sorry, got it. I will fix it again
Thanks a lot, I’ll wait here…
please upgrade and try again.
export BRANCH=dev acme.sh --upgrade
don’t work after upgrade((
_resource_record=’ all data my from my domain zone’
Adding records mtd='POST' ep='2013-04-01/hostedzone/id/rrset/' qsr data='<ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeBatch><Changes><Change><Action>UPSERT</Action><ResourceRecordSet><Name>_acme-challenge.36.mydomain.com</Name><Type>TXT</Type><TTL>300</TTL><ResourceRecords><ResourceRecord><Value>"oZeteJNyKoxq-6xnO1Zmi78bFWdSzt-Cc_bEPwiP5Ls"</Value></ResourceRecord></ResourceRecordSet> and all row my zone
Response error:<?xml version="1.0"?> <ErrorResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><Error><Type>Sender</Type><Code>MalformedInput</Code><Message>Could not parse XML</Message></Error><RequestId>475f5484-10cd-11e8-8843-1956ce9b3480</RequestId></ErrorResponse>
Error add txt for domain:_acme-challenge.35.mydomain.com
Interesting. It works for me.
Please report bug on github. And paste full log with “—debug 2”
I will fix soon.
I did write on issues/1262
Hi @Neilpang, by any chance to you have any pointer regarding that issue?
what issue ? The issue 1262 was already fixed.
The issue regarding “Le_OrderFinalize not found” mentioned in the follow posts:
- Acme.sh supports ACME v2 wildcard now
- Acme.sh supports ACME v2 wildcard now
- Acme.sh Error : Le_OrderFinalize not found
I will try with the latest version and let you know.
@dangtrungluong ACMEv2/Wildcard support is in beta and not issuing real certificates yet:
I’ll add a note about this to the original post.
I just read this today that Let’s Encrypt support for wildcard is already available: ACME v2 Production Environment & Wildcards
Hopefully, acme.sh will also start its full support for this from now on.
It already does, I believe.
Well, if acme.sh already start its full support, I wonder why I can’t seem to get it to work in my ISPConfig web server while running the following code:
acme.sh --issue --test -d *.domain.tld --dns dns_ispconfig
Are there any other special steps I need to follow?
Maybe you are not using latest
acme.sh client and you need to upgrade it.
That looks great, @dangtrungluong!
Hello, so getting a wildcard with acme.sh, that seemed pretty straightforward. But, now, I don’t know what to do next. A question for @Neilpang perhaps, but for anyone who has successfully issued this and go tit working:
After the certificates are installed in the hidden directory in my folder, how do I install them to work with my web server? I did the --install-cert command, but it doesn’t seem like anything happened, and, all of my sub domains are “untrusted.” Also, @Neilpang, above you mentioned that I had to do both -d *.mydomain.com and -d mydomain.com were required. However, I had already had a normal certificate issued via certbot. Regardless I issued the command with both and here is the response.
sudo ./acme.sh --issue -d toursoft.co -d '*.toursoft.co' --apache --dns dns_cf [Mon Apr 9 20:15:11 UTC 2018] Checking if there is an error in the apache config file before starting. [Mon Apr 9 20:15:11 UTC 2018] OK [Mon Apr 9 20:15:11 UTC 2018] JFYI, Config file /etc/apache2/apache2.conf is backuped to /home/tbadmin/.acme.sh/apache2.conf [Mon Apr 9 20:15:11 UTC 2018] In case there is an error that can not be restored automatically, you may try restore it yourself. [Mon Apr 9 20:15:11 UTC 2018] The backup file will be deleted on success, just forget it. [Mon Apr 9 20:15:11 UTC 2018] Creating domain key [Mon Apr 9 20:15:12 UTC 2018] The domain key is here: /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key [Mon Apr 9 20:15:12 UTC 2018] Multi domain='DNS:toursoft.co,DNS:*.toursoft.co' [Mon Apr 9 20:15:12 UTC 2018] Getting domain auth token for each domain [Mon Apr 9 20:15:12 UTC 2018] Getting webroot for domain='toursoft.co' [Mon Apr 9 20:15:12 UTC 2018] Getting webroot for domain='*.toursoft.co' [Mon Apr 9 20:15:12 UTC 2018] Verifying:toursoft.co [Mon Apr 9 20:15:15 UTC 2018] Pending [Mon Apr 9 20:15:17 UTC 2018] Pending [Mon Apr 9 20:15:19 UTC 2018] Pending [Mon Apr 9 20:15:21 UTC 2018] Pending [Mon Apr 9 20:15:23 UTC 2018] Pending [Mon Apr 9 20:15:26 UTC 2018] Pending [Mon Apr 9 20:15:28 UTC 2018] Pending [Mon Apr 9 20:15:30 UTC 2018] Pending [Mon Apr 9 20:15:32 UTC 2018] Pending [Mon Apr 9 20:15:34 UTC 2018] Success [Mon Apr 9 20:15:34 UTC 2018] *.toursoft.co is already verified, skip dns-01. [Mon Apr 9 20:15:35 UTC 2018] Verify finished, start to sign. [Mon Apr 9 20:15:51 UTC 2018] Cert success. -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- [Mon Apr 9 20:15:51 UTC 2018] Your cert is in /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.cer [Mon Apr 9 20:15:51 UTC 2018] Your cert key is in /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key [Mon Apr 9 20:15:51 UTC 2018] The intermediate CA cert is in /home/tbadmin/.acme.sh/toursoft.co/ca.cer [Mon Apr 9 20:15:51 UTC 2018] And the full chain certs is there: /home/tbadmin/.acme.sh/toursoft.co/fullchain.cer
So now what do I do? I included --apache in the command and restarted apache, but I’m still getting the not secure error. Do I still have to manually type in --install-cert or manually modify the apache config file? I don’t see any changes that took place.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.