I have 3 domain names which I created ssl certificates for in mid May and which are now eligible for renewal by early August. 2 of the domains are .id.au and the other is .com.au.
This last had no problems when created but the .com.au is now complaining that it can't find something in <domain_name>/.well-known/acme-challenge/
Both .id.au domains are shown as verified even though one of the two doesn't even have a .well-known/acme-challenge sub folder.
Is this a problem caused by the changes brought in in April?
What is the solution?
What other info is needed?
BTW, I'm using getssl-master to generate the certificates.
@howardlowndes thanks, you'd really need to provide a bit more detail on the error that your software is reporting. "complaining that it can't find " isn't quite detailed enough and we'd need a full error message.
Ideally knowing your domain would help because then we can check various things that would stop http domain validation working.
Double check that all your domains are pointing to the IP you expect them to, and test them out using https://letsdebug.net/
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
My domain is: howard.id.au (ok), lowndes.id.au (ok), alburymensshed.com.au (problem)
I ran this command: ./getssl-master/getssl
It produced this output: (attached below)
My web server is (include version): apache 2.4.61
The operating system my web server runs on is (include version): Raspberry Pios (Debian 12)
My hosting provider, if applicable, is: self
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, ssh
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): ./getssl-master/getssl 2.49
Output from getssl -d
tmp.txt (25.6 KB)
The tmp.txt file is all binary zeros. We need to see the output from the getssl cert request. Not the output of getssl -d
. We most need the error message explaining what failed.
I don't see anything obviously different among the three domain names. It is likely some difference in the Apache config and perhaps matching it to the getssl settings (like a mis-matched webroot path).
Without the error message there are too many possible errors to debug each one.
I don't know why you would be affected by April changes. Your first and only cert for each domain was issued in May
Might also be worth trying a different ACME client, like Certbot or acme.sh (the two most popular linux ones)
I actually use getssl on one of my personal servers. But point taken that It is easier to get specific advice on the more popular clients. And that is especially important if you do not have skills in this area.
@MikeMcQ sure, I'm a little uneasy about their recommended method of auto updating directly from github as root, but that's probably a different discussion and perhaps a matter of preference.
@webprofusion that auto update is not required and I don't do it that way. I don't know why it is even needed. I mean how hard is it to update a single script file. But yeah we're getting a bit off from this threads problem
I have now switched to acme.sh and have reordered the domain name so that the failing domain (alburymensshed.com.au) is now the primary domain as well as being the web root. Unfortunately that has made no difference.
I have trapped the debug output and will try to attach it here. It is very similar to the log file output. Is there any better output I can use?
For some reason I can't upload the file and there's a size limit on post length, so apologies for the cut and paste. I've truncated the file at the 3rd of 30 retries. Hopefully there's enough to work with
[Sat Aug 3 01:46:12 PM AEST 2024] _is_idn_d='alburymensshed.com.au'
[Sat Aug 3 01:46:12 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:12 PM AEST 2024] _is_idn_d='howard.id.au'
[Sat Aug 3 01:46:12 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:12 PM AEST 2024] _is_idn_d='lowndes.id.au'
[Sat Aug 3 01:46:12 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:12 PM AEST 2024] Let's find the script directory.
[Sat Aug 3 01:46:12 PM AEST 2024] _SCRIPT_='/home/howard/.acme.sh/acme.sh'
[Sat Aug 3 01:46:12 PM AEST 2024] _script='/home/howard/.acme.sh/acme.sh'
[Sat Aug 3 01:46:12 PM AEST 2024] _script_home='/home/howard/.acme.sh'
[Sat Aug 3 01:46:12 PM AEST 2024] Using config home: /home/howard/.acme.sh
[Sat Aug 3 01:46:12 PM AEST 2024] LE_WORKING_DIR='/home/howard/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Sat Aug 3 01:46:12 PM AEST 2024] Running cmd: issue
[Sat Aug 3 01:46:12 PM AEST 2024] _main_domain='alburymensshed.com.au'
[Sat Aug 3 01:46:12 PM AEST 2024] _alt_domains='howard.id.au,lowndes.id.au'
[Sat Aug 3 01:46:12 PM AEST 2024] Using config home: /home/howard/.acme.sh
[Sat Aug 3 01:46:12 PM AEST 2024] default_acme_server
[Sat Aug 3 01:46:12 PM AEST 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sat Aug 3 01:46:12 PM AEST 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Sat Aug 3 01:46:12 PM AEST 2024] _ACME_SERVER_PATH='v2/DV90'
[Sat Aug 3 01:46:12 PM AEST 2024] DOMAIN_PATH='/home/howard/.acme.sh/alburymensshed.com.au_ecc'
[Sat Aug 3 01:46:12 PM AEST 2024] 'alburymensshed.com.au' does not contain 'dns'
[Sat Aug 3 01:46:12 PM AEST 2024] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Sat Aug 3 01:46:12 PM AEST 2024] _init API for server: https://acme.zerossl.com/v2/DV90
[Sat Aug 3 01:46:12 PM AEST 2024] GET
[Sat Aug 3 01:46:13 PM AEST 2024] url='https://acme.zerossl.com/v2/DV90'
[Sat Aug 3 01:46:13 PM AEST 2024] timeout=
[Sat Aug 3 01:46:13 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.3cZwWz2UZT -g '
[Sat Aug 3 01:46:14 PM AEST 2024] ret='0'
[Sat Aug 3 01:46:14 PM AEST 2024] response='{
"newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
"newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
"newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
"revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
"keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
"meta": {
"termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf",
"website": "https://zerossl.com",
"caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
"externalAccountRequired": true
}
}'
[Sat Aug 3 01:46:14 PM AEST 2024] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Sat Aug 3 01:46:14 PM AEST 2024] ACME_NEW_AUTHZ
[Sat Aug 3 01:46:14 PM AEST 2024] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Sat Aug 3 01:46:14 PM AEST 2024] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Sat Aug 3 01:46:14 PM AEST 2024] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Sat Aug 3 01:46:14 PM AEST 2024] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf'
[Sat Aug 3 01:46:14 PM AEST 2024] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sat Aug 3 01:46:14 PM AEST 2024] Using CA: https://acme.zerossl.com/v2/DV90
[Sat Aug 3 01:46:14 PM AEST 2024] _on_before_issue
[Sat Aug 3 01:46:14 PM AEST 2024] _chk_main_domain='alburymensshed.com.au'
[Sat Aug 3 01:46:14 PM AEST 2024] _chk_alt_domains='howard.id.au,lowndes.id.au'
[Sat Aug 3 01:46:14 PM AEST 2024] 'alburymensshed.com.au' does not contain 'no'
[Sat Aug 3 01:46:14 PM AEST 2024] Le_LocalAddress
[Sat Aug 3 01:46:14 PM AEST 2024] d='alburymensshed.com.au'
[Sat Aug 3 01:46:14 PM AEST 2024] Checking for domain='alburymensshed.com.au'
[Sat Aug 3 01:46:15 PM AEST 2024] _currentRoot='alburymensshed.com.au'
[Sat Aug 3 01:46:15 PM AEST 2024] d='howard.id.au'
[Sat Aug 3 01:46:15 PM AEST 2024] Checking for domain='howard.id.au'
[Sat Aug 3 01:46:15 PM AEST 2024] _currentRoot='alburymensshed.com.au'
[Sat Aug 3 01:46:15 PM AEST 2024] d='lowndes.id.au'
[Sat Aug 3 01:46:15 PM AEST 2024] Checking for domain='lowndes.id.au'
[Sat Aug 3 01:46:15 PM AEST 2024] _currentRoot='alburymensshed.com.au'
[Sat Aug 3 01:46:15 PM AEST 2024] d
[Sat Aug 3 01:46:15 PM AEST 2024] 'alburymensshed.com.au' does not contain 'apache'
[Sat Aug 3 01:46:15 PM AEST 2024] _saved_account_key_hash='Jc5nVBL8dbfOhjHO8apOCQi+7rEzvvNzwJ/X7nUUxxE='
[Sat Aug 3 01:46:15 PM AEST 2024] _saved_account_key_hash was not changed, skipping account registration.
[Sat Aug 3 01:46:15 PM AEST 2024] Read key length: 2048
[Sat Aug 3 01:46:15 PM AEST 2024] Creating domain key
[Sat Aug 3 01:46:15 PM AEST 2024] Using config home: /home/howard/.acme.sh
[Sat Aug 3 01:46:15 PM AEST 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sat Aug 3 01:46:15 PM AEST 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Sat Aug 3 01:46:15 PM AEST 2024] _ACME_SERVER_PATH='v2/DV90'
[Sat Aug 3 01:46:15 PM AEST 2024] _createkey for file:/home/howard/.acme.sh/alburymensshed.com.au_ecc/alburymensshed.com.au.key
[Sat Aug 3 01:46:15 PM AEST 2024] Using length 256
[Sat Aug 3 01:46:15 PM AEST 2024] Using EC name: prime256v1
[Sat Aug 3 01:46:15 PM AEST 2024] The domain key is here: /home/howard/.acme.sh/alburymensshed.com.au_ecc/alburymensshed.com.au.key
[Sat Aug 3 01:46:15 PM AEST 2024] _createcsr
[Sat Aug 3 01:46:15 PM AEST 2024] domain='alburymensshed.com.au'
[Sat Aug 3 01:46:15 PM AEST 2024] domainlist='howard.id.au,lowndes.id.au'
[Sat Aug 3 01:46:15 PM AEST 2024] csrkey='/home/howard/.acme.sh/alburymensshed.com.au_ecc/alburymensshed.com.au.key'
[Sat Aug 3 01:46:15 PM AEST 2024] csr='/home/howard/.acme.sh/alburymensshed.com.au_ecc/alburymensshed.com.au.csr'
[Sat Aug 3 01:46:15 PM AEST 2024] csrconf='/home/howard/.acme.sh/alburymensshed.com.au_ecc/alburymensshed.com.au.csr.conf'
[Sat Aug 3 01:46:15 PM AEST 2024] _is_idn_d='howard.id.au,lowndes.id.au'
[Sat Aug 3 01:46:15 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:15 PM AEST 2024] domainlist='howard.id.au,lowndes.id.au'
[Sat Aug 3 01:46:15 PM AEST 2024] seg='alburymensshed'
[Sat Aug 3 01:46:15 PM AEST 2024] _is_idn_d='alburymensshed.com.au'
[Sat Aug 3 01:46:15 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:15 PM AEST 2024] seg='howard'
[Sat Aug 3 01:46:15 PM AEST 2024] seg='lowndes'
[Sat Aug 3 01:46:16 PM AEST 2024] Multi domain='DNS:alburymensshed.com.au,DNS:howard.id.au,DNS:lowndes.id.au'
[Sat Aug 3 01:46:16 PM AEST 2024] _is_idn_d='alburymensshed.com.au'
[Sat Aug 3 01:46:16 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:16 PM AEST 2024] _csr_cn='alburymensshed.com.au'
[Sat Aug 3 01:46:16 PM AEST 2024] seg='alburymensshed'
[Sat Aug 3 01:46:16 PM AEST 2024] Getting domain auth token for each domain
[Sat Aug 3 01:46:16 PM AEST 2024] seg='alburymensshed'
[Sat Aug 3 01:46:16 PM AEST 2024] _is_idn_d='alburymensshed.com.au'
[Sat Aug 3 01:46:16 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:16 PM AEST 2024] d='howard.id.au'
[Sat Aug 3 01:46:16 PM AEST 2024] seg='howard'
[Sat Aug 3 01:46:16 PM AEST 2024] _is_idn_d='howard.id.au'
[Sat Aug 3 01:46:16 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:16 PM AEST 2024] d='lowndes.id.au'
[Sat Aug 3 01:46:16 PM AEST 2024] seg='lowndes'
[Sat Aug 3 01:46:16 PM AEST 2024] _is_idn_d='lowndes.id.au'
[Sat Aug 3 01:46:16 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:16 PM AEST 2024] d
[Sat Aug 3 01:46:16 PM AEST 2024] _identifiers='{"type":"dns","value":"alburymensshed.com.au"},{"type":"dns","value":"howard.id.au"},{"type":"dns","value":"lowndes.id.au"}'
[Sat Aug 3 01:46:16 PM AEST 2024] _notBefore
[Sat Aug 3 01:46:16 PM AEST 2024] _notAfter
[Sat Aug 3 01:46:16 PM AEST 2024] STEP 1, Ordering a Certificate
[Sat Aug 3 01:46:16 PM AEST 2024] =======Sending Signed Request=======
[Sat Aug 3 01:46:16 PM AEST 2024] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sat Aug 3 01:46:16 PM AEST 2024] payload='{"identifiers": [{"type":"dns","value":"alburymensshed.com.au"},{"type":"dns","value":"howard.id.au"},{"type":"dns","value":"lowndes.id.au"}]}'
[Sat Aug 3 01:46:16 PM AEST 2024] EC key
[Sat Aug 3 01:46:17 PM AEST 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sat Aug 3 01:46:17 PM AEST 2024] HEAD
[Sat Aug 3 01:46:17 PM AEST 2024] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Sat Aug 3 01:46:17 PM AEST 2024] body
[Sat Aug 3 01:46:17 PM AEST 2024] _postContentType='application/jose+json'
[Sat Aug 3 01:46:17 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.gVXyuN0hqa -g -I '
[Sat Aug 3 01:46:18 PM AEST 2024] _ret='0'
[Sat Aug 3 01:46:18 PM AEST 2024] _headers='HTTP/2 200
server: nginx
date: Sat, 03 Aug 2024 03:46:18 GMT
content-type: application/octet-stream
replay-nonce: FS1d_w6m32jEy0wHVVjukbQ61OuhnSfvFIujTj5TYQU
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Aug 3 01:46:18 PM AEST 2024] _CACHED_NONCE='FS1d_w6m32jEy0wHVVjukbQ61OuhnSfvFIujTj5TYQU'
[Sat Aug 3 01:46:18 PM AEST 2024] nonce='FS1d_w6m32jEy0wHVVjukbQ61OuhnSfvFIujTj5TYQU'
[Sat Aug 3 01:46:18 PM AEST 2024] POST
[Sat Aug 3 01:46:18 PM AEST 2024] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sat Aug 3 01:46:18 PM AEST 2024] body='{"protected": "eyJub25jZSI6ICJGUzFkX3c2bTMyakV5MHdIVlZqdWtiUTYxT3VoblNmdkZJdWpUajVUWVFVIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9uZXdPcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS56ZXJvc3NsLmNvbS92Mi9EVjkwL2FjY291bnQvZnlDbG5NNTF5djk4blo2OWJaaEU5ZyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImFsYnVyeW1lbnNzaGVkLmNvbS5hdSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiaG93YXJkLmlkLmF1In0seyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJsb3duZGVzLmlkLmF1In1dfQ", "signature": "M_x71bxASNPQivpbUbA5hKBVFkiEe4pbv2ey4awFd7pkz6jQ_9Y4f-YWXVxANqyYmGGBslZ0g2Fx8rRWykkcPg"}'
[Sat Aug 3 01:46:18 PM AEST 2024] _postContentType='application/jose+json'
[Sat Aug 3 01:46:18 PM AEST 2024] Http already initialized.
[Sat Aug 3 01:46:18 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.gVXyuN0hqa -g '
[Sat Aug 3 01:46:19 PM AEST 2024] _ret='0'
[Sat Aug 3 01:46:19 PM AEST 2024] responseHeaders='HTTP/2 201
server: nginx
date: Sat, 03 Aug 2024 03:46:19 GMT
content-type: application/json
content-length: 488
replay-nonce: yRb0YyIpgAYp5Ylb8B118qr1ewbuwDrdNp3clIxjOTo
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
location: https://acme.zerossl.com/v2/DV90/order/WAywTCORfKg7deH7TqnTNA
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Aug 3 01:46:19 PM AEST 2024] code='201'
[Sat Aug 3 01:46:19 PM AEST 2024] original='{"status":"pending","expires":"2024-10-31T06:24:39Z","identifiers":[{"type":"dns","value":"howard.id.au"},{"type":"dns","value":"lowndes.id.au"},{"type":"dns","value":"alburymensshed.com.au"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA","https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A","https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ"],"finalize":"https://acme.zerossl.com/v2/DV90/order/WAywTCORfKg7deH7TqnTNA/finalize"}'
[Sat Aug 3 01:46:20 PM AEST 2024] response='{"status":"pending","expires":"2024-10-31T06:24:39Z","identifiers":[{"type":"dns","value":"howard.id.au"},{"type":"dns","value":"lowndes.id.au"},{"type":"dns","value":"alburymensshed.com.au"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA","https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A","https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ"],"finalize":"https://acme.zerossl.com/v2/DV90/order/WAywTCORfKg7deH7TqnTNA/finalize"}'
[Sat Aug 3 01:46:20 PM AEST 2024] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/WAywTCORfKg7deH7TqnTNA'
[Sat Aug 3 01:46:20 PM AEST 2024] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/WAywTCORfKg7deH7TqnTNA/finalize'
[Sat Aug 3 01:46:20 PM AEST 2024] _authorizations_seg='https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA,https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A,https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:20 PM AEST 2024] STEP 2, Get the authorizations of each domain
[Sat Aug 3 01:46:20 PM AEST 2024] _authz_url='https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA'
[Sat Aug 3 01:46:20 PM AEST 2024] =======Sending Signed Request=======
[Sat Aug 3 01:46:20 PM AEST 2024] url='https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA'
[Sat Aug 3 01:46:20 PM AEST 2024] payload
[Sat Aug 3 01:46:20 PM AEST 2024] Use cached jwk for file: /home/howard/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Aug 3 01:46:20 PM AEST 2024] Use _CACHED_NONCE='yRb0YyIpgAYp5Ylb8B118qr1ewbuwDrdNp3clIxjOTo'
[Sat Aug 3 01:46:20 PM AEST 2024] nonce='yRb0YyIpgAYp5Ylb8B118qr1ewbuwDrdNp3clIxjOTo'
[Sat Aug 3 01:46:20 PM AEST 2024] POST
[Sat Aug 3 01:46:20 PM AEST 2024] _post_url='https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA'
[Sat Aug 3 01:46:20 PM AEST 2024] body='{"protected": "eyJub25jZSI6ICJ5UmIwWXlJcGdBWXA1WWxiOEIxMThxcjFld2J1d0RyZE5wM2NsSXhqT1RvIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei8zemt2bk1XS0NsUE5nY2RYUW4zd3hBIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9meUNsbk01MXl2OThuWjY5YlpoRTlnIn0", "payload": "", "signature": "TDvyg7e7Xmz78ENNY7_kdIg152XkKTyy4ojnFJrB5amEzv1-4NAduNc7hV7uDxUiEHqDGUNRMW1u_aImUAaFUw"}'
[Sat Aug 3 01:46:20 PM AEST 2024] _postContentType='application/jose+json'
[Sat Aug 3 01:46:20 PM AEST 2024] Http already initialized.
[Sat Aug 3 01:46:20 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.gVXyuN0hqa -g '
[Sat Aug 3 01:46:21 PM AEST 2024] _ret='0'
[Sat Aug 3 01:46:21 PM AEST 2024] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 03 Aug 2024 03:46:21 GMT
content-type: application/json
content-length: 312
replay-nonce: QAgP2Xfw3_GGZtghff5PMow128BcmS6HZc71FWxNf5s
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Aug 3 01:46:21 PM AEST 2024] code='200'
[Sat Aug 3 01:46:21 PM AEST 2024] original='{"identifier":{"type":"dns","value":"howard.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/kgfwequKq2JtJRiBNHppDg","status":"valid","validated":"2024-08-02T06:24:48Z","token":"M-N2H-5lzK2qJuCY2TQrqQ5MTHDXSen30_cPsfSXGWA"}]}'
[Sat Aug 3 01:46:21 PM AEST 2024] response='{"identifier":{"type":"dns","value":"howard.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/kgfwequKq2JtJRiBNHppDg","status":"valid","validated":"2024-08-02T06:24:48Z","token":"M-N2H-5lzK2qJuCY2TQrqQ5MTHDXSen30_cPsfSXGWA"}]}'
[Sat Aug 3 01:46:21 PM AEST 2024] response='{"identifier":{"type":"dns","value":"howard.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/kgfwequKq2JtJRiBNHppDg","status":"valid","validated":"2024-08-02T06:24:48Z","token":"M-N2H-5lzK2qJuCY2TQrqQ5MTHDXSen30_cPsfSXGWA"}]}'
[Sat Aug 3 01:46:22 PM AEST 2024] _d='howard.id.au'
[Sat Aug 3 01:46:22 PM AEST 2024] _authz_url='https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A'
[Sat Aug 3 01:46:22 PM AEST 2024] =======Sending Signed Request=======
[Sat Aug 3 01:46:22 PM AEST 2024] url='https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A'
[Sat Aug 3 01:46:22 PM AEST 2024] payload
[Sat Aug 3 01:46:22 PM AEST 2024] Use cached jwk for file: /home/howard/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Aug 3 01:46:22 PM AEST 2024] Use _CACHED_NONCE='QAgP2Xfw3_GGZtghff5PMow128BcmS6HZc71FWxNf5s'
[Sat Aug 3 01:46:22 PM AEST 2024] nonce='QAgP2Xfw3_GGZtghff5PMow128BcmS6HZc71FWxNf5s'
[Sat Aug 3 01:46:22 PM AEST 2024] POST
[Sat Aug 3 01:46:22 PM AEST 2024] _post_url='https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A'
[Sat Aug 3 01:46:22 PM AEST 2024] body='{"protected": "eyJub25jZSI6ICJRQWdQMlhmdzNfR0dadGdoZmY1UE1vdzEyOEJjbVM2SFpjNzFGV3hOZjVzIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9vODFVSWZqdTJCNGpEc25pMmQzUThBIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9meUNsbk01MXl2OThuWjY5YlpoRTlnIn0", "payload": "", "signature": "XkOHs9uOSnCbyxGOiY9ycN2VC51MnbN75ZqmbRv0lp3hmnRDxcREsKQRpWUqx9mIKTnDFjdRtoF3zewN6fkW7A"}'
[Sat Aug 3 01:46:22 PM AEST 2024] _postContentType='application/jose+json'
[Sat Aug 3 01:46:22 PM AEST 2024] Http already initialized.
[Sat Aug 3 01:46:22 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.gVXyuN0hqa -g '
[Sat Aug 3 01:46:23 PM AEST 2024] _ret='0'
[Sat Aug 3 01:46:23 PM AEST 2024] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 03 Aug 2024 03:46:23 GMT
content-type: application/json
content-length: 313
replay-nonce: 3wpYECP6JLijFUUQi0gaiQrzAAzCXa6XmSg9xb9mh5U
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Aug 3 01:46:23 PM AEST 2024] code='200'
[Sat Aug 3 01:46:23 PM AEST 2024] original='{"identifier":{"type":"dns","value":"lowndes.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/-0GaEpUYZ7M9LO5u3f_Csw","status":"valid","validated":"2024-08-02T06:24:54Z","token":"4oZKMNA3e_0Vuo10XoztNuCofpPfu-QSo-ME54r2194"}]}'
[Sat Aug 3 01:46:23 PM AEST 2024] response='{"identifier":{"type":"dns","value":"lowndes.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/-0GaEpUYZ7M9LO5u3f_Csw","status":"valid","validated":"2024-08-02T06:24:54Z","token":"4oZKMNA3e_0Vuo10XoztNuCofpPfu-QSo-ME54r2194"}]}'
[Sat Aug 3 01:46:23 PM AEST 2024] response='{"identifier":{"type":"dns","value":"lowndes.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/-0GaEpUYZ7M9LO5u3f_Csw","status":"valid","validated":"2024-08-02T06:24:54Z","token":"4oZKMNA3e_0Vuo10XoztNuCofpPfu-QSo-ME54r2194"}]}'
[Sat Aug 3 01:46:23 PM AEST 2024] _d='lowndes.id.au'
[Sat Aug 3 01:46:23 PM AEST 2024] _authz_url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:23 PM AEST 2024] =======Sending Signed Request=======
[Sat Aug 3 01:46:23 PM AEST 2024] url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:23 PM AEST 2024] payload
[Sat Aug 3 01:46:23 PM AEST 2024] Use cached jwk for file: /home/howard/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Aug 3 01:46:24 PM AEST 2024] Use _CACHED_NONCE='3wpYECP6JLijFUUQi0gaiQrzAAzCXa6XmSg9xb9mh5U'
[Sat Aug 3 01:46:24 PM AEST 2024] nonce='3wpYECP6JLijFUUQi0gaiQrzAAzCXa6XmSg9xb9mh5U'
[Sat Aug 3 01:46:24 PM AEST 2024] POST
[Sat Aug 3 01:46:24 PM AEST 2024] _post_url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:24 PM AEST 2024] body='{"protected": "eyJub25jZSI6ICIzd3BZRUNQNkpMaWpGVVVRaTBnYWlRcnpBQXpDWGE2WG1TZzl4YjltaDVVIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9ETVhYSlRkWlk5NUVkMmQ3V3NTdHJRIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9meUNsbk01MXl2OThuWjY5YlpoRTlnIn0", "payload": "", "signature": "Ffl80p-PdVjHXiPNJ7Ptr6kpzHE8lp2UJdcO1W88KyGJpzTmK42Ux4n2YcTrYQ97QMI99HuCe3UkTtLebDXh5A"}'
[Sat Aug 3 01:46:24 PM AEST 2024] _postContentType='application/jose+json'
[Sat Aug 3 01:46:24 PM AEST 2024] Http already initialized.
[Sat Aug 3 01:46:24 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.gVXyuN0hqa -g '
[Sat Aug 3 01:46:25 PM AEST 2024] _ret='0'
[Sat Aug 3 01:46:25 PM AEST 2024] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 03 Aug 2024 03:46:25 GMT
content-type: application/json
content-length: 454
replay-nonce: _AHuSi6aGDbPl63eef3pV55O0Nk9lIYPnY7BHBIthtM
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Aug 3 01:46:25 PM AEST 2024] code='200'
[Sat Aug 3 01:46:25 PM AEST 2024] original='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:25 PM AEST 2024] response='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:25 PM AEST 2024] response='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:25 PM AEST 2024] _d='alburymensshed.com.au'
[Sat Aug 3 01:46:25 PM AEST 2024] _authorizations_map='alburymensshed.com.au,{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}#https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ
lowndes.id.au,{"identifier":{"type":"dns","value":"lowndes.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/-0GaEpUYZ7M9LO5u3f_Csw","status":"valid","validated":"2024-08-02T06:24:54Z","token":"4oZKMNA3e_0Vuo10XoztNuCofpPfu-QSo-ME54r2194"}]}#https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A
howard.id.au,{"identifier":{"type":"dns","value":"howard.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/kgfwequKq2JtJRiBNHppDg","status":"valid","validated":"2024-08-02T06:24:48Z","token":"M-N2H-5lzK2qJuCY2TQrqQ5MTHDXSen30_cPsfSXGWA"}]}#https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA
'
[Sat Aug 3 01:46:25 PM AEST 2024] d='alburymensshed.com.au'
[Sat Aug 3 01:46:25 PM AEST 2024] Getting webroot for domain='alburymensshed.com.au'
[Sat Aug 3 01:46:25 PM AEST 2024] _w='alburymensshed.com.au'
[Sat Aug 3 01:46:25 PM AEST 2024] _currentRoot='alburymensshed.com.au'
[Sat Aug 3 01:46:25 PM AEST 2024] _is_idn_d='alburymensshed.com.au'
[Sat Aug 3 01:46:25 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:25 PM AEST 2024] _candidates='alburymensshed.com.au,{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}#https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:26 PM AEST 2024] response='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}#https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:26 PM AEST 2024] _authz_url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:26 PM AEST 2024] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"'
[Sat Aug 3 01:46:26 PM AEST 2024] token='tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw'
[Sat Aug 3 01:46:26 PM AEST 2024] uri='https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA'
[Sat Aug 3 01:46:26 PM AEST 2024] keyauthorization='tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw.5t9DnGUvCRXWykBh31xPisY0Ha1SYNjCMKHNiLRwXFo'
[Sat Aug 3 01:46:26 PM AEST 2024] dvlist='alburymensshed.com.au#tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw.5t9DnGUvCRXWykBh31xPisY0Ha1SYNjCMKHNiLRwXFo#https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA#http-01#alburymensshed.com.au#https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:26 PM AEST 2024] d='howard.id.au'
[Sat Aug 3 01:46:26 PM AEST 2024] Getting webroot for domain='howard.id.au'
[Sat Aug 3 01:46:26 PM AEST 2024] _w='alburymensshed.com.au'
[Sat Aug 3 01:46:26 PM AEST 2024] _currentRoot='alburymensshed.com.au'
[Sat Aug 3 01:46:26 PM AEST 2024] _is_idn_d='howard.id.au'
[Sat Aug 3 01:46:26 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:26 PM AEST 2024] _candidates='howard.id.au,{"identifier":{"type":"dns","value":"howard.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/kgfwequKq2JtJRiBNHppDg","status":"valid","validated":"2024-08-02T06:24:48Z","token":"M-N2H-5lzK2qJuCY2TQrqQ5MTHDXSen30_cPsfSXGWA"}]}#https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA'
[Sat Aug 3 01:46:26 PM AEST 2024] response='{"identifier":{"type":"dns","value":"howard.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/kgfwequKq2JtJRiBNHppDg","status":"valid","validated":"2024-08-02T06:24:48Z","token":"M-N2H-5lzK2qJuCY2TQrqQ5MTHDXSen30_cPsfSXGWA"}]}#https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA'
[Sat Aug 3 01:46:26 PM AEST 2024] _authz_url='https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA'
[Sat Aug 3 01:46:26 PM AEST 2024] howard.id.au is already valid.
[Sat Aug 3 01:46:26 PM AEST 2024] keyauthorization='verified_ok'
[Sat Aug 3 01:46:26 PM AEST 2024] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/kgfwequKq2JtJRiBNHppDg","status":"valid","validated":"2024-08-02T06:24:48Z","token":"M-N2H-5lzK2qJuCY2TQrqQ5MTHDXSen30_cPsfSXGWA"'
[Sat Aug 3 01:46:26 PM AEST 2024] dvlist='howard.id.au#verified_ok#https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA#http-01#alburymensshed.com.au#https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA'
[Sat Aug 3 01:46:26 PM AEST 2024] d='lowndes.id.au'
[Sat Aug 3 01:46:26 PM AEST 2024] Getting webroot for domain='lowndes.id.au'
[Sat Aug 3 01:46:26 PM AEST 2024] _w='alburymensshed.com.au'
[Sat Aug 3 01:46:26 PM AEST 2024] _currentRoot='alburymensshed.com.au'
[Sat Aug 3 01:46:26 PM AEST 2024] _is_idn_d='lowndes.id.au'
[Sat Aug 3 01:46:26 PM AEST 2024] _idn_temp
[Sat Aug 3 01:46:26 PM AEST 2024] _candidates='lowndes.id.au,{"identifier":{"type":"dns","value":"lowndes.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/-0GaEpUYZ7M9LO5u3f_Csw","status":"valid","validated":"2024-08-02T06:24:54Z","token":"4oZKMNA3e_0Vuo10XoztNuCofpPfu-QSo-ME54r2194"}]}#https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A'
[Sat Aug 3 01:46:26 PM AEST 2024] response='{"identifier":{"type":"dns","value":"lowndes.id.au"},"status":"valid","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/-0GaEpUYZ7M9LO5u3f_Csw","status":"valid","validated":"2024-08-02T06:24:54Z","token":"4oZKMNA3e_0Vuo10XoztNuCofpPfu-QSo-ME54r2194"}]}#https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A'
[Sat Aug 3 01:46:26 PM AEST 2024] _authz_url='https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A'
[Sat Aug 3 01:46:26 PM AEST 2024] lowndes.id.au is already valid.
[Sat Aug 3 01:46:26 PM AEST 2024] keyauthorization='verified_ok'
[Sat Aug 3 01:46:26 PM AEST 2024] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/-0GaEpUYZ7M9LO5u3f_Csw","status":"valid","validated":"2024-08-02T06:24:54Z","token":"4oZKMNA3e_0Vuo10XoztNuCofpPfu-QSo-ME54r2194"'
[Sat Aug 3 01:46:26 PM AEST 2024] dvlist='lowndes.id.au#verified_ok#https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA#http-01#alburymensshed.com.au#https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A'
[Sat Aug 3 01:46:26 PM AEST 2024] d
[Sat Aug 3 01:46:26 PM AEST 2024] vlist='alburymensshed.com.au#tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw.5t9DnGUvCRXWykBh31xPisY0Ha1SYNjCMKHNiLRwXFo#https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA#http-01#alburymensshed.com.au#https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ,howard.id.au#verified_ok#https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA#http-01#alburymensshed.com.au#https://acme.zerossl.com/v2/DV90/authz/3zkvnMWKClPNgcdXQn3wxA,lowndes.id.au#verified_ok#https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA#http-01#alburymensshed.com.au#https://acme.zerossl.com/v2/DV90/authz/o81UIfju2B4jDsni2d3Q8A,'
[Sat Aug 3 01:46:26 PM AEST 2024] d='alburymensshed.com.au'
[Sat Aug 3 01:46:27 PM AEST 2024] d='howard.id.au'
[Sat Aug 3 01:46:27 PM AEST 2024] howard.id.au has already been verified, skipping http-01.
[Sat Aug 3 01:46:27 PM AEST 2024] d='lowndes.id.au'
[Sat Aug 3 01:46:27 PM AEST 2024] lowndes.id.au has already been verified, skipping http-01.
[Sat Aug 3 01:46:27 PM AEST 2024] OK, let's start verification
[Sat Aug 3 01:46:27 PM AEST 2024] Verifying: alburymensshed.com.au
[Sat Aug 3 01:46:27 PM AEST 2024] d='alburymensshed.com.au'
[Sat Aug 3 01:46:27 PM AEST 2024] keyauthorization='tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw.5t9DnGUvCRXWykBh31xPisY0Ha1SYNjCMKHNiLRwXFo'
[Sat Aug 3 01:46:27 PM AEST 2024] uri='https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA'
[Sat Aug 3 01:46:27 PM AEST 2024] _authz_url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:27 PM AEST 2024] _currentRoot='alburymensshed.com.au'
[Sat Aug 3 01:46:27 PM AEST 2024] wellknown_path='alburymensshed.com.au/.well-known/acme-challenge'
[Sat Aug 3 01:46:27 PM AEST 2024] Writing token: tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw to alburymensshed.com.au/.well-known/acme-challenge/tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw
[Sat Aug 3 01:46:27 PM AEST 2024] Trigger domain validation.
[Sat Aug 3 01:46:27 PM AEST 2024] _t_url='https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA'
[Sat Aug 3 01:46:27 PM AEST 2024] _t_key_authz='tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw.5t9DnGUvCRXWykBh31xPisY0Ha1SYNjCMKHNiLRwXFo'
[Sat Aug 3 01:46:27 PM AEST 2024] _t_vtype='http-01'
[Sat Aug 3 01:46:27 PM AEST 2024] =======Sending Signed Request=======
[Sat Aug 3 01:46:27 PM AEST 2024] url='https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA'
[Sat Aug 3 01:46:27 PM AEST 2024] payload='{}'
[Sat Aug 3 01:46:27 PM AEST 2024] Use cached jwk for file: /home/howard/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Aug 3 01:46:27 PM AEST 2024] Use _CACHED_NONCE='_AHuSi6aGDbPl63eef3pV55O0Nk9lIYPnY7BHBIthtM'
[Sat Aug 3 01:46:27 PM AEST 2024] nonce='_AHuSi6aGDbPl63eef3pV55O0Nk9lIYPnY7BHBIthtM'
[Sat Aug 3 01:46:27 PM AEST 2024] POST
[Sat Aug 3 01:46:27 PM AEST 2024] _post_url='https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA'
[Sat Aug 3 01:46:27 PM AEST 2024] body='{"protected": "eyJub25jZSI6ICJfQUh1U2k2YUdEYlBsNjNlZWYzcFY1NU8wTms5bElZUG5ZN0JIQkl0aHRNIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9jaGFsbC9nZEtIcXljcldNYmZxU1pKeEdNblBBIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9meUNsbk01MXl2OThuWjY5YlpoRTlnIn0", "payload": "e30", "signature": "0x8pXupQ7dJrs2e9-Alir1_-L2ntZPLG7KFEzsDE47VzwD0t2QvxkV0AJNMg9kclY0L1kbLVuvfz2no35BmM5Q"}'
[Sat Aug 3 01:46:27 PM AEST 2024] _postContentType='application/jose+json'
[Sat Aug 3 01:46:27 PM AEST 2024] Http already initialized.
[Sat Aug 3 01:46:27 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.gVXyuN0hqa -g '
[Sat Aug 3 01:46:28 PM AEST 2024] _ret='0'
[Sat Aug 3 01:46:28 PM AEST 2024] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 03 Aug 2024 03:46:28 GMT
content-type: application/json
content-length: 164
replay-nonce: _vCih9RiMQ-22e_haoK7TvHihzJ_LMbhbkgS1lB5qrs
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ>;rel="up"
retry-after: 60
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Aug 3 01:46:28 PM AEST 2024] code='200'
[Sat Aug 3 01:46:28 PM AEST 2024] original='{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"}'
[Sat Aug 3 01:46:28 PM AEST 2024] response='{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"}'
[Sat Aug 3 01:46:29 PM AEST 2024] Trigger validation code: 200
[Sat Aug 3 01:46:29 PM AEST 2024] Let's check the authz status
[Sat Aug 3 01:46:29 PM AEST 2024] original='{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"}'
[Sat Aug 3 01:46:29 PM AEST 2024] response='{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"}'
[Sat Aug 3 01:46:29 PM AEST 2024] status='processing'
[Sat Aug 3 01:46:29 PM AEST 2024] Processing. The CA is processing your order, please wait. (1/30)
[Sat Aug 3 01:46:29 PM AEST 2024] Sleep 2 seconds before verifying again
[Sat Aug 3 01:46:31 PM AEST 2024] Checking
[Sat Aug 3 01:46:31 PM AEST 2024] =======Sending Signed Request=======
[Sat Aug 3 01:46:31 PM AEST 2024] url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:31 PM AEST 2024] payload
[Sat Aug 3 01:46:31 PM AEST 2024] Use cached jwk for file: /home/howard/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Aug 3 01:46:31 PM AEST 2024] Use _CACHED_NONCE='_vCih9RiMQ-22e_haoK7TvHihzJ_LMbhbkgS1lB5qrs'
[Sat Aug 3 01:46:31 PM AEST 2024] nonce='_vCih9RiMQ-22e_haoK7TvHihzJ_LMbhbkgS1lB5qrs'
[Sat Aug 3 01:46:31 PM AEST 2024] POST
[Sat Aug 3 01:46:31 PM AEST 2024] _post_url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:31 PM AEST 2024] body='{"protected": "eyJub25jZSI6ICJfdkNpaDlSaU1RLTIyZV9oYW9LN1R2SGloekpfTE1iaGJrZ1MxbEI1cXJzIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9ETVhYSlRkWlk5NUVkMmQ3V3NTdHJRIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9meUNsbk01MXl2OThuWjY5YlpoRTlnIn0", "payload": "", "signature": "rBKBetGlei7AzK_30-Gubv_hQW6upIpdV98uhjqRd3YyGPFUMq1SuCyyR9anJW8DEtPE552MMmbwDcQISYvjkg"}'
[Sat Aug 3 01:46:31 PM AEST 2024] _postContentType='application/jose+json'
[Sat Aug 3 01:46:31 PM AEST 2024] Http already initialized.
[Sat Aug 3 01:46:31 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.gVXyuN0hqa -g '
[Sat Aug 3 01:46:33 PM AEST 2024] _ret='0'
[Sat Aug 3 01:46:33 PM AEST 2024] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 03 Aug 2024 03:46:32 GMT
content-type: application/json
content-length: 454
replay-nonce: i5D9WTU1Q75re68XUNLbN78u5AQ5wznBw7GPK_eemVs
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Aug 3 01:46:33 PM AEST 2024] code='200'
[Sat Aug 3 01:46:33 PM AEST 2024] original='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:33 PM AEST 2024] response='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:33 PM AEST 2024] original='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:33 PM AEST 2024] response='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:33 PM AEST 2024] status='pending
processing
pending'
[Sat Aug 3 01:46:33 PM AEST 2024] Pending. The CA is processing your order, please wait. (2/30)
[Sat Aug 3 01:46:33 PM AEST 2024] Sleep 2 seconds before verifying again
[Sat Aug 3 01:46:35 PM AEST 2024] Checking
[Sat Aug 3 01:46:35 PM AEST 2024] =======Sending Signed Request=======
[Sat Aug 3 01:46:35 PM AEST 2024] url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:35 PM AEST 2024] payload
[Sat Aug 3 01:46:35 PM AEST 2024] Use cached jwk for file: /home/howard/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Aug 3 01:46:35 PM AEST 2024] Use _CACHED_NONCE='i5D9WTU1Q75re68XUNLbN78u5AQ5wznBw7GPK_eemVs'
[Sat Aug 3 01:46:35 PM AEST 2024] nonce='i5D9WTU1Q75re68XUNLbN78u5AQ5wznBw7GPK_eemVs'
[Sat Aug 3 01:46:35 PM AEST 2024] POST
[Sat Aug 3 01:46:35 PM AEST 2024] _post_url='https://acme.zerossl.com/v2/DV90/authz/DMXXJTdZY95Ed2d7WsStrQ'
[Sat Aug 3 01:46:35 PM AEST 2024] body='{"protected": "eyJub25jZSI6ICJpNUQ5V1RVMVE3NXJlNjhYVU5MYk43OHU1QVE1d3puQnc3R1BLX2VlbVZzIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9ETVhYSlRkWlk5NUVkMmQ3V3NTdHJRIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9meUNsbk01MXl2OThuWjY5YlpoRTlnIn0", "payload": "", "signature": "XDZJ8ZOb-24WyGW6MXI4s2h_ly9hczHyiRPqJzcjFk7_EhG3CxKM-vh4Nyq9BnwGPO2UsRc45tWBMV5zJW7qeA"}'
[Sat Aug 3 01:46:35 PM AEST 2024] _postContentType='application/jose+json'
[Sat Aug 3 01:46:35 PM AEST 2024] Http already initialized.
[Sat Aug 3 01:46:35 PM AEST 2024] _CURL='curl --silent --dump-header /home/howard/.acme.sh/http.header -L --trace-ascii /tmp/tmp.gVXyuN0hqa -g '
[Sat Aug 3 01:46:37 PM AEST 2024] _ret='0'
[Sat Aug 3 01:46:37 PM AEST 2024] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 03 Aug 2024 03:46:36 GMT
content-type: application/json
content-length: 454
replay-nonce: cD9hsvnKl-_R-RWjev0_FRhsqnn58Uobin-ys22U9yE
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Aug 3 01:46:37 PM AEST 2024] code='200'
[Sat Aug 3 01:46:37 PM AEST 2024] original='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:37 PM AEST 2024] response='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:37 PM AEST 2024] original='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:37 PM AEST 2024] response='{"identifier":{"type":"dns","value":"alburymensshed.com.au"},"status":"pending","expires":"2024-09-01T06:24:39Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/gdKHqycrWMbfqSZJxGMnPA","status":"processing","token":"tRiyqbMfR7StCiNQgMDvK_tS7HUxJhfJ7iGncPHQCfw"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/G39EJKhF7vwuQb1K9aElyw","status":"pending","token":"m8gdW1T69he-dQYCp1C1MjzDnbHTahsP-X8JzUjTD7Y"}]}'
[Sat Aug 3 01:46:37 PM AEST 2024] status='pending
processing
pending'
[Sat Aug 3 01:46:37 PM AEST 2024] Pending. The CA is processing your order, please wait. (3/30)
ZeroSSL (who are not related to Let's Encrypt) are currently very slow, if they are too slow most ACME clients give up.
To use Let's Encrypt with acme.sh specify --server letsencrypt
on the command line.
See here too
I don't believe it is a delay problem with ZeroSSL as I got a similar response with acme.sh when I specified LetsEncrypt as the server.
I'm coming around to the idea that it's a permissions problem, but I can't see where as I have the permissions set very wide. I just wish I could see in the log where the server is trying to write to .well-known/acme-challenge
Well, getssl and acme.sh are just single script files. Can't you just add a couple lines of code to display what you need and wait or sleep to continue?
Certbot has a --debug-challenges -v
set of options to do just that. Maybe acme.sh does too (I didn't look). I am nearly cetain getssl does not have such a feature
I've resorted to tcpdump to see what is going on and I see the LE server doing a GET into .well-known/acme-challenge looking for a specific file, which is no there, in fact .wk/ac is empty hence my end is returning a 404, even when I run --renew.
I'm thinking I need to do some sort of reset in order to get the LE server to POST into the .wk/ac folder. Would an --issue achieve that? Or do I need to be more brutal - if so, what is needed?
No, Let's Encrypt servers will not make an HTTP POST to your server. Your ACME client is responsible for placing the challenge data in the correct location. If it is not being found, you need to seek support for your ACME client.
You got two certs for your alburymensshed
domain on Aug2 from ZeroSSL. Although, your Apache is still using the Let's Encrypt cert due to expire in 4 days that has all 3 of your domain names
A 404 error is almost always that the webroot path given to your ACME client (right now acme.sh) is not the same as the Apache DocumentRoot for that domain and HTTP Challenge path.
Sorting these out starts at evaluating your Apache config. What does this show
sudo apache2ctl -t -D DUMP_VHOSTS
You may need to use apachectl
or httpd
instead of apache2ctl
but the other options are the same
It might help if we can explain what's supposed to happen, it's relatively simple and doesn't usually need a lot of technical analysis.:
- You ask for a cert for
www.example.com
. Let's Encrypt (or your chosen CA) asks you to prove you control that domain either using HTTP or DNS domain validation. - For HTTP domain validation they tell your ACME software that they will expect to see a certain file under
http://www.example.com/.well-known/acme-challenge/<unique file name>
and that it will have a certain value. - Normally what happens here is the file is created (by your ACME client software) in your website file system so that the /.well-known/acme-challenge/ request will work. There are other ways to serve that response but getting your webserver (which is already serving content) to do it is typically easiest. This seems to be the part that's going wrong.
- The ACME client then tells Let's Encrypt etc that you are ready to serve that challenge response, then Let's Encrypt check it from multiple servers across the world and if they all find it then validation passes and you can move on to getting your certificate.
Typically things that can cause http validation to go wrong include:
- your acme client is not writing the challenge response file where it needs to be for your webserver to serve it (or it can't).
- your webserver content management system is intercepting the request and returning it's own response (e.g. a nice 404) instead of letting the request pass through to the filesystem. This is common and you need to change your config to allow that request to pass through.
- your domain doesn't point to the same server or requests are not being passed through to the correct server.
So Let's Encrypt is looking for /.well-known/acme-challenge/<unique file name>
on your web server, using http on TCP port 80, and if it's not there you don't get your cert. Hard to tell if that's your problem without a full log.
I've finally resolved this problem and generated new certificates. Here is the solution:
I was using --webroot /var/www/. I changed that to --standalone but that didn't work, so I then tried --apache. At first that didn't work either because it wouldn't bind to Port 80.
I had been running as a user so far so I then switched to root with sudo -sE and it all worked. ACME suggest that it should be run as root anyway.
I now have to get everything pointing in the right direction and think about what cron statement I need to use.