My domain is: nas.harrydowe.uk
, drive.harrydowe.uk
I ran this command:
./acme.sh --issue --home . -d "drive.harrydowe.uk" --dns "$CERT_DNS" --debug
It produced this output:
[Mon Mar 29 16:21:40 BST 2021] Lets find script dir.
[Mon Mar 29 16:21:40 BST 2021] _SCRIPT_='./acme.sh'
[Mon Mar 29 16:21:40 BST 2021] _script='/usr/local/share/acme.sh/acme.sh'
[Mon Mar 29 16:21:40 BST 2021] _script_home='/usr/local/share/acme.sh'
[Mon Mar 29 16:21:40 BST 2021] Using config home:.
https://github.com/acmesh-official/acme.sh
v2.8.9
[Mon Mar 29 16:21:40 BST 2021] Running cmd: issue
[Mon Mar 29 16:21:40 BST 2021] _main_domain='drive.harrydowe.uk'
[Mon Mar 29 16:21:40 BST 2021] _alt_domains='no'
[Mon Mar 29 16:21:40 BST 2021] Using config home:.
[Mon Mar 29 16:21:40 BST 2021] default_acme_server
[Mon Mar 29 16:21:40 BST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 29 16:21:40 BST 2021] DOMAIN_PATH='./drive.harrydowe.uk'
[Mon Mar 29 16:21:41 BST 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 29 16:21:41 BST 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 29 16:21:41 BST 2021] GET
[Mon Mar 29 16:21:41 BST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 29 16:21:41 BST 2021] timeout=
[Mon Mar 29 16:21:42 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g '
[Mon Mar 29 16:21:44 BST 2021] ret='0'
[Mon Mar 29 16:21:44 BST 2021] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon Mar 29 16:21:44 BST 2021] ACME_NEW_AUTHZ
[Mon Mar 29 16:21:44 BST 2021] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Mar 29 16:21:44 BST 2021] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon Mar 29 16:21:44 BST 2021] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Mar 29 16:21:44 BST 2021] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Mar 29 16:21:44 BST 2021] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Mar 29 16:21:44 BST 2021] ACME_VERSION='2'
[Mon Mar 29 16:21:44 BST 2021] Le_NextRenewTime
[Mon Mar 29 16:21:48 BST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 29 16:21:48 BST 2021] _on_before_issue
[Mon Mar 29 16:21:48 BST 2021] _chk_main_domain='drive.harrydowe.uk'
[Mon Mar 29 16:21:48 BST 2021] _chk_alt_domains
[Mon Mar 29 16:21:48 BST 2021] Le_LocalAddress
[Mon Mar 29 16:21:48 BST 2021] d='drive.harrydowe.uk'
[Mon Mar 29 16:21:48 BST 2021] Check for domain='drive.harrydowe.uk'
[Mon Mar 29 16:21:48 BST 2021] _currentRoot='dns_cf'
[Mon Mar 29 16:21:48 BST 2021] d
[Mon Mar 29 16:21:48 BST 2021] _saved_account_key_hash is not changed, skip register account.
[Mon Mar 29 16:21:48 BST 2021] Read key length:
[Mon Mar 29 16:21:48 BST 2021] _createcsr
[Mon Mar 29 16:21:48 BST 2021] Single domain='drive.harrydowe.uk'
[Mon Mar 29 16:21:49 BST 2021] Getting domain auth token for each domain
[Mon Mar 29 16:21:49 BST 2021] d
[Mon Mar 29 16:21:49 BST 2021] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Mar 29 16:21:49 BST 2021] payload='{"identifiers": [{"type":"dns","value":"drive.harrydowe.uk"}]}'
[Mon Mar 29 16:21:49 BST 2021] RSA key
[Mon Mar 29 16:21:49 BST 2021] HEAD
[Mon Mar 29 16:21:49 BST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Mar 29 16:21:50 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g -I '
[Mon Mar 29 16:21:51 BST 2021] _ret='0'
[Mon Mar 29 16:21:51 BST 2021] POST
[Mon Mar 29 16:21:51 BST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Mar 29 16:21:51 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g '
[Mon Mar 29 16:21:52 BST 2021] _ret='0'
[Mon Mar 29 16:21:52 BST 2021] code='201'
[Mon Mar 29 16:21:52 BST 2021] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/117250520/8742171458'
[Mon Mar 29 16:21:52 BST 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/117250520/8742171458'
[Mon Mar 29 16:21:52 BST 2021] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/11931955317'
[Mon Mar 29 16:21:52 BST 2021] payload
[Mon Mar 29 16:21:52 BST 2021] POST
[Mon Mar 29 16:21:52 BST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/11931955317'
[Mon Mar 29 16:21:52 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g '
[Mon Mar 29 16:21:53 BST 2021] _ret='0'
[Mon Mar 29 16:21:53 BST 2021] code='200'
[Mon Mar 29 16:21:54 BST 2021] d='drive.harrydowe.uk'
[Mon Mar 29 16:21:54 BST 2021] Getting webroot for domain='drive.harrydowe.uk'
[Mon Mar 29 16:21:54 BST 2021] _w='dns_cf'
[Mon Mar 29 16:21:54 BST 2021] _currentRoot='dns_cf'
[Mon Mar 29 16:21:55 BST 2021] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/11931955317/vHSaPw","token":"qLhPJe7976cxaCM8lSrN2j08RUpbYWfiuaEeO_DpHQQ"'
[Mon Mar 29 16:21:55 BST 2021] token='qLhPJe7976cxaCM8lSrN2j08RUpbYWfiuaEeO_DpHQQ'
[Mon Mar 29 16:21:55 BST 2021] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11931955317/vHSaPw'
[Mon Mar 29 16:21:55 BST 2021] keyauthorization='qLhPJe7976cxaCM8lSrN2j08RUpbYWfiuaEeO_DpHQQ.Ik0EZ1U0Hctqj-dQkM2npRp_nWIaSMbxAwSzFTBevso'
[Mon Mar 29 16:21:55 BST 2021] dvlist='drive.harrydowe.uk#qLhPJe7976cxaCM8lSrN2j08RUpbYWfiuaEeO_DpHQQ.Ik0EZ1U0Hctqj-dQkM2npRp_nWIaSMbxAwSzFTBevso#https://acme-v02.api.letsencrypt.org/acme/chall-v3/11931955317/vHSaPw#dns-01#dns_cf'
[Mon Mar 29 16:21:55 BST 2021] d
[Mon Mar 29 16:21:55 BST 2021] vlist='drive.harrydowe.uk#qLhPJe7976cxaCM8lSrN2j08RUpbYWfiuaEeO_DpHQQ.Ik0EZ1U0Hctqj-dQkM2npRp_nWIaSMbxAwSzFTBevso#https://acme-v02.api.letsencrypt.org/acme/chall-v3/11931955317/vHSaPw#dns-01#dns_cf,'
[Mon Mar 29 16:21:55 BST 2021] d='drive.harrydowe.uk'
[Mon Mar 29 16:21:55 BST 2021] _d_alias
[Mon Mar 29 16:21:55 BST 2021] txtdomain='_acme-challenge.drive.harrydowe.uk'
[Mon Mar 29 16:21:55 BST 2021] txt='7UhPDjsy6mjIfKRwqsvy9gh6eg5pjGsWL6v4c0W4JG0'
[Mon Mar 29 16:21:55 BST 2021] d_api='/usr/local/share/acme.sh/dnsapi/dns_cf.sh'
[Mon Mar 29 16:21:55 BST 2021] Found domain api file: /usr/local/share/acme.sh/dnsapi/dns_cf.sh
[Mon Mar 29 16:21:55 BST 2021] Adding txt value: 7UhPDjsy6mjIfKRwqsvy9gh6eg5pjGsWL6v4c0W4JG0 for domain: _acme-challenge.drive.harrydowe.uk
[Mon Mar 29 16:21:57 BST 2021] First detect the root zone
[Mon Mar 29 16:21:57 BST 2021] h='_acme-challenge.drive.harrydowe.uk'
[Mon Mar 29 16:21:57 BST 2021] zones?name=_acme-challenge.drive.harrydowe.uk
[Mon Mar 29 16:21:57 BST 2021] GET
[Mon Mar 29 16:21:57 BST 2021] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.drive.harrydowe.uk'
[Mon Mar 29 16:21:57 BST 2021] timeout=
[Mon Mar 29 16:21:57 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g '
[Mon Mar 29 16:21:59 BST 2021] ret='0'
[Mon Mar 29 16:21:59 BST 2021] h='drive.harrydowe.uk'
[Mon Mar 29 16:21:59 BST 2021] zones?name=drive.harrydowe.uk
[Mon Mar 29 16:21:59 BST 2021] GET
[Mon Mar 29 16:21:59 BST 2021] url='https://api.cloudflare.com/client/v4/zones?name=drive.harrydowe.uk'
[Mon Mar 29 16:21:59 BST 2021] timeout=
[Mon Mar 29 16:21:59 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g '
[Mon Mar 29 16:22:00 BST 2021] ret='0'
[Mon Mar 29 16:22:00 BST 2021] h='harrydowe.uk'
[Mon Mar 29 16:22:00 BST 2021] zones?name=harrydowe.uk
[Mon Mar 29 16:22:00 BST 2021] GET
[Mon Mar 29 16:22:00 BST 2021] url='https://api.cloudflare.com/client/v4/zones?name=harrydowe.uk'
[Mon Mar 29 16:22:00 BST 2021] timeout=
[Mon Mar 29 16:22:00 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g '
[Mon Mar 29 16:22:03 BST 2021] ret='0'
[Mon Mar 29 16:22:03 BST 2021] h='uk'
[Mon Mar 29 16:22:03 BST 2021] zones?name=uk
[Mon Mar 29 16:22:03 BST 2021] GET
[Mon Mar 29 16:22:03 BST 2021] url='https://api.cloudflare.com/client/v4/zones?name=uk'
[Mon Mar 29 16:22:03 BST 2021] timeout=
[Mon Mar 29 16:22:03 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g '
[Mon Mar 29 16:22:04 BST 2021] ret='0'
[Mon Mar 29 16:22:04 BST 2021] h
[Mon Mar 29 16:22:04 BST 2021] invalid domain
[Mon Mar 29 16:22:04 BST 2021] Error add txt for domain:_acme-challenge.drive.harrydowe.uk
[Mon Mar 29 16:22:04 BST 2021] _on_issue_err
[Mon Mar 29 16:22:04 BST 2021] Please add '--debug' or '--log' to check more details.
[Mon Mar 29 16:22:04 BST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Mon Mar 29 16:22:04 BST 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11931955317/vHSaPw'
[Mon Mar 29 16:22:04 BST 2021] payload='{}'
[Mon Mar 29 16:22:05 BST 2021] POST
[Mon Mar 29 16:22:05 BST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/11931955317/vHSaPw'
[Mon Mar 29 16:22:05 BST 2021] _CURL='curl --silent --dump-header ./http.header -L -g '
[Mon Mar 29 16:22:06 BST 2021] _ret='0'
[Mon Mar 29 16:22:06 BST 2021] code='200'
[Mon Mar 29 16:22:06 BST 2021] socat doesn't exist.
[Mon Mar 29 16:22:06 BST 2021] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2u-fips 20 Dec 2019
apache:
apache doesn't exist.
nginx:
nginx version: nginx/1.16.1
TLS SNI support enabled
socat:
[Mon Mar 29 16:22:06 BST 2021] pid
[Mon Mar 29 16:22:06 BST 2021] No need to restore nginx, skip.
[Mon Mar 29 16:22:06 BST 2021] _clearupdns
[Mon Mar 29 16:22:06 BST 2021] dns_entries
[Mon Mar 29 16:22:06 BST 2021] skip dns
My web server is (include version): nginx version: nginx/1.16.1
(I think, it's Synology DSM)
The operating system my web server runs on is (include version): Synology DSM
My hosting provider, if applicable, is: Cloudflare
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
./acme.sh --version
https://github.com/acmesh-official/acme.sh
v2.8.9
I've been following the synology NAS guide to create a certificate. I had success creating nas.harrydowe.uk
, then later I learn it's possible to configure a different DNS for each app on my NAS, so I tried to create drive.harrydowe.uk
however it errors with:
invalid domain
Error add txt for domain:_acme-challenge.drive.harrydowe.uk
I also tried to create a single certificate with multiple domains with -d nas.harrydowe.uk -d drive.harrydowe.uk
, which appeared to complete successfully but didn't appear to deploy properly in the subsequent deploy step in the guide. I still got an invalid certificate error from Cloudflare when accessing drive.harrydowe.uk
, and I can inspect the certificate by accessing it via 192.168.1.25:5001
, of course I get an invalid cert but I don't see any mention of drive.harrydowe.uk
in the cert
./acme.sh --insecure --deploy --home . -d "$CERT_DOMAIN" --deploy-hook synology_dsm
I'm using Cloudflare for the DNS.
In the logs it tried to create the TXT record and then gets the zones. I'm not sure it's successfully completing that. I've also tried creating a wildcard domain but the same error happens.
Any input on this greatly appreciated