Error renew example.com_ecc

My domain is: unnecessarilyredacted.club

I ran this command: "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" --ecc --debug

Logs:

v2.8.0
[Thu Aug 16 14:47:11 EDT 2018] ===Starting cron===
[Thu Aug 16 14:47:11 EDT 2018] Renew: 'example.com'
[Thu Aug 16 14:47:13 EDT 2018] Multi domain='DNS:example.com,DNS:.example.com'
[Thu Aug 16 14:47:13 EDT 2018] Getting domain auth token for each domain
[Thu Aug 16 14:47:16 EDT 2018] Getting webroot for domain='example.com'
[Thu Aug 16 14:47:16 EDT 2018] Getting webroot for domain='
.example.com'
[Thu Aug 16 14:47:16 EDT 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Thu Aug 16 14:47:17 EDT 2018] Adding record
[Thu Aug 16 14:47:18 EDT 2018] Added, OK
[Thu Aug 16 14:47:18 EDT 2018] Sleep 120 seconds for the txt records to take effect
[Thu Aug 16 14:49:18 EDT 2018] example.com is already verified, skip dns-01.
[Thu Aug 16 14:49:18 EDT 2018] Verifying:.example.com
[Thu Aug 16 14:49:22 EDT 2018] Removing DNS records.
[Thu Aug 16 14:49:26 EDT 2018] Renew: 'example.com'
[Thu Aug 16 14:49:27 EDT 2018] Multi domain='DNS:example.com,DNS:
.example.com'
[Thu Aug 16 14:49:27 EDT 2018] Getting domain auth token for each domain
[Thu Aug 16 14:49:31 EDT 2018] Getting webroot for domain='example.com'
[Thu Aug 16 14:49:31 EDT 2018] Getting webroot for domain='.example.com'
[Thu Aug 16 14:49:31 EDT 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Thu Aug 16 14:49:32 EDT 2018] Adding record
[Thu Aug 16 14:49:33 EDT 2018] Added, OK
[Thu Aug 16 14:49:33 EDT 2018] Sleep 120 seconds for the txt records to take effect
[Thu Aug 16 14:51:33 EDT 2018] example.com is already verified, skip dns-01.
[Thu Aug 16 14:51:33 EDT 2018] Verifying:
.example.com
[Thu Aug 16 14:51:37 EDT 2018] Removing DNS records.
[Thu Aug 16 14:51:41 EDT 2018] ===End cron===

Debug:
[Thu Aug 16 14:49:27 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 14:49:27 EDT 2018] d
[Thu Aug 16 14:49:27 EDT 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Aug 16 14:49:27 EDT 2018] Read key length:ec-256
[Thu Aug 16 14:49:27 EDT 2018] createcsr
[Thu Aug 16 14:49:27 EDT 2018] d='*.example
._com'
[Thu Aug 16 14:49:27 EDT 2018] d
[Thu Aug 16 14:49:27 EDT 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Aug 16 14:49:27 EDT 2018] payload='{"identifiers": [{"type":"dns","value":"example
.com"},{"type":"dns","value":"*.example._com"}]}'
[Thu Aug 16 14:49:27 EDT 2018] RSA key
[Thu Aug 16 14:49:27 EDT 2018] HEAD
[Thu Aug 16 14:49:27 EDT 2018] _post_url='https://acme-v02.api.letsencrypt._org/acme/new-nonce'
[Thu Aug 16 14:49:28 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:49:28 EDT 2018] _ret='0'
[Thu Aug 16 14:49:28 EDT 2018] POST
[Thu Aug 16 14:49:28 EDT 2018] _post_url='https://acme-v02.api.letsencrypt._org/acme/new-order'
[Thu Aug 16 14:49:28 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:49:29 EDT 2018] _ret='0'
[Thu Aug 16 14:49:29 EDT 2018] code='201'
[Thu Aug 16 14:49:29 EDT 2018] Le_OrderFinalize='https://acme-v02.api.letsencrypt._org/acme/finalize/35174842/39923309'
[Thu Aug 16 14:49:29 EDT 2018] GET
[Thu Aug 16 14:49:29 EDT 2018] url='https://acme-v02.api.letsencrypt._org/acme/authz/FeZYA5w0IU4lingti8jCOXNx5517wZd-EPj_lIYPk9c'
[Thu Aug 16 14:49:29 EDT 2018] timeout=
[Thu Aug 16 14:49:29 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:49:30 EDT 2018] ret='0'
[Thu Aug 16 14:49:30 EDT 2018] GET
[Thu Aug 16 14:49:30 EDT 2018] url='https://acme-v02.api.letsencrypt._org/acme/authz/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw'
[Thu Aug 16 14:49:30 EDT 2018] timeout=
[Thu Aug 16 14:49:30 EDT 2018] CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:49:30 EDT 2018] ret='0'
[Thu Aug 16 14:49:31 EDT 2018] d='example
._com'
[Thu Aug 16 14:49:31 EDT 2018] _w='dns_cf'
[Thu Aug 16 14:49:31 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 14:49:31 EDT 2018] entry='"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/FeZYA5w0IU4lingti8jCOXNx5517wZd-EPj_lIYPk9c/6515051652","token":"9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBOHXDmY6UDyo","validationRecord":[{"hostname":"example._com"'
[Thu Aug 16 14:49:31 EDT 2018] token='9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBOHXDmY6UDyo'
[Thu Aug 16 14:49:31 EDT 2018] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/FeZYA5w0IU4lingti8jCOXNx5517wZd-EPj_lIYPk9c/6515051652'
[Thu Aug 16 14:49:31 EDT 2018] keyauthorization='9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBOHXDmY6UDyo.d1E_QCux882jc_fHb7saPJeN9s4P7j3YybtknbYDMBs'
[Thu Aug 16 14:49:31 EDT 2018] example
.com is already verified.
[Thu Aug 16 14:49:31 EDT 2018] keyauthorization='verified_ok'
[Thu Aug 16 14:49:31 EDT 2018] dvlist='example
._com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/challenge/FeZYA5w0IU4lingti8jCOXNx5517wZd-EPj_lIYPk9c/6515051652#dns-01#dns_cf'
[Thu Aug 16 14:49:31 EDT 2018] d='*.example
._com'
[Thu Aug 16 14:49:31 EDT 2018] _w='dns_cf'
[Thu Aug 16 14:49:31 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 14:49:31 EDT 2018] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt._org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974","token":"hdTj0d_Ay1_Y946Sh7YkqDgpm3omc821ApkiIgEPoe0"'
[Thu Aug 16 14:49:31 EDT 2018] token='hdTj0d_Ay1_Y946Sh7YkqDgpm3omc821ApkiIgEPoe0'
[Thu Aug 16 14:49:31 EDT 2018] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974'
[Thu Aug 16 14:49:31 EDT 2018] keyauthorization='hdTj0d_Ay1_Y946Sh7YkqDgpm3omc821ApkiIgEPoe0.d1E_QCux882jc_fHb7saPJeN9s4P7j3YybtknbYDMBs'
[Thu Aug 16 14:49:31 EDT 2018] dvlist='*.example
._com#hdTj0d_Ay1_Y946Sh7YkqDgpm3omc821ApkiIgEPoe0.d1E_QCux882jc_fHb7saPJeN9s4P7j3YybtknbYDMBs#https://acme-v02.api.letsencrypt.org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974#dns-01#dns_cf'
[Thu Aug 16 14:49:31 EDT 2018] d
[Thu Aug 16 14:49:31 EDT 2018] vlist='example
._com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/challenge/FeZYA5w0IU4lingti8jCOXNx5517wZd-EPj_lIYPk9c/6515051652#dns-01#dns_cf,*.example._com#hdTj0d_Ay1_Y946Sh7YkqDgpm3omc821ApkiIgEPoe0.d1E_QCux882jc_fHb7saPJeN9s4P7j3YybtknbYDMBs#https://acme-v02.api.letsencrypt.org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974#dns-01#dns_cf,'
[Thu Aug 16 14:49:31 EDT 2018] d='example
.com'
[Thu Aug 16 14:49:31 EDT 2018] example
.com is already verified, skip dns-01.
[Thu Aug 16 14:49:31 EDT 2018] d='*.example
._com'
[Thu Aug 16 14:49:31 EDT 2018] _d_alias
[Thu Aug 16 14:49:31 EDT 2018] txtdomain='acme-challenge.example.com'
[Thu Aug 16 14:49:31 EDT 2018] txt='izOxoD_gMB2iHZ-qUapvsBXPHUCBrpqCVvlfo0y4Bjs'
[Thu Aug 16 14:49:31 EDT 2018] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Thu Aug 16 14:49:31 EDT 2018] First detect the root zone
[Thu Aug 16 14:49:31 EDT 2018] h='example
.com'
[Thu Aug 16 14:49:31 EDT 2018] zones?name=example
.com
[Thu Aug 16 14:49:31 EDT 2018] GET
[Thu Aug 16 14:49:31 EDT 2018] url='https://api
.cloudflare.com/client/v4/zones?name=example._com'
[Thu Aug 16 14:49:31 EDT 2018] timeout=
[Thu Aug 16 14:49:31 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:49:31 EDT 2018] ret='0'
[Thu Aug 16 14:49:31 EDT 2018] _domain_id='38f6a49fc3801922c77f2603eed9b93c'
[Thu Aug 16 14:49:31 EDT 2018] _sub_domain='_acme-challenge'
[Thu Aug 16 14:49:31 EDT 2018] domain='example._com'
[Thu Aug 16 14:49:31 EDT 2018] Getting txt records
[Thu Aug 16 14:49:31 EDT 2018] zones/38f6a49fc3801922c77f2603eed9b93c/dns_records?type=TXT&name=acme-challenge.example.com
[Thu Aug 16 14:49:31 EDT 2018] GET
[Thu Aug 16 14:49:31 EDT 2018] url='https://api
.cloudflare._com/client/v4/zones/38f6a49fc3801922c77f2603eed9b93c/dns_records?type=TXT&name=acme-challenge.example._com'
[Thu Aug 16 14:49:31 EDT 2018] timeout=
[Thu Aug 16 14:49:31 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:49:32 EDT 2018] ret='0'
[Thu Aug 16 14:49:32 EDT 2018] zones/38f6a49fc3801922c77f2603eed9b93c/dns_records
[Thu Aug 16 14:49:32 EDT 2018] data='{"type":"TXT","name":"acme-challenge.example._com","content":"izOxoD_gMB2iHZ-qUapvsBXPHUCBrpqCVvlfo0y4Bjs","ttl":120}'
[Thu Aug 16 14:49:32 EDT 2018] POST
[Thu Aug 16 14:49:32 EDT 2018] post_url='https://api.cloudflare._com/client/v4/zones/38f6a49fc3801922c77f2603eed9b93c/dns_records'
[Thu Aug 16 14:49:32 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:49:33 EDT 2018] ret='0'
[Thu Aug 16 14:51:33 EDT 2018] ok, let's start to verify
[Thu Aug 16 14:51:33 EDT 2018] d='*.example
._com'
[Thu Aug 16 14:51:33 EDT 2018] keyauthorization='hdTj0d_Ay1_Y946Sh7YkqDgpm3omc821ApkiIgEPoe0.d1E_QCux882jc_fHb7saPJeN9s4P7j3YybtknbYDMBs'
[Thu Aug 16 14:51:33 EDT 2018] uri='https://acme-v02.api.letsencrypt._org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974'
[Thu Aug 16 14:51:33 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 14:51:33 EDT 2018] url='https://acme-v02.api.letsencrypt._org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974'
[Thu Aug 16 14:51:33 EDT 2018] payload='{"keyAuthorization": "hdTj0d_Ay1_Y946Sh7YkqDgpm3omc821ApkiIgEPoe0.d1E_QCux882jc_fHb7saPJeN9s4P7j3YybtknbYDMBs"}'
[Thu Aug 16 14:51:33 EDT 2018] POST
[Thu Aug 16 14:51:33 EDT 2018] _post_url='https://acme-v02.api.letsencrypt._org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974'
[Thu Aug 16 14:51:33 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:51:34 EDT 2018] _ret='0'
[Thu Aug 16 14:51:34 EDT 2018] code='200'
[Thu Aug 16 14:51:34 EDT 2018] trigger validation code: 200
[Thu Aug 16 14:51:34 EDT 2018] sleep 2 secs to verify
[Thu Aug 16 14:51:36 EDT 2018] checking
[Thu Aug 16 14:51:36 EDT 2018] GET
[Thu Aug 16 14:51:36 EDT 2018] url='https://acme-v02.api.letsencrypt._org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974'
[Thu Aug 16 14:51:36 EDT 2018] timeout=
[Thu Aug 16 14:51:36 EDT 2018] CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:51:37 EDT 2018] ret='0'
[Thu Aug 16 14:51:37 EDT 2018] *.example
.com:Verify error:CAA record for *.example._com prevents issuance
[Thu Aug 16 14:51:37 EDT 2018] Skip for removelevel:
[Thu Aug 16 14:51:37 EDT 2018] pid
[Thu Aug 16 14:51:37 EDT 2018] No need to restore nginx, skip.
[Thu Aug 16 14:51:37 EDT 2018] _clearupdns
[Thu Aug 16 14:51:37 EDT 2018] txt='Sxr4udfrjS53jROI3xYPkGLWZF2C06WyVZe-KiWSwM'
[Thu Aug 16 14:51:37 EDT 2018] example
._com is already verified, skip dns-01.
[Thu Aug 16 14:51:37 EDT 2018] txt='izOxoD_gMB2iHZ-qUapvsBXPHUCBrpqCVvlfo0y4Bjs'
[Thu Aug 16 14:51:37 EDT 2018] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Thu Aug 16 14:51:37 EDT 2018] d_alias
[Thu Aug 16 14:51:37 EDT 2018] First detect the root zone
[Thu Aug 16 14:51:37 EDT 2018] h='example
.com'
[Thu Aug 16 14:51:37 EDT 2018] zones?name=example
.com
[Thu Aug 16 14:51:37 EDT 2018] GET
[Thu Aug 16 14:51:37 EDT 2018] url='https://api
.cloudflare.com/client/v4/zones?name=example._com'
[Thu Aug 16 14:51:37 EDT 2018] timeout=
[Thu Aug 16 14:51:37 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:51:38 EDT 2018] ret='0'
[Thu Aug 16 14:51:38 EDT 2018] _domain_id='38f6a49fc3801922c77f2603eed9b93c'
[Thu Aug 16 14:51:38 EDT 2018] _sub_domain='_acme-challenge'
[Thu Aug 16 14:51:38 EDT 2018] domain='example._com'
[Thu Aug 16 14:51:38 EDT 2018] Getting txt records
[Thu Aug 16 14:51:38 EDT 2018] zones/38f6a49fc3801922c77f2603eed9b93c/dns_records?type=TXT&name=acme-challenge.example.com&content=izOxoD_gMB2iHZ-qUapvsBXPHUCBrpqCVvlfo0y4Bjs
[Thu Aug 16 14:51:38 EDT 2018] GET
[Thu Aug 16 14:51:38 EDT 2018] url='https://api
.cloudflare._com/client/v4/zones/38f6a49fc3801922c77f2603eed9b93c/dns_records?type=TXT&name=acme-challenge.example._com&content=izOxoD_gMB2iHZ-qUapvsBXPHUCBrpqCVvlfo0y4Bjs'
[Thu Aug 16 14:51:38 EDT 2018] timeout=
[Thu Aug 16 14:51:38 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:51:38 EDT 2018] ret='0'
[Thu Aug 16 14:51:38 EDT 2018] count='1'
[Thu Aug 16 14:51:38 EDT 2018] record_id='0294668b447af0336e72c3e06cua7b95'
[Thu Aug 16 14:51:38 EDT 2018] zones/38f6a49fc3801922c77f2603eed9b93c/dns_records/0294668b447af0336e72c3e06cua7b95
[Thu Aug 16 14:51:38 EDT 2018] data
[Thu Aug 16 14:51:38 EDT 2018] DELETE
[Thu Aug 16 14:51:38 EDT 2018] post_url='https://api.cloudflare._com/client/v4/zones/38f6a49fc3801922c77f2603eed9b93c/dns_records/0294668b447af0336e72c3e06cua7b95'
[Thu Aug 16 14:51:38 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:51:39 EDT 2018] _ret='0'
[Thu Aug 16 14:51:39 EDT 2018] _on_issue_err
[Thu Aug 16 14:51:39 EDT 2018] Please add '--debug' or '--log' to check more details.
[Thu Aug 16 14:51:39 EDT 2018] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
[Thu Aug 16 14:51:39 EDT 2018] url='https://acme-v02.api.letsencrypt._org/acme/challenge/FeZYA5w0IU4lingti8jCOXNx5517wZd-EPj_lIYPk9c/6515051652'
[Thu Aug 16 14:51:39 EDT 2018] payload='{"keyAuthorization": "verified_ok"}'
[Thu Aug 16 14:51:39 EDT 2018] POST
[Thu Aug 16 14:51:39 EDT 2018] _post_url='https://acme-v02.api.letsencrypt._org/acme/challenge/FeZYA5w0IU4lingti8jCOXNx5517wZd-EPj_lIYPk9c/6515051652'
[Thu Aug 16 14:51:39 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:51:40 EDT 2018] _ret='0'
[Thu Aug 16 14:51:40 EDT 2018] code='200'
[Thu Aug 16 14:51:40 EDT 2018] url='https://acme-v02.api.letsencrypt._org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974'
[Thu Aug 16 14:51:40 EDT 2018] payload='{"keyAuthorization": "hdTj0d_Ay1_Y946Sh7YkqDgpm3omc821ApkiIgEPoe0.d1E_QCux882jc_fHb7saPJeN9s4P7j3YybtknbYDMBs"}'
[Thu Aug 16 14:51:40 EDT 2018] POST
[Thu Aug 16 14:51:40 EDT 2018] _post_url='https://acme-v02.api.letsencrypt._org/acme/challenge/DAC7WfNrKAtyN1m2XcCa0MYMsyP57NBKtpCz9qYARaw/6532039974'
[Thu Aug 16 14:51:40 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Aug 16 14:51:41 EDT 2018] ret='0'
[Thu Aug 16 14:51:41 EDT 2018] code='400'
[Thu Aug 16 14:51:41 EDT 2018] socat doesn't exists.
[Thu Aug 16 14:51:41 EDT 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2g 1 Mar 2016
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
socat:
[Thu Aug 16 14:51:41 EDT 2018] Return code: 1
[Thu Aug 16 14:51:41 EDT 2018] Error renew example
._com_ecc.

Could you try again with the --debug flag and show us the more verbose log?

[Thu Aug 16 16:22:12 EDT 2018] Lets find script dir.
[Thu Aug 16 16:22:12 EDT 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Thu Aug 16 16:22:12 EDT 2018] _script='/root/.acme.sh/acme.sh'
[Thu Aug 16 16:22:12 EDT 2018] _script_home='/root/.acme.sh'
[Thu Aug 16 16:22:12 EDT 2018] Using config home:/root/.acme.sh
https://github.com/Neilpang/acme.sh
v2.8.0
[Thu Aug 16 16:22:12 EDT 2018] Using config home:/root/.acme.sh
[Thu Aug 16 16:22:12 EDT 2018] ACME_DIRECTORY='https://_acme-v01_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:22:12 EDT 2018] ===Starting cron===
[Thu Aug 16 16:22:12 EDT 2018] Using config home:/root/.acme.sh
[Thu Aug 16 16:22:12 EDT 2018] ACME_DIRECTORY='https://_acme-v01_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:22:12 EDT 2018] _stopRenewOnError
[Thu Aug 16 16:22:12 EDT 2018] di='/root/.acme.sh/example_._com/'
[Thu Aug 16 16:22:12 EDT 2018] d='example_._com'
[Thu Aug 16 16:22:12 EDT 2018] Using config home:/root/.acme.sh
[Thu Aug 16 16:22:12 EDT 2018] ACME_DIRECTORY='https://_acme-v01_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:22:12 EDT 2018] DOMAIN_PATH='/root/.acme.sh/example_._com'
[Thu Aug 16 16:22:12 EDT 2018] Renew: 'example_._com'
[Thu Aug 16 16:22:12 EDT 2018] Le_API='https://_acme-v02_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:22:12 EDT 2018] Using config home:/root/.acme.sh
[Thu Aug 16 16:22:12 EDT 2018] ACME_DIRECTORY='https://_acme-v02_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:22:12 EDT 2018] _main_domain='example_._com'
[Thu Aug 16 16:22:12 EDT 2018] _alt_domains='*.example_._com'
[Thu Aug 16 16:22:12 EDT 2018] Using ACME_DIRECTORY: https://_acme-v02_._api_._letsencrypt_._org/directory
[Thu Aug 16 16:22:12 EDT 2018] _init api for server: https://_acme-v02_._api_._letsencrypt_._org/directory
[Thu Aug 16 16:22:12 EDT 2018] GET
[Thu Aug 16 16:22:12 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:22:12 EDT 2018] timeout=
[Thu Aug 16 16:22:12 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:22:13 EDT 2018] ret='0'
[Thu Aug 16 16:22:13 EDT 2018] ACME_KEY_CHANGE='https://_acme-v02_._api_._letsencrypt_._org/acme/key-change'
[Thu Aug 16 16:22:13 EDT 2018] ACME_NEW_AUTHZ
[Thu Aug 16 16:22:13 EDT 2018] ACME_NEW_ORDER='https://_acme-v02_._api_._letsencrypt_._org/acme/new-order'
[Thu Aug 16 16:22:13 EDT 2018] ACME_NEW_ACCOUNT='https://_acme-v02_._api_._letsencrypt_._org/acme/new-acct'
[Thu Aug 16 16:22:13 EDT 2018] ACME_REVOKE_CERT='https://_acme-v02_._api_._letsencrypt_._org/acme/revoke-cert'
[Thu Aug 16 16:22:13 EDT 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Aug 16 16:22:13 EDT 2018] ACME_NEW_NONCE='https://_acme-v02_._api_._letsencrypt_._org/acme/new-nonce'
[Thu Aug 16 16:22:13 EDT 2018] ACME_VERSION='2'
[Thu Aug 16 16:22:13 EDT 2018] Le_NextRenewTime='1531761103'
[Thu Aug 16 16:22:14 EDT 2018] _on_before_issue
[Thu Aug 16 16:22:14 EDT 2018] _chk_main_domain='example_._com'
[Thu Aug 16 16:22:14 EDT 2018] _chk_alt_domains='*.example_._com'
[Thu Aug 16 16:22:14 EDT 2018] Le_LocalAddress
[Thu Aug 16 16:22:14 EDT 2018] d='example_._com'
[Thu Aug 16 16:22:14 EDT 2018] Check for domain='example_._com'
[Thu Aug 16 16:22:14 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:22:14 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:22:14 EDT 2018] Check for domain='*.example_._com'
[Thu Aug 16 16:22:14 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:22:14 EDT 2018] d
[Thu Aug 16 16:22:14 EDT 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Aug 16 16:22:14 EDT 2018] Read key length:
[Thu Aug 16 16:22:14 EDT 2018] _createcsr
[Thu Aug 16 16:22:14 EDT 2018] Multi domain='DNS:example_._com,DNS:*.example_._com'
[Thu Aug 16 16:22:14 EDT 2018] Getting domain auth token for each domain
[Thu Aug 16 16:22:14 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:22:14 EDT 2018] d
[Thu Aug 16 16:22:14 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/new-order'
[Thu Aug 16 16:22:14 EDT 2018] payload='{"identifiers": [{"type":"dns","value":"example_._com"},{"type":"dns","value":"*.example_._com"}]}'
[Thu Aug 16 16:22:14 EDT 2018] RSA key
[Thu Aug 16 16:22:14 EDT 2018] HEAD
[Thu Aug 16 16:22:14 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/new-nonce'
[Thu Aug 16 16:22:14 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:22:15 EDT 2018] _ret='0'
[Thu Aug 16 16:22:15 EDT 2018] POST
[Thu Aug 16 16:22:15 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/new-order'
[Thu Aug 16 16:22:15 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:22:15 EDT 2018] _ret='0'
[Thu Aug 16 16:22:15 EDT 2018] code='201'
[Thu Aug 16 16:22:15 EDT 2018] Le_OrderFinalize='https://_acme-v02_._api_._letsencrypt_._org/acme/finalize/35174842/39978042'
[Thu Aug 16 16:22:16 EDT 2018] GET
[Thu Aug 16 16:22:16 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/authz/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c'
[Thu Aug 16 16:22:16 EDT 2018] timeout=
[Thu Aug 16 16:22:16 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:22:16 EDT 2018] ret='0'
[Thu Aug 16 16:22:16 EDT 2018] GET
[Thu Aug 16 16:22:16 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/authz/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4'
[Thu Aug 16 16:22:16 EDT 2018] timeout=
[Thu Aug 16 16:22:16 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:22:17 EDT 2018] ret='0'
[Thu Aug 16 16:22:17 EDT 2018] d='example_._com'
[Thu Aug 16 16:22:17 EDT 2018] Getting webroot for domain='example_._com'
[Thu Aug 16 16:22:17 EDT 2018] _w='dns_cf'
[Thu Aug 16 16:22:17 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:22:17 EDT 2018] entry='"type":"dns-01","status":"valid","url":"https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652","token":"9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBHHXDmY6UDyo","validationRecord":[{"hostname":"example_._com"'
[Thu Aug 16 16:22:17 EDT 2018] token='9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBHHXDmY6UDyo'
[Thu Aug 16 16:22:17 EDT 2018] uri='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652'
[Thu Aug 16 16:22:17 EDT 2018] keyauthorization='9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBHHXDmY6UDyo.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs'
[Thu Aug 16 16:22:17 EDT 2018] example_._com is already verified.
[Thu Aug 16 16:22:17 EDT 2018] keyauthorization='verified_ok'
[Thu Aug 16 16:22:17 EDT 2018] dvlist='example_._com#verified_ok#https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652#dns-01#dns_cf'
[Thu Aug 16 16:22:17 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:22:17 EDT 2018] Getting webroot for domain='*.example_._com'
[Thu Aug 16 16:22:17 EDT 2018] _w='dns_cf'
[Thu Aug 16 16:22:17 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:22:17 EDT 2018] entry='"type":"dns-01","status":"pending","url":"https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084","token":"a7UciUg1A_0kNs4qH6x-2AF8DaOjGpPN-47YAw-09Qc"'
[Thu Aug 16 16:22:17 EDT 2018] token='a7UciUg1A_0kNs4qH6x-2AF8DaOjGpPN-47YAw-09Qc'
[Thu Aug 16 16:22:17 EDT 2018] uri='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084'
[Thu Aug 16 16:22:17 EDT 2018] keyauthorization='a7UciUg1A_0kNs4qH6x-2AF8DaOjGpPN-47YAw-09Qc.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs'
[Thu Aug 16 16:22:17 EDT 2018] dvlist='*.example_._com#a7UciUg1A_0kNs4qH6x-2AF8DaOjGpPN-47YAw-09Qc.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs#https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084#dns-01#dns_cf'
[Thu Aug 16 16:22:17 EDT 2018] d
[Thu Aug 16 16:22:17 EDT 2018] vlist='example_._com#verified_ok#https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652#dns-01#dns_cf,*.example_._com#a7UciUg1A_0kNs4qH6x-2AF8DaOjGpPN-47YAw-09Qc.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs#https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084#dns-01#dns_cf,'
[Thu Aug 16 16:22:17 EDT 2018] d='example_._com'
[Thu Aug 16 16:22:17 EDT 2018] example_._com is already verified, skip dns-01.
[Thu Aug 16 16:22:17 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:22:17 EDT 2018] _d_alias
[Thu Aug 16 16:22:17 EDT 2018] txtdomain='_acme-challenge.example_._com'
[Thu Aug 16 16:22:17 EDT 2018] txt='YgAWqCn2oD7w1KCYNo0JWDwUFqk08PRwyK-RSf7awGI'
[Thu Aug 16 16:22:17 EDT 2018] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Thu Aug 16 16:22:17 EDT 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Thu Aug 16 16:22:17 EDT 2018] First detect the root zone
[Thu Aug 16 16:22:17 EDT 2018] h='example_._com'
[Thu Aug 16 16:22:17 EDT 2018] zones?name=example_._com
[Thu Aug 16 16:22:17 EDT 2018] GET
[Thu Aug 16 16:22:17 EDT 2018] url='https://api.cloudflare.com/client/v4/zones?name=example_._com'
[Thu Aug 16 16:22:17 EDT 2018] timeout=
[Thu Aug 16 16:22:17 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:22:18 EDT 2018] ret='0'
[Thu Aug 16 16:22:18 EDT 2018] _domain_id='38f6a49fc3801922e37f2603eed9b93c'
[Thu Aug 16 16:22:18 EDT 2018] _sub_domain='_acme-challenge'
[Thu Aug 16 16:22:18 EDT 2018] _domain='example_._com'
[Thu Aug 16 16:22:18 EDT 2018] Getting txt records
[Thu Aug 16 16:22:18 EDT 2018] zones/38f6a49fc3801922e37f2603eed9b93c/dns_records?type=TXT&name=_acme-challenge.example_._com
[Thu Aug 16 16:22:18 EDT 2018] GET
[Thu Aug 16 16:22:18 EDT 2018] url='https://api.cloudflare.com/client/v4/zones/38f6a49fc3801922e37f2603eed9b93c/dns_records?type=TXT&name=_acme-challenge.example_._com'
[Thu Aug 16 16:22:18 EDT 2018] timeout=
[Thu Aug 16 16:22:18 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:22:19 EDT 2018] ret='0'
[Thu Aug 16 16:22:19 EDT 2018] Adding record
[Thu Aug 16 16:22:19 EDT 2018] zones/38f6a49fc3801922e37f2603eed9b93c/dns_records
[Thu Aug 16 16:22:19 EDT 2018] data='{"type":"TXT","name":"_acme-challenge.example_._com","content":"YgAWqCn2oD7w1KCYNo0JWDwUFqk08PRwyK-RSf7awGI","ttl":120}'
[Thu Aug 16 16:22:19 EDT 2018] POST
[Thu Aug 16 16:22:19 EDT 2018] _post_url='https://api.cloudflare.com/client/v4/zones/38f6a49fc3801922e37f2603eed9b93c/dns_records'
[Thu Aug 16 16:22:19 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:22:20 EDT 2018] _ret='0'
[Thu Aug 16 16:22:20 EDT 2018] Added, OK
[Thu Aug 16 16:22:20 EDT 2018] Sleep 120 seconds for the txt records to take effect
[Thu Aug 16 16:24:20 EDT 2018] ok, let's start to verify
[Thu Aug 16 16:24:20 EDT 2018] example_._com is already verified, skip dns-01.
[Thu Aug 16 16:24:20 EDT 2018] Verifying:*.example_._com
[Thu Aug 16 16:24:20 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:24:20 EDT 2018] keyauthorization='a7UciUg1A_0kNs4qH6x-2AF8DaOjGpPN-47YAw-09Qc.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs'
[Thu Aug 16 16:24:20 EDT 2018] uri='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084'
[Thu Aug 16 16:24:20 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:24:20 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084'
[Thu Aug 16 16:24:20 EDT 2018] payload='{"keyAuthorization": "a7UciUg1A_0kNs4qH6x-2AF8DaOjGpPN-47YAw-09Qc.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs"}'
[Thu Aug 16 16:24:20 EDT 2018] POST
[Thu Aug 16 16:24:20 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084'
[Thu Aug 16 16:24:20 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:20 EDT 2018] _ret='0'
[Thu Aug 16 16:24:20 EDT 2018] code='200'
[Thu Aug 16 16:24:20 EDT 2018] trigger validation code: 200
[Thu Aug 16 16:24:20 EDT 2018] sleep 2 secs to verify
[Thu Aug 16 16:24:22 EDT 2018] checking
[Thu Aug 16 16:24:22 EDT 2018] GET
[Thu Aug 16 16:24:22 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084'
[Thu Aug 16 16:24:22 EDT 2018] timeout=
[Thu Aug 16 16:24:22 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:23 EDT 2018] ret='0'
[Thu Aug 16 16:24:23 EDT 2018] *.example_._com:Verify error:CAA record for *.example_._com prevents issuance
[Thu Aug 16 16:24:23 EDT 2018] Skip for removelevel:
[Thu Aug 16 16:24:23 EDT 2018] pid
[Thu Aug 16 16:24:23 EDT 2018] No need to restore nginx, skip.
[Thu Aug 16 16:24:23 EDT 2018] _clearupdns
[Thu Aug 16 16:24:23 EDT 2018] Removing DNS records.
[Thu Aug 16 16:24:23 EDT 2018] txt='Sxr4udfrjS53jROI3xYPkGLWZF2C06WyVZe-_KiWSwM'
[Thu Aug 16 16:24:23 EDT 2018] example_._com is already verified, skip dns-01.
[Thu Aug 16 16:24:23 EDT 2018] txt='YgAWqCn2oD7w1KCYNo0JWDwUFqk08PRwyK-RSf7awGI'
[Thu Aug 16 16:24:23 EDT 2018] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Thu Aug 16 16:24:23 EDT 2018] _d_alias
[Thu Aug 16 16:24:23 EDT 2018] First detect the root zone
[Thu Aug 16 16:24:23 EDT 2018] h='example_._com'
[Thu Aug 16 16:24:23 EDT 2018] zones?name=example_._com
[Thu Aug 16 16:24:23 EDT 2018] GET
[Thu Aug 16 16:24:23 EDT 2018] url='https://api.cloudflare.com/client/v4/zones?name=example_._com'
[Thu Aug 16 16:24:23 EDT 2018] timeout=
[Thu Aug 16 16:24:23 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:24 EDT 2018] ret='0'
[Thu Aug 16 16:24:24 EDT 2018] _domain_id='38f6a49fc3801922e37f2603eed9b93c'
[Thu Aug 16 16:24:24 EDT 2018] _sub_domain='_acme-challenge'
[Thu Aug 16 16:24:24 EDT 2018] _domain='example_._com'
[Thu Aug 16 16:24:24 EDT 2018] Getting txt records
[Thu Aug 16 16:24:24 EDT 2018] zones/38f6a49fc3801922e37f2603eed9b93c/dns_records?type=TXT&name=_acme-challenge.example_._com&content=YgAWqCn2oD7w1KCYNo0JWDwUFqk08PRwyK-RSf7awGI
[Thu Aug 16 16:24:24 EDT 2018] GET
[Thu Aug 16 16:24:24 EDT 2018] url='https://api.cloudflare.com/client/v4/zones/38f6a49fc3801922e37f2603eed9b93c/dns_records?type=TXT&name=_acme-challenge.example_._com&content=YgAWqCn2oD7w1KCYNo0JWDwUFqk08PRwyK-RSf7awGI'
[Thu Aug 16 16:24:24 EDT 2018] timeout=
[Thu Aug 16 16:24:24 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:25 EDT 2018] ret='0'
[Thu Aug 16 16:24:25 EDT 2018] count='1'
[Thu Aug 16 16:24:25 EDT 2018] record_id='c2ca18a3009ddbd5812562e55b0d6020'
[Thu Aug 16 16:24:25 EDT 2018] zones/38f6a49fc3801922e37f2603eed9b93c/dns_records/c2ca18a3009ddbd5812562e55b0d6020
[Thu Aug 16 16:24:25 EDT 2018] data
[Thu Aug 16 16:24:25 EDT 2018] DELETE
[Thu Aug 16 16:24:25 EDT 2018] _post_url='https://api.cloudflare.com/client/v4/zones/38f6a49fc3801922e37f2603eed9b93c/dns_records/c2ca18a3009ddbd5812562e55b0d6020'
[Thu Aug 16 16:24:25 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:25 EDT 2018] _ret='0'
[Thu Aug 16 16:24:25 EDT 2018] _on_issue_err
[Thu Aug 16 16:24:25 EDT 2018] Please add '--debug' or '--log' to check more details.
[Thu Aug 16 16:24:25 EDT 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Thu Aug 16 16:24:25 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652'
[Thu Aug 16 16:24:25 EDT 2018] payload='{"keyAuthorization": "verified_ok"}'
[Thu Aug 16 16:24:25 EDT 2018] POST
[Thu Aug 16 16:24:25 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652'
[Thu Aug 16 16:24:25 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:26 EDT 2018] _ret='0'
[Thu Aug 16 16:24:26 EDT 2018] code='200'
[Thu Aug 16 16:24:26 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084'
[Thu Aug 16 16:24:26 EDT 2018] payload='{"keyAuthorization": "a7UciUg1A_0kNs4qH6x-2AF8DaOjGpPN-47YAw-09Qc.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs"}'
[Thu Aug 16 16:24:26 EDT 2018] POST
[Thu Aug 16 16:24:26 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/yuRBlkjkYDTjQMJ2PQE35sKnlN9eWxonM4weM9ZLjY4/6533712084'
[Thu Aug 16 16:24:26 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:27 EDT 2018] _ret='0'
[Thu Aug 16 16:24:27 EDT 2018] code='400'
[Thu Aug 16 16:24:27 EDT 2018] socat doesn't exists.
[Thu Aug 16 16:24:27 EDT 2018] Diagnosis versions: 
openssl:openssl
OpenSSL 1.0.2g  1 Mar 2016
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
socat:
[Thu Aug 16 16:24:27 EDT 2018] Return code: 1
[Thu Aug 16 16:24:27 EDT 2018] Error renew example_._com.
[Thu Aug 16 16:24:27 EDT 2018] di='/root/.acme.sh/example_._com_ecc/'
[Thu Aug 16 16:24:27 EDT 2018] d='example_._com_ecc'
[Thu Aug 16 16:24:27 EDT 2018] Using config home:/root/.acme.sh
[Thu Aug 16 16:24:27 EDT 2018] ACME_DIRECTORY='https://_acme-v01_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:24:27 EDT 2018] DOMAIN_PATH='/root/.acme.sh/example_._com_ecc'
[Thu Aug 16 16:24:27 EDT 2018] Renew: 'example_._com'
[Thu Aug 16 16:24:27 EDT 2018] Le_API='https://_acme-v02_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:24:27 EDT 2018] Using config home:/root/.acme.sh
[Thu Aug 16 16:24:27 EDT 2018] ACME_DIRECTORY='https://_acme-v02_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:24:27 EDT 2018] _main_domain='example_._com'
[Thu Aug 16 16:24:27 EDT 2018] _alt_domains='*.example_._com'
[Thu Aug 16 16:24:27 EDT 2018] Using ACME_DIRECTORY: https://_acme-v02_._api_._letsencrypt_._org/directory
[Thu Aug 16 16:24:27 EDT 2018] _init api for server: https://_acme-v02_._api_._letsencrypt_._org/directory
[Thu Aug 16 16:24:27 EDT 2018] GET
[Thu Aug 16 16:24:27 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/directory'
[Thu Aug 16 16:24:27 EDT 2018] timeout=
[Thu Aug 16 16:24:27 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:28 EDT 2018] ret='0'
[Thu Aug 16 16:24:28 EDT 2018] ACME_KEY_CHANGE='https://_acme-v02_._api_._letsencrypt_._org/acme/key-change'
[Thu Aug 16 16:24:28 EDT 2018] ACME_NEW_AUTHZ
[Thu Aug 16 16:24:28 EDT 2018] ACME_NEW_ORDER='https://_acme-v02_._api_._letsencrypt_._org/acme/new-order'
[Thu Aug 16 16:24:28 EDT 2018] ACME_NEW_ACCOUNT='https://_acme-v02_._api_._letsencrypt_._org/acme/new-acct'
[Thu Aug 16 16:24:28 EDT 2018] ACME_REVOKE_CERT='https://_acme-v02_._api_._letsencrypt_._org/acme/revoke-cert'
[Thu Aug 16 16:24:28 EDT 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Aug 16 16:24:28 EDT 2018] ACME_NEW_NONCE='https://_acme-v02_._api_._letsencrypt_._org/acme/new-nonce'
[Thu Aug 16 16:24:28 EDT 2018] ACME_VERSION='2'
[Thu Aug 16 16:24:28 EDT 2018] Le_NextRenewTime='1531761275'
[Thu Aug 16 16:24:28 EDT 2018] _on_before_issue
[Thu Aug 16 16:24:28 EDT 2018] _chk_main_domain='example_._com'
[Thu Aug 16 16:24:28 EDT 2018] _chk_alt_domains='*.example_._com'
[Thu Aug 16 16:24:28 EDT 2018] Le_LocalAddress
[Thu Aug 16 16:24:28 EDT 2018] d='example_._com'
[Thu Aug 16 16:24:28 EDT 2018] Check for domain='example_._com'
[Thu Aug 16 16:24:28 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:24:28 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:24:28 EDT 2018] Check for domain='*.example_._com'
[Thu Aug 16 16:24:28 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:24:28 EDT 2018] d
[Thu Aug 16 16:24:28 EDT 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Aug 16 16:24:28 EDT 2018] Read key length:ec-256
[Thu Aug 16 16:24:28 EDT 2018] _createcsr
[Thu Aug 16 16:24:28 EDT 2018] Multi domain='DNS:example_._com,DNS:*.example_._com'
[Thu Aug 16 16:24:28 EDT 2018] Getting domain auth token for each domain
[Thu Aug 16 16:24:28 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:24:28 EDT 2018] d
[Thu Aug 16 16:24:28 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/new-order'
[Thu Aug 16 16:24:28 EDT 2018] payload='{"identifiers": [{"type":"dns","value":"example_._com"},{"type":"dns","value":"*.example_._com"}]}'
[Thu Aug 16 16:24:28 EDT 2018] RSA key
[Thu Aug 16 16:24:28 EDT 2018] HEAD
[Thu Aug 16 16:24:28 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/new-nonce'
[Thu Aug 16 16:24:28 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:29 EDT 2018] _ret='0'
[Thu Aug 16 16:24:29 EDT 2018] POST
[Thu Aug 16 16:24:29 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/new-order'
[Thu Aug 16 16:24:29 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:30 EDT 2018] _ret='0'
[Thu Aug 16 16:24:30 EDT 2018] code='201'
[Thu Aug 16 16:24:30 EDT 2018] Le_OrderFinalize='https://_acme-v02_._api_._letsencrypt_._org/acme/finalize/35174842/39978848'
[Thu Aug 16 16:24:30 EDT 2018] GET
[Thu Aug 16 16:24:30 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/authz/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c'
[Thu Aug 16 16:24:30 EDT 2018] timeout=
[Thu Aug 16 16:24:30 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:31 EDT 2018] ret='0'
[Thu Aug 16 16:24:31 EDT 2018] GET
[Thu Aug 16 16:24:31 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/authz/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw'
[Thu Aug 16 16:24:31 EDT 2018] timeout=
[Thu Aug 16 16:24:31 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:31 EDT 2018] ret='0'
[Thu Aug 16 16:24:31 EDT 2018] d='example_._com'
[Thu Aug 16 16:24:31 EDT 2018] Getting webroot for domain='example_._com'
[Thu Aug 16 16:24:31 EDT 2018] _w='dns_cf'
[Thu Aug 16 16:24:31 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:24:31 EDT 2018] entry='"type":"dns-01","status":"valid","url":"https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652","token":"9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBHHXDmY6UDyo","validationRecord":[{"hostname":"example_._com"'
[Thu Aug 16 16:24:31 EDT 2018] token='9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBHHXDmY6UDyo'
[Thu Aug 16 16:24:31 EDT 2018] uri='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652'
[Thu Aug 16 16:24:31 EDT 2018] keyauthorization='9kLUAahwgOqs1iTgGdHGGcguO3wzS3hBHHXDmY6UDyo.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs'
[Thu Aug 16 16:24:31 EDT 2018] example_._com is already verified.
[Thu Aug 16 16:24:31 EDT 2018] keyauthorization='verified_ok'
[Thu Aug 16 16:24:31 EDT 2018] dvlist='example_._com#verified_ok#https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652#dns-01#dns_cf'
[Thu Aug 16 16:24:31 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:24:31 EDT 2018] Getting webroot for domain='*.example_._com'
[Thu Aug 16 16:24:31 EDT 2018] _w='dns_cf'
[Thu Aug 16 16:24:31 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:24:31 EDT 2018] entry='"type":"dns-01","status":"pending","url":"https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776","token":"NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw"'
[Thu Aug 16 16:24:32 EDT 2018] token='NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw'
[Thu Aug 16 16:24:32 EDT 2018] uri='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776'
[Thu Aug 16 16:24:32 EDT 2018] keyauthorization='NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs'
[Thu Aug 16 16:24:32 EDT 2018] dvlist='*.example_._com#NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs#https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776#dns-01#dns_cf'
[Thu Aug 16 16:24:32 EDT 2018] d
[Thu Aug 16 16:24:32 EDT 2018] vlist='example_._com#verified_ok#https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652#dns-01#dns_cf,*.example_._com#NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs#https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776#dns-01#dns_cf,'
[Thu Aug 16 16:24:32 EDT 2018] d='example_._com'
[Thu Aug 16 16:24:32 EDT 2018] example_._com is already verified, skip dns-01.
[Thu Aug 16 16:24:32 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:24:32 EDT 2018] _d_alias
[Thu Aug 16 16:24:32 EDT 2018] txtdomain='_acme-challenge.example_._com'
[Thu Aug 16 16:24:32 EDT 2018] txt='t6buZmg74eq2ZFeE_B_dbC4pgOM8PwA5IkIGYmsbNHk'
[Thu Aug 16 16:24:32 EDT 2018] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Thu Aug 16 16:24:32 EDT 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Thu Aug 16 16:24:32 EDT 2018] First detect the root zone
[Thu Aug 16 16:24:32 EDT 2018] h='example_._com'
[Thu Aug 16 16:24:32 EDT 2018] zones?name=example_._com
[Thu Aug 16 16:24:32 EDT 2018] GET
[Thu Aug 16 16:24:32 EDT 2018] url='https://api.cloudflare.com/client/v4/zones?name=example_._com'
[Thu Aug 16 16:24:32 EDT 2018] timeout=
[Thu Aug 16 16:24:32 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:32 EDT 2018] ret='0'
[Thu Aug 16 16:24:32 EDT 2018] _domain_id='38f6a49fc3801922e37f2603eed9b93c'
[Thu Aug 16 16:24:32 EDT 2018] _sub_domain='_acme-challenge'
[Thu Aug 16 16:24:32 EDT 2018] _domain='example_._com'
[Thu Aug 16 16:24:32 EDT 2018] Getting txt records
[Thu Aug 16 16:24:32 EDT 2018] zones/38f6a49fc3801922e37f2603eed9b93c/dns_records?type=TXT&name=_acme-challenge.example_._com
[Thu Aug 16 16:24:32 EDT 2018] GET
[Thu Aug 16 16:24:32 EDT 2018] url='https://api.cloudflare.com/client/v4/zones/38f6a49fc3801922e37f2603eed9b93c/dns_records?type=TXT&name=_acme-challenge.example_._com'
[Thu Aug 16 16:24:32 EDT 2018] timeout=
[Thu Aug 16 16:24:32 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:33 EDT 2018] ret='0'
[Thu Aug 16 16:24:33 EDT 2018] Adding record
[Thu Aug 16 16:24:33 EDT 2018] zones/38f6a49fc3801922e37f2603eed9b93c/dns_records
[Thu Aug 16 16:24:33 EDT 2018] data='{"type":"TXT","name":"_acme-challenge.example_._com","content":"t6buZmg74eq2ZFeE_B_dbC4pgOM8PwA5IkIGYmsbNHk","ttl":120}'
[Thu Aug 16 16:24:33 EDT 2018] POST
[Thu Aug 16 16:24:33 EDT 2018] _post_url='https://api.cloudflare.com/client/v4/zones/38f6a49fc3801922e37f2603eed9b93c/dns_records'
[Thu Aug 16 16:24:33 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:24:34 EDT 2018] _ret='0'
[Thu Aug 16 16:24:34 EDT 2018] Added, OK
[Thu Aug 16 16:24:34 EDT 2018] Sleep 120 seconds for the txt records to take effect
[Thu Aug 16 16:26:34 EDT 2018] ok, let's start to verify
[Thu Aug 16 16:26:34 EDT 2018] example_._com is already verified, skip dns-01.
[Thu Aug 16 16:26:34 EDT 2018] Verifying:*.example_._com
[Thu Aug 16 16:26:34 EDT 2018] d='*.example_._com'
[Thu Aug 16 16:26:34 EDT 2018] keyauthorization='NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs'
[Thu Aug 16 16:26:34 EDT 2018] uri='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776'
[Thu Aug 16 16:26:34 EDT 2018] _currentRoot='dns_cf'
[Thu Aug 16 16:26:34 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776'
[Thu Aug 16 16:26:34 EDT 2018] payload='{"keyAuthorization": "NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs"}'
[Thu Aug 16 16:26:34 EDT 2018] POST
[Thu Aug 16 16:26:34 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776'
[Thu Aug 16 16:26:34 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:26:35 EDT 2018] _ret='0'
[Thu Aug 16 16:26:35 EDT 2018] code='200'
[Thu Aug 16 16:26:35 EDT 2018] trigger validation code: 200
[Thu Aug 16 16:26:35 EDT 2018] sleep 2 secs to verify
[Thu Aug 16 16:26:37 EDT 2018] checking
[Thu Aug 16 16:26:37 EDT 2018] GET
[Thu Aug 16 16:26:37 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776'
[Thu Aug 16 16:26:37 EDT 2018] timeout=
[Thu Aug 16 16:26:37 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:26:37 EDT 2018] ret='0'
[Thu Aug 16 16:26:37 EDT 2018] *.example_._com:Verify error:CAA record for *.example_._com prevents issuance
[Thu Aug 16 16:26:37 EDT 2018] Skip for removelevel:
[Thu Aug 16 16:26:37 EDT 2018] pid
[Thu Aug 16 16:26:37 EDT 2018] No need to restore nginx, skip.
[Thu Aug 16 16:26:37 EDT 2018] _clearupdns
[Thu Aug 16 16:26:37 EDT 2018] Removing DNS records.
[Thu Aug 16 16:26:37 EDT 2018] txt='Sxr4udfrjS53jROI3xYPkGLWZF2C06WyVZe-_KiWSwM'
[Thu Aug 16 16:26:38 EDT 2018] example_._com is already verified, skip dns-01.
[Thu Aug 16 16:26:38 EDT 2018] txt='t6buZmg74eq2ZFeE_B_dbC4pgOM8PwA5IkIGYmsbNHk'
[Thu Aug 16 16:26:38 EDT 2018] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Thu Aug 16 16:26:38 EDT 2018] _d_alias
[Thu Aug 16 16:26:38 EDT 2018] First detect the root zone
[Thu Aug 16 16:26:38 EDT 2018] h='example_._com'
[Thu Aug 16 16:26:38 EDT 2018] zones?name=example_._com
[Thu Aug 16 16:26:38 EDT 2018] GET
[Thu Aug 16 16:26:38 EDT 2018] url='https://api.cloudflare.com/client/v4/zones?name=example_._com'
[Thu Aug 16 16:26:38 EDT 2018] timeout=
[Thu Aug 16 16:26:38 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:26:38 EDT 2018] ret='0'
[Thu Aug 16 16:26:38 EDT 2018] _domain_id='38f6a49fc3801922e37f2603eed9b93c'
[Thu Aug 16 16:26:38 EDT 2018] _sub_domain='_acme-challenge'
[Thu Aug 16 16:26:38 EDT 2018] _domain='example_._com'
[Thu Aug 16 16:26:38 EDT 2018] Getting txt records
[Thu Aug 16 16:26:38 EDT 2018] zones/38f6a49fc3801922e37f2603eed9b93c/dns_records?type=TXT&name=_acme-challenge.example_._com&content=t6buZmg74eq2ZFeE_B_dbC4pgOM8PwA5IkIGYmsbNHk
[Thu Aug 16 16:26:38 EDT 2018] GET
[Thu Aug 16 16:26:38 EDT 2018] url='https://api.cloudflare.com/client/v4/zones/38f6a49fc3801922e37f2603eed9b93c/dns_records?type=TXT&name=_acme-challenge.example_._com&content=t6buZmg74eq2ZFeE_B_dbC4pgOM8PwA5IkIGYmsbNHk'
[Thu Aug 16 16:26:38 EDT 2018] timeout=
[Thu Aug 16 16:26:38 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:26:39 EDT 2018] ret='0'
[Thu Aug 16 16:26:39 EDT 2018] count='1'
[Thu Aug 16 16:26:39 EDT 2018] record_id='9e665f20c076718a9da012078fe87df4'
[Thu Aug 16 16:26:39 EDT 2018] zones/38f6a49fc3801922e37f2603eed9b93c/dns_records/9e665f20c076718a9da012078fe87df4
[Thu Aug 16 16:26:39 EDT 2018] data
[Thu Aug 16 16:26:39 EDT 2018] DELETE
[Thu Aug 16 16:26:39 EDT 2018] _post_url='https://api.cloudflare.com/client/v4/zones/38f6a49fc3801922e37f2603eed9b93c/dns_records/9e665f20c076718a9da012078fe87df4'
[Thu Aug 16 16:26:39 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:26:40 EDT 2018] _ret='0'
[Thu Aug 16 16:26:40 EDT 2018] _on_issue_err
[Thu Aug 16 16:26:40 EDT 2018] Please add '--debug' or '--log' to check more details.
[Thu Aug 16 16:26:40 EDT 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Thu Aug 16 16:26:40 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652'
[Thu Aug 16 16:26:40 EDT 2018] payload='{"keyAuthorization": "verified_ok"}'
[Thu Aug 16 16:26:40 EDT 2018] POST
[Thu Aug 16 16:26:40 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/FeZYA5w0IU4lingti8jPOXNx5517wZd-EPj_lIJPk9c/6515051652'
[Thu Aug 16 16:26:40 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:26:40 EDT 2018] _ret='0'
[Thu Aug 16 16:26:41 EDT 2018] code='200'
[Thu Aug 16 16:26:41 EDT 2018] url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776'
[Thu Aug 16 16:26:41 EDT 2018] payload='{"keyAuthorization": "NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw.d1E_QCux882jc_fHb7saMJeN9s4P7j3YrbtknbYDMBs"}'
[Thu Aug 16 16:26:41 EDT 2018] POST
[Thu Aug 16 16:26:41 EDT 2018] _post_url='https://_acme-v02_._api_._letsencrypt_._org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776'
[Thu Aug 16 16:26:41 EDT 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Thu Aug 16 16:26:41 EDT 2018] _ret='0'
[Thu Aug 16 16:26:41 EDT 2018] code='400'
[Thu Aug 16 16:26:41 EDT 2018] socat doesn't exists.
[Thu Aug 16 16:26:41 EDT 2018] Diagnosis versions: 
openssl:openssl
OpenSSL 1.0.2g  1 Mar 2016
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
socat:
[Thu Aug 16 16:26:41 EDT 2018] Return code: 1
[Thu Aug 16 16:26:41 EDT 2018] Error renew example_._com_ecc.
[Thu Aug 16 16:26:41 EDT 2018] ===End cron===

Checking that challenge URL returns the following:

{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:caa",
    "detail": "CAA record for *.unnecessarilyredacted.club prevents issuance",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/oQZ0agks6p6l_JL-VWl9oOEZjP_lg5CPv6zkgmHLiJw/6533744776",
  "token": "NpLsjASZOhS23pa8Lmh_44p13eTkwFbz3VV32hGHupw",
  "validationRecord": [
    {
      "hostname": "unnecessarilyredacted.club"
    }
  ]
}

It looks like you didn’t allow Let’s Encrypt to issue wildcards for your domain:

;; ANSWER SECTION:
whatever.club.             299     IN      CAA     0 issue "letsencrypt.org"
whatever.club.             299     IN      CAA     0 issue "comodoca.com"
whatever.club.             299     IN      CAA     0 issue "digicert.com"
whatever.club.             299     IN      CAA     0 issue "globalsign.com"
whatever.club.             299     IN      CAA     0 issuewild "comodoca.com"
whatever.club.             299     IN      CAA     0 issuewild "digicert.com"
whatever.club.             299     IN      CAA     0 issuewild "globalsign.com"
2 Likes

[Thu Aug 16 17:40:34 EDT 2018] Diagnosis versions: 
openssl:openssl
OpenSSL 1.0.2g  1 Mar 2016
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
socat:
[Thu Aug 16 17:40:34 EDT 2018] Return code: 1
[Thu Aug 16 17:40:34 EDT 2018] Error renew example_._com_ecc.
[Thu Aug 16 17:40:34 EDT 2018] ===End cron===

Yes, that shows the issue. You don’t have an issuewild allowing Let’s Encrypt to issue wildcard certificates. Only Comodo, DigiCert, and GlobalSign can issue wildcards for this domain.

1 Like

The domain of 9 months worked normally and was automatically extended, but now it does not. Tell me, what do I need to do?

I think I have already reached the limit and will not be able to receive a certificate again for a week?

You need to add a CAA record allowing Let’s Encrypt to issue wildcard certificates for your domain name. You have one that allows it to issue non-wildcards:

unnecessarilyredacted.club. 299 IN CAA 0 issue "letsencrypt.org"

You do not have one that allows issuance for wildcard certificates. That’s what the issuewild records specify. If you want Let’s Encrypt to be able to issue wildcard certificates, you need to add an issuewild "letsencrypt.org" CAA record as well.

2 Likes

Thanks for the help, Jared.

1 Like

Additional: The issuewild property is a little bit tricky.

If there is only an issue - Property, then wildcard certificates are allowed.

But if there is at least one issuewild property, then the issue property must be ignored, if the certificate is a wildcard certificate.

If at least one issuewild property is specified in the relevant CAA record set, all issue properties MUST be ignored when processing a request for a domain that is a wildcard domain.

So only

example.com issue "letsencrypt.org"

as record allows wildcards per letsencrypt. But

example.com issue "letsencrypt.org"
example.com issuewild "anotherCAA.com"

blocks letsencrypt wildcard certificates.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.