Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:*.dawn2dusk.uk
I ran this command:
./acme.sh --server letsencrypt --issue --debug 2
-d '*.dawn2dusk.uk' --dns dns_nsupdate --log --force
It produced this output: [Wed May 25 15:53:45 UTC 2022] _on_issue_err
[Wed May 25 15:53:45 UTC 2022] Please check log file for more details: /root/.acme.sh/acme.sh.log
My web server is (include version):
not relevant, using dns challenge (successful)
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): using acme.sh 3.0.4
Please show the log file. Currently there's nothing to go on unfortunately.
Also note that using --forceusually doesn't help and has the potential to cause more harm than good, such as running into rate limits.
On a second note regarding rate limits: when something doesn't go exactly according to plan, it's better to switch over to the staging environment. Or even better: start with the staging environment until everything works and then switch over to the production environment. See Server · acmesh-official/acme.sh Wiki · GitHub for the parameters which can be used for the acme.sh --server option.
Looks like it took more than the oft-quoted 48 hours for changes to
propagate. I now have the cert. What I don't get is why the log file
reported success on the dns-update challenge and then the
_on_issue_error with no error code or explanation (it says look in the
log file, but there's nothing there).
The dns-update was presumably done to the correct DNS system.
While the external DNS challenge requests were being done against the old DNS system.
The "look in the log file" message is generic and is always a good place to look - but it can't possibly know everything that might have gone wrong outside of its' view.
None-the-less, glad to hear you are secure and automated!