HTTP can only be secured by piecing key together

Hello,

I'm trying to make my domain buy.ontariospeeddating.ca as HTTPS. For the rest of this message, I'll call the above domain as (domain).

The only way I am successful is to receive the error about an invalid key, then look at the error log then copy and paste the correct value into a file named as part of the key in the /.well-known/acme-challenge folder.

Rather than me manually piece the key together every 3 months, I need an automated way to do this.

Here's how I got the result that's reproducable:

  1. Ensure everything under the .well-known folder is deleted from the root of the website (so anyone attempting to access http://(domain)/.well-known/(whatever) receives an error page).

  2. execute curl get.acme.sh | sh on any computer to install the lastest acme.sh

  3. execute acme.sh --insecure --issue -d (domain to secure) --server letsencrypt -w /(local empty writable folder)

This is the output I receive:

[Thu Dec 14 02:55:18 EST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Dec 14 02:55:18 EST 2023] Single domain='ontariospeeddating.ca'
[Thu Dec 14 02:55:18 EST 2023] Getting domain auth token for each domain
[Thu Dec 14 02:55:20 EST 2023] Getting webroot for domain='ontariospeeddating.ca'
[Thu Dec 14 02:55:21 EST 2023] Verifying: ontariospeeddating.ca
[Thu Dec 14 02:55:21 EST 2023] Pending, The CA is processing your order, please just wait. (1/30)
[Thu Dec 14 02:55:25 EST 2023] Invalid status, ontariospeeddating.ca:Verify error detail:The key authorization file from the server did not match this challenge. Expected 
[Thu Dec 14 02:55:25 EST 2023] Please add '--debug' or '--log' to check more details.
[Thu Dec 14 02:55:25 EST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

Then around line 317 it shows that a different key value is expected (in the /.well-known/acme-challenge/) folder but none is created.

What am I doing wrong?

(the log follows)

Here I tried just ontariospeeddating.ca instead of buy.ontariospeeddating.ca but regardless of the domain I still get the same kind of error. Here's the log:

[Thu Dec 14 02:57:21 EST 2023] LE_WORKING_DIR='/root/.acme.sh'
[Thu Dec 14 02:57:21 EST 2023] Running cmd: issue
[Thu Dec 14 02:57:21 EST 2023] _main_domain='ontariospeeddating.ca'
[Thu Dec 14 02:57:21 EST 2023] _alt_domains='no'
[Thu Dec 14 02:57:21 EST 2023] Using config home:/root/.acme.sh
[Thu Dec 14 02:57:21 EST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Dec 14 02:57:21 EST 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Thu Dec 14 02:57:21 EST 2023] _ACME_SERVER_PATH='directory'
[Thu Dec 14 02:57:21 EST 2023] DOMAIN_PATH='/root/.acme.sh/ontariospeeddating.ca_ecc'
[Thu Dec 14 02:57:21 EST 2023] '/tmp' does not contain 'dns'
[Thu Dec 14 02:57:21 EST 2023] Le_NextRenewTime
[Thu Dec 14 02:57:21 EST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Dec 14 02:57:21 EST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Dec 14 02:57:21 EST 2023] GET
[Thu Dec 14 02:57:21 EST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Dec 14 02:57:21 EST 2023] timeout=
[Thu Dec 14 02:57:21 EST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --insecure  '
[Thu Dec 14 02:57:22 EST 2023] ret='0'
[Thu Dec 14 02:57:22 EST 2023] response='{
  "6ay8CaezZH4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Thu Dec 14 02:57:22 EST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu Dec 14 02:57:22 EST 2023] ACME_NEW_AUTHZ
[Thu Dec 14 02:57:22 EST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Dec 14 02:57:22 EST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Dec 14 02:57:22 EST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Dec 14 02:57:22 EST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Thu Dec 14 02:57:22 EST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Dec 14 02:57:22 EST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Dec 14 02:57:22 EST 2023] _on_before_issue
[Thu Dec 14 02:57:22 EST 2023] _chk_main_domain='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] _chk_alt_domains
[Thu Dec 14 02:57:22 EST 2023] '/tmp' does not contain 'no'
[Thu Dec 14 02:57:22 EST 2023] Le_LocalAddress
[Thu Dec 14 02:57:22 EST 2023] d='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] Check for domain='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] _currentRoot='/tmp'
[Thu Dec 14 02:57:22 EST 2023] d
[Thu Dec 14 02:57:22 EST 2023] '/tmp' does not contain 'apache'
[Thu Dec 14 02:57:22 EST 2023] _saved_account_key_hash='08J2LFtfoI7h9c0emJ7efkPNFyzHwIglfNARaTMCBXU='
[Thu Dec 14 02:57:22 EST 2023] _saved_account_key_hash is not changed, skip register account.
[Thu Dec 14 02:57:22 EST 2023] Read key length:ec-256
[Thu Dec 14 02:57:22 EST 2023] _createcsr
[Thu Dec 14 02:57:22 EST 2023] domain='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] domainlist
[Thu Dec 14 02:57:22 EST 2023] csrkey='/root/.acme.sh/ontariospeeddating.ca_ecc/ontariospeeddating.ca.key'
[Thu Dec 14 02:57:22 EST 2023] csr='/root/.acme.sh/ontariospeeddating.ca_ecc/ontariospeeddating.ca.csr'
[Thu Dec 14 02:57:22 EST 2023] csrconf='/root/.acme.sh/ontariospeeddating.ca_ecc/ontariospeeddating.ca.csr.conf'
[Thu Dec 14 02:57:22 EST 2023] Single domain='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] seg='ontariospeeddating'
[Thu Dec 14 02:57:22 EST 2023] _is_idn_d='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] _idn_temp
[Thu Dec 14 02:57:22 EST 2023] _is_idn_d='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] _idn_temp
[Thu Dec 14 02:57:22 EST 2023] _csr_cn='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] seg='ontariospeeddating'
[Thu Dec 14 02:57:22 EST 2023] Getting domain auth token for each domain
[Thu Dec 14 02:57:22 EST 2023] seg='ontariospeeddating'
[Thu Dec 14 02:57:22 EST 2023] _is_idn_d='ontariospeeddating.ca'
[Thu Dec 14 02:57:22 EST 2023] _idn_temp
[Thu Dec 14 02:57:22 EST 2023] d
[Thu Dec 14 02:57:22 EST 2023] _identifiers='{"type":"dns","value":"ontariospeeddating.ca"}'
[Thu Dec 14 02:57:22 EST 2023] _notBefore
[Thu Dec 14 02:57:22 EST 2023] _notAfter
[Thu Dec 14 02:57:22 EST 2023] =======Begin Send Signed Request=======
[Thu Dec 14 02:57:22 EST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Dec 14 02:57:23 EST 2023] payload='{"identifiers": [{"type":"dns","value":"ontariospeeddating.ca"}]}'
[Thu Dec 14 02:57:23 EST 2023] EC key
[Thu Dec 14 02:57:23 EST 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Dec 14 02:57:23 EST 2023] HEAD
[Thu Dec 14 02:57:23 EST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Dec 14 02:57:23 EST 2023] body
[Thu Dec 14 02:57:23 EST 2023] _postContentType='application/jose+json'
[Thu Dec 14 02:57:23 EST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --insecure   -I  '
[Thu Dec 14 02:57:23 EST 2023] _ret='0'
[Thu Dec 14 02:57:23 EST 2023] _headers='HTTP/1.1 200 OK
Server: nginx
Date: Thu, 14 Dec 2023 07:57:28 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: UimiYl39e9A0VGy-KvQ3ufGaA-uGKKVaeTlZ2HcNWUfBGE9xjJs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

'
[Thu Dec 14 02:57:23 EST 2023] _CACHED_NONCE='UimiYl39e9A0VGy-KvQ3ufGaA-uGKKVaeTlZ2HcNWUfBGE9xjJs'
[Thu Dec 14 02:57:23 EST 2023] nonce='UimiYl39e9A0VGy-KvQ3ufGaA-uGKKVaeTlZ2HcNWUfBGE9xjJs'
[Thu Dec 14 02:57:23 EST 2023] POST
[Thu Dec 14 02:57:23 EST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Dec 14 02:57:23 EST 2023] body='{"protected": "eyJub25jZSI6ICJVaW1pWWwzOWU5QTBWR3ktS3ZRM3VmR2FBLXVHS0tWYWVUbFoySGNOV1VmQkdFOXhqSnMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ2NDA5NjE1NiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Im9udGFyaW9zcGVlZGRhdGluZy5jYSJ9XX0", "signature": "Ag3oaesah1MRgNXAPU-dIov71yhVw2M_sqYmAP1kAB_OZyv_CATdUIAVR7hT2hWYfWOM_WwyC4J-vx_GumTY6w"}'
[Thu Dec 14 02:57:23 EST 2023] _postContentType='application/jose+json'
[Thu Dec 14 02:57:23 EST 2023] Http already initialized.
[Thu Dec 14 02:57:23 EST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --insecure  '
[Thu Dec 14 02:57:24 EST 2023] _ret='0'
[Thu Dec 14 02:57:24 EST 2023] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Date: Thu, 14 Dec 2023 07:57:29 GMT
Content-Type: application/json
Content-Length: 347
Connection: keep-alive
Boulder-Requester: 1464096156
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1464096156/229105808976
Replay-Nonce: FHjDOUno5RIt2I4hK7bkwyyLy10P7yR5b4zRSeSxH6mhGqlYl38
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

'
[Thu Dec 14 02:57:24 EST 2023] code='201'
[Thu Dec 14 02:57:24 EST 2023] original='{
  "status": "pending",
  "expires": "2023-12-21T07:57:29Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "ontariospeeddating.ca"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1464096156/229105808976"
}'
[Thu Dec 14 02:57:24 EST 2023] response='{"status":"pending","expires":"2023-12-21T07:57:29Z","identifiers":[{"type":"dns","value":"ontariospeeddating.ca"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1464096156/229105808976"}'
[Thu Dec 14 02:57:24 EST 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1464096156/229105808976'
[Thu Dec 14 02:57:24 EST 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1464096156/229105808976'
[Thu Dec 14 02:57:24 EST 2023] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:24 EST 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:24 EST 2023] =======Begin Send Signed Request=======
[Thu Dec 14 02:57:24 EST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:24 EST 2023] payload
[Thu Dec 14 02:57:24 EST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Thu Dec 14 02:57:24 EST 2023] Use _CACHED_NONCE='FHjDOUno5RIt2I4hK7bkwyyLy10P7yR5b4zRSeSxH6mhGqlYl38'
[Thu Dec 14 02:57:24 EST 2023] nonce='FHjDOUno5RIt2I4hK7bkwyyLy10P7yR5b4zRSeSxH6mhGqlYl38'
[Thu Dec 14 02:57:24 EST 2023] POST
[Thu Dec 14 02:57:24 EST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:24 EST 2023] body='{"protected": "eyJub25jZSI6ICJGSGpET1VubzVSSXQySTRoSzdia3d5eUx5MTBQN3lSNWI0elJTZVN4SDZtaEdxbFlsMzgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI5MzUxMTA0MzY1NiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ2NDA5NjE1NiJ9", "payload": "", "signature": "NG5H3X7xPAgSwPYjJl3UK8hy-ltgaJhenb6HKIVO0DO_ir2rb24BFz7RK_BNfN72CDGNzMnF7ngBPgmiWU9BSw"}'
[Thu Dec 14 02:57:24 EST 2023] _postContentType='application/jose+json'
[Thu Dec 14 02:57:24 EST 2023] Http already initialized.
[Thu Dec 14 02:57:24 EST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --insecure  '
[Thu Dec 14 02:57:25 EST 2023] _ret='0'
[Thu Dec 14 02:57:25 EST 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Thu, 14 Dec 2023 07:57:29 GMT
Content-Type: application/json
Content-Length: 805
Connection: keep-alive
Boulder-Requester: 1464096156
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: vwMFqfCE2xpofpJkMbneCa8gMPN7wgDENwEX26dwc9I2YhD8t5w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

'
[Thu Dec 14 02:57:25 EST 2023] code='200'
[Thu Dec 14 02:57:25 EST 2023] original='{
  "identifier": {
    "type": "dns",
    "value": "ontariospeeddating.ca"
  },
  "status": "pending",
  "expires": "2023-12-21T07:57:29Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg",
      "token": "keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/vhYdAw",
      "token": "keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/fjN1fA",
      "token": "keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"
    }
  ]
}'
[Thu Dec 14 02:57:25 EST 2023] response='{"identifier":{"type":"dns","value":"ontariospeeddating.ca"},"status":"pending","expires":"2023-12-21T07:57:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/vhYdAw","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/fjN1fA","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"}]}'
[Thu Dec 14 02:57:25 EST 2023] response='{"identifier":{"type":"dns","value":"ontariospeeddating.ca"},"status":"pending","expires":"2023-12-21T07:57:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/vhYdAw","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/fjN1fA","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"}]}'
[Thu Dec 14 02:57:25 EST 2023] _d='ontariospeeddating.ca'
[Thu Dec 14 02:57:25 EST 2023] _authorizations_map='ontariospeeddating.ca,{"identifier":{"type":"dns","value":"ontariospeeddating.ca"},"status":"pending","expires":"2023-12-21T07:57:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/vhYdAw","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/fjN1fA","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656
'
[Thu Dec 14 02:57:25 EST 2023] d='ontariospeeddating.ca'
[Thu Dec 14 02:57:25 EST 2023] Getting webroot for domain='ontariospeeddating.ca'
[Thu Dec 14 02:57:25 EST 2023] _w='/tmp'
[Thu Dec 14 02:57:25 EST 2023] _currentRoot='/tmp'
[Thu Dec 14 02:57:25 EST 2023] _is_idn_d='ontariospeeddating.ca'
[Thu Dec 14 02:57:25 EST 2023] _idn_temp
[Thu Dec 14 02:57:25 EST 2023] _candidates='ontariospeeddating.ca,{"identifier":{"type":"dns","value":"ontariospeeddating.ca"},"status":"pending","expires":"2023-12-21T07:57:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/vhYdAw","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/fjN1fA","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:25 EST 2023] response='{"identifier":{"type":"dns","value":"ontariospeeddating.ca"},"status":"pending","expires":"2023-12-21T07:57:29Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/vhYdAw","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/fjN1fA","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:25 EST 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:25 EST 2023] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"'
[Thu Dec 14 02:57:25 EST 2023] token='keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs'
[Thu Dec 14 02:57:25 EST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg'
[Thu Dec 14 02:57:25 EST 2023] keyauthorization='keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc'
[Thu Dec 14 02:57:25 EST 2023] dvlist='ontariospeeddating.ca#keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc#https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg#http-01#/tmp#https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:25 EST 2023] d
[Thu Dec 14 02:57:25 EST 2023] vlist='ontariospeeddating.ca#keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc#https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg#http-01#/tmp#https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656,'
[Thu Dec 14 02:57:25 EST 2023] d='ontariospeeddating.ca'
[Thu Dec 14 02:57:25 EST 2023] ok, let's start to verify
[Thu Dec 14 02:57:25 EST 2023] Verifying: ontariospeeddating.ca
[Thu Dec 14 02:57:25 EST 2023] d='ontariospeeddating.ca'
[Thu Dec 14 02:57:25 EST 2023] keyauthorization='keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc'
[Thu Dec 14 02:57:25 EST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg'
[Thu Dec 14 02:57:25 EST 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:25 EST 2023] _currentRoot='/tmp'
[Thu Dec 14 02:57:25 EST 2023] wellknown_path='/tmp/.well-known/acme-challenge'
[Thu Dec 14 02:57:25 EST 2023] writing token:keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs to /tmp/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs
[Thu Dec 14 02:57:25 EST 2023] Trigger domain validation.
[Thu Dec 14 02:57:25 EST 2023] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg'
[Thu Dec 14 02:57:25 EST 2023] _t_key_authz='keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc'
[Thu Dec 14 02:57:25 EST 2023] _t_vtype='http-01'
[Thu Dec 14 02:57:25 EST 2023] =======Begin Send Signed Request=======
[Thu Dec 14 02:57:25 EST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg'
[Thu Dec 14 02:57:25 EST 2023] payload='{}'
[Thu Dec 14 02:57:25 EST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Thu Dec 14 02:57:25 EST 2023] Use _CACHED_NONCE='vwMFqfCE2xpofpJkMbneCa8gMPN7wgDENwEX26dwc9I2YhD8t5w'
[Thu Dec 14 02:57:25 EST 2023] nonce='vwMFqfCE2xpofpJkMbneCa8gMPN7wgDENwEX26dwc9I2YhD8t5w'
[Thu Dec 14 02:57:25 EST 2023] POST
[Thu Dec 14 02:57:25 EST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg'
[Thu Dec 14 02:57:25 EST 2023] body='{"protected": "eyJub25jZSI6ICJ2d01GcWZDRTJ4cG9mcEprTWJuZUNhOGdNUE43d2dERU53RVgyNmR3YzlJMlloRDh0NXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5MzUxMTA0MzY1Ni9nUkczemciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0NjQwOTYxNTYifQ", "payload": "e30", "signature": "R9KeK_4W6tKxGao2x9VxlROdM54CqXYLlPRTnwNOA9h24HJLUAHFKUBn66RVEVr9mTOQCOXvrjdfGqUB3xhByQ"}'
[Thu Dec 14 02:57:25 EST 2023] _postContentType='application/jose+json'
[Thu Dec 14 02:57:25 EST 2023] Http already initialized.
[Thu Dec 14 02:57:25 EST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --insecure  '
[Thu Dec 14 02:57:26 EST 2023] _ret='0'
[Thu Dec 14 02:57:26 EST 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Thu, 14 Dec 2023 07:57:31 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1464096156
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg
Replay-Nonce: 5L5O4-CScvtagpZwdQUf1UvsGYm3z6B0uVNUf85WeeDMintpxu4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

'
[Thu Dec 14 02:57:26 EST 2023] code='200'
[Thu Dec 14 02:57:26 EST 2023] original='{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg",
  "token": "keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"
}'
[Thu Dec 14 02:57:26 EST 2023] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"}'
[Thu Dec 14 02:57:26 EST 2023] trigger validation code: 200
[Thu Dec 14 02:57:26 EST 2023] Lets check the status of the authz
[Thu Dec 14 02:57:26 EST 2023] original='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"}'
[Thu Dec 14 02:57:26 EST 2023] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs"}'
[Thu Dec 14 02:57:26 EST 2023] status='pending'
[Thu Dec 14 02:57:26 EST 2023] Pending, The CA is processing your order, please just wait. (1/30)
[Thu Dec 14 02:57:26 EST 2023] sleep 2 secs to verify again
[Thu Dec 14 02:57:29 EST 2023] checking
[Thu Dec 14 02:57:29 EST 2023] =======Begin Send Signed Request=======
[Thu Dec 14 02:57:29 EST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:29 EST 2023] payload
[Thu Dec 14 02:57:29 EST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Thu Dec 14 02:57:29 EST 2023] Use _CACHED_NONCE='5L5O4-CScvtagpZwdQUf1UvsGYm3z6B0uVNUf85WeeDMintpxu4'
[Thu Dec 14 02:57:29 EST 2023] nonce='5L5O4-CScvtagpZwdQUf1UvsGYm3z6B0uVNUf85WeeDMintpxu4'
[Thu Dec 14 02:57:29 EST 2023] POST
[Thu Dec 14 02:57:29 EST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656'
[Thu Dec 14 02:57:29 EST 2023] body='{"protected": "eyJub25jZSI6ICI1TDVPNC1DU2N2dGFncFp3ZFFVZjFVdnNHWW0zejZCMHVWTlVmODVXZWVETWludHB4dTQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI5MzUxMTA0MzY1NiIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ2NDA5NjE1NiJ9", "payload": "", "signature": "v5f9nHjAvBMkNAm2W6TWkQqmC2fkBGNnjwQM9_ZMotQbzSeb-uIXQG8VmLsvjqi1QZat3r7N5jQaEIZXU6pjGg"}'
[Thu Dec 14 02:57:29 EST 2023] _postContentType='application/jose+json'
[Thu Dec 14 02:57:29 EST 2023] Http already initialized.
[Thu Dec 14 02:57:29 EST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --insecure  '
[Thu Dec 14 02:57:30 EST 2023] _ret='0'
[Thu Dec 14 02:57:30 EST 2023] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Thu, 14 Dec 2023 07:57:34 GMT
Content-Type: application/json
Content-Length: 1471
Connection: keep-alive
Boulder-Requester: 1464096156
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: FHjDOUnopg7mnFwT1dsDh31VoTT3_B2jXiTJmqJ1Ia4yWayXEQk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

'
[Thu Dec 14 02:57:30 EST 2023] code='200'
[Thu Dec 14 02:57:30 EST 2023] original='{
  "identifier": {
    "type": "dns",
    "value": "ontariospeeddating.ca"
  },
  "status": "invalid",
  "expires": "2023-12-21T07:57:29Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "The key authorization file from the server did not match this challenge. Expected \"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc\" (got \".Yzj4kUJHU0k9ufNfGOFAmDuQB0cs-V3W9zSEKAJxHzU\")",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg",
      "token": "keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs",
      "validationRecord": [
        {
          "url": "http://ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs",
          "hostname": "ontariospeeddating.ca",
          "port": "80",
          "addressesResolved": [
            "64.15.69.254"
          ],
          "addressUsed": "64.15.69.254"
        },
        {
          "url": "http://www.ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs/",
          "hostname": "www.ontariospeeddating.ca",
          "port": "80",
          "addressesResolved": [
            "64.15.69.254"
          ],
          "addressUsed": "64.15.69.254"
        }
      ],
      "validated": "2023-12-14T07:57:31Z"
    }
  ]
}'
[Thu Dec 14 02:57:30 EST 2023] response='{"identifier":{"type":"dns","value":"ontariospeeddating.ca"},"status":"invalid","expires":"2023-12-21T07:57:29Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"The key authorization file from the server did not match this challenge. Expected \"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc\" (got \".Yzj4kUJHU0k9ufNfGOFAmDuQB0cs-V3W9zSEKAJxHzU\")","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs","validationRecord":[{"url":"http://ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs","hostname":"ontariospeeddating.ca","port":"80","addressesResolved":["64.15.69.254"],"addressUsed":"64.15.69.254"},{"url":"http://www.ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs/","hostname":"www.ontariospeeddating.ca","port":"80","addressesResolved":["64.15.69.254"],"addressUsed":"64.15.69.254"}],"validated":"2023-12-14T07:57:31Z"}]}'
[Thu Dec 14 02:57:30 EST 2023] original='{"identifier":{"type":"dns","value":"ontariospeeddating.ca"},"status":"invalid","expires":"2023-12-21T07:57:29Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"The key authorization file from the server did not match this challenge. Expected \"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc\" (got \".Yzj4kUJHU0k9ufNfGOFAmDuQB0cs-V3W9zSEKAJxHzU\")","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs","validationRecord":[{"url":"http://ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs","hostname":"ontariospeeddating.ca","port":"80","addressesResolved":["64.15.69.254"],"addressUsed":"64.15.69.254"},{"url":"http://www.ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs/","hostname":"www.ontariospeeddating.ca","port":"80","addressesResolved":["64.15.69.254"],"addressUsed":"64.15.69.254"}],"validated":"2023-12-14T07:57:31Z"}]}'
[Thu Dec 14 02:57:30 EST 2023] response='{"identifier":{"type":"dns","value":"ontariospeeddating.ca"},"status":"invalid","expires":"2023-12-21T07:57:29Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"The key authorization file from the server did not match this challenge. Expected \"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc\" (got \".Yzj4kUJHU0k9ufNfGOFAmDuQB0cs-V3W9zSEKAJxHzU\")","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg","token":"keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs","validationRecord":[{"url":"http://ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs","hostname":"ontariospeeddating.ca","port":"80","addressesResolved":["64.15.69.254"],"addressUsed":"64.15.69.254"},{"url":"http://www.ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs/","hostname":"www.ontariospeeddating.ca","port":"80","addressesResolved":["64.15.69.254"],"addressUsed":"64.15.69.254"}],"validated":"2023-12-14T07:57:31Z"}]}'
[Thu Dec 14 02:57:30 EST 2023] status='invalid
invalid'
[Thu Dec 14 02:57:30 EST 2023] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"The key authorization file from the server did not match this challenge. Expected '
[Thu Dec 14 02:57:30 EST 2023] errordetail='The key authorization file from the server did not match this challenge. Expected '
[Thu Dec 14 02:57:30 EST 2023] Invalid status, ontariospeeddating.ca:Verify error detail:The key authorization file from the server did not match this challenge. Expected 
[Thu Dec 14 02:57:30 EST 2023] pid
[Thu Dec 14 02:57:30 EST 2023] No need to restore nginx, skip.
[Thu Dec 14 02:57:30 EST 2023] _clearupdns
[Thu Dec 14 02:57:30 EST 2023] dns_entries
[Thu Dec 14 02:57:30 EST 2023] skip dns.
[Thu Dec 14 02:57:30 EST 2023] _on_issue_err
[Thu Dec 14 02:57:30 EST 2023] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Thu Dec 14 02:57:30 EST 2023] _chk_vlist='ontariospeeddating.ca#keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc#https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg#http-01#/tmp#https://acme-v02.api.letsencrypt.org/acme/authz-v3/293511043656,'
[Thu Dec 14 02:57:30 EST 2023] start to deactivate authz
[Thu Dec 14 02:57:30 EST 2023] Trigger domain validation.
[Thu Dec 14 02:57:30 EST 2023] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg'
[Thu Dec 14 02:57:30 EST 2023] _t_key_authz='keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs.lu7J0N9tqN0LGfwOdxgIljmes7vUhkfTHW_jWZ3wOxc'
[Thu Dec 14 02:57:30 EST 2023] _t_vtype
[Thu Dec 14 02:57:30 EST 2023] =======Begin Send Signed Request=======
[Thu Dec 14 02:57:30 EST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg'
[Thu Dec 14 02:57:30 EST 2023] payload='{}'
[Thu Dec 14 02:57:30 EST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Thu Dec 14 02:57:30 EST 2023] Use _CACHED_NONCE='FHjDOUnopg7mnFwT1dsDh31VoTT3_B2jXiTJmqJ1Ia4yWayXEQk'
[Thu Dec 14 02:57:30 EST 2023] nonce='FHjDOUnopg7mnFwT1dsDh31VoTT3_B2jXiTJmqJ1Ia4yWayXEQk'
[Thu Dec 14 02:57:30 EST 2023] POST
[Thu Dec 14 02:57:30 EST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/293511043656/gRG3zg'
[Thu Dec 14 02:57:30 EST 2023] body='{"protected": "eyJub25jZSI6ICJGSGpET1Vub3BnN21uRndUMWRzRGgzMVZvVFQzX0IyalhpVEptcUoxSWE0eVdheVhFUWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5MzUxMTA0MzY1Ni9nUkczemciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0NjQwOTYxNTYifQ", "payload": "e30", "signature": "CVu1BqeZO5qKG1jnQJ7ZBTMK0yWycXRB6f29VBHWx0HKyZ4g1wzw-o8yLKgIC98kDjTpx9yG74uRfoWZWkby2g"}'
[Thu Dec 14 02:57:30 EST 2023] _postContentType='application/jose+json'
[Thu Dec 14 02:57:30 EST 2023] Http already initialized.
[Thu Dec 14 02:57:30 EST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --insecure  '
[Thu Dec 14 02:57:31 EST 2023] _ret='0'
[Thu Dec 14 02:57:31 EST 2023] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 14 Dec 2023 07:57:35 GMT
Content-Type: application/problem+json
Content-Length: 144
Connection: keep-alive
Boulder-Requester: 1464096156
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 5L5O4-CSqPoufE86-_W4AYJMUPiHVoIzyEba4ndhHg-rCFqd52c

'
[Thu Dec 14 02:57:31 EST 2023] code='400'
[Thu Dec 14 02:57:31 EST 2023] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Thu Dec 14 02:57:31 EST 2023] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'

Hi @mik3ca, and welcome to the LE community forum :slight_smile:

This is what I see.
Step #1 original HTTP request returns REDIRECTION
[which adds "www" at the front and "\" at the end]:

curl -Ii http://ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs
HTTP/1.1 301 Moved Permanently
Date: Thu, 14 Dec 2023 08:23:10 GMT
Server: Apache
Location: http://www.ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs/
Content-Type: text/html; charset=iso-8859-1

Step #2 Following that redirection, I see "200":

curl -Ii http://www.ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs/
HTTP/1.1 200 OK
Date: Thu, 14 Dec 2023 08:25:09 GMT
Server: Apache
Vary: Host
Content-Type: text/html

So, what does it return...???:
curl http://www.ontariospeeddating.ca/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs/
It returns:
.Yzj4kUJHU0k9ufNfGOFAmDuQB0cs-V3W9zSEKAJxHzU
[which isn't what was expected]

Why is this happening?
Let's start with Apache...
What shows?:
sudo apachectl -t -D DUMP_VHOSTS

4 Likes

But I do not want it to modify the apache configuration directly as I am dealing with a shared server. I want to create the keys that I can put into apache manually

also the target server does not have apachectl. It has httpd

so I ran that utility with the same parameter and it listed all my domains in the format of:

port 80 namevhost (domain/subdomain) location in config file

and I also see:

default server (ip address)
(ip address):80 is a NameVirtualHost

Apache requires SSL Configuration on the server config or virtual host, which are in the apache configuration.

Does your shared hosting provider give you a way to configure SSL via a control panel or specific filepath? I can't imagine other ways to support this.

3 Likes

I never asked you to modify anything.
I simply asked for you to show the output of that command.

3 Likes

I did show the output in a simplified way.
Most of the lines were listing all of the subdomains

I just need a way to make acme.sh configure the correct (document root)/.well-known/acme-challenge/(whatever) file so I can get the certificate

I have an old version of cpanel and WHM installed on the server, tried to setup SSL through that but am unsuccessful everytime I do it that way because they claim the files are invalid

First, I should stress that it may not be possible to install SSL Certificates on your host. Some shared hosts change or cripple their systems to prevent users from installing SSL on their own.

If possible I suggest using CertSage, as it is streamlined for cpanel users:

If that is not possible, two tips I can suggest:

1- Create a file named /.well-known/acme-challenge/test on your server for that domain in the appropriate root directory. Ensure you can read it from the public internet. Once you find the appropriate directory and ensure it is publicly readable, you can move on to invoking your client.

2- Use the directory you identified when invoking your script as the document root / filepath root. note this bit in your logs above:

[Thu Dec 14 02:57:25 EST 2023] writing token:keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs to /tmp/.well-known/acme-challenge/keN6J9KdLVEe9JTC5IiJxMOqIzWKz5ia7yJfcFXNXzs

Your client is writing to /tmp, which means that domain would need to be configured to serve out of /tmp for the challenge to be successfully served. That is almost certainly incorrect.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.