Neither renewal nor issue works: acme.sh on debian8

Help
1

Hello,
i was able to get a certificate via acme.sh once. Since then, the (automatic via cron) renewal failed as well as my manual attempts to renew or re-issue a certificate failed. I am stuck an need some help.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.naturundtext.de

I ran this command: ./acme.sh --renew-all --debug --log
and:./acme.sh --issue -d www.naturundtext.de -d www.basilisken-presse.de -d www.herpetoshop.de --webroot /var/www/live --apache --force --debug

It produced this output:
---------8<--------snip------------------------

[Mi 11. Aug 14:59:06 CEST 2021] Lets find script dir.
[Mi 11. Aug 14:59:06 CEST 2021] _SCRIPT_='./acme.sh'
[Mi 11. Aug 14:59:06 CEST 2021] _script='/root/.acme.sh/acme.sh'
[Mi 11. Aug 14:59:06 CEST 2021] _script_home='/root/.acme.sh'
[Mi 11. Aug 14:59:06 CEST 2021] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.0
[Mi 11. Aug 14:59:06 CEST 2021] Running cmd: issue
[Mi 11. Aug 14:59:06 CEST 2021] _main_domain='www.naturundtext.de'
[Mi 11. Aug 14:59:06 CEST 2021] _alt_domains='www.basilisken-presse.de,www.herpetoshop.de'
[Mi 11. Aug 14:59:06 CEST 2021] Using config home:/root/.acme.sh
[Mi 11. Aug 14:59:06 CEST 2021] default_acme_server
[Mi 11. Aug 14:59:06 CEST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Mi 11. Aug 14:59:06 CEST 2021] DOMAIN_PATH='/root/.acme.sh/www.naturundtext.de'
[Mi 11. Aug 14:59:06 CEST 2021] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Mi 11. Aug 14:59:06 CEST 2021] _init api for server: https://acme.zerossl.com/v2/DV90
[Mi 11. Aug 14:59:06 CEST 2021] GET
[Mi 11. Aug 14:59:06 CEST 2021] url='https://acme.zerossl.com/v2/DV90'
[Mi 11. Aug 14:59:06 CEST 2021] timeout=
[Mi 11. Aug 14:59:06 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 14:59:07 CEST 2021] ret='0'
[Mi 11. Aug 14:59:07 CEST 2021] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Mi 11. Aug 14:59:07 CEST 2021] ACME_NEW_AUTHZ
[Mi 11. Aug 14:59:07 CEST 2021] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Mi 11. Aug 14:59:07 CEST 2021] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Mi 11. Aug 14:59:07 CEST 2021] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Mi 11. Aug 14:59:07 CEST 2021] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf'
[Mi 11. Aug 14:59:07 CEST 2021] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Mi 11. Aug 14:59:08 CEST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Mi 11. Aug 14:59:08 CEST 2021] _on_before_issue
[Mi 11. Aug 14:59:08 CEST 2021] _chk_main_domain='www.naturundtext.de'
[Mi 11. Aug 14:59:08 CEST 2021] _chk_alt_domains='www.basilisken-presse.de,www.herpetoshop.de'
[Mi 11. Aug 14:59:08 CEST 2021] Le_LocalAddress
[Mi 11. Aug 14:59:08 CEST 2021] d='www.naturundtext.de'
[Mi 11. Aug 14:59:08 CEST 2021] Check for domain='www.naturundtext.de'
[Mi 11. Aug 14:59:08 CEST 2021] _currentRoot='/var/www/live'
[Mi 11. Aug 14:59:08 CEST 2021] d='www.basilisken-presse.de'
[Mi 11. Aug 14:59:08 CEST 2021] Check for domain='www.basilisken-presse.de'
[Mi 11. Aug 14:59:08 CEST 2021] _currentRoot='apache'
[Mi 11. Aug 14:59:08 CEST 2021] d='www.herpetoshop.de'
[Mi 11. Aug 14:59:08 CEST 2021] Check for domain='www.herpetoshop.de'
[Mi 11. Aug 14:59:08 CEST 2021] _currentRoot='apache'
[Mi 11. Aug 14:59:08 CEST 2021] d
[Mi 11. Aug 14:59:08 CEST 2021] Using config home:/root/.acme.sh
[Mi 11. Aug 14:59:08 CEST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Mi 11. Aug 14:59:08 CEST 2021] httpdconfname='apache2.conf'
[Mi 11. Aug 14:59:08 CEST 2021] httpdroot='/etc/apache2'
[Mi 11. Aug 14:59:08 CEST 2021] httpdconf='/etc/apache2/apache2.conf'
[Mi 11. Aug 14:59:08 CEST 2021] httpdconfname='apache2.conf'
[Mi 11. Aug 14:59:08 CEST 2021] Checking if there is an error in the apache config file before starting.
[Mi 11. Aug 14:59:08 CEST 2021] OK
[Mi 11. Aug 14:59:08 CEST 2021] Backup apache config file='/etc/apache2/apache2.conf'
[Mi 11. Aug 14:59:08 CEST 2021] JFYI, Config file /etc/apache2/apache2.conf is backuped to /root/.acme.sh/apache2.conf
[Mi 11. Aug 14:59:08 CEST 2021] In case there is an error that can not be restored automatically, you may try restore it yourself.
[Mi 11. Aug 14:59:08 CEST 2021] The backup file will be deleted on success, just forget it.
[Mi 11. Aug 14:59:08 CEST 2021] apacheVer='2.4.10'
[Mi 11. Aug 14:59:08 CEST 2021] _saved_account_key_hash is not changed, skip register account.
[Mi 11. Aug 14:59:08 CEST 2021] Read key length:
[Mi 11. Aug 14:59:08 CEST 2021] Creating domain key
[Mi 11. Aug 14:59:08 CEST 2021] Use DEFAULT_DOMAIN_KEY_LENGTH=2048
[Mi 11. Aug 14:59:08 CEST 2021] Using config home:/root/.acme.sh
[Mi 11. Aug 14:59:08 CEST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Mi 11. Aug 14:59:08 CEST 2021] Use length 2048
[Mi 11. Aug 14:59:08 CEST 2021] Using RSA: 2048
[Mi 11. Aug 14:59:08 CEST 2021] The domain key is here: /root/.acme.sh/www.naturundtext.de/www.naturundtext.de.key
[Mi 11. Aug 14:59:08 CEST 2021] _createcsr
[Mi 11. Aug 14:59:08 CEST 2021] Multi domain='DNS:www.naturundtext.de,DNS:www.basilisken-presse.de,DNS:www.herpetoshop.de'
[Mi 11. Aug 14:59:08 CEST 2021] Getting domain auth token for each domain
[Mi 11. Aug 14:59:08 CEST 2021] d='www.basilisken-presse.de'
[Mi 11. Aug 14:59:08 CEST 2021] d='www.herpetoshop.de'
[Mi 11. Aug 14:59:08 CEST 2021] d
[Mi 11. Aug 14:59:08 CEST 2021] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Mi 11. Aug 14:59:08 CEST 2021] payload='{"identifiers": [{"type":"dns","value":"www.naturundtext.de"},{"type":"dns","value":"www.basilisken-presse.de"},{"type":"dns","value":"www.herpetoshop.de"}]}'
[Mi 11. Aug 14:59:08 CEST 2021] RSA key
[Mi 11. Aug 14:59:08 CEST 2021] HEAD
[Mi 11. Aug 14:59:08 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Mi 11. Aug 14:59:08 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Mi 11. Aug 14:59:09 CEST 2021] _ret='0'
[Mi 11. Aug 14:59:09 CEST 2021] POST
[Mi 11. Aug 14:59:09 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Mi 11. Aug 14:59:09 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 14:59:10 CEST 2021] _ret='0'
[Mi 11. Aug 14:59:10 CEST 2021] code='201'
[Mi 11. Aug 14:59:10 CEST 2021] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/FUhmvlQHzGoFe1yHSPfx8Q'
[Mi 11. Aug 14:59:10 CEST 2021] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/FUhmvlQHzGoFe1yHSPfx8Q/finalize'
[Mi 11. Aug 14:59:10 CEST 2021] url='https://acme.zerossl.com/v2/DV90/authz/G9T-w2agWGaOGrwWjy5m-Q'
[Mi 11. Aug 14:59:10 CEST 2021] payload
[Mi 11. Aug 14:59:10 CEST 2021] POST
[Mi 11. Aug 14:59:10 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/authz/G9T-w2agWGaOGrwWjy5m-Q'
[Mi 11. Aug 14:59:10 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 14:59:11 CEST 2021] _ret='0'
[Mi 11. Aug 14:59:11 CEST 2021] code='200'
[Mi 11. Aug 14:59:11 CEST 2021] url='https://acme.zerossl.com/v2/DV90/authz/azXyhGeodSsDoY_rTrappw'
[Mi 11. Aug 14:59:11 CEST 2021] payload
[Mi 11. Aug 14:59:11 CEST 2021] POST
[Mi 11. Aug 14:59:11 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/authz/azXyhGeodSsDoY_rTrappw'
[Mi 11. Aug 14:59:11 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 14:59:11 CEST 2021] _ret='0'
[Mi 11. Aug 14:59:11 CEST 2021] code='200'
[Mi 11. Aug 14:59:12 CEST 2021] url='https://acme.zerossl.com/v2/DV90/authz/AX_XPHwQBVJzCjCCXKuDQA'
[Mi 11. Aug 14:59:12 CEST 2021] payload
[Mi 11. Aug 14:59:12 CEST 2021] POST
[Mi 11. Aug 14:59:12 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/authz/AX_XPHwQBVJzCjCCXKuDQA'
[Mi 11. Aug 14:59:12 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 14:59:12 CEST 2021] _ret='0'
[Mi 11. Aug 14:59:12 CEST 2021] code='200'
[Mi 11. Aug 14:59:12 CEST 2021] d='www.naturundtext.de'
[Mi 11. Aug 14:59:12 CEST 2021] Getting webroot for domain='www.naturundtext.de'
[Mi 11. Aug 14:59:12 CEST 2021] _w='/var/www/live'
[Mi 11. Aug 14:59:12 CEST 2021] _currentRoot='/var/www/live'
[Mi 11. Aug 14:59:12 CEST 2021] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w","status":"pending","token":"4c6e1iUEL_0UxKrgsifeDcxVVi2bZ9PrpsanXcEKoYI"'
[Mi 11. Aug 14:59:12 CEST 2021] token='4c6e1iUEL_0UxKrgsifeDcxVVi2bZ9PrpsanXcEKoYI'
[Mi 11. Aug 14:59:12 CEST 2021] uri='https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w'
[Mi 11. Aug 14:59:12 CEST 2021] keyauthorization='4c6e1iUEL_0UxKrgsifeDcxVVi2bZ9PrpsanXcEKoYI.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0'
[Mi 11. Aug 14:59:12 CEST 2021] dvlist='www.naturundtext.de#4c6e1iUEL_0UxKrgsifeDcxVVi2bZ9PrpsanXcEKoYI.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0#https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w#http-01#/var/www/live'
[Mi 11. Aug 14:59:12 CEST 2021] d='www.basilisken-presse.de'
[Mi 11. Aug 14:59:12 CEST 2021] Getting webroot for domain='www.basilisken-presse.de'
[Mi 11. Aug 14:59:12 CEST 2021] _w='apache'
[Mi 11. Aug 14:59:12 CEST 2021] _currentRoot='apache'
[Mi 11. Aug 14:59:12 CEST 2021] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/S9akBpVA_7qu0gOGeMV3hA","status":"pending","token":"81FS8YpAPbj3suzssQbyv5hIVyRRSMpjDIz0IIShUZY"'
[Mi 11. Aug 14:59:12 CEST 2021] token='81FS8YpAPbj3suzssQbyv5hIVyRRSMpjDIz0IIShUZY'
[Mi 11. Aug 14:59:12 CEST 2021] uri='https://acme.zerossl.com/v2/DV90/chall/S9akBpVA_7qu0gOGeMV3hA'
[Mi 11. Aug 14:59:12 CEST 2021] keyauthorization='81FS8YpAPbj3suzssQbyv5hIVyRRSMpjDIz0IIShUZY.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0'
[Mi 11. Aug 14:59:12 CEST 2021] dvlist='www.basilisken-presse.de#81FS8YpAPbj3suzssQbyv5hIVyRRSMpjDIz0IIShUZY.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0#https://acme.zerossl.com/v2/DV90/chall/S9akBpVA_7qu0gOGeMV3hA#http-01#apache'
[Mi 11. Aug 14:59:12 CEST 2021] d='www.herpetoshop.de'
[Mi 11. Aug 14:59:12 CEST 2021] Getting webroot for domain='www.herpetoshop.de'
[Mi 11. Aug 14:59:12 CEST 2021] _w
[Mi 11. Aug 14:59:12 CEST 2021] _currentRoot='apache'
[Mi 11. Aug 14:59:13 CEST 2021] entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/2kp_vI1Cqw0GDTTXXR1dJw","status":"pending","token":"imbxYXAkjQPYaWl14K2zfhI7zkVgUk9eKG1TGT3kWoE"'
[Mi 11. Aug 14:59:13 CEST 2021] token='imbxYXAkjQPYaWl14K2zfhI7zkVgUk9eKG1TGT3kWoE'
[Mi 11. Aug 14:59:13 CEST 2021] uri='https://acme.zerossl.com/v2/DV90/chall/2kp_vI1Cqw0GDTTXXR1dJw'
[Mi 11. Aug 14:59:13 CEST 2021] keyauthorization='imbxYXAkjQPYaWl14K2zfhI7zkVgUk9eKG1TGT3kWoE.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0'
[Mi 11. Aug 14:59:13 CEST 2021] dvlist='www.herpetoshop.de#imbxYXAkjQPYaWl14K2zfhI7zkVgUk9eKG1TGT3kWoE.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0#https://acme.zerossl.com/v2/DV90/chall/2kp_vI1Cqw0GDTTXXR1dJw#http-01#apache'
[Mi 11. Aug 14:59:13 CEST 2021] d
[Mi 11. Aug 14:59:13 CEST 2021] vlist='www.naturundtext.de#4c6e1iUEL_0UxKrgsifeDcxVVi2bZ9PrpsanXcEKoYI.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0#https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w#http-01#/var/www/live,www.basilisken-presse.de#81FS8YpAPbj3suzssQbyv5hIVyRRSMpjDIz0IIShUZY.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0#https://acme.zerossl.com/v2/DV90/chall/S9akBpVA_7qu0gOGeMV3hA#http-01#apache,www.herpetoshop.de#imbxYXAkjQPYaWl14K2zfhI7zkVgUk9eKG1TGT3kWoE.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0#https://acme.zerossl.com/v2/DV90/chall/2kp_vI1Cqw0GDTTXXR1dJw#http-01#apache,'
[Mi 11. Aug 14:59:13 CEST 2021] d='www.naturundtext.de'
[Mi 11. Aug 14:59:13 CEST 2021] d='www.basilisken-presse.de'
[Mi 11. Aug 14:59:13 CEST 2021] d='www.herpetoshop.de'
[Mi 11. Aug 14:59:13 CEST 2021] ok, let's start to verify
[Mi 11. Aug 14:59:13 CEST 2021] Verifying: www.naturundtext.de
[Mi 11. Aug 14:59:13 CEST 2021] d='www.naturundtext.de'
[Mi 11. Aug 14:59:13 CEST 2021] keyauthorization='4c6e1iUEL_0UxKrgsifeDcxVVi2bZ9PrpsanXcEKoYI.XMmGAH0tQX50uH3aVHoo4iGpO4arsxVHz0OH7E7LDQ0'
[Mi 11. Aug 14:59:13 CEST 2021] uri='https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w'
[Mi 11. Aug 14:59:13 CEST 2021] _currentRoot='/var/www/live'
[Mi 11. Aug 14:59:13 CEST 2021] wellknown_path='/var/www/live/.well-known/acme-challenge'
[Mi 11. Aug 14:59:13 CEST 2021] writing token:4c6e1iUEL_0UxKrgsifeDcxVVi2bZ9PrpsanXcEKoYI to /var/www/live/.well-known/acme-challenge/4c6e1iUEL_0UxKrgsifeDcxVVi2bZ9PrpsanXcEKoYI
[Mi 11. Aug 14:59:13 CEST 2021] url='https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w'
[Mi 11. Aug 14:59:13 CEST 2021] payload='{}'
[Mi 11. Aug 14:59:13 CEST 2021] POST
[Mi 11. Aug 14:59:13 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w'
[Mi 11. Aug 14:59:13 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 14:59:13 CEST 2021] _ret='0'
[Mi 11. Aug 14:59:13 CEST 2021] code='200'
[Mi 11. Aug 14:59:13 CEST 2021] trigger validation code: 200
[Mi 11. Aug 14:59:13 CEST 2021] sleep 2 secs to verify
[Mi 11. Aug 14:59:15 CEST 2021] checking
[Mi 11. Aug 14:59:15 CEST 2021] url='https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w'
[Mi 11. Aug 14:59:15 CEST 2021] payload
[Mi 11. Aug 14:59:15 CEST 2021] POST

[...cut several repetitions ..]

[Mi 11. Aug 15:00:32 CEST 2021] code='200'
[Mi 11. Aug 15:00:32 CEST 2021] Processing
[Mi 11. Aug 15:00:32 CEST 2021] www.naturundtext.de:Timeout
[Mi 11. Aug 15:00:32 CEST 2021] Debugging, skip removing: /var/www/live/.well-known
[Mi 11. Aug 15:00:33 CEST 2021] pid
[Mi 11. Aug 15:00:33 CEST 2021] Using config home:/root/.acme.sh
[Mi 11. Aug 15:00:33 CEST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Mi 11. Aug 15:00:33 CEST 2021] httpdconfname='apache2.conf'
[Mi 11. Aug 15:00:33 CEST 2021] httpdroot='/etc/apache2'
[Mi 11. Aug 15:00:33 CEST 2021] httpdconf='/etc/apache2/apache2.conf'
[Mi 11. Aug 15:00:33 CEST 2021] httpdconfname='apache2.conf'
[Mi 11. Aug 15:00:33 CEST 2021] Restored: /etc/apache2/apache2.conf.
[Mi 11. Aug 15:00:33 CEST 2021] Restored successfully.
[Mi 11. Aug 15:00:33 CEST 2021] No need to restore nginx, skip.
[Mi 11. Aug 15:00:33 CEST 2021] _clearupdns
[Mi 11. Aug 15:00:33 CEST 2021] dns_entries
[Mi 11. Aug 15:00:33 CEST 2021] skip dns.
[Mi 11. Aug 15:00:33 CEST 2021] _on_issue_err
[Mi 11. Aug 15:00:33 CEST 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Mi 11. Aug 15:00:33 CEST 2021] url='https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w'
[Mi 11. Aug 15:00:33 CEST 2021] payload='{}'
[Mi 11. Aug 15:00:33 CEST 2021] POST
[Mi 11. Aug 15:00:33 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/chall/XfF2IlIPKAtyOFGL5wem6w'
[Mi 11. Aug 15:00:33 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 15:00:34 CEST 2021] _ret='0'
[Mi 11. Aug 15:00:34 CEST 2021] code='200'
[Mi 11. Aug 15:00:34 CEST 2021] url='https://acme.zerossl.com/v2/DV90/chall/S9akBpVA_7qu0gOGeMV3hA'
[Mi 11. Aug 15:00:34 CEST 2021] payload='{}'
[Mi 11. Aug 15:00:34 CEST 2021] POST
[Mi 11. Aug 15:00:34 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/chall/S9akBpVA_7qu0gOGeMV3hA'
[Mi 11. Aug 15:00:34 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 15:00:34 CEST 2021] _ret='0'
[Mi 11. Aug 15:00:34 CEST 2021] code='200'
[Mi 11. Aug 15:00:34 CEST 2021] url='https://acme.zerossl.com/v2/DV90/chall/2kp_vI1Cqw0GDTTXXR1dJw'
[Mi 11. Aug 15:00:34 CEST 2021] payload='{}'
[Mi 11. Aug 15:00:34 CEST 2021] POST
[Mi 11. Aug 15:00:34 CEST 2021] _post_url='https://acme.zerossl.com/v2/DV90/chall/2kp_vI1Cqw0GDTTXXR1dJw'
[Mi 11. Aug 15:00:34 CEST 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mi 11. Aug 15:00:35 CEST 2021] _ret='0'
[Mi 11. Aug 15:00:35 CEST 2021] code='200'
[Mi 11. Aug 15:00:35 CEST 2021] socat doesn't exist.
[Mi 11. Aug 15:00:35 CEST 2021] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1t  3 May 2016
apache:
Server version: Apache/2.4.10 (Debian)
Server built:   Feb 24 2017 18:40:28
Server's Module Magic Number: 20120211:37
Server loaded:  APR 1.5.1, APR-UTIL 1.5.4
Compiled using: APR 1.5.1, APR-UTIL 1.5.4
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"
nginx:
nginx doesn't exist.
socat:

--------->8------snap--------------------------------------------------------

My web server is (include version): Apache 2.4.10 Debian

The operating system my web server runs on is (include version): Debian 8.7

My hosting provider, if applicable, is: www.strato.de

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): acme.sh 3.0

Cheers, Georg

1 Like
2

Hello @merlyn12345

Your acme.sh install defaults to use another certificate authority's ACME API, namely, ZeroSSL. Although it doesn't immediately look like your issues are an ACME API problem, you will be able to get the best help regarding ZeroSSL's ACME API from their support team.

If you would like to switch the ACME API your acme.sh uses you do so by adding:
--server letsencrypt to your command, documented here. Since Let's Encrypt has rate-limits you should also review how to set acme.sh to use the Let's Encrypt Staging environment while you work to fix your client and/or webserver.

Right now, it looks like you might be missing packages that acme.sh uses either for debug or for the issuance logic.

Try running which socat to confirm it's installed.

3 Likes
3

Welcome to the Let's Encrypt Community, Georg :slightly_smiling_face:

To expand further upon what @jillian has already correctly stated, your previous certificate issued on 2021-05-07 was a Let's Encrypt certificate, not a ZeroSSL certificate. If you use a renewal command rather than a new certificate command, acme.sh should remember that your previous certificate was from Let's Encrypt and try to renew it from Let's Encrypt. Neither that renewal command nor the new certificate command you are using are good though since both commands only acquire a certificate covering the www subdomain names of each of your three domain names. Your certificate should also cover the base (apex) domain names themselves as well as the www subdomain names for a total of six domain names on your certificate.

1 Like
4

Hello jillian,

thanks a lot for your fast answer. Using --server letsencrypt did not change anything, maybe because the certificate i tried to renew was already issued in may.

You are right, there is no socat installed on my debian box. I kind of inherited this very outdated system and was untill now not allowed to update, because it would break the configuration of the shop installed.

I have also not been able to install socat via apt, there seem to be a lot of dependencies missing. I was hoping to be able to use acme.sh for renewal anyway, as i was able to get a certificate directly after i installed it in may.

So, i will try to get socat installed on my box, but i do not have al lot of faith...

There is also some strange behaviour exposed by the webserver after acme.sh has completed: any request for files in /.well-known/acme-challenge/ are answered with an 404 error. After restarting the webserver, a request to that directory resoves fine. Is that an intended behaviour?

Cheers, Georg

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.