Mixing dns mode AND standalone acme.sh one liner

Help
1

I ran this command:
acme.sh --force --renew -d mail.example.com --server letsencrypt
It produced this output:
[root@localhost ~]# acme.sh --force --renew -d mail.example.com.au --server letsencrypt
[Mon Oct 11 10:19:45 AEDT 2021] Renew: 'mail.example.com.au'
[Mon Oct 11 10:19:47 AEDT 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Oct 11 10:19:47 AEDT 2021] Standalone mode.
[Mon Oct 11 10:19:47 AEDT 2021] Multi domain='DNS:mail.example.com.au,DNS:mail.example1.com,DNS:webmail.example1.com,DNS:mail.example3.com,DNS:autodiscover.example1.com,DNS:mail.example2.com.au,DNS:webmail.example2.com.au,DNS:autodiscover.example2.com.au,DNS:webmail.example2.com.au,DNS:mail.cloudflarednsapi.com'
[Mon Oct 11 10:19:47 AEDT 2021] Getting domain auth token for each domain
[Mon Oct 11 10:20:00 AEDT 2021] Getting webroot for domain='mail.example.com.au'
[Mon Oct 11 10:20:00 AEDT 2021] Getting webroot for domain='mail.example1.com'
[Mon Oct 11 10:20:00 AEDT 2021] Getting webroot for domain='webmail.example1.com'
[Mon Oct 11 10:20:01 AEDT 2021] Getting webroot for domain='mail.example3.com'
[Mon Oct 11 10:20:01 AEDT 2021] Getting webroot for domain='autodiscover.example1.com'
[Mon Oct 11 10:20:01 AEDT 2021] Getting webroot for domain='mail.example2.com.au'
[Mon Oct 11 10:20:01 AEDT 2021] Getting webroot for domain='webmail.example2.com.au'
[Mon Oct 11 10:20:01 AEDT 2021] Getting webroot for domain='autodiscover.example2.com.au'
[Mon Oct 11 10:20:01 AEDT 2021] Getting webroot for domain='webmail.example2.com.au'
[Mon Oct 11 10:20:01 AEDT 2021] Getting webroot for domain='mail.cloudflarednsapi.com'
[Mon Oct 11 10:20:01 AEDT 2021] mail.example.com.au is already verified, skip dns-01.
[Mon Oct 11 10:20:01 AEDT 2021] mail.example1.com is already verified, skip dns-01.
[Mon Oct 11 10:20:01 AEDT 2021] webmail.example1.com is already verified, skip dns-01.
[Mon Oct 11 10:20:01 AEDT 2021] mail.example3.com is already verified, skip dns-01.
[Mon Oct 11 10:20:01 AEDT 2021] autodiscover.example1.com is already verified, skip dns-01.
[Mon Oct 11 10:20:01 AEDT 2021] mail.example2.com.au is already verified, skip dns-01.
[Mon Oct 11 10:20:02 AEDT 2021] webmail.example2.com.au is already verified, skip dns-01.
[Mon Oct 11 10:20:02 AEDT 2021] autodiscover.example2.com.au is already verified, skip dns-01.
[Mon Oct 11 10:20:02 AEDT 2021] webmail.example2.com.au is already verified, skip dns-01.
[Mon Oct 11 10:20:02 AEDT 2021] Verifying: mail.cloudflarednsapi.com
[Mon Oct 11 10:20:02 AEDT 2021] Standalone mode server
[Mon Oct 11 10:20:04 AEDT 2021] Pending, The CA is processing your order, please just wait. (1/30)
[Mon Oct 11 10:20:08 AEDT 2021] Pending, The CA is processing your order, please just wait. (2/30)
[Mon Oct 11 10:20:11 AEDT 2021] Pending, The CA is processing your order, please just wait. (3/30)
[Mon Oct 11 10:20:14 AEDT 2021] mail.cloudflarednsapi.com:Verify error:Fetching http://mail.cloudflarednsapi.com/.well-known/acme-challenge/random-string: Timeout during connect (likely firewall problem)
My web server is (include version):
built in (acme.sh)
The operating system my web server runs on is (include version):
linux

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): acme.sh -v 3.0.9

This command used to work it is one single certificate for many domains for a mailhost, a few domains are standalone and one is using cloudflare dns api access, the issue appears that now its trying to renew all domains using standalone mode - I would like to mix this and tell the script to use standalone for X domain and dnsapi for Y domain, it complains about the firewall as that one domain isnt using standalone its using cloudflares DNS api - I have set the CA to LE. Any help would be great !

The certificate is a single one for multiple different domains and all the below domains use the primary domain name (mail.example.com.au) as their MX record, All the domains email is housed on the same hardware.

domain='mail.example.com.au'
'mail.example1.com'
'webmail.example1.com'
'mail.example3.com'
'autodiscover.example1.com'
'mail.example2.com.au'
'webmail.example2.com.au'
'autodiscover.example2.com.au'
'webmail.example2.com.au'
'mail.cloudflarednsapi.com

The result of trying curl -v https://acme-v02.api.letsencrypt.org/directory below

[root@localhost ~]# curl -v https://acme-v02.api.letsencrypt.org/directory

GET /directory HTTP/1.1
User-Agent: curl/7.29.0
Host: acme-v02.api.letsencrypt.org
Accept: /

< HTTP/1.1 200 OK
< Server: nginx
< Date: Sun, 10 Oct 2021 23:16:45 GMT
< Content-Type: application/json
< Content-Length: 658
< Connection: keep-alive
< Cache-Control: public, max-age=0, no-cache
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
<
{
"CczQebFvnWc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/number",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"

2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.