Acme.sh supports ACME v2 wildcard now


#41

Thanks a lot, one row naw, but I see new problem
Response error:<?xml version="1.0"?>
SenderInvalidChangeBatchTried to create resource record set [name=’_acme-challenge.35.mydomain.com.’, type=‘TXT’] but it already exists7ca4cbf6-10b5-11e8-872a-cf0ab9c87778

and acme exit (

I think it’s not fix my problem, because lets encrypt send 2 different entries, and acme sent 1st on aws, and 2st them, rewrite 1st
For example, comodo sends 2 entries, but the same


#42

sorry, got it. I will fix it again


#43

Thanks a lot, I’ll wait here…:grinning:


#44

@wisdem fixed.

please upgrade and try again.


export  BRANCH=dev
acme.sh --upgrade


#45

don’t work after upgrade((

_resource_record=’ all data my from my domain zone’

Adding records
 mtd='POST'
 ep='2013-04-01/hostedzone/id/rrset/'
 qsr
 data='<ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeBatch><Changes><Change><Action>UPSERT</Action><ResourceRecordSet><Name>_acme-challenge.36.mydomain.com</Name><Type>TXT</Type><TTL>300</TTL><ResourceRecords><ResourceRecord><Value>&quot;oZeteJNyKoxq-6xnO1Zmi78bFWdSzt-Cc_bEPwiP5Ls&quot;</Value></ResourceRecord></ResourceRecordSet> and all row my zone

and them

Response error:<?xml version="1.0"?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><Error><Type>Sender</Type><Code>MalformedInput</Code><Message>Could not parse XML</Message></Error><RequestId>475f5484-10cd-11e8-8843-1956ce9b3480</RequestId></ErrorResponse>

Error add txt for domain:_acme-challenge.35.mydomain.com


#46

Interesting. It works for me.
Please report bug on github. And paste full log with “—debug 2”

I will fix soon.


#47

I did write on issues/1262


#48

Hi @Neilpang, by any chance to you have any pointer regarding that issue?
Many thanks!


#49

what issue ? The issue 1262 was already fixed.


#50

The issue regarding “Le_OrderFinalize not found” mentioned in the follow posts:

I will try with the latest version and let you know.
Thanks!


#51

“Orders” field of account object is not implemented yet (Boulder issue #333515), reported by @wulf4096 and @quabla


#52


#53

@dangtrungluong ACMEv2/Wildcard support is in beta and not issuing real certificates yet:

I’ll add a note about this to the original post.


#54

I just read this today that Let’s Encrypt support for wildcard is already available: ACME v2 Production Environment & Wildcards

Hopefully, acme.sh will also start its full support for this from now on.


#55

It already does, I believe. :slightly_smiling_face:


#56

Well, if acme.sh already start its full support, I wonder why I can’t seem to get it to work in my ISPConfig web server while running the following code:acme.sh --issue --test -d *.domain.tld --dns dns_ispconfig

Are there any other special steps I need to follow?


#57

Hi @ahrasis,

Maybe you are not using latest acme.sh client and you need to upgrade it.

acme.sh --upgrade

Cheers,
sahsanu


#58


#59

That looks great, @dangtrungluong!


#60

Hello, so getting a wildcard with acme.sh, that seemed pretty straightforward. But, now, I don’t know what to do next. A question for @Neilpang perhaps, but for anyone who has successfully issued this and go tit working:

After the certificates are installed in the hidden directory in my folder, how do I install them to work with my web server? I did the --install-cert command, but it doesn’t seem like anything happened, and, all of my sub domains are “untrusted.” Also, @Neilpang, above you mentioned that I had to do both -d *.mydomain.com and -d mydomain.com were required. However, I had already had a normal certificate issued via certbot. Regardless I issued the command with both and here is the response.

sudo ./acme.sh --issue -d toursoft.co -d '*.toursoft.co' --apache --dns dns_cf
[Mon Apr  9 20:15:11 UTC 2018] Checking if there is an error in the apache config file before starting.
[Mon Apr  9 20:15:11 UTC 2018] OK
[Mon Apr  9 20:15:11 UTC 2018] JFYI, Config file /etc/apache2/apache2.conf is backuped to /home/tbadmin/.acme.sh/apache2.conf
[Mon Apr  9 20:15:11 UTC 2018] In case there is an error that can not be restored automatically, you may try restore it yourself.
[Mon Apr  9 20:15:11 UTC 2018] The backup file will be deleted on success, just forget it.
[Mon Apr  9 20:15:11 UTC 2018] Creating domain key
[Mon Apr  9 20:15:12 UTC 2018] The domain key is here: /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key
[Mon Apr  9 20:15:12 UTC 2018] Multi domain='DNS:toursoft.co,DNS:*.toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Getting domain auth token for each domain
[Mon Apr  9 20:15:12 UTC 2018] Getting webroot for domain='toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Getting webroot for domain='*.toursoft.co'
[Mon Apr  9 20:15:12 UTC 2018] Verifying:toursoft.co
[Mon Apr  9 20:15:15 UTC 2018] Pending
[Mon Apr  9 20:15:17 UTC 2018] Pending
[Mon Apr  9 20:15:19 UTC 2018] Pending
[Mon Apr  9 20:15:21 UTC 2018] Pending
[Mon Apr  9 20:15:23 UTC 2018] Pending
[Mon Apr  9 20:15:26 UTC 2018] Pending
[Mon Apr  9 20:15:28 UTC 2018] Pending
[Mon Apr  9 20:15:30 UTC 2018] Pending
[Mon Apr  9 20:15:32 UTC 2018] Pending
[Mon Apr  9 20:15:34 UTC 2018] Success
[Mon Apr  9 20:15:34 UTC 2018] *.toursoft.co is already verified, skip dns-01.
[Mon Apr  9 20:15:35 UTC 2018] Verify finished, start to sign.
[Mon Apr  9 20:15:51 UTC 2018] Cert success.
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
[Mon Apr  9 20:15:51 UTC 2018] Your cert is in  /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.cer 
[Mon Apr  9 20:15:51 UTC 2018] Your cert key is in  /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key 
[Mon Apr  9 20:15:51 UTC 2018] The intermediate CA cert is in  /home/tbadmin/.acme.sh/toursoft.co/ca.cer 
[Mon Apr  9 20:15:51 UTC 2018] And the full chain certs is there:  /home/tbadmin/.acme.sh/toursoft.co/fullchain.cer 

So now what do I do? I included --apache in the command and restarted apache, but I’m still getting the not secure error. Do I still have to manually type in --install-cert or manually modify the apache config file? I don’t see any changes that took place.