Hi,
I am trying to use acme.sh and i had it working and then decided to try again and now my domain keeps on stating it can’t get validated. i use dns-01 and i can see in the log it logs in into the dns provider, sets the TX, i can see the TXT record, i can also see the TXT record with google dig but when it tests with cloudflare it fails and it keeps on trying and i left it for many minutes.
Here is the log (i have replaced the domain name with mydomain.com)
Debug: Running cmd: acme.sh --issue --ca-file '/root/certs/ca.crt' --cert-file '/root/certs/tls.crt' --fullchain-file '/root/certs/fullchain.crt' --key-file '/root/certs/tls.key' --debug --staging --dns 'dns_gdnsdk' -d *.traefik.mydomain.com
[Wed Dec 18 14:45:34 UTC 2019] Wildcard domain
[Wed Dec 18 14:45:34 UTC 2019] Lets find script dir.
[Wed Dec 18 14:45:34 UTC 2019] _SCRIPT_='/usr/local/bin/acme.sh'
[Wed Dec 18 14:45:34 UTC 2019] _script='/root/.acme.sh/acme.sh'
[Wed Dec 18 14:45:34 UTC 2019] _script_home='/root/.acme.sh'
[Wed Dec 18 14:45:34 UTC 2019] Using default home:/root/.acme.sh
[Wed Dec 18 14:45:34 UTC 2019] Using config home:/acme.sh
https://github.com/Neilpang/acme.sh
v2.8.4
[Wed Dec 18 14:45:34 UTC 2019] Running cmd: issue
[Wed Dec 18 14:45:34 UTC 2019] _main_domain='*.traefik.mydomain.com'
[Wed Dec 18 14:45:34 UTC 2019] _alt_domains='no'
[Wed Dec 18 14:45:34 UTC 2019] Using config home:/acme.sh
[Wed Dec 18 14:45:34 UTC 2019] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Dec 18 14:45:34 UTC 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Dec 18 14:45:34 UTC 2019] DOMAIN_PATH='/acme.sh/*.traefik.mydomain.com'
[Wed Dec 18 14:45:34 UTC 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Dec 18 14:45:34 UTC 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Dec 18 14:45:34 UTC 2019] GET
[Wed Dec 18 14:45:34 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Dec 18 14:45:34 UTC 2019] timeout=
[Wed Dec 18 14:45:34 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:45:35 UTC 2019] ret='0'
[Wed Dec 18 14:45:35 UTC 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change'
[Wed Dec 18 14:45:35 UTC 2019] ACME_NEW_AUTHZ
[Wed Dec 18 14:45:35 UTC 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Dec 18 14:45:35 UTC 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Wed Dec 18 14:45:35 UTC 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed Dec 18 14:45:35 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Wed Dec 18 14:45:35 UTC 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Dec 18 14:45:35 UTC 2019] ACME_VERSION='2'
[Wed Dec 18 14:45:35 UTC 2019] _on_before_issue
[Wed Dec 18 14:45:35 UTC 2019] _chk_main_domain='*.traefik.mydomain.com'
[Wed Dec 18 14:45:35 UTC 2019] _chk_alt_domains
[Wed Dec 18 14:45:35 UTC 2019] Le_LocalAddress
[Wed Dec 18 14:45:35 UTC 2019] d='*.traefik.mydomain.com'
[Wed Dec 18 14:45:35 UTC 2019] Check for domain='*.traefik.mydomain.com'
[Wed Dec 18 14:45:35 UTC 2019] _currentRoot='dns_gdnsdk'
[Wed Dec 18 14:45:35 UTC 2019] d
[Wed Dec 18 14:45:35 UTC 2019] config file is empty, can not read CA_KEY_HASH
[Wed Dec 18 14:45:35 UTC 2019] Using config home:/acme.sh
[Wed Dec 18 14:45:35 UTC 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Dec 18 14:45:35 UTC 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Wed Dec 18 14:45:35 UTC 2019] Use default length 2048
[Wed Dec 18 14:45:35 UTC 2019] length='2048'
[Wed Dec 18 14:45:35 UTC 2019] Using config home:/acme.sh
[Wed Dec 18 14:45:35 UTC 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Dec 18 14:45:35 UTC 2019] Use length 2048
[Wed Dec 18 14:45:35 UTC 2019] Using RSA: 2048
[Wed Dec 18 14:45:36 UTC 2019] Create account key ok.
[Wed Dec 18 14:45:36 UTC 2019] RSA key
[Wed Dec 18 14:45:36 UTC 2019] Registering account
[Wed Dec 18 14:45:36 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Wed Dec 18 14:45:36 UTC 2019] payload='{"termsOfServiceAgreed": true}'
[Wed Dec 18 14:45:36 UTC 2019] HEAD
[Wed Dec 18 14:45:36 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Dec 18 14:45:36 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g -I '
[Wed Dec 18 14:45:36 UTC 2019] _ret='0'
[Wed Dec 18 14:45:36 UTC 2019] POST
[Wed Dec 18 14:45:36 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct'
[Wed Dec 18 14:45:36 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:45:37 UTC 2019] _ret='0'
[Wed Dec 18 14:45:37 UTC 2019] code='201'
[Wed Dec 18 14:45:37 UTC 2019] Registered
[Wed Dec 18 14:45:37 UTC 2019] _accUri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/11841604'
[Wed Dec 18 14:45:37 UTC 2019] Calc CA_KEY_HASH='skvdNMvtpHnCVV8Ny7UyRhjqtN8Irfx5Z4nbF5OUmhA='
[Wed Dec 18 14:45:37 UTC 2019] ACCOUNT_THUMBPRINT='4u4XsuNVF7DAu96uoo95ugAXYcrTr1f6j_ydMt48Qes'
[Wed Dec 18 14:45:37 UTC 2019] Read key length:
[Wed Dec 18 14:45:37 UTC 2019] Creating domain key
[Wed Dec 18 14:45:37 UTC 2019] Use DEFAULT_DOMAIN_KEY_LENGTH=2048
[Wed Dec 18 14:45:37 UTC 2019] Using config home:/acme.sh
[Wed Dec 18 14:45:37 UTC 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory'
[Wed Dec 18 14:45:37 UTC 2019] Use length 2048
[Wed Dec 18 14:45:37 UTC 2019] Using RSA: 2048
[Wed Dec 18 14:45:37 UTC 2019] The domain key is here: /acme.sh/*.traefik.mydomain.com/*.traefik.mydomain.com.key
[Wed Dec 18 14:45:37 UTC 2019] _createcsr
[Wed Dec 18 14:45:37 UTC 2019] Single domain='*.traefik.mydomain.com'
[Wed Dec 18 14:45:37 UTC 2019] Getting domain auth token for each domain
[Wed Dec 18 14:45:37 UTC 2019] d
[Wed Dec 18 14:45:37 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Dec 18 14:45:37 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"*.traefik.mydomain.com"}]}'
[Wed Dec 18 14:45:37 UTC 2019] POST
[Wed Dec 18 14:45:37 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order'
[Wed Dec 18 14:45:37 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:45:38 UTC 2019] _ret='0'
[Wed Dec 18 14:45:38 UTC 2019] code='201'
[Wed Dec 18 14:45:38 UTC 2019] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/11841604/66327127'
[Wed Dec 18 14:45:38 UTC 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/11841604/66327127'
[Wed Dec 18 14:45:38 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/27821530'
[Wed Dec 18 14:45:38 UTC 2019] payload
[Wed Dec 18 14:45:38 UTC 2019] POST
[Wed Dec 18 14:45:38 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/27821530'
[Wed Dec 18 14:45:38 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:45:38 UTC 2019] _ret='0'
[Wed Dec 18 14:45:38 UTC 2019] code='200'
[Wed Dec 18 14:45:38 UTC 2019] d='*.traefik.mydomain.com'
[Wed Dec 18 14:45:38 UTC 2019] Getting webroot for domain='*.traefik.mydomain.com'
[Wed Dec 18 14:45:38 UTC 2019] _w='dns_gdnsdk'
[Wed Dec 18 14:45:38 UTC 2019] _currentRoot='dns_gdnsdk'
[Wed Dec 18 14:45:38 UTC 2019] entry='"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/27821530/-oHBaQ","token":"MkYNFnyDqb31sbkgwnrT2Fci_wcghnSQmOWlNE1ITNc"'
[Wed Dec 18 14:45:39 UTC 2019] token='MkYNFnyDqb31sbkgwnrT2Fci_wcghnSQmOWlNE1ITNc'
[Wed Dec 18 14:45:39 UTC 2019] uri='https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/27821530/-oHBaQ'
[Wed Dec 18 14:45:39 UTC 2019] keyauthorization='MkYNFnyDqb31sbkgwnrT2Fci_wcghnSQmOWlNE1ITNc.4u4XsuNVF7DAu96uoo95ugAXYcrTr1f6j_ydMt48Qes'
[Wed Dec 18 14:45:39 UTC 2019] dvlist='*.traefik.mydomain.com#MkYNFnyDqb31sbkgwnrT2Fci_wcghnSQmOWlNE1ITNc.4u4XsuNVF7DAu96uoo95ugAXYcrTr1f6j_ydMt48Qes#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/27821530/-oHBaQ#dns-01#dns_gdnsdk'
[Wed Dec 18 14:45:39 UTC 2019] d
[Wed Dec 18 14:45:39 UTC 2019] vlist='*.traefik.mydomain.com#MkYNFnyDqb31sbkgwnrT2Fci_wcghnSQmOWlNE1ITNc.4u4XsuNVF7DAu96uoo95ugAXYcrTr1f6j_ydMt48Qes#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/27821530/-oHBaQ#dns-01#dns_gdnsdk,'
[Wed Dec 18 14:45:39 UTC 2019] d='*.traefik.mydomain.com'
[Wed Dec 18 14:45:39 UTC 2019] _d_alias
[Wed Dec 18 14:45:39 UTC 2019] txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:45:39 UTC 2019] txt='K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY'
[Wed Dec 18 14:45:39 UTC 2019] d_api='/root/.acme.sh/dnsapi/dns_gdnsdk.sh'
[Wed Dec 18 14:45:39 UTC 2019] Found domain api file: /root/.acme.sh/dnsapi/dns_gdnsdk.sh
[Wed Dec 18 14:45:39 UTC 2019] Adding txt value: K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY for domain: _acme-challenge.traefik.mydomain.com
[Wed Dec 18 14:45:39 UTC 2019] Using gratisdns.dk
[Wed Dec 18 14:45:39 UTC 2019] fulldomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:45:39 UTC 2019] txtvalue='K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY'
[Wed Dec 18 14:45:39 UTC 2019] No cached cookie found
[Wed Dec 18 14:45:39 UTC 2019] Logging into GratisDNS with user mihai
[Wed Dec 18 14:45:39 UTC 2019] POST
[Wed Dec 18 14:45:39 UTC 2019] _post_url='https://admin.gratisdns.com'
[Wed Dec 18 14:45:39 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:45:42 UTC 2019] _ret='0'
[Wed Dec 18 14:45:42 UTC 2019] GET
[Wed Dec 18 14:45:42 UTC 2019] url='https://admin.gratisdns.com?action=dns_primarydns'
[Wed Dec 18 14:45:42 UTC 2019] timeout=
[Wed Dec 18 14:45:42 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:45:42 UTC 2019] ret='0'
[Wed Dec 18 14:45:42 UTC 2019] Root domain: mydomain.com
[Wed Dec 18 14:45:42 UTC 2019] Adding the entry
[Wed Dec 18 14:45:42 UTC 2019] POST
[Wed Dec 18 14:45:42 UTC 2019] _post_url='https://admin.gratisdns.com'
[Wed Dec 18 14:45:42 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:45:43 UTC 2019] _ret='0'
[Wed Dec 18 14:45:43 UTC 2019] The txt record is added: Success.
[Wed Dec 18 14:45:43 UTC 2019] Let's check each dns records now. Sleep 20 seconds first.
[Wed Dec 18 14:46:03 UTC 2019] d='traefik.mydomain.com'
[Wed Dec 18 14:46:03 UTC 2019] txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:03 UTC 2019] aliasDomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:03 UTC 2019] txt='K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY'
[Wed Dec 18 14:46:03 UTC 2019] d_api='/root/.acme.sh/dnsapi/dns_gdnsdk.sh'
[Wed Dec 18 14:46:03 UTC 2019] Checking traefik.mydomain.com for _acme-challenge.traefik.mydomain.com
[Wed Dec 18 14:46:03 UTC 2019] _c_txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:03 UTC 2019] _c_aliasdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:03 UTC 2019] _c_txt='K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY'
[Wed Dec 18 14:46:03 UTC 2019] Detect dns server first.
[Wed Dec 18 14:46:03 UTC 2019] Use cloudflare doh server
[Wed Dec 18 14:46:03 UTC 2019] GET
[Wed Dec 18 14:46:03 UTC 2019] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.traefik.mydomain.com&type=TXT'
[Wed Dec 18 14:46:03 UTC 2019] timeout=
[Wed Dec 18 14:46:03 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:46:03 UTC 2019] ret='0'
[Wed Dec 18 14:46:03 UTC 2019] Not valid yet, let's wait 10 seconds and check next one.
[Wed Dec 18 14:46:03 UTC 2019] _p_txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:03 UTC 2019] Cloudflare purge TXT record for domain _acme-challenge.traefik.mydomain.com
[Wed Dec 18 14:46:03 UTC 2019] POST
[Wed Dec 18 14:46:03 UTC 2019] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.traefik.mydomain.com&type=TXT'
[Wed Dec 18 14:46:03 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:46:03 UTC 2019] _ret='0'
[Wed Dec 18 14:46:13 UTC 2019] Let's wait 10 seconds and check again.
[Wed Dec 18 14:46:23 UTC 2019] d='traefik.mydomain.com'
[Wed Dec 18 14:46:23 UTC 2019] txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:23 UTC 2019] aliasDomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:23 UTC 2019] txt='K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY'
[Wed Dec 18 14:46:23 UTC 2019] d_api='/root/.acme.sh/dnsapi/dns_gdnsdk.sh'
[Wed Dec 18 14:46:23 UTC 2019] Checking traefik.mydomain.com for _acme-challenge.traefik.mydomain.com
[Wed Dec 18 14:46:23 UTC 2019] _c_txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:23 UTC 2019] _c_aliasdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:23 UTC 2019] _c_txt='K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY'
[Wed Dec 18 14:46:23 UTC 2019] Detect dns server first.
[Wed Dec 18 14:46:23 UTC 2019] Use cloudflare doh server
[Wed Dec 18 14:46:23 UTC 2019] GET
[Wed Dec 18 14:46:23 UTC 2019] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.traefik.mydomain.com&type=TXT'
[Wed Dec 18 14:46:23 UTC 2019] timeout=
[Wed Dec 18 14:46:23 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:46:23 UTC 2019] ret='0'
[Wed Dec 18 14:46:23 UTC 2019] Not valid yet, let's wait 10 seconds and check next one.
[Wed Dec 18 14:46:23 UTC 2019] _p_txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:23 UTC 2019] Cloudflare purge TXT record for domain _acme-challenge.traefik.mydomain.com
[Wed Dec 18 14:46:23 UTC 2019] POST
[Wed Dec 18 14:46:23 UTC 2019] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.traefik.mydomain.com&type=TXT'
[Wed Dec 18 14:46:23 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:46:24 UTC 2019] _ret='0'
[Wed Dec 18 14:46:34 UTC 2019] Let's wait 10 seconds and check again.
[Wed Dec 18 14:46:44 UTC 2019] d='traefik.mydomain.com'
[Wed Dec 18 14:46:44 UTC 2019] txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:44 UTC 2019] aliasDomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:44 UTC 2019] txt='K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY'
[Wed Dec 18 14:46:44 UTC 2019] d_api='/root/.acme.sh/dnsapi/dns_gdnsdk.sh'
[Wed Dec 18 14:46:44 UTC 2019] Checking traefik.mydomain.com for _acme-challenge.traefik.mydomain.com
[Wed Dec 18 14:46:44 UTC 2019] _c_txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:44 UTC 2019] _c_aliasdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:44 UTC 2019] _c_txt='K2Tb1oL5sldGDBEL4hPvBNkAvg1YkVYM25mTVIZTMFY'
[Wed Dec 18 14:46:44 UTC 2019] Detect dns server first.
[Wed Dec 18 14:46:44 UTC 2019] Use cloudflare doh server
[Wed Dec 18 14:46:44 UTC 2019] GET
[Wed Dec 18 14:46:44 UTC 2019] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.traefik.mydomain.com&type=TXT'
[Wed Dec 18 14:46:44 UTC 2019] timeout=
[Wed Dec 18 14:46:44 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:46:44 UTC 2019] ret='0'
[Wed Dec 18 14:46:44 UTC 2019] Not valid yet, let's wait 10 seconds and check next one.
[Wed Dec 18 14:46:44 UTC 2019] _p_txtdomain='_acme-challenge.traefik.mydomain.com'
[Wed Dec 18 14:46:44 UTC 2019] Cloudflare purge TXT record for domain _acme-challenge.traefik.mydomain.com
[Wed Dec 18 14:46:44 UTC 2019] POST
[Wed Dec 18 14:46:44 UTC 2019] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.traefik.mydomain.com&type=TXT'
[Wed Dec 18 14:46:44 UTC 2019] _CURL='curl -L --silent --dump-header /acme.sh/http.header -g '
[Wed Dec 18 14:46:44 UTC 2019] _ret='0'
[Wed Dec 18 14:46:54 UTC 2019] Let's wait 10 seconds and check again.
Any idea what i am doing wrong ?
/donnib