Update: @_az has added several enhancements to clear-auth tool (version v.0.0.2). It can use an env variable to specify the endpoint to be used (defaults to acme-v01) so there is no need to edit the source file and recompile it if you want to use the staging endpoint. Also, there is no need to specify the path to the acme account key to be used if you don’t use several accounts for the same endpoint or you are not using another path different to /etc/letsencrypt/accounts/*, clear-authz will use the default.
Just for the records, as build clear-auth developed by @_az requires some steps, here a mini guide to compile/use it in GNU/Linux:
To use clear-authz you have two options, compile the tool or use the binaries provided by @_az.
Option 1 - Compiling clear-authz
1.- Create work dir:
mkdir -p ~/projects/
2.- Download last go version from https://golang.org/dl/ (at the time of writing this mini guide, it was 1.10.2)
cd ~/projects/
wget https://dl.google.com/go/go1.10.2.linux-amd64.tar.gz
tar -xzf go1.10.2.linux-amd64.tar.gz
3.- Export variables to define PATHS:
export PATH=~/projects/go/bin/:$PATH
export GOPATH=~/projects/
4.- Build clear-authz and copy the binary to /usr/local/bin/ :
go get -u github.com/alexzorin/clear-authz
sudo cp bin/clear-authz /usr/local/bin/
Note: copy the binary to another path is optional, just keep in mind that you will need to specify the relative or full path to the tool when you want to use it.
Option 2 - Download binary (as root user)
wget https://github.com/alexzorin/clear-authz/releases/download/v.0.0.2/clear-authz -O /usr/local/bin/clear-authz
chmod 750 /usr/local/bin/clear-authz
Now we can use clear-authz, so we need to pass to the program the logs of our client where the authzs are logged.
Examples:
1.- Using acme-v01 (default) as endpoint:
cat /var/log/letsencrypt/letsencrypt.log* | clear-authz
2.- Using a custom acme account key for acme-v01:
cat /var/log/letsencrypt/letsencrypt.log* | clear-authz /path/to/acme-v01/account/key
3.- Using staging as endpoint:
cat /var/log/letsencrypt/letsencrypt.log* | CLEAR_AUTHZ_SERVER=acme-staging.api.letsencrypt.org clear-authz
4.- Using a custom acme account key for staging:
cat /var/log/letsencrypt/letsencrypt.log* | CLEAR_AUTHZ_SERVER=acme-staging.api.letsencrypt.org clear-authz /path/to/staging/account/key
Output examples:
1.- One pending authz found and cleared:
# cat /var/log/letsencrypt/letsencrypt.log* | clear-authz
2018/05/09 11:16:04 Using /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/private_key.json for private key for acme-v01.api.letsencrypt.org
2018/05/09 11:16:04 Checking 1 authzs to see if they are pending ...
2018/05/09 11:16:05 Found pending authz at https://acme-v01.api.letsencrypt.org/acme/authz/Ad3-7bsCZ6Os-uxT-gjdAt-a989ailhCN_h1LrDiJbs, will accept first challenge
2018/05/09 11:16:05 Accepted challenge: &{Type:dns-01 URI:https://acme-v01.api.letsencrypt.org/acme/challenge/Ad3-7bsCZ6Os-uxT-gjdAt-a989ailhCN_h1LrDiJbs/4565806913 Token:a1_3x5plttT_I-eg3DLblr30qGXMDk4Zcfstq-yR5G4 Status:pending Error:<nil>} <nil>
2.- One authz found but it is not pending:
# cat /var/log/letsencrypt/letsencrypt.log* | clear-authz
2018/05/09 11:16:12 Using /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/private_key.json for private key for acme-v01.api.letsencrypt.org
2018/05/09 11:16:12 Checking 1 authzs to see if they are pending ...
3.- No authz found:
# cat /var/log/letsencrypt/letsencrypt.log* | clear-authz
2018/05/09 11:16:27 Using /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/private_key.json for private key for acme-v01.api.letsencrypt.org
2018/05/09 11:16:27 Checking 0 authzs to see if they are pending ...
Warning: this tool only works for ACME API v1 but not for v2
Hope this helps.
Cheers,
sahsanu