Acme.Sh with http-01 authentication failing

Help
1

My domain is: walker.mynetgear.com <---actually a buddies domain but I play his IT support person. Yay me!

I ran this command: acme.sh --issue --webroot /srv/http -d walker.mynetgear.com --force --debug

NOTE: When I use the exact same command except with --staging, it works and correctly generates a certificate.
letsdebug.net also comes back OK for http-01 authentication for walker.mynetgear.com

It produced this output:

[Fri Dec 22 21:37:22 CST 2023] Lets find script dir.
[Fri Dec 22 21:37:22 CST 2023] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Dec 22 21:37:22 CST 2023] _script='/root/.acme.sh/acme.sh'
[Fri Dec 22 21:37:22 CST 2023] _script_home='/root/.acme.sh'
[Fri Dec 22 21:37:22 CST 2023] Using config home:/root/.acme.sh
[Fri Dec 22 21:37:22 CST 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Fri Dec 22 21:37:22 CST 2023] Running cmd: issue
[Fri Dec 22 21:37:22 CST 2023] _main_domain='walker.mynetgear.com'
[Fri Dec 22 21:37:22 CST 2023] _alt_domains='no'
[Fri Dec 22 21:37:22 CST 2023] Using config home:/root/.acme.sh
[Fri Dec 22 21:37:22 CST 2023] default_acme_server
[Fri Dec 22 21:37:22 CST 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Dec 22 21:37:22 CST 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri Dec 22 21:37:22 CST 2023] _ACME_SERVER_PATH='v2/DV90'
[Fri Dec 22 21:37:22 CST 2023] DOMAIN_PATH='/root/.acme.sh/walker.mynetgear.com_ecc'
[Fri Dec 22 21:37:22 CST 2023] '/srv/http' does not contain 'dns'
[Fri Dec 22 21:37:22 CST 2023] Le_NextRenewTime='1708396728'
[Fri Dec 22 21:37:22 CST 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Fri Dec 22 21:37:22 CST 2023] _init api for server: https://acme.zerossl.com/v2/DV90
[Fri Dec 22 21:37:22 CST 2023] GET
[Fri Dec 22 21:37:22 CST 2023] url='https://acme.zerossl.com/v2/DV90'
[Fri Dec 22 21:37:22 CST 2023] timeout=
[Fri Dec 22 21:37:22 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.PiBSFt2Gk9  -g '
[Fri Dec 22 21:37:23 CST 2023] ret='0'
[Fri Dec 22 21:37:23 CST 2023] response='{
  "newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
  "newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
  "newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
  "revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
  "keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
  "meta": {
    "termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf",
    "website": "https://zerossl.com",
    "caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
    "externalAccountRequired": true
  }
}'
[Fri Dec 22 21:37:23 CST 2023] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Fri Dec 22 21:37:23 CST 2023] ACME_NEW_AUTHZ
[Fri Dec 22 21:37:23 CST 2023] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Fri Dec 22 21:37:23 CST 2023] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Fri Dec 22 21:37:23 CST 2023] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Fri Dec 22 21:37:23 CST 2023] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf'
[Fri Dec 22 21:37:23 CST 2023] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Fri Dec 22 21:37:24 CST 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Fri Dec 22 21:37:24 CST 2023] _on_before_issue
[Fri Dec 22 21:37:24 CST 2023] _chk_main_domain='walker.mynetgear.com'
[Fri Dec 22 21:37:24 CST 2023] _chk_alt_domains
[Fri Dec 22 21:37:24 CST 2023] '/srv/http' does not contain 'no'
[Fri Dec 22 21:37:24 CST 2023] Le_LocalAddress
[Fri Dec 22 21:37:24 CST 2023] d='walker.mynetgear.com'
[Fri Dec 22 21:37:24 CST 2023] Check for domain='walker.mynetgear.com'
[Fri Dec 22 21:37:24 CST 2023] _currentRoot='/srv/http'
[Fri Dec 22 21:37:24 CST 2023] d
[Fri Dec 22 21:37:24 CST 2023] '/srv/http' does not contain 'apache'
[Fri Dec 22 21:37:24 CST 2023] _saved_account_key_hash='Rvr4PVzOTm4j39oOPPDg0q0oEaBmgsdO/BBZDPxUGJ8='
[Fri Dec 22 21:37:24 CST 2023] _saved_account_key_hash is not changed, skip register account.
[Fri Dec 22 21:37:24 CST 2023] Read key length:ec-256
[Fri Dec 22 21:37:24 CST 2023] _createcsr
[Fri Dec 22 21:37:24 CST 2023] domain='walker.mynetgear.com'
[Fri Dec 22 21:37:24 CST 2023] domainlist
[Fri Dec 22 21:37:24 CST 2023] csrkey='/root/.acme.sh/walker.mynetgear.com_ecc/walker.mynetgear.com.key'
[Fri Dec 22 21:37:24 CST 2023] csr='/root/.acme.sh/walker.mynetgear.com_ecc/walker.mynetgear.com.csr'
[Fri Dec 22 21:37:24 CST 2023] csrconf='/root/.acme.sh/walker.mynetgear.com_ecc/walker.mynetgear.com.csr.conf'
[Fri Dec 22 21:37:24 CST 2023] Single domain='walker.mynetgear.com'
[Fri Dec 22 21:37:24 CST 2023] seg='walker'
[Fri Dec 22 21:37:24 CST 2023] _is_idn_d='walker.mynetgear.com'
[Fri Dec 22 21:37:24 CST 2023] _idn_temp
[Fri Dec 22 21:37:24 CST 2023] _is_idn_d='walker.mynetgear.com'
[Fri Dec 22 21:37:24 CST 2023] _idn_temp
[Fri Dec 22 21:37:24 CST 2023] _csr_cn='walker.mynetgear.com'
[Fri Dec 22 21:37:24 CST 2023] seg='walker'
[Fri Dec 22 21:37:24 CST 2023] Getting domain auth token for each domain
[Fri Dec 22 21:37:24 CST 2023] seg='walker'
[Fri Dec 22 21:37:24 CST 2023] _is_idn_d='walker.mynetgear.com'
[Fri Dec 22 21:37:25 CST 2023] _idn_temp
[Fri Dec 22 21:37:25 CST 2023] d
[Fri Dec 22 21:37:25 CST 2023] _identifiers='{"type":"dns","value":"walker.mynetgear.com"}'
[Fri Dec 22 21:37:25 CST 2023] _notBefore
[Fri Dec 22 21:37:25 CST 2023] _notAfter
[Fri Dec 22 21:37:25 CST 2023] =======Begin Send Signed Request=======
[Fri Dec 22 21:37:25 CST 2023] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Fri Dec 22 21:37:25 CST 2023] payload='{"identifiers": [{"type":"dns","value":"walker.mynetgear.com"}]}'
[Fri Dec 22 21:37:25 CST 2023] EC key
[Fri Dec 22 21:37:25 CST 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Fri Dec 22 21:37:25 CST 2023] HEAD
[Fri Dec 22 21:37:25 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Fri Dec 22 21:37:25 CST 2023] body
[Fri Dec 22 21:37:25 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 21:37:25 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.OjTfvDElVb  -g  -I  '
[Fri Dec 22 21:37:26 CST 2023] _ret='0'
[Fri Dec 22 21:37:26 CST 2023] _headers='HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Dec 2023 03:37:26 GMT
Content-Type: application/octet-stream
Connection: keep-alive
Replay-Nonce: FPprtRMgv2DcRxmnY9xXPoJc0Cu81l1Uo8ILBkmi8LA
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Strict-Transport-Security: max-age=15724800; includeSubDomains
'
[Fri Dec 22 21:37:26 CST 2023] _CACHED_NONCE='FPprtRMgv2DcRxmnY9xXPoJc0Cu81l1Uo8ILBkmi8LA'
[Fri Dec 22 21:37:26 CST 2023] nonce='FPprtRMgv2DcRxmnY9xXPoJc0Cu81l1Uo8ILBkmi8LA'
[Fri Dec 22 21:37:26 CST 2023] POST
[Fri Dec 22 21:37:26 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Fri Dec 22 21:37:26 CST 2023] body='{"protected": "eyJub25jZSI6ICJGUHBydFJNZ3YyRGNSeG1uWTl4WFBvSmMwQ3U4MWwxVW84SUxCa21pOExBIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9uZXdPcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS56ZXJvc3NsLmNvbS92Mi9EVjkwL2FjY291bnQvaVRYb3NlSWpuM09fdjJjM2xXNkZGdyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IndhbGtlci5teW5ldGdlYXIuY29tIn1dfQ", "signature": "kUBY2Em19J30lhNqAfw3VuOkZ0t7etkS-KeJPypWSWCShGflcqtDIdC8CoBWC_T0jmLaMe7LBxjzXBs-twRQyA"}'
[Fri Dec 22 21:37:26 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 21:37:26 CST 2023] Http already initialized.
[Fri Dec 22 21:37:26 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.OjTfvDElVb  -g '
[Fri Dec 22 21:38:10 CST 2023] _ret='0'
[Fri Dec 22 21:38:10 CST 2023] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Date: Sat, 23 Dec 2023 03:38:10 GMT
Content-Type: application/json
Content-Length: 282
Connection: keep-alive
Replay-Nonce: _AHjFznIgN5boFEu1Zw_6ZowAsvKppO9am70FSV8lQQ
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Origin: *
Location: https://acme.zerossl.com/v2/DV90/order/D4fWyR-0wSWrt0YAxbG65Q
Strict-Transport-Security: max-age=15724800; includeSubDomains
'
[Fri Dec 22 21:38:10 CST 2023] code='201'
[Fri Dec 22 21:38:10 CST 2023] original='{"status":"pending","expires":"2024-03-21T04:05:56Z","identifiers":[{"type":"dns","value":"walker.mynetgear.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg"],"finalize":"https://acme.zerossl.com/v2/DV90/order/D4fWyR-0wSWrt0YAxbG65Q/finalize"}'
[Fri Dec 22 21:38:10 CST 2023] response='{"status":"pending","expires":"2024-03-21T04:05:56Z","identifiers":[{"type":"dns","value":"walker.mynetgear.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg"],"finalize":"https://acme.zerossl.com/v2/DV90/order/D4fWyR-0wSWrt0YAxbG65Q/finalize"}'
[Fri Dec 22 21:38:10 CST 2023] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/D4fWyR-0wSWrt0YAxbG65Q'
[Fri Dec 22 21:38:10 CST 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/D4fWyR-0wSWrt0YAxbG65Q/finalize'
[Fri Dec 22 21:38:10 CST 2023] _authorizations_seg='https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg'
[Fri Dec 22 21:38:10 CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg'
[Fri Dec 22 21:38:10 CST 2023] =======Begin Send Signed Request=======
[Fri Dec 22 21:38:10 CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg'
[Fri Dec 22 21:38:10 CST 2023] payload
[Fri Dec 22 21:38:10 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Fri Dec 22 21:38:10 CST 2023] Use _CACHED_NONCE='_AHjFznIgN5boFEu1Zw_6ZowAsvKppO9am70FSV8lQQ'
[Fri Dec 22 21:38:10 CST 2023] nonce='_AHjFznIgN5boFEu1Zw_6ZowAsvKppO9am70FSV8lQQ'
[Fri Dec 22 21:38:10 CST 2023] POST
[Fri Dec 22 21:38:10 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg'
[Fri Dec 22 21:38:10 CST 2023] body='{"protected": "eyJub25jZSI6ICJfQUhqRnpuSWdONWJvRkV1MVp3XzZab3dBc3ZLcHBPOWFtNzBGU1Y4bFFRIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9aS1BfbFlWaHZheVNGV0VlbEZXdWNnIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9pVFhvc2VJam4zT192MmMzbFc2RkZ3In0", "payload": "", "signature": "1t7yJOdZ2zYAy-v45QfPP12vfiU3etHB_YBD0MOO4h_iTwQBAyIiZqO_9kbvmGL_wTgHHkhvQHTgoXYP2c3fFg"}'
[Fri Dec 22 21:38:10 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 21:38:10 CST 2023] Http already initialized.
[Fri Dec 22 21:38:10 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.OjTfvDElVb  -g '
[Fri Dec 22 21:38:11 CST 2023] _ret='0'
[Fri Dec 22 21:38:11 CST 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Dec 2023 03:38:11 GMT
Content-Type: application/json
Content-Length: 300
Connection: keep-alive
Replay-Nonce: ScurW-CoxpT5oBS2WzjNRytmgfnE-qqE5Jp1qJgmVIs
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Retry-After: 86400
Strict-Transport-Security: max-age=15724800; includeSubDomains
'
[Fri Dec 22 21:38:11 CST 2023] code='200'
[Fri Dec 22 21:38:11 CST 2023] original='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2024-01-21T04:05:56Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/RjPCAFW8Qzcb_GglsKG0ww","status":"invalid","error":{},"token":"trcGzO5wtWXx6JCvFDAgNigXfeYskLORGk77OafD2Nc"}]}'
[Fri Dec 22 21:38:11 CST 2023] response='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2024-01-21T04:05:56Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/RjPCAFW8Qzcb_GglsKG0ww","status":"invalid","error":{},"token":"trcGzO5wtWXx6JCvFDAgNigXfeYskLORGk77OafD2Nc"}]}'
[Fri Dec 22 21:38:11 CST 2023] response='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2024-01-21T04:05:56Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/RjPCAFW8Qzcb_GglsKG0ww","status":"invalid","error":{},"token":"trcGzO5wtWXx6JCvFDAgNigXfeYskLORGk77OafD2Nc"}]}'
[Fri Dec 22 21:38:11 CST 2023] _d='walker.mynetgear.com'
[Fri Dec 22 21:38:11 CST 2023] _authorizations_map='walker.mynetgear.com,{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2024-01-21T04:05:56Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/RjPCAFW8Qzcb_GglsKG0ww","status":"invalid","error":{},"token":"trcGzO5wtWXx6JCvFDAgNigXfeYskLORGk77OafD2Nc"}]}#https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg
'
[Fri Dec 22 21:38:11 CST 2023] d='walker.mynetgear.com'
[Fri Dec 22 21:38:11 CST 2023] Getting webroot for domain='walker.mynetgear.com'
[Fri Dec 22 21:38:11 CST 2023] _w='/srv/http'
[Fri Dec 22 21:38:11 CST 2023] _currentRoot='/srv/http'
[Fri Dec 22 21:38:11 CST 2023] _is_idn_d='walker.mynetgear.com'
[Fri Dec 22 21:38:11 CST 2023] _idn_temp
[Fri Dec 22 21:38:11 CST 2023] _candidates='walker.mynetgear.com,{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2024-01-21T04:05:56Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/RjPCAFW8Qzcb_GglsKG0ww","status":"invalid","error":{},"token":"trcGzO5wtWXx6JCvFDAgNigXfeYskLORGk77OafD2Nc"}]}#https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg'
[Fri Dec 22 21:38:11 CST 2023] response='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2024-01-21T04:05:56Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/RjPCAFW8Qzcb_GglsKG0ww","status":"invalid","error":{},"token":"trcGzO5wtWXx6JCvFDAgNigXfeYskLORGk77OafD2Nc"}]}#https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg'
[Fri Dec 22 21:38:11 CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/ZKP_lYVhvaySFWEelFWucg'
[Fri Dec 22 21:38:12 CST 2023] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/RjPCAFW8Qzcb_GglsKG0ww","status":"invalid","error":{'
[Fri Dec 22 21:38:12 CST 2023] token
[Fri Dec 22 21:38:12 CST 2023] Error, can not get domain token "type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/RjPCAFW8Qzcb_GglsKG0ww","status":"invalid","error":{
[Fri Dec 22 21:38:12 CST 2023] pid
[Fri Dec 22 21:38:12 CST 2023] No need to restore nginx, skip.
[Fri Dec 22 21:38:12 CST 2023] _clearupdns
[Fri Dec 22 21:38:12 CST 2023] dns_entries
[Fri Dec 22 21:38:12 CST 2023] skip dns.
[Fri Dec 22 21:38:12 CST 2023] _on_issue_err
[Fri Dec 22 21:38:12 CST 2023] Please add '--debug' or '--log' to check more details.
[Fri Dec 22 21:38:12 CST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Fri Dec 22 21:38:12 CST 2023] _chk_vlist
[Fri Dec 22 21:38:12 CST 2023] socat doesn't exist.
[Fri Dec 22 21:38:12 CST 2023] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2g  1 Mar 2016 (Library: OpenSSL 1.0.2q  20 Nov 2018)
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:

My web server is (include version): Apache/2.4.18 (Unix)

Server version: Apache/2.4.18 (Unix)
Server built:   Mar  6 2016 10:33:47
Server's Module Magic Number: 20120211:52
Server loaded:  APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture:   32-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/bin/suexec"
 -D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

The operating system my web server runs on is (include version):

Operating System: Arch Linux ARM
Kernel: Linux 5.4.75-1-ARCH
Architecture: arm

My hosting provider, if applicable, is: N/A, on prem/home-setup

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): acme.sh 3.0.8

2

By default, acme.sh uses ZeroSSL as your Certificate Authority. When you specify "staging" you are using the Let's Encrypt staging system. Yes, I know that is not at all intuitive :slight_smile:

I don't know why ZeroSSL fails but this isn't their support forum in any case.

You can follow the instructions below to set Let's Encrypt as your default CA

5 Likes
3

Hi @BrianEarlSpilner, and welcome to the LE community forum :slight_smile:

Please don't use that without an actual need.

4 Likes
4

Are you sure that is the correct webroot for that FQDN?

Are you sure there are no name:port overlaps?

3 Likes
5

Awesome,

Thank you for the assist. I was certainly feeling a little odd about visiting this forum for a ZeroSSL issue. TBH, in the past I have used Certbot without much issue, but I had a heck of a time trying to install it on Arch Linux, something about Yay and Go and issues running makepkg -si, but I digress.

Here is the output from running the same command with --server letsencrypt

[Fri Dec 22 22:38:47 CST 2023] _selectServer try snames='zerossl.com,zerossl'
[Fri Dec 22 22:38:47 CST 2023] _selectServer try snames='letsencrypt.org,letsencrypt'
[Fri Dec 22 22:38:47 CST 2023] _selectServer match letsencrypt
[Fri Dec 22 22:38:47 CST 2023] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 22 22:38:47 CST 2023] Lets find script dir.
[Fri Dec 22 22:38:47 CST 2023] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Dec 22 22:38:48 CST 2023] _script='/root/.acme.sh/acme.sh'
[Fri Dec 22 22:38:48 CST 2023] _script_home='/root/.acme.sh'
[Fri Dec 22 22:38:48 CST 2023] Using config home:/root/.acme.sh
[Fri Dec 22 22:38:48 CST 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Fri Dec 22 22:38:48 CST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 22 22:38:48 CST 2023] Running cmd: issue
[Fri Dec 22 22:38:48 CST 2023] _main_domain='walker.mynetgear.com'
[Fri Dec 22 22:38:48 CST 2023] _alt_domains='no'
[Fri Dec 22 22:38:48 CST 2023] Using config home:/root/.acme.sh
[Fri Dec 22 22:38:48 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Dec 22 22:38:48 CST 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri Dec 22 22:38:48 CST 2023] _ACME_SERVER_PATH='directory'
[Fri Dec 22 22:38:48 CST 2023] DOMAIN_PATH='/root/.acme.sh/walker.mynetgear.com_ecc'
[Fri Dec 22 22:38:48 CST 2023] '/srv/http' does not contain 'dns'
[Fri Dec 22 22:38:48 CST 2023] Le_NextRenewTime='1708396728'
[Fri Dec 22 22:38:48 CST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 22 22:38:48 CST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 22 22:38:48 CST 2023] GET
[Fri Dec 22 22:38:48 CST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri Dec 22 22:38:48 CST 2023] timeout=
[Fri Dec 22 22:38:48 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.7aNfiu1nd4  -g '
[Fri Dec 22 22:38:48 CST 2023] ret='0'
[Fri Dec 22 22:38:48 CST 2023] response='{
  "i4ujK8LFsek": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri Dec 22 22:38:48 CST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri Dec 22 22:38:48 CST 2023] ACME_NEW_AUTHZ
[Fri Dec 22 22:38:49 CST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Dec 22 22:38:49 CST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri Dec 22 22:38:49 CST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri Dec 22 22:38:49 CST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Fri Dec 22 22:38:49 CST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Dec 22 22:38:49 CST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Dec 22 22:38:49 CST 2023] _on_before_issue
[Fri Dec 22 22:38:49 CST 2023] _chk_main_domain='walker.mynetgear.com'
[Fri Dec 22 22:38:49 CST 2023] _chk_alt_domains
[Fri Dec 22 22:38:49 CST 2023] '/srv/http' does not contain 'no'
[Fri Dec 22 22:38:49 CST 2023] Le_LocalAddress
[Fri Dec 22 22:38:49 CST 2023] d='walker.mynetgear.com'
[Fri Dec 22 22:38:49 CST 2023] Check for domain='walker.mynetgear.com'
[Fri Dec 22 22:38:49 CST 2023] _currentRoot='/srv/http'
[Fri Dec 22 22:38:49 CST 2023] d
[Fri Dec 22 22:38:49 CST 2023] '/srv/http' does not contain 'apache'
[Fri Dec 22 22:38:49 CST 2023] _saved_account_key_hash='76ej0jgkbC9IbJ/fYrjfUiMtv7VJXmBhF2Sonvrx5bc='
[Fri Dec 22 22:38:49 CST 2023] _saved_account_key_hash is not changed, skip register account.
[Fri Dec 22 22:38:49 CST 2023] Read key length:ec-256
[Fri Dec 22 22:38:49 CST 2023] _createcsr
[Fri Dec 22 22:38:49 CST 2023] domain='walker.mynetgear.com'
[Fri Dec 22 22:38:49 CST 2023] domainlist
[Fri Dec 22 22:38:49 CST 2023] csrkey='/root/.acme.sh/walker.mynetgear.com_ecc/walker.mynetgear.com.key'
[Fri Dec 22 22:38:49 CST 2023] csr='/root/.acme.sh/walker.mynetgear.com_ecc/walker.mynetgear.com.csr'
[Fri Dec 22 22:38:49 CST 2023] csrconf='/root/.acme.sh/walker.mynetgear.com_ecc/walker.mynetgear.com.csr.conf'
[Fri Dec 22 22:38:49 CST 2023] Single domain='walker.mynetgear.com'
[Fri Dec 22 22:38:49 CST 2023] seg='walker'
[Fri Dec 22 22:38:49 CST 2023] _is_idn_d='walker.mynetgear.com'
[Fri Dec 22 22:38:50 CST 2023] _idn_temp
[Fri Dec 22 22:38:50 CST 2023] _is_idn_d='walker.mynetgear.com'
[Fri Dec 22 22:38:50 CST 2023] _idn_temp
[Fri Dec 22 22:38:50 CST 2023] _csr_cn='walker.mynetgear.com'
[Fri Dec 22 22:38:50 CST 2023] seg='walker'
[Fri Dec 22 22:38:50 CST 2023] Getting domain auth token for each domain
[Fri Dec 22 22:38:50 CST 2023] seg='walker'
[Fri Dec 22 22:38:50 CST 2023] _is_idn_d='walker.mynetgear.com'
[Fri Dec 22 22:38:50 CST 2023] _idn_temp
[Fri Dec 22 22:38:50 CST 2023] d
[Fri Dec 22 22:38:50 CST 2023] _identifiers='{"type":"dns","value":"walker.mynetgear.com"}'
[Fri Dec 22 22:38:50 CST 2023] _notBefore
[Fri Dec 22 22:38:50 CST 2023] _notAfter
[Fri Dec 22 22:38:50 CST 2023] =======Begin Send Signed Request=======
[Fri Dec 22 22:38:50 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Dec 22 22:38:50 CST 2023] payload='{"identifiers": [{"type":"dns","value":"walker.mynetgear.com"}]}'
[Fri Dec 22 22:38:50 CST 2023] EC key
[Fri Dec 22 22:38:50 CST 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Dec 22 22:38:50 CST 2023] HEAD
[Fri Dec 22 22:38:50 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Dec 22 22:38:50 CST 2023] body
[Fri Dec 22 22:38:50 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 22:38:51 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.sx4jPje6e1  -g  -I  '
[Fri Dec 22 22:38:51 CST 2023] _ret='0'
[Fri Dec 22 22:38:51 CST 2023] _headers='HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Dec 2023 04:38:51 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: zXX7izQwlDBVhHOF1J-23ZZnuJxEPBj_uTQGFSNgzBX4o5PHP58
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Fri Dec 22 22:38:51 CST 2023] _CACHED_NONCE='zXX7izQwlDBVhHOF1J-23ZZnuJxEPBj_uTQGFSNgzBX4o5PHP58'
[Fri Dec 22 22:38:51 CST 2023] nonce='zXX7izQwlDBVhHOF1J-23ZZnuJxEPBj_uTQGFSNgzBX4o5PHP58'
[Fri Dec 22 22:38:51 CST 2023] POST
[Fri Dec 22 22:38:51 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Dec 22 22:38:51 CST 2023] body='{"protected": "eyJub25jZSI6ICJ6WFg3aXpRd2xEQlZoSE9GMUotMjNaWm51SnhFUEJqX3VUUUdGU05nekJYNG81UEhQNTgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ3OTgyOTYyNiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IndhbGtlci5teW5ldGdlYXIuY29tIn1dfQ", "signature": "COQ86JprakopeLX56Bw0vaqR96KTEoSWRP0Wf0cdr3NoBnng-QRiLmZA4zXk0TsHJfLu-_c4fyZ3xl26T9ZqMQ"}'
[Fri Dec 22 22:38:51 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 22:38:51 CST 2023] Http already initialized.
[Fri Dec 22 22:38:51 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.sx4jPje6e1  -g '
[Fri Dec 22 22:38:52 CST 2023] _ret='0'
[Fri Dec 22 22:38:52 CST 2023] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Date: Sat, 23 Dec 2023 04:38:52 GMT
Content-Type: application/json
Content-Length: 346
Connection: keep-alive
Boulder-Requester: 1479829626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1479829626/231217934936
Replay-Nonce: xavOoKHv1-ILoKwDGSdcHyxby4rpb_FCYsFpte81YxMTe4J4iDI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Fri Dec 22 22:38:52 CST 2023] code='201'
[Fri Dec 22 22:38:52 CST 2023] original='{
  "status": "pending",
  "expires": "2023-12-30T04:38:52Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "walker.mynetgear.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1479829626/231217934936"
}'
[Fri Dec 22 22:38:52 CST 2023] response='{"status":"pending","expires":"2023-12-30T04:38:52Z","identifiers":[{"type":"dns","value":"walker.mynetgear.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1479829626/231217934936"}'
[Fri Dec 22 22:38:52 CST 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1479829626/231217934936'
[Fri Dec 22 22:38:52 CST 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1479829626/231217934936'
[Fri Dec 22 22:38:52 CST 2023] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:52 CST 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:52 CST 2023] =======Begin Send Signed Request=======
[Fri Dec 22 22:38:52 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:52 CST 2023] payload
[Fri Dec 22 22:38:52 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri Dec 22 22:38:52 CST 2023] Use _CACHED_NONCE='xavOoKHv1-ILoKwDGSdcHyxby4rpb_FCYsFpte81YxMTe4J4iDI'
[Fri Dec 22 22:38:52 CST 2023] nonce='xavOoKHv1-ILoKwDGSdcHyxby4rpb_FCYsFpte81YxMTe4J4iDI'
[Fri Dec 22 22:38:52 CST 2023] POST
[Fri Dec 22 22:38:52 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:53 CST 2023] body='{"protected": "eyJub25jZSI6ICJ4YXZPb0tIdjEtSUxvS3dER1NkY0h5eGJ5NHJwYl9GQ1lzRnB0ZTgxWXhNVGU0SjRpREkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI5NjQ2NzQ4MjYxNiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ3OTgyOTYyNiJ9", "payload": "", "signature": "OqJf2qC9-pZ6DlFZ3IfwALgT1qdA5GCC03fneVwakexZJOt_o4tjrAdI0p7JVdrlzKMOSfEg5uutE9KZ9p7J6g"}'
[Fri Dec 22 22:38:53 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 22:38:53 CST 2023] Http already initialized.
[Fri Dec 22 22:38:53 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.sx4jPje6e1  -g '
[Fri Dec 22 22:38:53 CST 2023] _ret='0'
[Fri Dec 22 22:38:53 CST 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Dec 2023 04:38:53 GMT
Content-Type: application/json
Content-Length: 804
Connection: keep-alive
Boulder-Requester: 1479829626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: T8gQgmcoNX3IBnEk9pr5oxSFG1W2ji3r-Tfpmpuj3UP9RWIny5c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Fri Dec 22 22:38:53 CST 2023] code='200'
[Fri Dec 22 22:38:53 CST 2023] original='{
  "identifier": {
    "type": "dns",
    "value": "walker.mynetgear.com"
  },
  "status": "pending",
  "expires": "2023-12-30T04:38:52Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg",
      "token": "ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/CYdq9Q",
      "token": "ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/VOIxvQ",
      "token": "ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"
    }
  ]
}'
[Fri Dec 22 22:38:53 CST 2023] response='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"pending","expires":"2023-12-30T04:38:52Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/CYdq9Q","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/VOIxvQ","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"}]}'
[Fri Dec 22 22:38:53 CST 2023] response='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"pending","expires":"2023-12-30T04:38:52Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/CYdq9Q","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/VOIxvQ","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"}]}'
[Fri Dec 22 22:38:53 CST 2023] _d='walker.mynetgear.com'
[Fri Dec 22 22:38:53 CST 2023] _authorizations_map='walker.mynetgear.com,{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"pending","expires":"2023-12-30T04:38:52Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/CYdq9Q","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/VOIxvQ","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616
'
[Fri Dec 22 22:38:53 CST 2023] d='walker.mynetgear.com'
[Fri Dec 22 22:38:53 CST 2023] Getting webroot for domain='walker.mynetgear.com'
[Fri Dec 22 22:38:53 CST 2023] _w='/srv/http'
[Fri Dec 22 22:38:53 CST 2023] _currentRoot='/srv/http'
[Fri Dec 22 22:38:53 CST 2023] _is_idn_d='walker.mynetgear.com'
[Fri Dec 22 22:38:53 CST 2023] _idn_temp
[Fri Dec 22 22:38:53 CST 2023] _candidates='walker.mynetgear.com,{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"pending","expires":"2023-12-30T04:38:52Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/CYdq9Q","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/VOIxvQ","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:53 CST 2023] response='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"pending","expires":"2023-12-30T04:38:52Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/CYdq9Q","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/VOIxvQ","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:53 CST 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:53 CST 2023] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"'
[Fri Dec 22 22:38:53 CST 2023] token='ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY'
[Fri Dec 22 22:38:53 CST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg'
[Fri Dec 22 22:38:53 CST 2023] keyauthorization='ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY.BYa-DAHGGQAbRhG-ztat5jPSpHOAJ0vb5Q7WDcpWoAc'
[Fri Dec 22 22:38:53 CST 2023] dvlist='walker.mynetgear.com#ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY.BYa-DAHGGQAbRhG-ztat5jPSpHOAJ0vb5Q7WDcpWoAc#https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg#http-01#/srv/http#https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:54 CST 2023] d
[Fri Dec 22 22:38:54 CST 2023] vlist='walker.mynetgear.com#ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY.BYa-DAHGGQAbRhG-ztat5jPSpHOAJ0vb5Q7WDcpWoAc#https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg#http-01#/srv/http#https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616,'
[Fri Dec 22 22:38:54 CST 2023] d='walker.mynetgear.com'
[Fri Dec 22 22:38:54 CST 2023] ok, let's start to verify
[Fri Dec 22 22:38:54 CST 2023] Verifying: walker.mynetgear.com
[Fri Dec 22 22:38:54 CST 2023] d='walker.mynetgear.com'
[Fri Dec 22 22:38:54 CST 2023] keyauthorization='ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY.BYa-DAHGGQAbRhG-ztat5jPSpHOAJ0vb5Q7WDcpWoAc'
[Fri Dec 22 22:38:54 CST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg'
[Fri Dec 22 22:38:54 CST 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:54 CST 2023] _currentRoot='/srv/http'
[Fri Dec 22 22:38:54 CST 2023] wellknown_path='/srv/http/.well-known/acme-challenge'
[Fri Dec 22 22:38:54 CST 2023] writing token:ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY to /srv/http/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY
[Fri Dec 22 22:38:54 CST 2023] Trigger domain validation.
[Fri Dec 22 22:38:54 CST 2023] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg'
[Fri Dec 22 22:38:54 CST 2023] _t_key_authz='ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY.BYa-DAHGGQAbRhG-ztat5jPSpHOAJ0vb5Q7WDcpWoAc'
[Fri Dec 22 22:38:54 CST 2023] _t_vtype='http-01'
[Fri Dec 22 22:38:54 CST 2023] =======Begin Send Signed Request=======
[Fri Dec 22 22:38:54 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg'
[Fri Dec 22 22:38:54 CST 2023] payload='{}'
[Fri Dec 22 22:38:54 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri Dec 22 22:38:54 CST 2023] Use _CACHED_NONCE='T8gQgmcoNX3IBnEk9pr5oxSFG1W2ji3r-Tfpmpuj3UP9RWIny5c'
[Fri Dec 22 22:38:54 CST 2023] nonce='T8gQgmcoNX3IBnEk9pr5oxSFG1W2ji3r-Tfpmpuj3UP9RWIny5c'
[Fri Dec 22 22:38:54 CST 2023] POST
[Fri Dec 22 22:38:54 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg'
[Fri Dec 22 22:38:54 CST 2023] body='{"protected": "eyJub25jZSI6ICJUOGdRZ21jb05YM0lCbkVrOXByNW94U0ZHMVcyamkzci1UZnBtcHVqM1VQOVJXSW55NWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5NjQ2NzQ4MjYxNi95R2paRWciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0Nzk4Mjk2MjYifQ", "payload": "e30", "signature": "EW3WaokpRRT8WKj-SdCfAZRi3AlT_GaUJEG39OksATT3a4ovSio4rz4cCqI9Dl_1TVwyPRmgn-dytzfTX8CkTw"}'
[Fri Dec 22 22:38:54 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 22:38:54 CST 2023] Http already initialized.
[Fri Dec 22 22:38:54 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.sx4jPje6e1  -g '
[Fri Dec 22 22:38:55 CST 2023] _ret='0'
[Fri Dec 22 22:38:55 CST 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Dec 2023 04:38:55 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1479829626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg
Replay-Nonce: T8gQgmcotVjCf7LrrZUzUuSXagWW8VcGVmHcGKNtmi5VJY78-_Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Fri Dec 22 22:38:55 CST 2023] code='200'
[Fri Dec 22 22:38:55 CST 2023] original='{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg",
  "token": "ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"
}'
[Fri Dec 22 22:38:55 CST 2023] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"}'
[Fri Dec 22 22:38:55 CST 2023] trigger validation code: 200
[Fri Dec 22 22:38:55 CST 2023] Lets check the status of the authz
[Fri Dec 22 22:38:55 CST 2023] original='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"}'
[Fri Dec 22 22:38:55 CST 2023] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY"}'
[Fri Dec 22 22:38:55 CST 2023] status='pending'
[Fri Dec 22 22:38:55 CST 2023] Pending, The CA is processing your order, please just wait. (1/30)
[Fri Dec 22 22:38:55 CST 2023] sleep 2 secs to verify again
[Fri Dec 22 22:38:58 CST 2023] checking
[Fri Dec 22 22:38:58 CST 2023] =======Begin Send Signed Request=======
[Fri Dec 22 22:38:58 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:58 CST 2023] payload
[Fri Dec 22 22:38:58 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri Dec 22 22:38:58 CST 2023] Use _CACHED_NONCE='T8gQgmcotVjCf7LrrZUzUuSXagWW8VcGVmHcGKNtmi5VJY78-_Y'
[Fri Dec 22 22:38:58 CST 2023] nonce='T8gQgmcotVjCf7LrrZUzUuSXagWW8VcGVmHcGKNtmi5VJY78-_Y'
[Fri Dec 22 22:38:58 CST 2023] POST
[Fri Dec 22 22:38:58 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616'
[Fri Dec 22 22:38:58 CST 2023] body='{"protected": "eyJub25jZSI6ICJUOGdRZ21jb3RWakNmN0xyclpVelV1U1hhZ1dXOFZjR1ZtSGNHS050bWk1VkpZNzgtX1kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI5NjQ2NzQ4MjYxNiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ3OTgyOTYyNiJ9", "payload": "", "signature": "f_zUfWI1irTsJBSF-8qfPqhqdgaNoSfQy1YGn1YUEP1LUj41TrI6jbJuPKFAvWn_fURDBCKZ5lfkt_y2uRRJ_A"}'
[Fri Dec 22 22:38:58 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 22:38:58 CST 2023] Http already initialized.
[Fri Dec 22 22:38:58 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.sx4jPje6e1  -g '
[Fri Dec 22 22:38:59 CST 2023] _ret='0'
[Fri Dec 22 22:38:59 CST 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Sat, 23 Dec 2023 04:38:59 GMT
Content-Type: application/json
Content-Length: 1048
Connection: keep-alive
Boulder-Requester: 1479829626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: I5zfHDkY3c17egwjajcxsJk7BfedGmqsCMC6sk3I5b1ePBg9STs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
'
[Fri Dec 22 22:38:59 CST 2023] code='200'
[Fri Dec 22 22:38:59 CST 2023] original='{
  "identifier": {
    "type": "dns",
    "value": "walker.mynetgear.com"
  },
  "status": "invalid",
  "expires": "2023-12-30T04:38:52Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "209.44.220.43: Invalid response from http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg",
      "token": "ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY",
      "validationRecord": [
        {
          "url": "http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY",
          "hostname": "walker.mynetgear.com",
          "port": "80",
          "addressesResolved": [
            "209.44.220.43"
          ],
          "addressUsed": "209.44.220.43"
        }
      ],
      "validated": "2023-12-23T04:38:55Z"
    }
  ]
}'
[Fri Dec 22 22:38:59 CST 2023] response='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2023-12-30T04:38:52Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"209.44.220.43: Invalid response from http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY","validationRecord":[{"url":"http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY","hostname":"walker.mynetgear.com","port":"80","addressesResolved":["209.44.220.43"],"addressUsed":"209.44.220.43"}],"validated":"2023-12-23T04:38:55Z"}]}'
[Fri Dec 22 22:38:59 CST 2023] original='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2023-12-30T04:38:52Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"209.44.220.43: Invalid response from http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY","validationRecord":[{"url":"http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY","hostname":"walker.mynetgear.com","port":"80","addressesResolved":["209.44.220.43"],"addressUsed":"209.44.220.43"}],"validated":"2023-12-23T04:38:55Z"}]}'
[Fri Dec 22 22:38:59 CST 2023] response='{"identifier":{"type":"dns","value":"walker.mynetgear.com"},"status":"invalid","expires":"2023-12-30T04:38:52Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"209.44.220.43: Invalid response from http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg","token":"ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY","validationRecord":[{"url":"http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY","hostname":"walker.mynetgear.com","port":"80","addressesResolved":["209.44.220.43"],"addressUsed":"209.44.220.43"}],"validated":"2023-12-23T04:38:55Z"}]}'
[Fri Dec 22 22:38:59 CST 2023] status='invalid
invalid'
[Fri Dec 22 22:38:59 CST 2023] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"209.44.220.43: Invalid response from http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY: 404","status": 403'
[Fri Dec 22 22:38:59 CST 2023] errordetail='209.44.220.43: Invalid response from http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY: 404'
[Fri Dec 22 22:38:59 CST 2023] Invalid status, walker.mynetgear.com:Verify error detail:209.44.220.43: Invalid response from http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY: 404
[Fri Dec 22 22:38:59 CST 2023] Debug: get token url.
[Fri Dec 22 22:38:59 CST 2023] GET
[Fri Dec 22 22:38:59 CST 2023] url='http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY'
[Fri Dec 22 22:38:59 CST 2023] timeout=1
[Fri Dec 22 22:38:59 CST 2023] Http already initialized.
[Fri Dec 22 22:38:59 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.sx4jPje6e1  -g  --connect-timeout 1'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Object not found!</title>
<link rev="made" href="mailto:you@example.com" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/
    body { color: #000000; background-color: #FFFFFF; }
    a:link { color: #0000CC; }
    p, address {margin-left: 3em;}
    span {font-size: smaller;}
/*]]>*/--></style>
</head>

<body>
<h1>Object not found!</h1>
<p>


    The requested URL was not found on this server.



    If you entered the URL manually please check your
    spelling and try again.



</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:you@example.com">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
  <a href="/">walker.mynetgear.com</a><br />
  <span>Apache/2.4.18 (Unix) OpenSSL/1.0.2q PHP/7.0.4</span>
</address>
</body>
</html>

[Fri Dec 22 22:38:59 CST 2023] ret='0'
[Fri Dec 22 22:38:59 CST 2023] Debugging, skip removing: /srv/http/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY
[Fri Dec 22 22:38:59 CST 2023] pid
[Fri Dec 22 22:38:59 CST 2023] No need to restore nginx, skip.
[Fri Dec 22 22:38:59 CST 2023] _clearupdns
[Fri Dec 22 22:38:59 CST 2023] dns_entries
[Fri Dec 22 22:38:59 CST 2023] skip dns.
[Fri Dec 22 22:38:59 CST 2023] _on_issue_err
[Fri Dec 22 22:38:59 CST 2023] Please add '--debug' or '--log' to check more details.
[Fri Dec 22 22:38:59 CST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Fri Dec 22 22:38:59 CST 2023] _chk_vlist='walker.mynetgear.com#ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY.BYa-DAHGGQAbRhG-ztat5jPSpHOAJ0vb5Q7WDcpWoAc#https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg#http-01#/srv/http#https://acme-v02.api.letsencrypt.org/acme/authz-v3/296467482616,'
[Fri Dec 22 22:38:59 CST 2023] start to deactivate authz
[Fri Dec 22 22:39:00 CST 2023] Trigger domain validation.
[Fri Dec 22 22:39:00 CST 2023] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg'
[Fri Dec 22 22:39:00 CST 2023] _t_key_authz='ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY.BYa-DAHGGQAbRhG-ztat5jPSpHOAJ0vb5Q7WDcpWoAc'
[Fri Dec 22 22:39:00 CST 2023] _t_vtype
[Fri Dec 22 22:39:00 CST 2023] =======Begin Send Signed Request=======
[Fri Dec 22 22:39:00 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg'
[Fri Dec 22 22:39:00 CST 2023] payload='{}'
[Fri Dec 22 22:39:00 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri Dec 22 22:39:00 CST 2023] Use _CACHED_NONCE='I5zfHDkY3c17egwjajcxsJk7BfedGmqsCMC6sk3I5b1ePBg9STs'
[Fri Dec 22 22:39:00 CST 2023] nonce='I5zfHDkY3c17egwjajcxsJk7BfedGmqsCMC6sk3I5b1ePBg9STs'
[Fri Dec 22 22:39:00 CST 2023] POST
[Fri Dec 22 22:39:00 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/296467482616/yGjZEg'
[Fri Dec 22 22:39:00 CST 2023] body='{"protected": "eyJub25jZSI6ICJJNXpmSERrWTNjMTdlZ3dqYWpjeHNKazdCZmVkR21xc0NNQzZzazNJNWIxZVBCZzlTVHMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5NjQ2NzQ4MjYxNi95R2paRWciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0Nzk4Mjk2MjYifQ", "payload": "e30", "signature": "NvF-bOa-NfeeIVj4Bja1mH3g4XAXMPUC_LXa6yOPJ08cp8e52YGw0r-73aO3_z0-R-MF2VLekrFdex0e2OP9SQ"}'
[Fri Dec 22 22:39:00 CST 2023] _postContentType='application/jose+json'
[Fri Dec 22 22:39:00 CST 2023] Http already initialized.
[Fri Dec 22 22:39:00 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.sx4jPje6e1  -g '
[Fri Dec 22 22:39:00 CST 2023] _ret='0'
[Fri Dec 22 22:39:00 CST 2023] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Date: Sat, 23 Dec 2023 04:39:00 GMT
Content-Type: application/problem+json
Content-Length: 144
Connection: keep-alive
Boulder-Requester: 1479829626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: I5zfHDkY2FTsyMDldmuhLCls--FpPD_aoNUAseUmKZhHJ6D2BCo
'
[Fri Dec 22 22:39:00 CST 2023] code='400'
[Fri Dec 22 22:39:00 CST 2023] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Fri Dec 22 22:39:00 CST 2023] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Fri Dec 22 22:39:01 CST 2023] socat doesn't exist.
[Fri Dec 22 22:39:01 CST 2023] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2g  1 Mar 2016 (Library: OpenSSL 1.0.2q  20 Nov 2018)
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
1 Like
6

Thanks!

In my case I am using it as a valid certificate has already been created using the --staging flag. If I don't use it, or delete the certificate files, I get a warning that the cert isn't nearing expiration yet and thus I have to use the --force option.

Just mentioning in case it is relavent.

2 Likes
7

I believe so, as a test, I placed test.txt in the physical path of /srv/http/.well-known/acme-challenge and https://walker.mynetgear.com/.well-known/acme-challenge/test.txt appears to load correctly. Now there is one weird caviat, I had to do 'systemctl restart httpd' to get the file to be served. Maybe this is my issue? If you look at my updated output two posts above this, it looks like the main issue is a 404 when trying to access the challenge file or what not. Another odd observation is when I use --staging, files are written to /srv/http/.well-known/acme-challenge, when I don't use the --staging option then the file doesn't appear to generate, or at least it's gone before I see it. Is this normal? Sorry for all the questions, linux and apache are obviously not my areas of expertise.

The domain name is used across various ports, but for 80 and 443 there shouldn't be anything else listening on this port at this domain.

8

You should not have to restart Apache just to change a file in its DocumentRoot

I can see the latest HTTP Challenge file in your Apache. I do not know why Let's Encrypt will fail to find it. It is also very strange that the LE Staging system worked but same command in production failed. I can confirm using censys.io that you got 2 LE Staging certs. I believed you but always nice to see for myself :slight_smile:

curl -i http://walker.mynetgear.com/.well-known/acme-challenge/ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY
HTTP/1.1 200 OK
Server: Apache/2.4.18 (Unix) OpenSSL/1.0.2q PHP/7.0.4
Last-Modified: Sat, 23 Dec 2023 04:38:54 GMT
ETag: "57-60d25e9003f07"
Accept-Ranges: bytes
Content-Length: 87

ge5zzAzMtjdRWVWFsOmituLlhRFtV7S-u38B1hlh6IY.BYa-DAHGGQAbRhG-ztat5jPSpHOAJ0vb5Q7WDcpWoAc

I was signing off for night. Not sure what to suggest. Fairly strange symptoms.

The restart needed to see your test file makes we wonder about the drive used by Apache. Is there anything odd about it - like some sort of network drive or portable drive that for some reason Apache doesn't see the files instantly?

2 Likes
9

Actually, I am not able to reproduce this behavior, so likely it was a fluke. Likely a 'me problem', typo, or what not. I created a few more files to test and all served just fine. Also, nothing weird about the drive as far as I know (although managing the hardware is my buddies job :smiley: ).

Actually x2, this is now resolved! I figured, what the heck, might as well try again and this time there were no issues. Likely an environmental gremlin that we will never figure out. For full disclosure we did have some weird issues with my buddies router stopping port forwarding until we deleted and recreated his port forwarding rules or what not. shrugs, just the way it goes sometimes.

Anyway, thank you very much for the assist.

3 Likes
10

Please show the full output of:
sudo apachectl -t -D DUMP_VHOSTS

1 Like
11

VirtualHost configuration:
*:443 walker.mynetgear.com (/etc/httpd/conf/extra/httpd-ssl.conf:121)

12

Is that the full output?

And let's have a look at that file:

1 Like
13

Yes, that is the full output. To be clear, this issue is now resolved, as I was able to successfully generate a new certificate against the production environment against the letsencrypt CA server. Just wanted to point out that y'all rock! super responsive! I'm going to provide the info requested, in case there is any wonkiness caused by my configs.

/etc/httpd/conf/extra/httpd-ssl.conf output (with commented out lines removed):

Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on 
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300
<VirtualHost _default_:443>
DocumentRoot "/srv/http"
ServerName walker.mynetgear.com:443
ServerAdmin you@example.com
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
SSLEngine on
SSLCertificateFile "/etc/ssl/private/walker.mynetgear.com.cer"
SSLCertificateKeyFile "/etc/ssl/private/walker.mynetgear.com.key"
SSLCertificateChainFile "/etc/ssl/private/fullchain.cer"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/http/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog "/var/log/httpd/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
2 Likes
14

ServerName is just the "name" part.
You can remove the ":443" - it has no effect.

5 Likes
15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.