Getting fake certs from staging

scorpiorooster · November 18, 2019, 8:21pm

Every time I try to register account I get a fake cert from the staging server. Please help me.

I ran this command:
sh acme.sh --debug --force --register-account --use-wget --ca-path /opt/etc/ssl/certs

It produced this output:
[Mon Nov 18 13:09:31 MST 2019] Lets find script dir.
[Mon Nov 18 13:09:31 MST 2019] SCRIPT=‘acme.sh’
[Mon Nov 18 13:09:31 MST 2019] _script=’/tmp/mnt/ew/entware/etc/acme/acme.sh’
[Mon Nov 18 13:09:31 MST 2019] _script_home=’/tmp/mnt/ew/entware/etc/acme’
[Mon Nov 18 13:09:31 MST 2019] Using config home:/opt/etc/acme

v2.8.2
[Mon Nov 18 13:09:31 MST 2019] Using config home:/opt/etc/acme
[Mon Nov 18 13:09:31 MST 2019] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Mon Nov 18 13:09:32 MST 2019] Using config home:/opt/etc/acme
[Mon Nov 18 13:09:32 MST 2019] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory’
[Mon Nov 18 13:09:32 MST 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov 18 13:09:32 MST 2019] RSA key
[Mon Nov 18 13:09:33 MST 2019] Registering account
[Mon Nov 18 13:09:33 MST 2019] url=‘https://acme-staging-v02.api.letsencrypt.org/acme/new-acct’
[Mon Nov 18 13:09:33 MST 2019] payload=’{“termsOfServiceAgreed”: true}’
[Mon Nov 18 13:09:34 MST 2019] HEAD
[Mon Nov 18 13:09:34 MST 2019] _post_url=‘https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce’
[Mon Nov 18 13:09:35 MST 2019] _WGET='wget -q --ca-directory=/opt/etc/ssl/certs --content-on-error ’
[Mon Nov 18 13:09:35 MST 2019] No -i support in sed
[Mon Nov 18 13:09:36 MST 2019] _ret=‘0’
[Mon Nov 18 13:09:36 MST 2019] POST
[Mon Nov 18 13:09:36 MST 2019] _post_url=‘https://acme-staging-v02.api.letsencrypt.org/acme/new-acct’
[Mon Nov 18 13:09:36 MST 2019] _WGET='wget -q --ca-directory=/opt/etc/ssl/certs --content-on-error ’
[Mon Nov 18 13:09:37 MST 2019] No -i support in sed
[Mon Nov 18 13:09:37 MST 2019] _ret=‘0’
[Mon Nov 18 13:09:37 MST 2019] code=‘200’
[Mon Nov 18 13:09:37 MST 2019] Already registered
[Mon Nov 18 13:09:37 MST 2019] _accUri=‘https://acme-staging-v02.api.letsencrypt.org/acme/acct/11597964’
[Mon Nov 18 13:09:38 MST 2019] Calc CA_KEY_HASH=‘22MLNh1nJIIskE7ENzQ80BA5PLRHYW2EwL1BujaG41Y=’
[Mon Nov 18 13:09:38 MST 2019] ACCOUNT_THUMBPRINT=‘vNTLCmjJXwYEER77fAoMKKnrwB9UAjq0XM1EnIwY4n8’

My web server is (include version):

nginx

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

JuergenAuer · November 18, 2019, 8:27pm

Hi @scorpiorooster

that's expected. The staging server creates fake certificates. That's not a problem.

PS: Read

The staging environment intermediate certificate (“Fake LE Intermediate X1”) is issued by a root certificate not present in browser/client trust stores. If you wish to modify a test-only client to trust the staging environment for testing purposes you can do so by adding the “Fake LE Root X1” certificate to your testing trust store.

scorpiorooster · November 18, 2019, 8:32pm

I do not want a fake cert

rg305 · November 18, 2019, 8:39pm

Please show (the relevant output from):
grep -R Le_LinkCert /root/.acme.sh/

rg305 · November 18, 2019, 8:48pm

Please show (the relevant output from):
grep -R Le_LinkCert /root/.acme.sh/ | grep conf

scorpiorooster · November 18, 2019, 8:57pm

grep -R Le_LinkCert /opt/etc/acme/ | grep conf
/opt/etc/acme/acme.sh: _savedomainconf "Le_LinkCert" "$Le_LinkCert"

rg305 · November 18, 2019, 8:59pm

Not what I expected, nor the location I expected…
Please show:
ls -l /opt/etc/acme

scorpiorooster · November 18, 2019, 9:21pm

ls -l /opt/etc/acme
-rw-r–r-- 1 rtr_admi root 1850 Nov 18 12:51 _scratchpad.txt
-rw-r–r-- 1 rtr_admi root 402 Nov 18 14:15 account.conf
-rw-r–r-- 1 rtr_admi root 189237 Nov 18 13:42 acme.sh
-rw-r–r-- 1 rtr_admi root 158 Nov 18 13:42 acme.sh.env
-rw-r–r-- 1 rtr_admi root 1208919 Nov 18 14:15 acme.sh.log
drwxrwxrwx 3 rtr_admi root 4096 Nov 18 13:37 ca
drwxr-xr-x 2 rtr_admi root 4096 Nov 18 12:51 deploy
drwxr-xr-x 2 rtr_admi root 4096 Nov 18 12:51 dnsapi
-rw-r–r-- 1 rtr_admi root 8249 Nov 18 12:51 help.txt
-rw-rw-rw- 1 rtr_admi root 582 Nov 18 14:15 http.header
drwxr-xr-x 2 rtr_admi root 4096 Nov 18 12:51 notify

rg305 · November 18, 2019, 9:41pm

I don’t see the folder for the cert…
Please show:
/opt/etc/acme/acme.sh list

scorpiorooster · November 18, 2019, 10:09pm

/opt/etc/acme/acme.sh list
Main_Domain KeyLength SAN_Domains Created Renew

system · December 18, 2019, 10:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using --staging and certbot saves stuff in /live directory ?!? Help	15	582	July 27, 2023
Getting a fake acme certificate Help	12	933	April 17, 2023
Cannot register account on Staging server Help	4	1278	August 3, 2018
Getting a valid certificate after staging Help	3	287	May 9, 2024
The letsencrypt staging server is down? Server	3	1687	August 14, 2016

Getting fake certs from staging

Related topics