Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: academiaeficacia.com
I ran this command: Le_HTTPPort=77777 acme.sh --test --debug --renew -d academiaeficacia.com -d www.academiaeficacia.com --standalone --webroot /home/integro/webapps/eficacia
It produced this output:
[mar jul 24 15:19:39 UTC 2018] Le_Listen_V4
[mar jul 24 15:19:39 UTC 2018] Le_Listen_V6
[mar jul 24 15:19:39 UTC 2018] _NC=‘socat TCP-LISTEN:77777,crlf,reuseaddr,fork’
[mar jul 24 15:19:40 UTC 2018] serverproc=‘39946’
[mar jul 24 15:19:40 UTC 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/X-kQD1uaHjiAgrBlK8rciMiEMXCbeIgFKP6z--xH97M/152290930’
[mar jul 24 15:19:40 UTC 2018] payload=’{“resource”: “challenge”, “keyAuthorization”: “9XxbaDSR1MFOqgHxkw72-ypyBGq2h-HmqQHW8hEh_V4.OHOCENYOWUdLzzMS9BG8bKozAFMd4vIeOZOeUuRgUBA”}’
[mar jul 24 15:19:41 UTC 2018] POST
[mar jul 24 15:19:41 UTC 2018] _post_url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/X-kQD1uaHjiAgrBlK8rciMiEMXCbeIgFKP6z--xH97M/152290930’
[mar jul 24 15:19:41 UTC 2018] _CURL=‘curl -L --silent --dump-header /home/integro/.acme.sh/http.header -g ’
[mar jul 24 15:19:41 UTC 2018] _ret=‘0’
[mar jul 24 15:19:41 UTC 2018] code=‘202’
[mar jul 24 15:19:41 UTC 2018] sleep 2 secs to verify
[mar jul 24 15:19:43 UTC 2018] checking
[mar jul 24 15:19:43 UTC 2018] GET
[mar jul 24 15:19:43 UTC 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/X-kQD1uaHjiAgrBlK8rciMiEMXCbeIgFKP6z--xH97M/152290930’
[mar jul 24 15:19:43 UTC 2018] timeout=
[mar jul 24 15:19:43 UTC 2018] _CURL=‘curl -L --silent --dump-header /home/integro/.acme.sh/http.header -g ’
[mar jul 24 15:19:43 UTC 2018] ret=‘0’
[mar jul 24 15:19:43 UTC 2018] academiaeficacia.com:Verify error:Invalid response from http://academiaeficacia.com/.well-known/acme-challenge/9XxbaDSR1MFOqgHxkw72-ypyBGq2h-HmqQHW8hEh_V4:
[mar jul 24 15:19:43 UTC 2018] Debug: get token url.
[mar jul 24 15:19:43 UTC 2018] GET
[mar jul 24 15:19:43 UTC 2018] url=‘http://academiaeficacia.com/.well-known/acme-challenge/9XxbaDSR1MFOqgHxkw72-ypyBGq2h-HmqQHW8hEh_V4’
[mar jul 24 15:19:43 UTC 2018] timeout=1
[mar jul 24 15:19:43 UTC 2018] _CURL=‘curl -L --silent --dump-header /home/integro/.acme.sh/http.header -g --connect-timeout 1’
[mar jul 24 15:19:44 UTC 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[mar jul 24 15:19:44 UTC 2018] ret=‘60’
[mar jul 24 15:19:44 UTC 2018] Skip for removelevel:
[mar jul 24 15:19:44 UTC 2018] pid=‘39946’
[mar jul 24 15:19:44 UTC 2018] No need to restore nginx, skip.
[mar jul 24 15:19:44 UTC 2018] _clearupdns
[mar jul 24 15:19:44 UTC 2018] skip dns.
[mar jul 24 15:19:44 UTC 2018] _on_issue_err
[mar jul 24 15:19:44 UTC 2018] Please check log file for more details: /home/integro/.acme.sh/acme.sh.log
[mar jul 24 15:19:44 UTC 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/X-kQD1uaHjiAgrBlK8rciMiEMXCbeIgFKP6z--xH97M/152290930’
[mar jul 24 15:19:44 UTC 2018] payload=’{“resource”: “challenge”, “keyAuthorization”: “9XxbaDSR1MFOqgHxkw72-ypyBGq2h-HmqQHW8hEh_V4.OHOCENYOWUdLzzMS9BG8bKozAFMd4vIeOZOeUuRgUBA”}’
[mar jul 24 15:19:44 UTC 2018] POST
[mar jul 24 15:19:44 UTC 2018] _post_url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/X-kQD1uaHjiAgrBlK8rciMiEMXCbeIgFKP6z--xH97M/152290930’
[mar jul 24 15:19:44 UTC 2018] _CURL=‘curl -L --silent --dump-header /home/integro/.acme.sh/http.header -g ’
[mar jul 24 15:19:44 UTC 2018] _ret=‘0’
[mar jul 24 15:19:44 UTC 2018] code=‘400’
[mar jul 24 15:19:45 UTC 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/ld6M9iOJY3WMnzSwk1j1L55ILQZl1dCfHc_4AI6GC0Q/152290935’
[mar jul 24 15:19:45 UTC 2018] payload=’{“resource”: “challenge”, “keyAuthorization”: “XQP1tl3OUyik0PxA7RYjJIyVSE6wnLPU6PN6u8JyD7A.OHOCENYOWUdLzzMS9BG8bKozAFMd4vIeOZOeUuRgUBA”}’
[mar jul 24 15:19:45 UTC 2018] POST
[mar jul 24 15:19:45 UTC 2018] _post_url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/ld6M9iOJY3WMnzSwk1j1L55ILQZl1dCfHc_4AI6GC0Q/152290935’
[mar jul 24 15:19:45 UTC 2018] _CURL='curl -L --silent --dump-header /home/integro/.acme.sh/http.header -g ’
[mar jul 24 15:19:45 UTC 2018] _ret=‘0’
[mar jul 24 15:19:45 UTC 2018] code=‘202’
[mar jul 24 15:19:45 UTC 2018] Diagnosis versions
My web server is (include version):
The operating system my web server runs on is (include version): CentOS Linux release 7.5.1804
My hosting provider, if applicable, is: Webfaction Hosting
I can login to a root shell on my machine (yes or no, or I don’t know): No
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
I’m not familiar with acme.sh myself, but if it’s at all akin to the Certbot setup, you shouldn’t be using --standalone and --webroot together. The former says “I don’t have a webserver running, spin up a temporary one to reply to the challenge” and the latter says “I have a web server running and serving files from this directory, please place challenge files appropriately and my webserver will take it from there.”
Thanks @jared.m, I can use 1 option and the result will be the same.
I checked that my webserver working using http://academiaeficacia.com/.well-known/acme-challenge/test.txt with http and this is working well.
I think problem is that acme.sh apparentlly can’t create the file in .well-known/acme-challenge/NNNNNNN.
Hi @jmadrigal-integro
your file
https://acme-staging.api.letsencrypt.org/acme/challenge/X-kQD1uaHjiAgrBlK8rciMiEMXCbeIgFKP6z--xH97M/152290930
says:
Letsencrypt want to load
http://academiaeficacia.com/.well-known/acme-challenge/9XxbaDSR1MFOqgHxkw72-ypyBGq2h-HmqQHW8hEh_V4
But calling this file:
D:\download http://academiaeficacia.com/.well-known/acme-challenge/9XxbaDSR1MFOqgHxkw72-ypyBGq2h-HmqQHW8hEh_V4 -h
Transfer-Encoding: chunked
Connection: keep-alive
Link: https://academiaeficacia.com/wp-json/; rel="https://api.w.org/"
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Tue, 24 Jul 2018 15:38:03 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Location: https://academiaeficacia.com/login/
Server: nginx
Status: 302 Redirect
your webserver doesn't send the content of your file, instead there is a redirect to your login-page.
So you should change your redirect rules, so that /.well-known/acme-challenge/ is excluded.
PS: Interesting:
http://academiaeficacia.com/.well-known/acme-challenge/test.txt
works, but test it with a filename 123456789 without extension.
Thanks,
I have removed the redirection only for the directory .well-known and now the error is:
[mar jul 24 15:52:48 UTC 2018] sleep 2 secs to verify
[mar jul 24 15:52:50 UTC 2018] checking
[mar jul 24 15:52:50 UTC 2018] GET
[mar jul 24 15:52:50 UTC 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/pwljr2v_UlHupcfGeqaMk8JlmyZVgB9PIkyN8mVDJng/152297220’
[mar jul 24 15:52:50 UTC 2018] timeout=
[mar jul 24 15:52:50 UTC 2018] _WGET=‘wget -q --content-on-error ’
[mar jul 24 15:52:50 UTC 2018] ret=‘0’
[mar jul 24 15:52:50 UTC 2018] academiaeficacia.com:Verify error:The key authorization file from the server did not match this challenge [iAZoIHVWQDkdtHN_mr22JSRTnarYDykthV1T46COhjY.OHOCENYOWUdLzzMS9BG8bKozAFMd4vIeOZOeUuRgUBA] != []
[mar jul 24 15:52:50 UTC 2018] Debug: get token url.
[mar jul 24 15:52:50 UTC 2018] GET
[mar jul 24 15:52:50 UTC 2018] url=‘http://academiaeficacia.com/.well-known/acme-challenge/iAZoIHVWQDkdtHN_mr22JSRTnarYDykthV1T46COhjY’
[mar jul 24 15:52:50 UTC 2018] timeout=1
[mar jul 24 15:52:50 UTC 2018] _WGET=‘wget -q --content-on-error --timeout=1’
[mar jul 24 15:52:50 UTC 2018] ret=‘0’
[mar jul 24 15:52:50 UTC 2018] Skip for removelevel:
[mar jul 24 15:52:50 UTC 2018] pid=‘24670’
[mar jul 24 15:52:50 UTC 2018] No need to restore nginx, skip.
[mar jul 24 15:52:50 UTC 2018] _clearupdns
[mar jul 24 15:52:50 UTC 2018] skip dns.
[mar jul 24 15:52:50 UTC 2018] _on_issue_err
[mar jul 24 15:52:50 UTC 2018] Please check log file for more details: /home/integro/.acme.sh/acme.sh.log
[mar jul 24 15:52:50 UTC 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/pwljr2v_UlHupcfGeqaMk8JlmyZVgB9PIkyN8mVDJng/152297220’
[mar jul 24 15:52:50 UTC 2018] payload=’{“resource”: “challenge”, “keyAuthorization”: “iAZoIHVWQDkdtHN_mr22JSRTnarYDykthV1T46COhjY.OHOCENYOWUdLzzMS9BG8bKozAFMd4vIeOZOeUuRgUBA”}’
[mar jul 24 15:52:50 UTC 2018] POST
[mar jul 24 15:52:50 UTC 2018] _post_url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/pwljr2v_UlHupcfGeqaMk8JlmyZVgB9PIkyN8mVDJng/152297220’
[mar jul 24 15:52:50 UTC 2018] _WGET='wget -q --content-on-error ’
[mar jul 24 15:52:51 UTC 2018] wget returns 8, the server returns a ‘Bad request’ response, lets process the response later.
[mar jul 24 15:52:51 UTC 2018] Using sed -i
[mar jul 24 15:52:51 UTC 2018] _ret=‘0’
[mar jul 24 15:52:51 UTC 2018] code=‘400’
Looks like your webserver sends wrong data:
The key authorization file from the server did not match this challenge [iAZoIHVWQDkdtHN_mr22JSRTnarYDykthV1T46COhjY.OHOCENYOWUdLzzMS9BG8bKozAFMd4vIeOZOeUuRgUBA] !=
Your webserver accepts the url
http://academiaeficacia.com/.well-known/acme-challenge/iAZoIHVWQDkdtHN_mr22JSRTnarYDykthV1T46COhjY
but the content of the file is empty. Has to be
iAZoIHVWQDkdtHN_mr22JSRTnarYDykthV1T46COhjY.OHOCENYOWUdLzzMS9BG8bKozAFMd4vIeOZOeUuRgUBA
(next challenge the filename and the content will change).
And: Calling the "wrong url"
http://academiaeficacia.com/.well-known/acme-challenge/abcd
I get a http-status 200, I should get a 404.
I think that acme.sh have an error on the webfaction servers, I had to use an external service to renew the certificate.
It is the great option to renew this certificates.
Thank you so much.