Error: "Sign error, wrong status"

My domain is:
grimstveit.no

I ran this command:
$ /usr/local/sbin/acme.sh --issue -d grimstveit.no -d www.grimstveit.no -d mta-sts.grimstveit.no -w /data/www/docs/www.grimstveit.no

It produced this output:
[Thu Sep 30 00:57:59 CEST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Thu Sep 30 00:57:59 CEST 2021] Multi domain='DNS:grimstveit.no,DNS:www.grimstveit.no,DNS:mta-sts.grimstveit.no'
[Thu Sep 30 00:57:59 CEST 2021] Getting domain auth token for each domain
[Thu Sep 30 00:58:03 CEST 2021] Getting webroot for domain='grimstveit.no'
[Thu Sep 30 00:58:03 CEST 2021] Getting webroot for domain='www.grimstveit.no'
[Thu Sep 30 00:58:03 CEST 2021] Getting webroot for domain='mta-sts.grimstveit.no'
[Thu Sep 30 00:58:03 CEST 2021] Verifying: grimstveit.no
[Thu Sep 30 00:58:04 CEST 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Thu Sep 30 00:58:07 CEST 2021] Success
[Thu Sep 30 00:58:07 CEST 2021] Verifying: www.grimstveit.no
[Thu Sep 30 00:58:08 CEST 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Thu Sep 30 00:58:10 CEST 2021] Success
[Thu Sep 30 00:58:10 CEST 2021] Verifying: mta-sts.grimstveit.no
[Thu Sep 30 00:58:11 CEST 2021] Processing, The CA is processing your order, please just wait. (1/30)
[Thu Sep 30 00:58:14 CEST 2021] Success
[Thu Sep 30 00:58:14 CEST 2021] Verify finished, start to sign.
[Thu Sep 30 00:58:14 CEST 2021] Lets finalize the order.
[Thu Sep 30 00:58:14 CEST 2021] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/H_Sj1xvePWMQZXC-n7F9mg/finalize'
[Thu Sep 30 00:58:14 CEST 2021] Order status is processing, lets sleep and retry.
[Thu Sep 30 00:58:14 CEST 2021] Retry after: 15
[Thu Sep 30 00:58:31 CEST 2021] Polling order status: https://acme.zerossl.com/v2/DV90/order/H_Sj1xvePWMQZXC-n7F9mg
[Thu Sep 30 00:58:32 CEST 2021] Sign error, wrong status
[Thu Sep 30 00:58:32 CEST 2021] {"status":"invalid","expires":"2021-12-28T22:58:00Z","identifiers":[{"type":"dns","value":"grimstveit.no"},{"type":"dns","value":"www.grimstveit.no"},{"type":"dns","value":"mta-sts.grimstveit.no"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/sdTVzr-Khx6cmnqjiRClEg","https://acme.zerossl.com/v2/DV90/authz/iErUd3TXptqkgTeWSrAxGg","https://acme.zerossl.com/v2/DV90/authz/jdRL2GD0oehfPBk0Yu_plg"],"finalize":"https://acme.zerossl.com/v2/DV90/order/H_Sj1xvePWMQZXC-n7F9mg/finalize"}
[Thu Sep 30 00:58:32 CEST 2021] Please check log file for more details: /var/log/acme.sh.log

My web server is (include version):

$ apachectl -v
Server version: Apache/2.4.49 (FreeBSD)
Server built:   unknown

The operating system my web server runs on is:

uname -a
FreeBSD core24.grimstveit.no 13.0-RELEASE-p4 FreeBSD 13.0-RELEASE-p4 #8 releng/13.0-n244760-940681634ee: Tue Aug 24 23:02:41 CEST 2021     root@core24.grimstveit.no:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

My hosting provider, if applicable, is: Self hosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site: no

The version of my client is:

$ /usr/local/sbin/acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.0

There is little that we can help you with when the CA in use is not LetsEncrypt.

https://acme.zerossl.com/v2/DV90/authz/sdTVzr-Khx6cmnqjiRClEg
1 Like

@jakobbg, @rg305 is correct but I see you have previously been active Lets Encrypt user. The acme.sh client recently changed and it now defaults to using zerossl as CA. You can specify Lets Encrypt as the ACME CA. If you wish to continue with LE, you can look up the command line option you need for acme.sh (I am sorry I dont recall value off-hand).

https://crt.sh/?q=grimstveit.no

2 Likes
--set-default-ca   Used with '--server', Set the default CA to use.
                   See: https://github.com/acmesh-official/acme.sh/wiki/Server

Try:
acme.sh --set-default-ca --server letsencrypt

7 Likes

@rg305 Thanks for looking it up - dear wife was calling me :slight_smile:

2 Likes

@MikeMcQ Better you than me - LOL

1 Like

Awesome help, thank you! Switched back to Let's Encrypt and now it works :slight_smile: .

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.