Can't renew certificate. acme.sh

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ender.optimusenterprises.com
I ran this command:
acme.sh --issue --dns easy_dns -d ender.optimusenterprises.com --renew-hook "cat /root/.acme.sh/ender.optimusenterprises.com/fullchain.cer /root/.acme.sh/ender.optimusenterprises.com/ender.optimusenterprises.com.key >/etc/ssl/snakeoil.pem && systemctl reload haproxy"
It produced this output:
uploaded
acme.sh.txt (271.4 KB)

My web server is (include version):
Version 1.9.2
The operating system my web server runs on is (include version):
Linux ender 6.1.21-v7l+ #1642 SMP Mon Apr 3 17:22:30 BST 2023 armv7l GNU/Linux
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

Hi @antipop001, and welcome to the LE community forum :slight_smile:

Neither acme.sh nor ZeroSSL are maintained, nor supported, by this channel:
[Wed 21 Jun 10:24:01 CDT 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'

You might try switching acme.sh to use LetsEncrypt
OR
Try the ZeroSSL support channel.

2 Likes
3

How do I switch acme.sh to use LetsEncrypt?

4

Try this first:
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt

Then --issue the cert(s).

3 Likes
5

Ok new issues. I will start searching but if you can help....
acme.sh.log.txt (313.3 KB)

6

hmm...
It seems to be using HTTP-01 authentication:
[Thu 31 Aug 11:08:01 CDT 2023] ender.optimusenterprises.com:Verify error:152.117.67.37: Invalid response from http://ender.optimusenterprises.com/.well-known/acme-challenge/mcM0gEzLfKWXXHaYPsARtmksmV8fjWtMIK3UUcGXaZU: 404

Was that switch intentional?
Before you were using:

3 Likes
7

Doesn't haproxy have its' own method of obtaining certs?
[I'm not too familiar with it]

In any case, if you can find the web root path for that vhost, you should be able to use that instead.

3 Likes
8

It is now clear to me from the logs that you did NOT intend on using HTTP-01 authentication:

[Thu 31 Aug 10:54:13 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 10:54:15 CDT 2023] d
[Thu 31 Aug 10:54:16 CDT 2023] _w='easy_dns'
[Thu 31 Aug 10:54:16 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 10:54:16 CDT 2023] dvlist='ender.optimusenterprises.com#g08w3gcRYIRXm1Y1YM11-uqyhZfzf9cL1rKJEwXj-Eo.2VKKXtQckoWGaM5KvTw-2exoQLPQGRGtB-jpRnJV1Nk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/260111654896/aIkoVg#http-01#easy_dns#https://acme-v02.api.letsencrypt.org/acme/authz-v3/260111654896'
[Thu 31 Aug 10:54:16 CDT 2023] d
[Thu 31 Aug 10:54:16 CDT 2023] vlist='ender.optimusenterprises.com#g08w3gcRYIRXm1Y1YM11-uqyhZfzf9cL1rKJEwXj-Eo.2VKKXtQckoWGaM5KvTw-2exoQLPQGRGtB-jpRnJV1Nk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/260111654896/aIkoVg#http-01#easy_dns#https://acme-v02.api.letsencrypt.org/acme/authz-v3/260111654896,'
[Thu 31 Aug 10:54:16 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 10:54:16 CDT 2023] wellknown_path='easy_dns/.well-known/acme-challenge'
[Thu 31 Aug 10:54:16 CDT 2023] writing token:g08w3gcRYIRXm1Y1YM11-uqyhZfzf9cL1rKJEwXj-Eo to easy_dns/.well-known/acme-challenge/g08w3gcRYIRXm1Y1YM11-uqyhZfzf9cL1rKJEwXj-Eo
[Thu 31 Aug 10:55:14 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 10:55:14 CDT 2023] d
[Thu 31 Aug 10:55:16 CDT 2023] _w='easy_dns'
[Thu 31 Aug 10:55:16 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 10:55:16 CDT 2023] dvlist='ender.optimusenterprises.com#J0UIzpLbC4wDIr8O85HW7t1D1OtSwuefhhKxdB5IzKI.2VKKXtQckoWGaM5KvTw-2exoQLPQGRGtB-jpRnJV1Nk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/260111871026/BZU2Kg#http-01#easy_dns#https://acme-v02.api.letsencrypt.org/acme/authz-v3/260111871026'
[Thu 31 Aug 10:55:16 CDT 2023] d
[Thu 31 Aug 10:55:16 CDT 2023] vlist='ender.optimusenterprises.com#J0UIzpLbC4wDIr8O85HW7t1D1OtSwuefhhKxdB5IzKI.2VKKXtQckoWGaM5KvTw-2exoQLPQGRGtB-jpRnJV1Nk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/260111871026/BZU2Kg#http-01#easy_dns#https://acme-v02.api.letsencrypt.org/acme/authz-v3/260111871026,'
[Thu 31 Aug 10:55:16 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 10:55:16 CDT 2023] wellknown_path='easy_dns/.well-known/acme-challenge'
[Thu 31 Aug 10:55:16 CDT 2023] writing token:J0UIzpLbC4wDIr8O85HW7t1D1OtSwuefhhKxdB5IzKI to easy_dns/.well-known/acme-challenge/J0UIzpLbC4wDIr8O85HW7t1D1OtSwuefhhKxdB5IzKI
[Thu 31 Aug 11:07:22 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 11:07:22 CDT 2023] d
[Thu 31 Aug 11:07:24 CDT 2023] _w='easy_dns'
[Thu 31 Aug 11:07:24 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 11:07:25 CDT 2023] dvlist='ender.optimusenterprises.com#HbBth24jJWJV30s37LdRRwRP9LC4ptnBhWXAd8Wt-rc.2VKKXtQckoWGaM5KvTw-2exoQLPQGRGtB-jpRnJV1Nk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/260114764956/ZRcBog#http-01#easy_dns#https://acme-v02.api.letsencrypt.org/acme/authz-v3/260114764956'
[Thu 31 Aug 11:07:25 CDT 2023] d
[Thu 31 Aug 11:07:25 CDT 2023] vlist='ender.optimusenterprises.com#HbBth24jJWJV30s37LdRRwRP9LC4ptnBhWXAd8Wt-rc.2VKKXtQckoWGaM5KvTw-2exoQLPQGRGtB-jpRnJV1Nk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/260114764956/ZRcBog#http-01#easy_dns#https://acme-v02.api.letsencrypt.org/acme/authz-v3/260114764956,'
[Thu 31 Aug 11:07:25 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 11:07:25 CDT 2023] wellknown_path='easy_dns/.well-known/acme-challenge'
[Thu 31 Aug 11:07:25 CDT 2023] writing token:HbBth24jJWJV30s37LdRRwRP9LC4ptnBhWXAd8Wt-rc to easy_dns/.well-known/acme-challenge/HbBth24jJWJV30s37LdRRwRP9LC4ptnBhWXAd8Wt-rc
[Thu 31 Aug 11:07:50 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 11:07:50 CDT 2023] d
[Thu 31 Aug 11:07:52 CDT 2023] _w='easy_dns'
[Thu 31 Aug 11:07:52 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 11:07:52 CDT 2023] dvlist='ender.optimusenterprises.com#mcM0gEzLfKWXXHaYPsARtmksmV8fjWtMIK3UUcGXaZU.2VKKXtQckoWGaM5KvTw-2exoQLPQGRGtB-jpRnJV1Nk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/260114873386/XSAY7g#http-01#easy_dns#https://acme-v02.api.letsencrypt.org/acme/authz-v3/260114873386'
[Thu 31 Aug 11:07:52 CDT 2023] d
[Thu 31 Aug 11:07:52 CDT 2023] vlist='ender.optimusenterprises.com#mcM0gEzLfKWXXHaYPsARtmksmV8fjWtMIK3UUcGXaZU.2VKKXtQckoWGaM5KvTw-2exoQLPQGRGtB-jpRnJV1Nk#https://acme-v02.api.letsencrypt.org/acme/chall-v3/260114873386/XSAY7g#http-01#easy_dns#https://acme-v02.api.letsencrypt.org/acme/authz-v3/260114873386,'
[Thu 31 Aug 11:07:53 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 11:07:53 CDT 2023] wellknown_path='easy_dns/.well-known/acme-challenge'
[Thu 31 Aug 11:07:53 CDT 2023] writing token:mcM0gEzLfKWXXHaYPsARtmksmV8fjWtMIK3UUcGXaZU to easy_dns/.well-known/acme-challenge/mcM0gEzLfKWXXHaYPsARtmksmV8fjWtMIK3UUcGXaZU

Aparantly, something in the command has not been processed as expected:

[Thu 31 Aug 10:54:13 CDT 2023] _currentRoot='easy_dns'
[Thu 31 Aug 10:54:15 CDT 2023] d
[Thu 31 Aug 10:54:16 CDT 2023] wellknown_path='easy_dns/.well-known/acme-challenge'
3 Likes