How do I get a certificate for my mailserver?

My domain is: clonimi.com

I ran this command: None. CyPanel fails to renew the mailserver certificate [1], so I need to know what command I've to run in order to create it manually.

It produced this output: as above

My web server is (include version): Open Litespeed 1.7.18

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: I manage my own VPS on NCheap

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Cyberpanel 2.3 (latest)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): CyPanel doesn't use certbot


CyPanel log:

[05.12.2024_14-37-51] /root/.acme.sh/acme.sh --issue -d example.com -d www.example.com --cert-file /etc/letsencrypt/live/example.com/cert.pem --key-file /etc/letsencrypt/live/example.com/privkey.pem --fullchain-file /etc/letsencrypt/live/example.com/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
[05.12.2024_14-37-56] Successfully obtained SSL for: example.com and: www.example.com
[05.12.2024_14-37-56] {'email@example.com': (550, b'5.1.1 <email@example.com>: Recipient address rejected: User unknown in virtual mailbox table')}

Postfix log:

May  5 19:51:09 server1 postfix/anvil[901637]: statistics: max connection rate 1/60s for (smtp:45.88.90.38) at May  5 19:47:48
May  5 19:51:09 server1 postfix/anvil[901637]: statistics: max connection count 1 for (smtp:45.88.90.38) at May  5 19:47:48
May  5 19:51:09 server1 postfix/anvil[901637]: statistics: max cache size 1 at May  5 19:47:48
May  5 19:52:53 server1 postfix/smtpd[901810]: connect from unknown[xxx.118.xxx.118]
May  5 19:52:54 server1 postfix/smtpd[901810]: warning: unknown[xxx.118.xxx.118]: SASL LOGIN authentication failed: Invalid authentication mechanism
May  5 19:52:54 server1 postfix/smtpd[901810]: lost connection after AUTH from unknown[xxx.118.39.xxx]
May  5 19:52:54 server1 postfix/smtpd[901810]: disconnect from unknown[xxx.118.39.xxx] ehlo=1 auth=0/1 commands=1/2 
May  5 20:08:14 server1 postfix/anvil[902275]: statistics: max cache size 1 at May  5 20:04:54
May  5 20:11:02 server1 postfix/qmgr[807922]: 65404107D65: from=<>, size=3105, nrcpt=1 (queue active)
May  5 20:13:14 server1 postfix/smtp[902555]: 65404107D65: host natwest.co.uk[13.107.213.69] refused to talk to me: 421 Downstream server error
May  5 20:15:07 server1 dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol (no auth attempts in 1 secs): user=<>, rip=xxx.210.31.172, lip=xxx.254.xxx.239, TLS handshaking: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol, session=<7UTom7oXjMrN0h+s>
May  5 20:15:20 server1 postfix/smtpd[902677]: connect from unknown[xxx.32.xxx.80]
May  5 20:15:20 server1 postfix/smtpd[902677]: warning: unknown[xxx.32.xxx.80]: SASL LOGIN authentication failed: Invalid authentication mechanism
May  5 20:15:21 server1 postfix/smtpd[902677]: lost connection after AUTH from unknown[xxx.32.xxx.80]


SSL emails are not working for this domain, I shared the error in Thunderbird, and here is the error in Laravel:

Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000086:SSL routines::certificate verify failed

When I re-issue SSL Mailserver in CyPanel, the following got updated, but the cert Error remains.

smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem

A bug in CyPanel prevents the mailserver certificate to be renewed on all my domains. [1]
That's why, I'm trying to renew LE certificate manually.
Can you please share the command ? Many thanks

[1]


Isn't this the same problem you asked about before at below thread?

Did you post on the CyberPanel community about getting your new cert?

2 Likes

Yes it is.
But this time I've filled the survey so perhaps someone can help?
I got no reply from CyPanel community.
Is it so hard to generate a mail certificate with LE? Thanks

Not usually :slight_smile:

You last got a cert for mail.clonimi.com on Jan30. What things have changed since then?

For example, have you updated software? Or reconfigured your web server or cPanel?

Your log entries for getting a cert are not the mail cert. Do you have any log entries for the mail cert?

Please stop hiding information. It just makes us have to guess and domain names and IP addresses are not secrets. That info is in the public domain.

3 Likes

I didn't update CyPanel or any software on the server.
The mail-cert expired on 28-Apr, probably a bug in CyPanel didn't renew it, so I'm unable to send/receive emails. I've pasted below the email logs.
What log entry would help you to understand this issue ?

Many thanks

May 17 13:48:26 server1 postfix/smtpd[487767]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 13:48:26 server1 postfix/smtpd[487767]: fatal: no SASL authentication mechanisms
May 17 13:48:26 server1 postfix/smtpd[487768]: connect from dignified.monitoring.internet-measurement.com[87.236.176.135]
May 17 13:48:26 server1 postfix/smtpd[487768]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 13:48:26 server1 postfix/smtpd[487768]: fatal: no SASL authentication mechanisms
May 17 13:48:27 server1 postfix/master[20862]: warning: process /usr/lib/postfix/sbin/smtpd pid 487767 exit status 1
May 17 13:48:27 server1 postfix/master[20862]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
May 17 13:48:27 server1 postfix/master[20862]: warning: process /usr/lib/postfix/sbin/smtpd pid 487768 exit status 1
May 17 13:49:27 server1 postfix/smtpd[487792]: connect from fetching.monitoring.internet-measurement.com[87.236.176.111]
May 17 13:49:27 server1 postfix/smtpd[487792]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 13:49:27 server1 postfix/smtpd[487792]: fatal: no SASL authentication mechanisms
May 17 13:49:28 server1 postfix/master[20862]: warning: process /usr/lib/postfix/sbin/smtpd pid 487792 exit status 1
May 17 13:49:28 server1 postfix/master[20862]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
May 17 13:51:08 server1 postfix/anvil[487333]: statistics: max connection rate 2/60s for (smtp:87.236.176.111) at May 17 13:47:24
May 17 13:51:08 server1 postfix/anvil[487333]: statistics: max connection count 2 for (smtp:87.236.176.111) at May 17 13:47:24
May 17 13:51:08 server1 postfix/anvil[487333]: statistics: max cache size 3 at May 17 13:45:23
May 17 13:51:41 server1 postfix/smtpd[487849]: connect from mail-qt1-f193.google.com[209.85.160.193]
May 17 13:51:41 server1 postfix/smtpd[487849]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 13:51:41 server1 postfix/smtpd[487849]: fatal: no SASL authentication mechanisms
May 17 13:51:42 server1 postfix/master[20862]: warning: process /usr/lib/postfix/sbin/smtpd pid 487849 exit status 1
May 17 13:51:42 server1 postfix/master[20862]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
May 17 13:52:42 server1 postfix/smtpd[487874]: connect from mail-koreacentralazolkn19010001.outbound.protection.outlook.com[52.103.74.1]
May 17 13:52:42 server1 postfix/smtpd[487874]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 13:52:42 server1 postfix/smtpd[487874]: fatal: no SASL authentication mechanisms
May 17 13:52:43 server1 postfix/master[20862]: warning: process /usr/lib/postfix/sbin/smtpd pid 487874 exit status 1
May 17 13:52:43 server1 postfix/master[20862]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
May 17 13:54:23 server1 postfix/anvil[487851]: statistics: max connection rate 1/60s for (smtp:209.85.160.193) at May 17 13:51:41
May 17 13:54:23 server1 postfix/anvil[487851]: statistics: max connection count 1 for (smtp:209.85.160.193) at May 17 13:51:41
May 17 13:54:23 server1 postfix/anvil[487851]: statistics: max cache size 1 at May 17 13:51:41
May 17 13:55:18 server1 postfix/submission/smtpd[487939]: warning: hostname static.vnpt.vn does not resolve to address 113.161.158.10
May 17 13:55:18 server1 postfix/submission/smtpd[487939]: connect from unknown[113.161.158.10]
May 17 13:55:18 server1 postfix/submission/smtpd[487939]: disconnect from unknown[113.161.158.10] ehlo=1 auth=0/1 quit=1 commands=2/3
May 17 13:55:24 server1 postfix/smtpd[487942]: connect from mail-psaapc01on2119.outbound.protection.outlook.com[40.107.255.119]
May 17 13:55:24 server1 postfix/smtpd[487942]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 13:55:24 server1 postfix/smtpd[487942]: fatal: no SASL authentication mechanisms
May 17 13:55:25 server1 postfix/master[20862]: warning: process /usr/lib/postfix/sbin/smtpd pid 487942 exit status 1
May 17 13:55:25 server1 postfix/master[20862]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
May 17 13:58:38 server1 postfix/anvil[487941]: statistics: max connection rate 1/60s for (submission:113.161.158.10) at May 17 13:55:18
May 17 13:58:38 server1 postfix/anvil[487941]: statistics: max connection count 1 for (submission:113.161.158.10) at May 17 13:55:18
May 17 13:58:38 server1 postfix/anvil[487941]: statistics: max cache size 2 at May 17 13:55:24
May 17 14:01:02 server1 postfix/smtpd[488113]: connect from smtp11-ukb-sp2.mta.salesforce.com[101.53.164.218]
May 17 14:01:02 server1 postfix/smtpd[488113]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 14:01:02 server1 postfix/smtpd[488113]: fatal: no SASL authentication mechanisms
May 17 14:01:03 server1 postfix/master[20862]: warning: process /usr/lib/postfix/sbin/smtpd pid 488113 exit status 1
May 17 14:01:03 server1 postfix/master[20862]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
May 17 14:02:03 server1 postfix/smtpd[488144]: connect from smtp13-ar3-sp1.mta.salesforce.com[160.8.30.236]
May 17 14:02:03 server1 postfix/smtpd[488144]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 14:02:03 server1 postfix/smtpd[488144]: fatal: no SASL authentication mechanisms
May 17 14:02:04 server1 postfix/master[20862]: warning: process /usr/lib/postfix/sbin/smtpd pid 488144 exit status 1
May 17 14:02:04 server1 postfix/master[20862]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling

One that shows why your cert request for the mail subdomain fails.

Whatever program you used to get your earlier cert should now have a log about the cert renewal failure.

It is not helpful to see that postfix is using the wrong cert. That is well established :slight_smile:

2 Likes

Hi Mike, thanks for your help.
Please have below some more details.
It looks the acme-challenge didn't work?
Thanks

/root/.acme.sh/acme.sh --issue -d mail.clonimi.com --cert-file /etc/letsencrypt/live/mail.clonimi.com/cert.pem --key-file /etc/letsencrypt/live/mail.clonimi.com/privkey.pem --fullchain-file /etc/letsencrypt/live/mail.clonimi.com/fullchain.pem -w /home/clonimi.com/mail.clonimi.com -k ec-256 --force --server letsencrypt  --log

[Fri May 17 02:43:19 PM UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:19 PM UTC 2024] Single domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Getting webroot for domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Verifying: mail.clonimi.com
[Fri May 17 02:43:21 PM UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Fri May 17 02:43:24 PM UTC 2024] Invalid status, mail.clonimi.com:Verify error detail:162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404
[Fri May 17 02:43:24 PM UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log

acme.sh.log:

[Fri May 17 02:43:18 PM UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
[Fri May 17 02:43:18 PM UTC 2024] Running cmd: issue
[Fri May 17 02:43:18 PM UTC 2024] _main_domain='mail.clonimi.com'
[Fri May 17 02:43:18 PM UTC 2024] _alt_domains='no'
[Fri May 17 02:43:18 PM UTC 2024] Using config home:/root/.acme.sh
[Fri May 17 02:43:18 PM UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 17 02:43:18 PM UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri May 17 02:43:18 PM UTC 2024] _ACME_SERVER_PATH='directory'
[Fri May 17 02:43:18 PM UTC 2024] DOMAIN_PATH='/root/.acme.sh/mail.clonimi.com_ecc'
[Fri May 17 02:43:18 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'dns'
[Fri May 17 02:43:18 PM UTC 2024] Le_NextRenewTime='1711670896'
[Fri May 17 02:43:18 PM UTC 2024] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:18 PM UTC 2024] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:18 PM UTC 2024] GET
[Fri May 17 02:43:18 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 17 02:43:18 PM UTC 2024] timeout=
[Fri May 17 02:43:18 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:18 PM UTC 2024] ret='0'
[Fri May 17 02:43:18 PM UTC 2024] response='{
  "KrvW24m5Bow": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri May 17 02:43:18 PM UTC 2024] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_AUTHZ
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri May 17 02:43:18 PM UTC 2024] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri May 17 02:43:18 PM UTC 2024] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf'
[Fri May 17 02:43:18 PM UTC 2024] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri May 17 02:43:19 PM UTC 2024] _on_before_issue
[Fri May 17 02:43:19 PM UTC 2024] _chk_main_domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _chk_alt_domains
[Fri May 17 02:43:19 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'no'
[Fri May 17 02:43:19 PM UTC 2024] Le_LocalAddress
[Fri May 17 02:43:19 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] Check for domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] d
[Fri May 17 02:43:19 PM UTC 2024] '/home/clonimi.com/mail.clonimi.com' does not contain 'apache'
[Fri May 17 02:43:19 PM UTC 2024] _saved_account_key_hash='/HEb0OyWpQ1QRs94zHwynO3fqHwKuWBI+M2XemIef5I='
[Fri May 17 02:43:19 PM UTC 2024] _saved_account_key_hash is not changed, skip register account.
[Fri May 17 02:43:19 PM UTC 2024] Read key length:ec-256
[Fri May 17 02:43:19 PM UTC 2024] _createcsr
[Fri May 17 02:43:19 PM UTC 2024] domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] domainlist
[Fri May 17 02:43:19 PM UTC 2024] csrkey='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.key'
[Fri May 17 02:43:19 PM UTC 2024] csr='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.csr'
[Fri May 17 02:43:19 PM UTC 2024] csrconf='/root/.acme.sh/mail.clonimi.com_ecc/mail.clonimi.com.csr.conf'
[Fri May 17 02:43:19 PM UTC 2024] Single domain='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] _csr_cn='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] Getting domain auth token for each domain
[Fri May 17 02:43:19 PM UTC 2024] seg='mail'
[Fri May 17 02:43:19 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:19 PM UTC 2024] _idn_temp
[Fri May 17 02:43:19 PM UTC 2024] d
[Fri May 17 02:43:19 PM UTC 2024] _identifiers='{"type":"dns","value":"mail.clonimi.com"}'
[Fri May 17 02:43:19 PM UTC 2024] _notBefore
[Fri May 17 02:43:19 PM UTC 2024] _notAfter
[Fri May 17 02:43:19 PM UTC 2024] STEP 1, Ordering a Certificate
[Fri May 17 02:43:19 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:19 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:19 PM UTC 2024] payload='{"identifiers": [{"type":"dns","value":"mail.clonimi.com"}]}'
[Fri May 17 02:43:19 PM UTC 2024] EC key
[Fri May 17 02:43:19 PM UTC 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] HEAD
[Fri May 17 02:43:19 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 17 02:43:19 PM UTC 2024] body
[Fri May 17 02:43:19 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:19 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Fri May 17 02:43:19 PM UTC 2024] _ret='0'
[Fri May 17 02:43:19 PM UTC 2024] _headers='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:19 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:19 PM UTC 2024] _CACHED_NONCE='q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c'
[Fri May 17 02:43:19 PM UTC 2024] nonce='q2KSHKoJWBIdEgfe5pFgYIwAOvbIlvQIqEs0xfA4PRzXA3wuw8c'
[Fri May 17 02:43:19 PM UTC 2024] POST
[Fri May 17 02:43:19 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 17 02:43:19 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJxMktTSEtvSldCSWRFZ2ZlNXBGZ1lJd0FPdmJJbHZRSXFFczB4ZkE0UFJ6WEEzd3V3OGMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQzOTY0NjAxNiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Im1haWwuY2xvbmltaS5jb20ifV19", "signature": "ZX0q7JqGRxJRaAdYdsUhDd03xANDGLraYKn27GMohAyLGVidGldyi1FmkivWeCzg_JK9ojU1-lAHsC25tBddaA"}'
[Fri May 17 02:43:19 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:19 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:19 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:20 PM UTC 2024] _ret='0'
[Fri May 17 02:43:20 PM UTC 2024] responseHeaders='HTTP/2 201 
server: nginx
date: Fri, 17 May 2024 14:43:20 GMT
content-type: application/json
content-length: 342
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/1439646016/270199995557
replay-nonce: q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:20 PM UTC 2024] code='201'
[Fri May 17 02:43:20 PM UTC 2024] original='{
  "status": "pending",
  "expires": "2024-05-24T00:07:05Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.clonimi.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557"
}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"status":"pending","expires":"2024-05-24T00:07:05Z","identifiers":[{"type":"dns","value":"mail.clonimi.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557"}'
[Fri May 17 02:43:20 PM UTC 2024] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1439646016/270199995557'
[Fri May 17 02:43:20 PM UTC 2024] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1439646016/270199995557'
[Fri May 17 02:43:20 PM UTC 2024] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] STEP 2, Get the authorizations of each domain
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:20 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] payload
[Fri May 17 02:43:20 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:20 PM UTC 2024] Use _CACHED_NONCE='q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E'
[Fri May 17 02:43:20 PM UTC 2024] nonce='q2KSHKoJ56YHgHHNm-R2C31RS-reBvL4b8REnC1uTYqf_KIhi-E'
[Fri May 17 02:43:20 PM UTC 2024] POST
[Fri May 17 02:43:20 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJxMktTSEtvSjU2WUhnSEhObS1SMkMzMVJTLXJlQnZMNGI4UkVuQzF1VFlxZl9LSWhpLUUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM1MTY2NzA1MDQ1NyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQzOTY0NjAxNiJ9", "payload": "", "signature": "A-lVsIxArxMR2K_TZwqEmIhUV1rvyBMNbYvOKI64U-z8xLtwkjqY2NCFccaWoGcmMz8NrAat9cqZzRr5mxIADw"}'
[Fri May 17 02:43:20 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:20 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:20 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:20 PM UTC 2024] _ret='0'
[Fri May 17 02:43:20 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:20 GMT
content-type: application/json
content-length: 800
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:20 PM UTC 2024] code='200'
[Fri May 17 02:43:20 PM UTC 2024] original='{
  "identifier": {
    "type": "dns",
    "value": "mail.clonimi.com"
  },
  "status": "pending",
  "expires": "2024-05-24T00:07:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
    }
  ]
}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}'
[Fri May 17 02:43:20 PM UTC 2024] _d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _authorizations_map='mail.clonimi.com,{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457
'
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] Getting webroot for domain='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _w='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _is_idn_d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] _idn_temp
[Fri May 17 02:43:20 PM UTC 2024] _candidates='mail.clonimi.com,{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"pending","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/RyJNyw","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/CgB5KQ","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"'
[Fri May 17 02:43:20 PM UTC 2024] token='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U'
[Fri May 17 02:43:20 PM UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] keyauthorization='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] dvlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] d
[Fri May 17 02:43:20 PM UTC 2024] vlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457,'
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] ok, let's start to verify
[Fri May 17 02:43:20 PM UTC 2024] Verifying: mail.clonimi.com
[Fri May 17 02:43:20 PM UTC 2024] d='mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] keyauthorization='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:20 PM UTC 2024] _currentRoot='/home/clonimi.com/mail.clonimi.com'
[Fri May 17 02:43:20 PM UTC 2024] wellknown_path='/home/clonimi.com/mail.clonimi.com/.well-known/acme-challenge'
[Fri May 17 02:43:20 PM UTC 2024] writing token:h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U to /home/clonimi.com/mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U
[Fri May 17 02:43:20 PM UTC 2024] Trigger domain validation.
[Fri May 17 02:43:20 PM UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] _t_key_authz='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:20 PM UTC 2024] _t_vtype='http-01'
[Fri May 17 02:43:20 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:20 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:20 PM UTC 2024] payload='{}'
[Fri May 17 02:43:20 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:20 PM UTC 2024] Use _CACHED_NONCE='q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0'
[Fri May 17 02:43:20 PM UTC 2024] nonce='q2KSHKoJQ-QsSYGx8Wmhr39F79qN5hfiYQjKtzk-cqDtQJujDC0'
[Fri May 17 02:43:21 PM UTC 2024] POST
[Fri May 17 02:43:21 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:21 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJxMktTSEtvSlEtUXNTWUd4OFdtaHIzOUY3OXFONWhmaVlRakt0emstY3FEdFFKdWpEQzAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM1MTY2NzA1MDQ1Ny9JRnJveUEiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0Mzk2NDYwMTYifQ", "payload": "e30", "signature": "_tWd6oZkc0CoP9WRri7EduY7t9T0FpJ08_KqP_qXvuaMztYI1O0kEatqWyvVoJyVxq6Kq24tM3BR4H4CKn8xRw"}'
[Fri May 17 02:43:21 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:21 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:21 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:21 PM UTC 2024] _ret='0'
[Fri May 17 02:43:21 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:21 GMT
content-type: application/json
content-length: 187
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA
replay-nonce: YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:21 PM UTC 2024] code='200'
[Fri May 17 02:43:21 PM UTC 2024] original='{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
  "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"
}'
[Fri May 17 02:43:21 PM UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] trigger validation code: 200
[Fri May 17 02:43:21 PM UTC 2024] Lets check the status of the authz
[Fri May 17 02:43:21 PM UTC 2024] original='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U"}'
[Fri May 17 02:43:21 PM UTC 2024] status='pending'
[Fri May 17 02:43:21 PM UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Fri May 17 02:43:21 PM UTC 2024] sleep 2 secs to verify again
[Fri May 17 02:43:24 PM UTC 2024] checking
[Fri May 17 02:43:24 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:24 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:24 PM UTC 2024] payload
[Fri May 17 02:43:24 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:24 PM UTC 2024] Use _CACHED_NONCE='YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io'
[Fri May 17 02:43:24 PM UTC 2024] nonce='YEjsK0piqGf7epfJYMod9oxgT5ER_auUuOQ7a5iVxEuqEXIM5io'
[Fri May 17 02:43:24 PM UTC 2024] POST
[Fri May 17 02:43:24 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457'
[Fri May 17 02:43:24 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJZRWpzSzBwaXFHZjdlcGZKWU1vZDlveGdUNUVSX2F1VXVPUTdhNWlWeEV1cUVYSU01aW8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM1MTY2NzA1MDQ1NyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQzOTY0NjAxNiJ9", "payload": "", "signature": "BJHWBfOXykht0NA7aUHRMSsJm3wEFjHm9x01AOGccFsRSiBGGH0gjVYclRbU0gydWYCnSmr7npFI1TXm-8-Iwg"}'
[Fri May 17 02:43:24 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:24 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:24 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:24 PM UTC 2024] _ret='0'
[Fri May 17 02:43:24 PM UTC 2024] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 17 May 2024 14:43:24 GMT
content-type: application/json
content-length: 1035
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Fri May 17 02:43:24 PM UTC 2024] code='200'
[Fri May 17 02:43:24 PM UTC 2024] original='{
  "identifier": {
    "type": "dns",
    "value": "mail.clonimi.com"
  },
  "status": "invalid",
  "expires": "2024-05-24T00:07:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA",
      "token": "h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U",
      "validationRecord": [
        {
          "url": "http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U",
          "hostname": "mail.clonimi.com",
          "port": "80",
          "addressesResolved": [
            "162.254.32.239"
          ],
          "addressUsed": "162.254.32.239"
        }
      ],
      "validated": "2024-05-17T14:43:21Z"
    }
  ]
}'
[Fri May 17 02:43:24 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] original='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] response='{"identifier":{"type":"dns","value":"mail.clonimi.com"},"status":"invalid","expires":"2024-05-24T00:07:05Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA","token":"h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","validationRecord":[{"url":"http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U","hostname":"mail.clonimi.com","port":"80","addressesResolved":["162.254.32.239"],"addressUsed":"162.254.32.239"}],"validated":"2024-05-17T14:43:21Z"}]}'
[Fri May 17 02:43:24 PM UTC 2024] status='invalid
invalid'
[Fri May 17 02:43:24 PM UTC 2024] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404","status": 403'
[Fri May 17 02:43:24 PM UTC 2024] errordetail='162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404'
[Fri May 17 02:43:24 PM UTC 2024] Invalid status, mail.clonimi.com:Verify error detail:162.254.32.239: Invalid response from http://mail.clonimi.com/.well-known/acme-challenge/h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U: 404
[Fri May 17 02:43:24 PM UTC 2024] pid
[Fri May 17 02:43:24 PM UTC 2024] No need to restore nginx, skip.
[Fri May 17 02:43:24 PM UTC 2024] _clearupdns
[Fri May 17 02:43:24 PM UTC 2024] dns_entries
[Fri May 17 02:43:24 PM UTC 2024] skip dns.
[Fri May 17 02:43:24 PM UTC 2024] _on_issue_err
[Fri May 17 02:43:24 PM UTC 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Fri May 17 02:43:24 PM UTC 2024] _chk_vlist='mail.clonimi.com#h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A#https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA#http-01#/home/clonimi.com/mail.clonimi.com#https://acme-v02.api.letsencrypt.org/acme/authz-v3/351667050457,'
[Fri May 17 02:43:24 PM UTC 2024] start to deactivate authz
[Fri May 17 02:43:24 PM UTC 2024] Trigger domain validation.
[Fri May 17 02:43:24 PM UTC 2024] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] _t_key_authz='h7_V7znwu-sDr3EN3gvlbDGRfTTYTKMBCpX432KkP4U.PGjapsNf9xqki_b31fSUrxZtz8jk7BkkqX3qbcrq8_A'
[Fri May 17 02:43:24 PM UTC 2024] _t_vtype
[Fri May 17 02:43:24 PM UTC 2024] =======Begin Send Signed Request=======
[Fri May 17 02:43:24 PM UTC 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] payload='{}'
[Fri May 17 02:43:24 PM UTC 2024] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 17 02:43:24 PM UTC 2024] Use _CACHED_NONCE='YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw'
[Fri May 17 02:43:24 PM UTC 2024] nonce='YEjsK0piZj5Lgre4_69D96tlSi5RkX7tTBbIC69Mltte5p6syYw'
[Fri May 17 02:43:24 PM UTC 2024] POST
[Fri May 17 02:43:24 PM UTC 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/351667050457/IFroyA'
[Fri May 17 02:43:24 PM UTC 2024] body='{"protected": "eyJub25jZSI6ICJZRWpzSzBwaVpqNUxncmU0XzY5RDk2dGxTaTVSa1g3dFRCYklDNjlNbHR0ZTVwNnN5WXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM1MTY2NzA1MDQ1Ny9JRnJveUEiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0Mzk2NDYwMTYifQ", "payload": "e30", "signature": "LRR17Wcqg1fR1ErmSRdQ9X2SfBLmxXvX6_mHVwpQRXmFeeaU7D8iw8f6-gPxQl6ID4-odKjodG-CYVzw_hEsnQ"}'
[Fri May 17 02:43:24 PM UTC 2024] _postContentType='application/jose+json'
[Fri May 17 02:43:24 PM UTC 2024] Http already initialized.
[Fri May 17 02:43:24 PM UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri May 17 02:43:25 PM UTC 2024] _ret='0'
[Fri May 17 02:43:25 PM UTC 2024] responseHeaders='HTTP/2 400 
server: nginx
date: Fri, 17 May 2024 14:43:25 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 1439646016
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: Tt2XD3cEVFxFWw1gKEb_bHZLPAb7tnHQPrpySmnnNZpuiunU0c4

'
[Fri May 17 02:43:25 PM UTC 2024] code='400'
[Fri May 17 02:43:25 PM UTC 2024] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Fri May 17 02:43:25 PM UTC 2024] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'

1 Like

Correct. You are using an HTTP Challenge so this needs something handling HTTP requests on port 80. You have a LiteSpeed server doing that for your mail subdomain

The "404 Not Found" in the error means that acme.sh created a challenge token in the -w folder you gave it (/home/clonimi.com/mail.clonimi.com). But, when the Let's Encrypt server asked your LiteSpeed for that token your server said it could not find it.

This usually means the folder in the the -w option is not correct.

I am not very good with LiteSpeed but review its config. Make sure when it handles incoming requests for your mail subdomain on port 80 that its document root is the same as the -w folder you used for acme.sh.

3 Likes

Hi Mike, thanks for sharing
Yesterday, while trying to reset the certificate, I deleted the folder:

/etc/letsencrypt/live/mail.clonimi.com

Then in CyPanel I ran again: Issue SSL Mailserver and I got a message confirming that info@clonimi.com had the LE certificate.
But that was not the case, because the folder above is still missing - there are no certificates there.

Note 1: All my other domains do have that folder, and certificates in their respective mail.xxx folder - and emails are working.

Note 2: when I tried to re-issue the certificate for info@clonimi.com with the above folder present , the date of those certificates was updated - I thought the certificate was fine, but no, I got the same error

It looks the "/root/.acme.sh/acme.sh --issue .." command doesn't create that folder.
Is there another way to create it and get the certificates there?

1 Like

You could try running the acme.sh command independently.

But, that may not work well. Often when using a "panel" management system that panel coordinates various components for you. If you modify one of those manually it can make it worse.

I don't know what else to say. The program you have to manage your system is not working well. It did at one point so trying to fix that is probably best option. This forum isn't the place for that though.

3 Likes

OK thanks.
Is there a way to run info@clonimi.com without SSL? (I know is bad but better than nothing)
That's why I tried deleting the folder with those certificates inside.

1 Like

I am not a mail server expert and this forum doesn't focus on that either.

1 Like

It's unadvisable.

Do you want your incoming mail to be transmitted in cleartext?

Do you want your users to send passwords in cleartext when they login?

I have no idea what CyPanel is but you should probably try and find out where their documentation for configuring a certificate is. If you can tell us what you did on Jan 30th, we can probably tell you how to renew the certificate automatically so this doesn't happen again.

3 Likes