Immediate connect fail for acme-v02.api.letsencrypt.org

My domain is: *.homelabusa.com

I ran this command: acme.sh

It produced this output:

root@OPNsense:~ # vi /var/log/acme.sh.log
[Mon Jun 8 14:50:03 EDT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Mon Jun 8 14:50:03 EDT 2020] DOMAIN_PATH=’/var/etc/acme-client/home/.homelabusa.com’
[Mon Jun 8 14:50:03 EDT 2020] Renew: '
.homelabusa.com’
[Mon Jun 8 14:50:03 EDT 2020] Le_API
[Mon Jun 8 14:50:03 EDT 2020] _main_domain=’*.homelabusa.com’
[Mon Jun 8 14:50:03 EDT 2020] _alt_domains=‘no’
[Mon Jun 8 14:50:03 EDT 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon Jun 8 14:50:03 EDT 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Jun 8 14:50:03 EDT 2020] GET
[Mon Jun 8 14:50:03 EDT 2020] url=‘https://acme-v02.api.letsencrypt.org/directory
[Mon Jun 8 14:50:03 EDT 2020] timeout=
[Mon Jun 8 14:50:03 EDT 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.Lwb1D9Bx -g ’
[Mon Jun 8 14:50:46 EDT 2020] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Mon Jun 8 14:50:46 EDT 2020] Here is the curl dump log:
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: connect to 172.65.32.248 port 443 failed: Operation timed out
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Trying 2606:4700:60:0:f53d:5624:85c7:3a2c:443…
== Info: TCP_NODELAY set
== Info: Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: No route to host
== Info: Failed to connect to acme-v02.api.letsencrypt.org port 443: Operation timed out
== Info: Closing connection 0

My web server is (include version): Multiple

The operating system my web server runs on is (include version): OPNsense 20.1.3-amd64 FreeBSD 11.2-RELEASE-p17-HBSD

My hosting provider, if applicable, is: Self Hosted

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): N/A. Self hosted. I have root access.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): using using Certbot. Instead I am using acme.sh

1 Like

Hi @praval1983

your network configuration is buggy. You must be able to connect acme-v02.api.letsencrypt.org, that’s a local problem you have to fix.

The ipv6 is correct. But:

D:\temp>tracert 2606:4700:60:0:f53d:5624:85c7:3a2c
1 <1 ms <1 ms <1 ms fritz.box [2003:e9:ef3f:6700:f2b0:14ff:fe0e:fe2c]
2 5 ms 4 ms 5 ms 2003:0:8003:9800::1
3 12 ms 12 ms 11 ms 2003:0:1400:c004::1
4 13 ms 13 ms 13 ms 2003:0:1400:c004::2
5 14 ms 14 ms 13 ms cloudflare-ic-314537-hbg-b1.c.telia.net [2001:2000:3080:e70::2]
6 12 ms 12 ms 11 ms 2606:4700:60:0:f53d:5624:85c7:3a2c

Is your ipv6 correct configured?

What says

ping -6 www.google.com
ping -4 acme-v02.api.letsencrypt.org
ping -6 acme-v02.api.letsencrypt.org

same with traceroute?

4 Likes

You are right. It was my local networking issue. When I tried to ping google.com, I learn from firewall log that traffic was originating from wireguard interface WG0 on my OPNSense router and there was no outbound NAT rule for WG0 interface.

As result traffic was being blocked locally.

After I disabled wireguard service and shutdown interface, everything worked as expected.

Here is log of sucess.

root@OPNsense:~ # tail -f /var/log/acme.sh.log
[Wed Jun 10 13:12:30 EDT 2020] ACME_DIRECTORY=‘https://acme-v02.api.letsencrypt.org/directory
[Wed Jun 10 13:12:30 EDT 2020] DOMAIN_PATH=’/var/etc/acme-client/home/.homelabusa.com’
[Wed Jun 10 13:12:30 EDT 2020] Renew: '
.homelabusa.com’
[Wed Jun 10 13:12:30 EDT 2020] Le_API
[Wed Jun 10 13:12:30 EDT 2020] _main_domain=’.homelabusa.com’
[Wed Jun 10 13:12:30 EDT 2020] _alt_domains=‘no’
[Wed Jun 10 13:12:30 EDT 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Wed Jun 10 13:12:30 EDT 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed Jun 10 13:12:30 EDT 2020] GET
[Wed Jun 10 13:12:30 EDT 2020] url=‘https://acme-v02.api.letsencrypt.org/directory
[Wed Jun 10 13:12:30 EDT 2020] timeout=
[Wed Jun 10 13:12:30 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.vBpETPpg -g ’
[Wed Jun 10 13:12:31 EDT 2020] ret=‘0’
[Wed Jun 10 13:12:31 EDT 2020] ACME_KEY_CHANGE=‘https://acme-v02.api.letsencrypt.org/acme/key-change
[Wed Jun 10 13:12:31 EDT 2020] ACME_NEW_AUTHZ
[Wed Jun 10 13:12:31 EDT 2020] ACME_NEW_ORDER=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Wed Jun 10 13:12:31 EDT 2020] ACME_NEW_ACCOUNT=‘https://acme-v02.api.letsencrypt.org/acme/new-acct
[Wed Jun 10 13:12:31 EDT 2020] ACME_REVOKE_CERT=‘https://acme-v02.api.letsencrypt.org/acme/revoke-cert
[Wed Jun 10 13:12:32 EDT 2020] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
[Wed Jun 10 13:12:32 EDT 2020] ACME_NEW_NONCE=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Wed Jun 10 13:12:32 EDT 2020] ACME_VERSION=‘2’
[Wed Jun 10 13:12:32 EDT 2020] Le_NextRenewTime=‘1590640034’
[Wed Jun 10 13:12:32 EDT 2020] _on_before_issue
[Wed Jun 10 13:12:32 EDT 2020] _chk_main_domain=’
.homelabusa.com’
[Wed Jun 10 13:12:32 EDT 2020] _chk_alt_domains
[Wed Jun 10 13:12:33 EDT 2020] Le_LocalAddress
[Wed Jun 10 13:12:33 EDT 2020] d=’.homelabusa.com’
[Wed Jun 10 13:12:33 EDT 2020] Check for domain=’
.homelabusa.com’
[Wed Jun 10 13:12:33 EDT 2020] _currentRoot=‘dns_cf’
[Wed Jun 10 13:12:33 EDT 2020] d
[Wed Jun 10 13:12:33 EDT 2020] _saved_account_key_hash is not changed, skip register account.
[Wed Jun 10 13:12:33 EDT 2020] Read key length:2048
[Wed Jun 10 13:12:33 EDT 2020] _createcsr
[Wed Jun 10 13:12:33 EDT 2020] Single domain=’.homelabusa.com’
[Wed Jun 10 13:12:33 EDT 2020] Getting domain auth token for each domain
[Wed Jun 10 13:12:34 EDT 2020] d
[Wed Jun 10 13:12:34 EDT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Wed Jun 10 13:12:34 EDT 2020] payload=’{“identifiers”: [{“type”:“dns”,“value”:"
.homelabusa.com"}]}’
[Wed Jun 10 13:12:34 EDT 2020] RSA key
[Wed Jun 10 13:12:40 EDT 2020] HEAD
[Wed Jun 10 13:12:40 EDT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-nonce
[Wed Jun 10 13:12:40 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g -I ’
[Wed Jun 10 13:12:40 EDT 2020] _ret=‘0’
[Wed Jun 10 13:12:41 EDT 2020] POST
[Wed Jun 10 13:12:41 EDT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/new-order
[Wed Jun 10 13:12:41 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:12:41 EDT 2020] _ret=‘0’
[Wed Jun 10 13:12:41 EDT 2020] code=‘201’
[Wed Jun 10 13:12:42 EDT 2020] Le_LinkOrder=’ https://acme-v02.api.letsencrypt.org/acme/order/81959098/3712228692
[Wed Jun 10 13:12:42 EDT 2020] Le_OrderFinalize=‘https://acme-v02.api.letsencrypt.org/acme/finalize/81959098/3712228692
[Wed Jun 10 13:12:42 EDT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/5142309956
[Wed Jun 10 13:12:42 EDT 2020] payload
[Wed Jun 10 13:12:42 EDT 2020] POST
[Wed Jun 10 13:12:42 EDT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/authz-v3/5142309956
[Wed Jun 10 13:12:42 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:12:43 EDT 2020] _ret=‘0’
[Wed Jun 10 13:12:43 EDT 2020] code=‘200’
[Wed Jun 10 13:12:43 EDT 2020] d=’.homelabusa.com’
[Wed Jun 10 13:12:43 EDT 2020] Getting webroot for domain=’
.homelabusa.com’
[Wed Jun 10 13:12:43 EDT 2020] _w=‘dns_cf’
[Wed Jun 10 13:12:43 EDT 2020] _currentRoot=‘dns_cf’
[Wed Jun 10 13:12:44 EDT 2020] entry=’“type”:“dns-01”,“status”:“pending”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q",“token”:"68fIokcPUriOj4m9bCjXRe6382EvbLY76zDZuoyntJ8”’
[Wed Jun 10 13:12:44 EDT 2020] token=‘68fIokcPUriOj4m9bCjXRe6382EvbLY76zDZuoyntJ8’
[Wed Jun 10 13:12:44 EDT 2020] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q
[Wed Jun 10 13:12:44 EDT 2020] keyauthorization=‘68fIokcPUriOj4m9bCjXRe6382EvbLY76zDZuoyntJ8.4gFp7dBGN4ebqTK-3x0YPfrpWmPJd6J-ZVrVs4l6_MY’
[Wed Jun 10 13:12:44 EDT 2020] dvlist=’.homelabusa.com#68fIokcPUriOj4m9bCjXRe6382EvbLY76zDZuoyntJ8.4gFp7dBGN4ebqTK-3x0YPfrpWmPJd6J-ZVrVs4l6_MY#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q#dns-01#dns_cf
[Wed Jun 10 13:12:44 EDT 2020] d
[Wed Jun 10 13:12:44 EDT 2020] vlist=’
.homelabusa.com#68fIokcPUriOj4m9bCjXRe6382EvbLY76zDZuoyntJ8.4gFp7dBGN4ebqTK-3x0YPfrpWmPJd6J-ZVrVs4l6_MY#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q#dns-01#dns_cf,’
[Wed Jun 10 13:12:44 EDT 2020] d=’.homelabusa.com’
[Wed Jun 10 13:12:44 EDT 2020] _d_alias
[Wed Jun 10 13:12:44 EDT 2020] txtdomain=’_acme-challenge.homelabusa.com’
[Wed Jun 10 13:12:44 EDT 2020] txt=‘YNj8aIs01i-8mW3SamhZnuxOWDRKhxW57etnofVFhGE’
[Wed Jun 10 13:12:44 EDT 2020] d_api=’/usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh’
[Wed Jun 10 13:12:44 EDT 2020] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh
[Wed Jun 10 13:12:44 EDT 2020] Adding txt value: YNj8aIs01i-8mW3SamhZnuxOWDRKhxW57etnofVFhGE for domain: _acme-challenge.homelabusa.com
[Wed Jun 10 13:12:45 EDT 2020] First detect the root zone
[Wed Jun 10 13:12:45 EDT 2020] h=’_acme-challenge.homelabusa.com’
[Wed Jun 10 13:12:45 EDT 2020] zones?name=_acme-challenge.homelabusa.com
[Wed Jun 10 13:12:45 EDT 2020] GET
[Wed Jun 10 13:12:45 EDT 2020] url=‘https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.homelabusa.com
[Wed Jun 10 13:12:45 EDT 2020] timeout=
[Wed Jun 10 13:12:45 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:12:45 EDT 2020] ret=‘0’
[Wed Jun 10 13:12:46 EDT 2020] h=‘homelabusa.com
[Wed Jun 10 13:12:46 EDT 2020] zones?name=homelabusa.com
[Wed Jun 10 13:12:46 EDT 2020] GET
[Wed Jun 10 13:12:46 EDT 2020] url=‘https://api.cloudflare.com/client/v4/zones?name=homelabusa.com
[Wed Jun 10 13:12:46 EDT 2020] timeout=
[Wed Jun 10 13:12:46 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:12:46 EDT 2020] ret=‘0’
[Wed Jun 10 13:12:46 EDT 2020] _domain_id=‘ce8d62a573df5facc6cd8af665d42abc’
[Wed Jun 10 13:12:46 EDT 2020] _sub_domain=’_acme-challenge’
[Wed Jun 10 13:12:46 EDT 2020] _domain=‘homelabusa.com
[Wed Jun 10 13:12:46 EDT 2020] Getting txt records
[Wed Jun 10 13:12:46 EDT 2020] zones/ce8d62a573df5facc6cd8af665d42abc/dns_records?type=TXT&name=_acme-challenge.homelabusa.com
[Wed Jun 10 13:12:46 EDT 2020] GET
[Wed Jun 10 13:12:47 EDT 2020] url=‘https://api.cloudflare.com/client/v4/zones/ce8d62a573df5facc6cd8af665d42abc/dns_records?type=TXT&name=_acme-challenge.homelabusa.com
[Wed Jun 10 13:12:47 EDT 2020] timeout=
[Wed Jun 10 13:12:47 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:12:47 EDT 2020] ret=‘0’
[Wed Jun 10 13:12:47 EDT 2020] Adding record
[Wed Jun 10 13:12:47 EDT 2020] zones/ce8d62a573df5facc6cd8af665d42abc/dns_records
[Wed Jun 10 13:12:47 EDT 2020] data=’{“type”:“TXT”,“name”:"_acme-challenge.homelabusa.com",“content”:“YNj8aIs01i-8mW3SamhZnuxOWDRKhxW57etnofVFhGE”,“ttl”:120}’
[Wed Jun 10 13:12:47 EDT 2020] POST
[Wed Jun 10 13:12:47 EDT 2020] _post_url=‘https://api.cloudflare.com/client/v4/zones/ce8d62a573df5facc6cd8af665d42abc/dns_records
[Wed Jun 10 13:12:47 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:12:48 EDT 2020] _ret=‘0’
[Wed Jun 10 13:12:48 EDT 2020] Added, OK
[Wed Jun 10 13:12:48 EDT 2020] The txt record is added: Success.
[Wed Jun 10 13:12:48 EDT 2020] Sleep 120 seconds for the txt records to take effect
[Wed Jun 10 13:14:48 EDT 2020] ok, let’s start to verify
[Wed Jun 10 13:14:48 EDT 2020] Verifying: .homelabusa.com
[Wed Jun 10 13:14:48 EDT 2020] d=’
.homelabusa.com’
[Wed Jun 10 13:14:48 EDT 2020] keyauthorization=‘68fIokcPUriOj4m9bCjXRe6382EvbLY76zDZuoyntJ8.4gFp7dBGN4ebqTK-3x0YPfrpWmPJd6J-ZVrVs4l6_MY’
[Wed Jun 10 13:14:48 EDT 2020] uri=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q
[Wed Jun 10 13:14:48 EDT 2020] _currentRoot=‘dns_cf’
[Wed Jun 10 13:14:48 EDT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q
[Wed Jun 10 13:14:48 EDT 2020] payload=’{}’
[Wed Jun 10 13:14:49 EDT 2020] POST
[Wed Jun 10 13:14:49 EDT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q
[Wed Jun 10 13:14:49 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:14:50 EDT 2020] _ret=‘0’
[Wed Jun 10 13:14:50 EDT 2020] code=‘200’
[Wed Jun 10 13:14:50 EDT 2020] trigger validation code: 200
[Wed Jun 10 13:14:50 EDT 2020] sleep 2 secs to verify
[Wed Jun 10 13:14:52 EDT 2020] checking
[Wed Jun 10 13:14:52 EDT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q
[Wed Jun 10 13:14:52 EDT 2020] payload
[Wed Jun 10 13:14:53 EDT 2020] POST
[Wed Jun 10 13:14:53 EDT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/5142309956/KZbw9Q
[Wed Jun 10 13:14:53 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:14:53 EDT 2020] _ret=‘0’
[Wed Jun 10 13:14:53 EDT 2020] code=‘200’
[Wed Jun 10 13:14:54 EDT 2020] Success
[Wed Jun 10 13:14:54 EDT 2020] pid
[Wed Jun 10 13:14:54 EDT 2020] Skip for removelevel:
[Wed Jun 10 13:14:54 EDT 2020] pid
[Wed Jun 10 13:14:54 EDT 2020] No need to restore nginx, skip.
[Wed Jun 10 13:14:54 EDT 2020] _clearupdns
[Wed Jun 10 13:14:54 EDT 2020] dns_entries=‘homelabusa.com,_acme-challenge.homelabusa.com,dns_cf,YNj8aIs01i-8mW3SamhZnuxOWDRKhxW57etnofVFhGE,/usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh

[Wed Jun 10 13:14:54 EDT 2020] Removing DNS records.
[Wed Jun 10 13:14:54 EDT 2020] d=‘homelabusa.com
[Wed Jun 10 13:14:54 EDT 2020] txtdomain=’_acme-challenge.homelabusa.com’
[Wed Jun 10 13:14:54 EDT 2020] aliasDomain=’_acme-challenge.homelabusa.com’
[Wed Jun 10 13:14:54 EDT 2020] _currentRoot=‘dns_cf’
[Wed Jun 10 13:14:54 EDT 2020] txt=‘YNj8aIs01i-8mW3SamhZnuxOWDRKhxW57etnofVFhGE’
[Wed Jun 10 13:14:54 EDT 2020] d_api=’/usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh’
[Wed Jun 10 13:14:54 EDT 2020] Removing txt: YNj8aIs01i-8mW3SamhZnuxOWDRKhxW57etnofVFhGE for domain: _acme-challenge.homelabusa.com
[Wed Jun 10 13:14:54 EDT 2020] First detect the root zone
[Wed Jun 10 13:14:54 EDT 2020] h=’_acme-challenge.homelabusa.com’
[Wed Jun 10 13:14:54 EDT 2020] zones?name=_acme-challenge.homelabusa.com
[Wed Jun 10 13:14:54 EDT 2020] GET
[Wed Jun 10 13:14:54 EDT 2020] url=‘https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.homelabusa.com
[Wed Jun 10 13:14:54 EDT 2020] timeout=
[Wed Jun 10 13:14:55 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:14:55 EDT 2020] ret=‘0’
[Wed Jun 10 13:14:55 EDT 2020] h=‘homelabusa.com
[Wed Jun 10 13:14:55 EDT 2020] zones?name=homelabusa.com
[Wed Jun 10 13:14:55 EDT 2020] GET
[Wed Jun 10 13:14:55 EDT 2020] url=‘https://api.cloudflare.com/client/v4/zones?name=homelabusa.com
[Wed Jun 10 13:14:55 EDT 2020] timeout=
[Wed Jun 10 13:14:55 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:14:56 EDT 2020] ret=‘0’
[Wed Jun 10 13:14:56 EDT 2020] _domain_id=‘ce8d62a573df5facc6cd8af665d42abc’
[Wed Jun 10 13:14:56 EDT 2020] _sub_domain=’_acme-challenge’
[Wed Jun 10 13:14:56 EDT 2020] _domain=‘homelabusa.com
[Wed Jun 10 13:14:56 EDT 2020] Getting txt records
[Wed Jun 10 13:14:56 EDT 2020] zones/ce8d62a573df5facc6cd8af665d42abc/dns_records?type=TXT&name=_acme-challenge.homelabusa.com&content=YNj8aIs01i-8mW3SamhZnuxOWDRKhxW57etnofVFhGE
[Wed Jun 10 13:14:56 EDT 2020] GET
[Wed Jun 10 13:14:56 EDT 2020] url=‘https://api.cloudflare.com/client/v4/zones/ce8d62a573df5facc6cd8af665d42abc/dns_records?type=TXT&name=_acme-challenge.homelabusa.com&content=YNj8aIs01i-8mW3SamhZnuxOWDRKhxW57etnofVFhGE
[Wed Jun 10 13:14:56 EDT 2020] timeout=
[Wed Jun 10 13:14:56 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:14:56 EDT 2020] ret=‘0’
[Wed Jun 10 13:14:57 EDT 2020] count=‘1’
[Wed Jun 10 13:14:57 EDT 2020] record_id=‘b51aa270e7eb79d8dac512145c4120df’
[Wed Jun 10 13:14:57 EDT 2020] zones/ce8d62a573df5facc6cd8af665d42abc/dns_records/b51aa270e7eb79d8dac512145c4120df
[Wed Jun 10 13:14:57 EDT 2020] data
[Wed Jun 10 13:14:57 EDT 2020] DELETE
[Wed Jun 10 13:14:57 EDT 2020] _post_url=‘https://api.cloudflare.com/client/v4/zones/ce8d62a573df5facc6cd8af665d42abc/dns_records/b51aa270e7eb79d8dac512145c4120df
[Wed Jun 10 13:14:57 EDT 2020] _CURL=‘curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:14:57 EDT 2020] _ret=‘0’
[Wed Jun 10 13:14:57 EDT 2020] Removed: Success
[Wed Jun 10 13:14:57 EDT 2020] Verify finished, start to sign.
[Wed Jun 10 13:14:57 EDT 2020] i=‘2’
[Wed Jun 10 13:14:57 EDT 2020] j=‘15’
[Wed Jun 10 13:14:57 EDT 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/81959098/3712228692
[Wed Jun 10 13:14:58 EDT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/finalize/81959098/3712228692
[Wed Jun 10 13:14:58 EDT 2020] payload=’{“csr”: “MIICmzCCAYMCAQAwGzEZMBcGA1UEAwwQKi5ob21lbGFidXNhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4zhAg5Cpm_tvJcN-kFbbarsaTGqhjoxwfzy87FYhGyFe9tYTdg56YyK5e3FNEmpHIDGBPcQCD0aQ3b-uXftRbG_J6l0ucDR44o_tZNHr6emLdInd_afeaLi8S08UUrX6X2UG_qX0-A4AST99lZ05E7p_yLz-nBbZaEwTYdkpoTSr1VxskPTyoWY093sekkusv_HNJRNIT9ikrXyWuIuluU9iixBi5IZCI9ysKzTVgKStgzNzZdAGn8iI5hzVXuK0pw7j_mE2-R_IJTma8J2GQpwZjYitAPHcRdm26jeyJlDyqGOzyau4X7VFOvmI2z3Q5gY9KL_B42-J-mhobftyECAwEAAaA7MDkGCSqGSIb3DQEJDjEsMCowCwYDVR0PBAQDAgXgMBsGA1UdEQQUMBKCECouaG9tZWxhYnVzYS5jb20wDQYJKoZIhvcNAQELBQADggEBAFfm9XzdBGowVIqizOGCXiIb6R9hpFWItv3fLhAbYYyOCrolCp6QmB-o-KjekTcZaAJ0zvyLI0Xwn1WWHCN5AxEe3Rh3EgH-GAIz5wGYDse3pwmqhvq19ReFJ4LOR0raT8rlIqqrSrcY2F8S-RLvgIOsOpVMAHJ3FX9S_JY9UZvDWt4eepHzn__stxioHteybi9JF5pZtPrQs46ey0kmCZfnI–vuXWGZ3IawUcUH_3zDLMdwI9APwU5gfVSobAAKp09QN6uyGOby_T-G47E3lL9UdcpndD0OsD-PD5BVYtCvqbRoVZ_dJGldI_HadvWTC4jOSF4TEPZ4tAoONwsfxQ”}’
[Wed Jun 10 13:14:58 EDT 2020] POST
[Wed Jun 10 13:14:58 EDT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/finalize/81959098/3712228692
[Wed Jun 10 13:14:58 EDT 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:14:59 EDT 2020] _ret=‘0’
[Wed Jun 10 13:14:59 EDT 2020] code=‘200’
[Wed Jun 10 13:14:59 EDT 2020] Order status is valid.
[Wed Jun 10 13:14:59 EDT 2020] Le_LinkCert=‘https://acme-v02.api.letsencrypt.org/acme/cert/04f60d9243c5709dd3b421ced6ec71431c91
[Wed Jun 10 13:15:00 EDT 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/04f60d9243c5709dd3b421ced6ec71431c91
[Wed Jun 10 13:15:00 EDT 2020] url=‘https://acme-v02.api.letsencrypt.org/acme/cert/04f60d9243c5709dd3b421ced6ec71431c91
[Wed Jun 10 13:15:00 EDT 2020] payload
[Wed Jun 10 13:15:00 EDT 2020] POST
[Wed Jun 10 13:15:00 EDT 2020] _post_url=‘https://acme-v02.api.letsencrypt.org/acme/cert/04f60d9243c5709dd3b421ced6ec71431c91
[Wed Jun 10 13:15:00 EDT 2020] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header --trace-ascii /tmp/tmp.sztzC2bM -g ’
[Wed Jun 10 13:15:01 EDT 2020] _ret=‘0’
[Wed Jun 10 13:15:01 EDT 2020] code=‘200’
[Wed Jun 10 13:15:02 EDT 2020] Found cert chain
[Wed Jun 10 13:15:02 EDT 2020] _end_n=‘31’
[Wed Jun 10 13:15:02 EDT 2020] Le_LinkCert=‘https://acme-v02.api.letsencrypt.org/acme/cert/04f60d9243c5709dd3b421ced6ec71431c91
[Wed Jun 10 13:15:03 EDT 2020] Cert success.
[Wed Jun 10 13:15:03 EDT 2020] Your cert is in /var/etc/acme-client/home/
.homelabusa.com/.homelabusa.com.cer
[Wed Jun 10 13:15:03 EDT 2020] Your cert key is in /var/etc/acme-client/home/
.homelabusa.com/.homelabusa.com.key
[Wed Jun 10 13:15:03 EDT 2020] v2 chain.
[Wed Jun 10 13:15:03 EDT 2020] The intermediate CA cert is in /var/etc/acme-client/home/
.homelabusa.com/ca.cer
[Wed Jun 10 13:15:03 EDT 2020] And the full chain certs is there: /var/etc/acme-client/home/*.homelabusa.com/fullchain.cer
[Wed Jun 10 13:15:05 EDT 2020] Installing cert to:/var/etc/acme-client/certs/5e8155a976b9c0.49562790/cert.pem
[Wed Jun 10 13:15:05 EDT 2020] Installing CA to:/var/etc/acme-client/certs/5e8155a976b9c0.49562790/chain.pem
[Wed Jun 10 13:15:05 EDT 2020] Installing key to:/var/etc/acme-client/keys/5e8155a976b9c0.49562790/private.key
[Wed Jun 10 13:15:05 EDT 2020] Installing full chain to:/var/etc/acme-client/certs/5e8155a976b9c0.49562790/fullchain.pem
[Wed Jun 10 13:15:05 EDT 2020] _on_issue_success

2 Likes

Ah, thanks, good to know.

Such global tests with google.com or other known addresses are always good to see, if the local configuration is ok.

2 Likes