Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: *.c3.unam.mx
I ran this command: ./acme.sh/acme.sh --renew -d *.c3.unam.mx --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
It produced this output: [Mon Jan 6 16:17:05 CST 2020] Renew: â.c3.unam.mxâ
[Mon Jan 6 16:17:06 CST 2020] Single domain=â.c3.unam.mxâ
[Mon Jan 6 16:17:06 CST 2020] Getting domain auth token for each domain
[Mon Jan 6 16:17:06 CST 2020] Verifying: *.c3.unam.mx
[Mon Jan 6 16:22:05 CST 2020] *.c3.unam.mx:Challenge error: {
âtypeâ: âurn:ietf:params:acme:error:malformedâ,
âdetailâ: âExpired authorizationâ,
âstatusâ: 404
}
[Mon Jan 6 16:22:05 CST 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Mon Jan 6 16:22:05 CST 2020] The dns manual mode can not renew automatically, you must issue it again manually. Youâd better use the other modes instead.
My web server is (include version): mainly apache 2.0
The operating system my web server runs on is (include version): centos 7
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donât know): yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): NO
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot):
Some two weeks ago I ran the command to renew my wildcard cert but it was until today when I could get the txt records into the DNS, then the renew command failed with the message âexpired authorizationâ. Also itâs worth to notice that my cert expired yesterday.
acme.sh is still supposed to do the right thing when you use --renew with manual mode: to instruct you with what new records you should create by hand.
Iâve been testing with 2.8.4 and what @jlgr is doing should be working. The same thing is documented on the wiki.
Have you tried acme.sh --upgrade and trying again?
If it still doesnât work then, we can ask neilpang about it.
Of course. I actually have manually renewed my cert several times.
But itâs not working this time. The difference is that I got the TXT record serveral days ago, and I was not able to put it into the DNS server. Then, today I issued again the command for the renewal, I put the TXT records into the DNS and then Iâve got the âexpired authorizationâ message
And Iâve done it several times. As I said in a previous reply, this time things went different because I wasnât able to put the TXT record into the DNS, and then I re-issued the acme.sh command âŚ
First (some days ago), I run the acme.sh --renew command and I got the new records but I was not able to put them into the DNS
Then, today I re-run the command and I got new (different) records, and I put them into the DNS.
And after that, I re-run the command (to get the certificates) and Iâve got the âexpired authorizationâ message
One potential (albeit hacky) way to work around this issue would be to ditch your ACME account and force acme.sh to register a new one. You would no longer encounter the expired authorization that acme.sh is running into, since itâs attached to the old account.
I ran the upgrade command but still shows me the same version!
./acme.sh/acme.sh --upgrade
[Mon Jan 6 17:03:19 CST 2020] Installing from online archive.
[Mon Jan 6 17:03:19 CST 2020] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Mon Jan 6 17:03:21 CST 2020] Extracting master.tar.gz
[Mon Jan 6 17:03:21 CST 2020] It is recommended to install socat first.
[Mon Jan 6 17:03:21 CST 2020] We use socat for standalone server if you use standalone mode.
[Mon Jan 6 17:03:21 CST 2020] If you donât use standalone mode, just ignore this warning.
[Mon Jan 6 17:03:21 CST 2020] Installing to /root/.acme.sh
[Mon Jan 6 17:03:21 CST 2020] Installed to /root/.acme.sh/acme.sh
[Mon Jan 6 17:03:21 CST 2020] Good, bash is found, so change the shebang to use bash as preferred.
[Mon Jan 6 17:03:21 CST 2020] OK
[Mon Jan 6 17:03:21 CST 2020] Install success!
[Mon Jan 6 17:03:21 CST 2020] Upgrade success!
[root@ansible ~]# ./acme.sh/acme.sh --version https://github.com/Neilpang/acme.sh
v2.8.2
It didnât work. here is the output (sign failed):
[Tue Jan 7 11:48:01 CST 2020] Renew: â.c3.unam.mxâ
[Tue Jan 7 11:48:02 CST 2020] Single domain=â.c3.unam.mxâ
[Tue Jan 7 11:48:02 CST 2020] Getting domain auth token for each domain
[Tue Jan 7 11:48:02 CST 2020] Verifying: *.c3.unam.mx
[Tue Jan 7 11:48:05 CST 2020] Success
[Tue Jan 7 11:48:05 CST 2020] Verify finished, start to sign.
[Tue Jan 7 11:48:05 CST 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/32825051/1959011235
[Tue Jan 7 11:48:06 CST 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/0425468d826130d2cf2ebcb1c8e5cc010ff1
[Tue Jan 7 11:50:06 CST 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Tue Jan 7 11:50:06 CST 2020] Sign failed:
[Tue Jan 7 11:50:06 CST 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Tue Jan 7 11:50:06 CST 2020] The dns manual mode can not renew automatically, you must issue it again manually. Youâd better use the other modes instead.