Thanks a lot, one row naw, but I see new problem
Response error:<?xml version="1.0"?>
InvalidChangeBatchTried to create resource record set [name=’_acme-challenge.35.mydomain.com.’, type=‘TXT’] but it already exists7ca4cbf6-10b5-11e8-872a-cf0ab9c87778
and acme exit (
I think it’s not fix my problem, because lets encrypt send 2 different entries, and acme sent 1st on aws, and 2st them, rewrite 1st
For example, comodo sends 2 entries, but the same
sorry, got it. I will fix it again
Thanks a lot, I’ll wait here…
please upgrade and try again.
don’t work after upgrade((
_resource_record=’ all data my from my domain zone’
data='<ChangeResourceRecordSetsRequest xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ChangeBatch><Changes><Change><Action>UPSERT</Action><ResourceRecordSet><Name>_acme-challenge.36.mydomain.com</Name><Type>TXT</Type><TTL>300</TTL><ResourceRecords><ResourceRecord><Value>"oZeteJNyKoxq-6xnO1Zmi78bFWdSzt-Cc_bEPwiP5Ls"</Value></ResourceRecord></ResourceRecordSet> and all row my zone
Response error:<?xml version="1.0"?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><Error><Type>Sender</Type><Code>MalformedInput</Code><Message>Could not parse XML</Message></Error><RequestId>475f5484-10cd-11e8-8843-1956ce9b3480</RequestId></ErrorResponse>
Error add txt for domain:_acme-challenge.35.mydomain.com
Interesting. It works for me.
Please report bug on github. And paste full log with “—debug 2”
I will fix soon.
I did write on issues/1262
Hi @Neilpang, by any chance to you have any pointer regarding that issue?
what issue ? The issue 1262 was already fixed.
The issue regarding “Le_OrderFinalize not found” mentioned in the follow posts:
I will try with the latest version and let you know.
@dangtrungluong ACMEv2/Wildcard support is in beta and not issuing real certificates yet:
I'll add a note about this to the original post.
I just read this today that Let’s Encrypt support for wildcard is already available: ACME v2 Production Environment & Wildcards
Hopefully, acme.sh will also start its full support for this from now on.
It already does, I believe.
Well, if acme.sh already start its full support, I wonder why I can’t seem to get it to work in my ISPConfig web server while running the following code:
acme.sh --issue --test -d *.domain.tld --dns dns_ispconfig
Are there any other special steps I need to follow?
Maybe you are not using latest
acme.sh client and you need to upgrade it.
That looks great, @dangtrungluong!
Hello, so getting a wildcard with acme.sh, that seemed pretty straightforward. But, now, I don’t know what to do next. A question for @Neilpang perhaps, but for anyone who has successfully issued this and go tit working:
After the certificates are installed in the hidden directory in my folder, how do I install them to work with my web server? I did the --install-cert command, but it doesn’t seem like anything happened, and, all of my sub domains are “untrusted.” Also, @Neilpang, above you mentioned that I had to do both -d *.mydomain.com and -d mydomain.com were required. However, I had already had a normal certificate issued via certbot. Regardless I issued the command with both and here is the response.
sudo ./acme.sh --issue -d toursoft.co -d '*.toursoft.co' --apache --dns dns_cf
[Mon Apr 9 20:15:11 UTC 2018] Checking if there is an error in the apache config file before starting.
[Mon Apr 9 20:15:11 UTC 2018] OK
[Mon Apr 9 20:15:11 UTC 2018] JFYI, Config file /etc/apache2/apache2.conf is backuped to /home/tbadmin/.acme.sh/apache2.conf
[Mon Apr 9 20:15:11 UTC 2018] In case there is an error that can not be restored automatically, you may try restore it yourself.
[Mon Apr 9 20:15:11 UTC 2018] The backup file will be deleted on success, just forget it.
[Mon Apr 9 20:15:11 UTC 2018] Creating domain key
[Mon Apr 9 20:15:12 UTC 2018] The domain key is here: /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key
[Mon Apr 9 20:15:12 UTC 2018] Multi domain='DNS:toursoft.co,DNS:*.toursoft.co'
[Mon Apr 9 20:15:12 UTC 2018] Getting domain auth token for each domain
[Mon Apr 9 20:15:12 UTC 2018] Getting webroot for domain='toursoft.co'
[Mon Apr 9 20:15:12 UTC 2018] Getting webroot for domain='*.toursoft.co'
[Mon Apr 9 20:15:12 UTC 2018] Verifying:toursoft.co
[Mon Apr 9 20:15:15 UTC 2018] Pending
[Mon Apr 9 20:15:17 UTC 2018] Pending
[Mon Apr 9 20:15:19 UTC 2018] Pending
[Mon Apr 9 20:15:21 UTC 2018] Pending
[Mon Apr 9 20:15:23 UTC 2018] Pending
[Mon Apr 9 20:15:26 UTC 2018] Pending
[Mon Apr 9 20:15:28 UTC 2018] Pending
[Mon Apr 9 20:15:30 UTC 2018] Pending
[Mon Apr 9 20:15:32 UTC 2018] Pending
[Mon Apr 9 20:15:34 UTC 2018] Success
[Mon Apr 9 20:15:34 UTC 2018] *.toursoft.co is already verified, skip dns-01.
[Mon Apr 9 20:15:35 UTC 2018] Verify finished, start to sign.
[Mon Apr 9 20:15:51 UTC 2018] Cert success.
[Mon Apr 9 20:15:51 UTC 2018] Your cert is in /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.cer
[Mon Apr 9 20:15:51 UTC 2018] Your cert key is in /home/tbadmin/.acme.sh/toursoft.co/toursoft.co.key
[Mon Apr 9 20:15:51 UTC 2018] The intermediate CA cert is in /home/tbadmin/.acme.sh/toursoft.co/ca.cer
[Mon Apr 9 20:15:51 UTC 2018] And the full chain certs is there: /home/tbadmin/.acme.sh/toursoft.co/fullchain.cer
So now what do I do? I included --apache in the command and restarted apache, but I’m still getting the not secure error. Do I still have to manually type in --install-cert or manually modify the apache config file? I don’t see any changes that took place.