcQ6HTge89KBX84YHCWJimdlUpA'
[Tue 16 Jan 17:52:52 AEDT 2018] Creating domain key
[Tue 16 Jan 17:52:52 AEDT 2018] The domain key is here: /home/alex/.acme.sh/*.kngcit.ru/*.kngcit.ru.key
[Tue 16 Jan 17:52:52 AEDT 2018] Single domain='*.kngcit.ru'
[Tue 16 Jan 17:52:52 AEDT 2018] Getting domain auth token for each domain
[Tue 16 Jan 17:52:54 AEDT 2018] Getting webroot for domain='*.kngcit.ru'
[Tue 16 Jan 17:52:54 AEDT 2018] Add the following TXT record:
[Tue 16 Jan 17:52:54 AEDT 2018] Domain: '_acme-challenge.kngcit.ru'
[Tue 16 Jan 17:52:54 AEDT 2018] TXT value: 'IezuZ-Wa92ALfQP9735Xca1G4bCmatbaFeqdHVmpIpo'
[Tue 16 Jan 17:52:54 AEDT 2018] Please be aware that you prepend _acme-challenge. before your domain
[Tue 16 Jan 17:52:54 AEDT 2018] so the resulting subdomain will be: _acme-challenge.kngcit.ru
[Tue 16 Jan 17:52:54 AEDT 2018] Please add the TXT records to the domains, and retry again.
[Tue 16 Jan 17:52:54 AEDT 2018] Please add '--debug' or '--log' to check more details.
[Tue 16 Jan 17:52:54 AEDT 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
Yes. Now everything works! Thank you.
Hi,
Thanks for this client! I’m quite new using ACME
@Neilpang
Got an issue on my side when trying to create a wildcard cert using AWS (–dns dns_aws). It works when not using wildcard. However as soon as I insert the wildcard I got an “Le_OrderFinalize not found.” error:
[root@server .acme.sh]# acme.sh --issue --dns dns_aws -d "*.domain.com" -d "domain.com" -d "www.domain.com" -w /root/domain.com --standalone --force --test
[Tue Jan 23 18:48:36 UTC 2018] Standalone mode.
[Tue Jan 23 18:48:36 UTC 2018] Standalone mode.
....
[Tue Jan 23 18:33:47 UTC 2018] Multi domain='DNS:*.domain.com,DNS:domain.com,DNS:www.domain.com'
[Tue Jan 23 18:33:47 UTC 2018] Getting domain auth token for each domain
[Tue Jan 23 18:33:47 UTC 2018] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Tue Jan 23 18:33:47 UTC 2018] payload='{"identifiers": [{"type":"dns","value":"*.domain.com"},{"type":"dns","value":"domain.com"},{"type":"dns","value":"www.domain.com"}]}'
[Tue Jan 23 18:33:47 UTC 2018] RSA key
[Tue Jan 23 18:33:47 UTC 2018] HEAD
[Tue Jan 23 18:33:47 UTC 2018] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Jan 23 18:33:47 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Jan 23 18:33:47 UTC 2018] _ret='0'
[Tue Jan 23 18:33:47 UTC 2018] POST
[Tue Jan 23 18:33:47 UTC 2018] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Tue Jan 23 18:33:47 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Tue Jan 23 18:33:48 UTC 2018] _ret='0'
[Tue Jan 23 18:33:48 UTC 2018] code='400'
[Tue Jan 23 18:33:48 UTC 2018] Le_OrderFinalize
[Tue Jan 23 18:33:48 UTC 2018] Le_OrderFinalize not found.
[Tue Jan 23 18:48:36 UTC 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
If I remove the *.domain.com, it works but uses the acme v1 staging.
[root@server .acme.sh]# acme.sh --issue --dns dns_aws -d "domain.com" -d "www.domain.com" -w /root/domain.com --standalone --force --test
[Tue Jan 23 18:52:39 UTC 2018] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Tue Jan 23 18:52:40 UTC 2018] Multi domain='DNS:domain.com,DNS:www.domain.com'
[Tue Jan 23 18:52:40 UTC 2018] Getting domain auth token for each domain
[Tue Jan 23 18:52:40 UTC 2018] Getting webroot for domain='domain.com'
[Tue Jan 23 18:52:40 UTC 2018] Getting new-authz for domain='domain.com'
[Tue Jan 23 18:52:41 UTC 2018] The new-authz request is ok.
[Tue Jan 23 18:52:41 UTC 2018] Getting webroot for domain='www.domain.com'
[Tue Jan 23 18:52:41 UTC 2018] Getting new-authz for domain='www.domain.com'
[Tue Jan 23 18:52:42 UTC 2018] The new-authz request is ok.
[Tue Jan 23 18:52:42 UTC 2018] domain.com is already verified, skip dns-01.
[Tue Jan 23 18:52:42 UTC 2018] www.domain.com is already verified, skip http-01.
[Tue Jan 23 18:52:42 UTC 2018] Verify finished, start to sign.
[Tue Jan 23 18:52:43 UTC 2018] Cert success.
And fails if I force the v02 staging server.
[root@server .acme.sh]# acme.sh --issue --dns dns_aws -d "domain.com" -d "www.domain.com" -w /root/domain.com --standalone --force --server https://acme-staging-v02.api.letsencrypt.org/directory
[Tue Jan 23 18:54:48 UTC 2018] Multi domain='DNS:domain.com,DNS:www.domain.com'
[Tue Jan 23 18:54:48 UTC 2018] Getting domain auth token for each domain
[Tue Jan 23 18:54:49 UTC 2018] Le_OrderFinalize not found.
[Tue Jan 23 18:54:49 UTC 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
Any pointer for what the cause could be (rate limit? because 400 Bad request does not tell me much)
Thanks for any help.
@tob it may be worthwhile to open a new thread in the Issuance Tech section of the forum to discuss with the Let’s Encrypt team whether this is intentional behavior or just an oversight.
Hello. I have same problem…
I try run cmd - ./acme.sh --debug --test --issue -d 34.mydomain.com -d *.34.mydomain.com --dns dns_aw
on debug view
Check for domain=‘34.mydomain.com’
_currentRoot=‘dns_aws’
Check for domain=’*.34.mydomain.com’
_currentRoot=‘dns_aws’
d=‘34.mydomain.com’
txtdomain=’_acme-challenge.34.mydomain.com’
txt=‘2Tf-9NigycRUDU4IaYqG75EOxFU67zow6kRIGoThPN4’
d_api=’./acme/dnsapi/dns_aws.sh’
Found domain api file: ./acme/dnsapi/dns_aws.sh
txt record updated success.
d=’*.34.mydomain.com’
txtdomain=’_acme-challenge.34.mydomain.com’
txt=‘GAkqBZhsAFH5c5M0Kjb-0PI4nrejXhzfYnIniIMH_4w’
d_api=’./acme/dnsapi/dns_aws.sh’
Found domain api file: ./acme/dnsapi/dns_aws.sh
First detect the root zone
34.mydomain.com:Verify error:Incorrect TXT record
in console aws I see only 1 row, last txt - GAkqBZhsAFH5c5M0Kjb-0PI4nrejXhzfYnIniIMH_4w
acme.sh version is 2.7.7
fixed, please upgrade to the latest dev code and try again.
export BRANCH=dev
acme.sh --upgrade
Thanks a lot, one row naw, but I see new problem
Response error:<?xml version="1.0"?>
SenderInvalidChangeBatch
Tried to create resource record set [name=’_acme-challenge.35.mydomain.com.’, type=‘TXT’] but it already exists7ca4cbf6-10b5-11e8-872a-cf0ab9c87778
and acme exit (
I think it’s not fix my problem, because lets encrypt send 2 different entries, and acme sent 1st on aws, and 2st them, rewrite 1st
For example, comodo sends 2 entries, but the same
sorry, got it. I will fix it again
Thanks a lot, I’ll wait here…
don’t work after upgrade((
_resource_record=’ all data my from my domain zone’
Adding records
mtd='POST'
ep='2013-04-01/hostedzone/id/rrset/'
qsr
data='<ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeBatch><Changes><Change><Action>UPSERT</Action><ResourceRecordSet><Name>_acme-challenge.36.mydomain.com</Name><Type>TXT</Type><TTL>300</TTL><ResourceRecords><ResourceRecord><Value>"oZeteJNyKoxq-6xnO1Zmi78bFWdSzt-Cc_bEPwiP5Ls"</Value></ResourceRecord></ResourceRecordSet> and all row my zone
and them
Response error:<?xml version="1.0"?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><Error><Type>Sender</Type><Code>MalformedInput</Code><Message>Could not parse XML</Message></Error><RequestId>475f5484-10cd-11e8-8843-1956ce9b3480</RequestId></ErrorResponse>
Error add txt for domain:_acme-challenge.35.mydomain.com
Interesting. It works for me.
Please report bug on github. And paste full log with “—debug 2”
I will fix soon.
I did write on issues/1262
what issue ? The issue 1262 was already fixed.
The issue regarding “Le_OrderFinalize not found” mentioned in the follow posts:
- Acme.sh supports ACME v2 wildcard now
- Acme.sh supports ACME v2 wildcard now
- Acme.sh Error : Le_OrderFinalize not found
I will try with the latest version and let you know.
Thanks!
“Orders” field of account object is not implemented yet (Boulder issue #333515), reported by @wulf4096 and @quabla
@dangtrungluong ACMEv2/Wildcard support is in beta and not issuing real certificates yet:
I'll add a note about this to the original post.