Getting fake certs from staging

Every time I try to register account I get a fake cert from the staging server. Please help me.

I ran this command:
sh acme.sh --debug --force --register-account --use-wget --ca-path /opt/etc/ssl/certs

It produced this output:
[Mon Nov 18 13:09:31 MST 2019] Lets find script dir.
[Mon Nov 18 13:09:31 MST 2019] SCRIPT=‘acme.sh’
[Mon Nov 18 13:09:31 MST 2019] _script=’/tmp/mnt/ew/entware/etc/acme/acme.sh’
[Mon Nov 18 13:09:31 MST 2019] _script_home=’/tmp/mnt/ew/entware/etc/acme’
[Mon Nov 18 13:09:31 MST 2019] Using config home:/opt/etc/acme


v2.8.2
[Mon Nov 18 13:09:31 MST 2019] Using config home:/opt/etc/acme
[Mon Nov 18 13:09:31 MST 2019] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Mon Nov 18 13:09:32 MST 2019] Using config home:/opt/etc/acme
[Mon Nov 18 13:09:32 MST 2019] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Mon Nov 18 13:09:32 MST 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov 18 13:09:32 MST 2019] RSA key
[Mon Nov 18 13:09:33 MST 2019] Registering account
[Mon Nov 18 13:09:33 MST 2019] url=‘https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[Mon Nov 18 13:09:33 MST 2019] payload=’{“termsOfServiceAgreed”: true}’
[Mon Nov 18 13:09:34 MST 2019] HEAD
[Mon Nov 18 13:09:34 MST 2019] _post_url=‘https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[Mon Nov 18 13:09:35 MST 2019] _WGET='wget -q --ca-directory=/opt/etc/ssl/certs --content-on-error ’
[Mon Nov 18 13:09:35 MST 2019] No -i support in sed
[Mon Nov 18 13:09:36 MST 2019] _ret=‘0’
[Mon Nov 18 13:09:36 MST 2019] POST
[Mon Nov 18 13:09:36 MST 2019] _post_url=‘https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[Mon Nov 18 13:09:36 MST 2019] _WGET='wget -q --ca-directory=/opt/etc/ssl/certs --content-on-error ’
[Mon Nov 18 13:09:37 MST 2019] No -i support in sed
[Mon Nov 18 13:09:37 MST 2019] _ret=‘0’
[Mon Nov 18 13:09:37 MST 2019] code=‘200’
[Mon Nov 18 13:09:37 MST 2019] Already registered
[Mon Nov 18 13:09:37 MST 2019] _accUri=‘https://acme-staging-v02.api.letsencrypt.org/acme/acct/11597964
[Mon Nov 18 13:09:38 MST 2019] Calc CA_KEY_HASH=‘22MLNh1nJIIskE7ENzQ80BA5PLRHYW2EwL1BujaG41Y=’
[Mon Nov 18 13:09:38 MST 2019] ACCOUNT_THUMBPRINT=‘vNTLCmjJXwYEER77fAoMKKnrwB9UAjq0XM1EnIwY4n8’

My web server is (include version):

nginx

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

1 Like

Hi @scorpiorooster

that's expected. The staging server creates fake certificates. That's not a problem.

PS: Read

The staging environment intermediate certificate (“Fake LE Intermediate X1”) is issued by a root certificate not present in browser/client trust stores. If you wish to modify a test-only client to trust the staging environment for testing purposes you can do so by adding the “Fake LE Root X1” certificate to your testing trust store.

1 Like

I do not want a fake cert

Please show (the relevant output from):
grep -R Le_LinkCert /root/.acme.sh/

1 Like

Please show (the relevant output from):
grep -R Le_LinkCert /root/.acme.sh/ | grep conf

1 Like

grep -R Le_LinkCert /opt/etc/acme/ | grep conf
/opt/etc/acme/acme.sh: _savedomainconf "Le_LinkCert" "$Le_LinkCert"

1 Like

Not what I expected, nor the location I expected…
Please show:
ls -l /opt/etc/acme

1 Like

ls -l /opt/etc/acme
-rw-r–r-- 1 rtr_admi root 1850 Nov 18 12:51 _scratchpad.txt
-rw-r–r-- 1 rtr_admi root 402 Nov 18 14:15 account.conf
-rw-r–r-- 1 rtr_admi root 189237 Nov 18 13:42 acme.sh
-rw-r–r-- 1 rtr_admi root 158 Nov 18 13:42 acme.sh.env
-rw-r–r-- 1 rtr_admi root 1208919 Nov 18 14:15 acme.sh.log
drwxrwxrwx 3 rtr_admi root 4096 Nov 18 13:37 ca
drwxr-xr-x 2 rtr_admi root 4096 Nov 18 12:51 deploy
drwxr-xr-x 2 rtr_admi root 4096 Nov 18 12:51 dnsapi
-rw-r–r-- 1 rtr_admi root 8249 Nov 18 12:51 help.txt
-rw-rw-rw- 1 rtr_admi root 582 Nov 18 14:15 http.header
drwxr-xr-x 2 rtr_admi root 4096 Nov 18 12:51 notify

1 Like

I don’t see the folder for the cert…
Please show:
/opt/etc/acme/acme.sh list

1 Like

/opt/etc/acme/acme.sh list
Main_Domain KeyLength SAN_Domains Created Renew

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.