Letsencrypt renewal failure fetching timeout Ubuntu 18.04LTS

Help
21

Take a look at:

https://si.w5gfe.org/

1 Like
22

Thanks again rg305!

TL;DR: SUCCESS! Thank you!!!

I worked through the https://github.com/Neilpang/acme.sh/tree/master/dnsapi#4-use-godaddycom-domain-api-to-automatically-issue-cert

The check test works out: Let's Debug

I had to work through a couple of issues including copying the godaddy key with an accidental newline (debug output was not super obvious that this was issue), and then manually re-pointing to the new acme based keys.

For anyone who might find this thread helpful:

Mistake 1: Clumsy fingers - newline in ~/.acme.sh/account.conf

Make sure that if you type in the api key or private key and accidentally put in a newline, you go check and ensure the keys look right in ~/.acme.sh/account.conf

Needed step - point nginx configuration to new acme based keys

I was still seeing the old keys being used, even after finally getting the dns based authentication to work.
Turned out I had to comment out the previous keys from the lets encrypt bot, and point to the new folder:

9 # RSA certificate
10 #ssl_certificate /etc/letsencrypt/live/eyesonhives.com/fullchain.pem; # managed by Certbot
11 #ssl_certificate_key /etc/letsencrypt/live/eyesonhives.com/privkey.pem; # managed by Certbot
12
13 ssl_certificate /home/keltronix/.acme.sh/eyesonhives.com/fullchain.cer;
14 ssl_certificate_key /home/keltronix/.acme.sh/eyesonhives.com/eyesonhives.com.key;

Mistake 2: re-running webroot based authentication (which overrides dns test)

No need for webroot commands for dns test.

Final step: restart nginx

Thanks again to _az and rg305 for your awesome help!

Notes:

DNS without webroot (per instructions)- error because of with key going over newline

DNS without webroot (per instructions)- success, but still using old cert (due to nginx site include conf)

When I run this command: ./acme.sh --issue --dns dns_gd -d eyesonhives.com -d www.eyesonhives.com --debug

I got a successful result, but the new cert was not 'live'

DNS with Webroot - note: do not do this! The webroot checks on port 80 again, so the issue originally stopping my renew was back :slight_smile:

When I run this command: sudo ./acme.sh --issue --dns dns_gd -d eyesonhives.com -d www.eyesonhives.com -w /var/www/base_station/current/public/

I get output
[Thu Dec 20 11:10:06 PST 2018] Multi domain='DNS:eyesonhives.com,DNS:www.eyesonhives.com'
[Thu Dec 20 11:10:06 PST 2018] Getting domain auth token for each domain
[Thu Dec 20 11:10:06 PST 2018] Getting webroot for domain='eyesonhives.com'
[Thu Dec 20 11:10:06 PST 2018] Getting new-authz for domain='eyesonhives.com'
[Thu Dec 20 11:10:08 PST 2018] The new-authz request is ok.
[Thu Dec 20 11:10:08 PST 2018] Getting webroot for domain='www.eyesonhives.com'
[Thu Dec 20 11:10:08 PST 2018] Getting new-authz for domain='www.eyesonhives.com'
[Thu Dec 20 11:10:08 PST 2018] The new-authz request is ok.
[Thu Dec 20 11:10:08 PST 2018] eyesonhives.com is already verified, skip dns-01.
[Thu Dec 20 11:10:08 PST 2018] Verifying:www.eyesonhives.com
[Thu Dec 20 11:10:11 PST 2018] Pending
[Thu Dec 20 11:10:13 PST 2018] Pending
[Thu Dec 20 11:10:16 PST 2018] Pending
[Thu Dec 20 11:10:18 PST 2018] Pending
[Thu Dec 20 11:10:20 PST 2018] www.eyesonhives.com:Verify error:Fetching http://www.eyesonhives.com/.well-known/acme-challenge/rlMYN6nPDlZHYYHDTmucaBQ5rQZCbPrKVAtPrNOg2uM: Timeout during connect (likely firewall problem)
[Thu Dec 20 11:10:20 PST 2018] Please add '--debug' or '--log' to check more details.
[Thu Dec 20 11:10:20 PST 2018] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

details (debug)

research/server/acme.sh$ sudo ./acme.sh --issue --dns dns_gd -d eyesonhives.com -d www.eyesonhives.com -w /var/www/base_station/current/public/ --debug
[Thu Dec 20 11:13:19 PST 2018] Lets find script dir.
[Thu Dec 20 11:13:19 PST 2018] SCRIPT='./acme.sh'
[Thu Dec 20 11:13:19 PST 2018] _script='/home/keltronix/research/server/acme.sh/acme.sh'
[Thu Dec 20 11:13:19 PST 2018] _script_home='/home/keltronix/research/server/acme.sh'
[Thu Dec 20 11:13:19 PST 2018] Using default home:/home/keltronix/.acme.sh
[Thu Dec 20 11:13:19 PST 2018] Using config home:/home/keltronix/.acme.sh
GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
v2.8.0
[Thu Dec 20 11:13:19 PST 2018] _main_domain='eyesonhives.com'
[Thu Dec 20 11:13:19 PST 2018] _alt_domains='www.eyesonhives.com'
[Thu Dec 20 11:13:19 PST 2018] Using config home:/home/keltronix/.acme.sh
[Thu Dec 20 11:13:19 PST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 20 11:13:19 PST 2018] DOMAIN_PATH='/home/keltronix/.acme.sh/eyesonhives.com'
[Thu Dec 20 11:13:19 PST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 20 11:13:19 PST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 20 11:13:19 PST 2018] GET
[Thu Dec 20 11:13:19 PST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 20 11:13:19 PST 2018] timeout=
[Thu Dec 20 11:13:19 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:20 PST 2018] ret='0'
[Thu Dec 20 11:13:20 PST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Thu Dec 20 11:13:20 PST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 20 11:13:20 PST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Dec 20 11:13:20 PST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Thu Dec 20 11:13:20 PST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Thu Dec 20 11:13:20 PST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Dec 20 11:13:20 PST 2018] ACME_NEW_NONCE
[Thu Dec 20 11:13:20 PST 2018] ACME_VERSION
[Thu Dec 20 11:13:20 PST 2018] Le_NextRenewTime
[Thu Dec 20 11:13:20 PST 2018] _on_before_issue
[Thu Dec 20 11:13:20 PST 2018] _chk_main_domain='eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] _chk_alt_domains='www.eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] Le_LocalAddress
[Thu Dec 20 11:13:20 PST 2018] d='eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] Check for domain='eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] _currentRoot='dns_gd'
[Thu Dec 20 11:13:20 PST 2018] d='www.eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] Check for domain='www.eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] _currentRoot='/var/www/base_station/current/public/'
[Thu Dec 20 11:13:20 PST 2018] d
[Thu Dec 20 11:13:20 PST 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Dec 20 11:13:20 PST 2018] Read key length:
[Thu Dec 20 11:13:20 PST 2018] _createcsr
[Thu Dec 20 11:13:20 PST 2018] Multi domain='DNS:eyesonhives.com,DNS:www.eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] Getting domain auth token for each domain
[Thu Dec 20 11:13:20 PST 2018] d='eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] Getting webroot for domain='eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] _w='dns_gd'
[Thu Dec 20 11:13:20 PST 2018] _currentRoot='dns_gd'
[Thu Dec 20 11:13:20 PST 2018] Getting new-authz for domain='eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 20 11:13:20 PST 2018] Try new-authz for the 0 time.
[Thu Dec 20 11:13:20 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 20 11:13:20 PST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "eyesonhives.com"}}'
[Thu Dec 20 11:13:20 PST 2018] RSA key
[Thu Dec 20 11:13:20 PST 2018] GET
[Thu Dec 20 11:13:20 PST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 20 11:13:20 PST 2018] timeout=
[Thu Dec 20 11:13:20 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:20 PST 2018] ret='0'
[Thu Dec 20 11:13:20 PST 2018] POST
[Thu Dec 20 11:13:20 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 20 11:13:20 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:20 PST 2018] _ret='0'
[Thu Dec 20 11:13:20 PST 2018] code='201'
[Thu Dec 20 11:13:20 PST 2018] The new-authz request is ok.
[Thu Dec 20 11:13:20 PST 2018] entry='"type":"dns-01","status":"valid","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/F-rT_5PaLdhTaVN6P3NGgHRZAVdhC0tRYJUZ5mf7Tc4/10539307647","token":"ZNhoU4DSta02lah0fioWHU6dcv6-Fzi9v_A7PnWZFrQ","validationRecord":[{"hostname":"eyesonhives.com"'
[Thu Dec 20 11:13:20 PST 2018] token='ZNhoU4DSta02lah0fioWHU6dcv6-Fzi9v_A7PnWZFrQ'
[Thu Dec 20 11:13:20 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/F-rT_5PaLdhTaVN6P3NGgHRZAVdhC0tRYJUZ5mf7Tc4/10539307647'
[Thu Dec 20 11:13:20 PST 2018] keyauthorization='ZNhoU4DSta02lah0fioWHU6dcv6-Fzi9v_A7PnWZFrQ.8gxXsZFNOvcSESVPfI7nVzhh4xshuGVgH-T8eB94Q64'
[Thu Dec 20 11:13:20 PST 2018] eyesonhives.com is already verified.
[Thu Dec 20 11:13:20 PST 2018] keyauthorization='verified_ok'
[Thu Dec 20 11:13:20 PST 2018] dvlist='eyesonhives.com#verified_ok#https://acme-v01.api.letsencrypt.org/acme/challenge/F-rT_5PaLdhTaVN6P3NGgHRZAVdhC0tRYJUZ5mf7Tc4/10539307647#dns-01#dns_gd'
[Thu Dec 20 11:13:20 PST 2018] d='www.eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] Getting webroot for domain='www.eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] _w='/var/www/base_station/current/public/'
[Thu Dec 20 11:13:20 PST 2018] _currentRoot='/var/www/base_station/current/public/'
[Thu Dec 20 11:13:20 PST 2018] Getting new-authz for domain='www.eyesonhives.com'
[Thu Dec 20 11:13:20 PST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 20 11:13:20 PST 2018] Try new-authz for the 0 time.
[Thu Dec 20 11:13:20 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 20 11:13:20 PST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.eyesonhives.com"}}'
[Thu Dec 20 11:13:20 PST 2018] POST
[Thu Dec 20 11:13:20 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 20 11:13:20 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:21 PST 2018] _ret='0'
[Thu Dec 20 11:13:21 PST 2018] code='201'
[Thu Dec 20 11:13:21 PST 2018] The new-authz request is ok.
[Thu Dec 20 11:13:21 PST 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070","token":"wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8"'
[Thu Dec 20 11:13:21 PST 2018] token='wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8'
[Thu Dec 20 11:13:21 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:21 PST 2018] keyauthorization='wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8.8gxXsZFNOvcSESVPfI7nVzhh4xshuGVgH-T8eB94Q64'
[Thu Dec 20 11:13:21 PST 2018] dvlist='www.eyesonhives.com#wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8.8gxXsZFNOvcSESVPfI7nVzhh4xshuGVgH-T8eB94Q64#https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070#http-01#/var/www/base_station/current/public/'
[Thu Dec 20 11:13:21 PST 2018] d
[Thu Dec 20 11:13:21 PST 2018] vlist='eyesonhives.com#verified_ok#https://acme-v01.api.letsencrypt.org/acme/challenge/F-rT_5PaLdhTaVN6P3NGgHRZAVdhC0tRYJUZ5mf7Tc4/10539307647#dns-01#dns_gd,www.eyesonhives.com#wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8.8gxXsZFNOvcSESVPfI7nVzhh4xshuGVgH-T8eB94Q64#https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070#http-01#/var/www/base_station/current/public/,'
[Thu Dec 20 11:13:21 PST 2018] d='eyesonhives.com'
[Thu Dec 20 11:13:21 PST 2018] eyesonhives.com is already verified, skip dns-01.
[Thu Dec 20 11:13:21 PST 2018] d='www.eyesonhives.com'
[Thu Dec 20 11:13:21 PST 2018] ok, let's start to verify
[Thu Dec 20 11:13:21 PST 2018] eyesonhives.com is already verified, skip dns-01.
[Thu Dec 20 11:13:21 PST 2018] Verifying:www.eyesonhives.com
[Thu Dec 20 11:13:21 PST 2018] d='www.eyesonhives.com'
[Thu Dec 20 11:13:21 PST 2018] keyauthorization='wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8.8gxXsZFNOvcSESVPfI7nVzhh4xshuGVgH-T8eB94Q64'
[Thu Dec 20 11:13:21 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:21 PST 2018] _currentRoot='/var/www/base_station/current/public/'
[Thu Dec 20 11:13:21 PST 2018] wellknown_path='/var/www/base_station/current/public//.well-known/acme-challenge'
[Thu Dec 20 11:13:21 PST 2018] writing token:wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8 to /var/www/base_station/current/public//.well-known/acme-challenge/wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8
[Thu Dec 20 11:13:21 PST 2018] Changing owner/group of .well-known to keltronix:keltronix
[Thu Dec 20 11:13:21 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:21 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8.8gxXsZFNOvcSESVPfI7nVzhh4xshuGVgH-T8eB94Q64"}'
[Thu Dec 20 11:13:21 PST 2018] POST
[Thu Dec 20 11:13:21 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:21 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:21 PST 2018] _ret='0'
[Thu Dec 20 11:13:21 PST 2018] code='202'
[Thu Dec 20 11:13:21 PST 2018] sleep 2 secs to verify
[Thu Dec 20 11:13:23 PST 2018] checking
[Thu Dec 20 11:13:23 PST 2018] GET
[Thu Dec 20 11:13:23 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:23 PST 2018] timeout=
[Thu Dec 20 11:13:23 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:23 PST 2018] ret='0'
[Thu Dec 20 11:13:23 PST 2018] Pending
[Thu Dec 20 11:13:23 PST 2018] sleep 2 secs to verify
[Thu Dec 20 11:13:25 PST 2018] checking
[Thu Dec 20 11:13:25 PST 2018] GET
[Thu Dec 20 11:13:25 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:25 PST 2018] timeout=
[Thu Dec 20 11:13:25 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:26 PST 2018] ret='0'
[Thu Dec 20 11:13:26 PST 2018] Pending
[Thu Dec 20 11:13:26 PST 2018] sleep 2 secs to verify
[Thu Dec 20 11:13:28 PST 2018] checking
[Thu Dec 20 11:13:28 PST 2018] GET
[Thu Dec 20 11:13:28 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:28 PST 2018] timeout=
[Thu Dec 20 11:13:28 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:28 PST 2018] ret='0'
[Thu Dec 20 11:13:28 PST 2018] Pending
[Thu Dec 20 11:13:28 PST 2018] sleep 2 secs to verify
[Thu Dec 20 11:13:30 PST 2018] checking
[Thu Dec 20 11:13:30 PST 2018] GET
[Thu Dec 20 11:13:30 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:30 PST 2018] timeout=
[Thu Dec 20 11:13:30 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:30 PST 2018] ret='0'
[Thu Dec 20 11:13:30 PST 2018] Pending
[Thu Dec 20 11:13:30 PST 2018] sleep 2 secs to verify
[Thu Dec 20 11:13:32 PST 2018] checking
[Thu Dec 20 11:13:32 PST 2018] GET
[Thu Dec 20 11:13:32 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:32 PST 2018] timeout=
[Thu Dec 20 11:13:32 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:32 PST 2018] ret='0'
[Thu Dec 20 11:13:32 PST 2018] www.eyesonhives.com:Verify error:Fetching http://www.eyesonhives.com/.well-known/acme-challenge/wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8: Timeout during connect (likely firewall problem)
[Thu Dec 20 11:13:32 PST 2018] Debug: get token url.
[Thu Dec 20 11:13:32 PST 2018] GET
[Thu Dec 20 11:13:32 PST 2018] url='http://www.eyesonhives.com/.well-known/acme-challenge/wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8'
[Thu Dec 20 11:13:32 PST 2018] timeout=1
[Thu Dec 20 11:13:32 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g --connect-timeout 1'
wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8.8gxXsZFNOvcSESVPfI7nVzhh4xshuGVgH-T8eB94Q64[Thu Dec 20 11:13:32 PST 2018] ret='0'
[Thu Dec 20 11:13:32 PST 2018] Debugging, skip removing: /var/www/base_station/current/public//.well-known/acme-challenge/wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8
[Thu Dec 20 11:13:32 PST 2018] pid
[Thu Dec 20 11:13:32 PST 2018] No need to restore nginx, skip.
[Thu Dec 20 11:13:32 PST 2018] _clearupdns
[Thu Dec 20 11:13:32 PST 2018] skip dns.
[Thu Dec 20 11:13:32 PST 2018] _on_issue_err
[Thu Dec 20 11:13:32 PST 2018] Please add '--debug' or '--log' to check more details.
[Thu Dec 20 11:13:32 PST 2018] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
[Thu Dec 20 11:13:32 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/F-rT_5PaLdhTaVN6P3NGgHRZAVdhC0tRYJUZ5mf7Tc4/10539307647'
[Thu Dec 20 11:13:32 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "verified_ok"}'
[Thu Dec 20 11:13:32 PST 2018] POST
[Thu Dec 20 11:13:32 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/F-rT_5PaLdhTaVN6P3NGgHRZAVdhC0tRYJUZ5mf7Tc4/10539307647'
[Thu Dec 20 11:13:32 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:33 PST 2018] _ret='0'
[Thu Dec 20 11:13:33 PST 2018] code='202'
[Thu Dec 20 11:13:33 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:33 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "wW7EBrFt9gF7svN3yyD4EcRigcAoxLabLo9iyfeXuv8.8gxXsZFNOvcSESVPfI7nVzhh4xshuGVgH-T8eB94Q64"}'
[Thu Dec 20 11:13:33 PST 2018] POST
[Thu Dec 20 11:13:33 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/5YOG5S6fmegQ_WG9S6ERnE19dz1AQS9xw7O19sjovQw/10541855070'
[Thu Dec 20 11:13:33 PST 2018] _CURL='curl -L --silent --dump-header /home/keltronix/.acme.sh/http.header -g '
[Thu Dec 20 11:13:33 PST 2018] _ret='0'
[Thu Dec 20 11:13:33 PST 2018] code='400'
[Thu Dec 20 11:13:33 PST 2018] socat doesn't exists.
[Thu Dec 20 11:13:33 PST 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0g 2 Nov 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-FIJPpj/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-ndk --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-echo --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/nchan --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-lua --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/rtmp --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-FIJPpj/nginx-1.14.0/debian/modules/http-subs-filter
socat:

Thanks again to all for your help!!

1 Like
23

Finally - I updated the Debugging wiki on the acme.sh page to at least show this ‘common’ stuff!!

https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

1 Like
24

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.