detected os type = linux
Running \S
Kernel \r on an \m
checking for required which ... /usr/bin/which
checking for required openssl ... /usr/bin/openssl
checking for required curl ... /usr/bin/curl
checking for dig ... /usr/bin/dig
function dig found at /usr/bin/dig - setting DNS_CHECK_FUNC to dig
checking for required dirname ... /usr/bin/dirname
checking for required awk ... /usr/bin/awk
checking for required tr ... /usr/bin/tr
checking for required date ... /usr/bin/date
checking for required grep ... /usr/bin/grep
checking for required sed ... /usr/bin/sed
checking for required sort ... /usr/bin/sort
checking for required mktemp ... /usr/bin/mktemp
current code is version 2.35
Most recent version is 2.35
Testing working dir location '/etc/getssl'
Testing working dir location '/home/oracle/conf'
Testing working dir location '/home/oracle/.getssl'
reading config from /home/oracle/.getssl/getssl.cfg
Making working directory - /home/oracle/.getssl/ehr-crm.com
Making temp directory - /home/oracle/.getssl/ehr-crm.com/tmp
HAS NSLOOKUP=true
HAS DIG_OR_DRILL=dig
HAS HOST=true
Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org
checking config
checked ACCOUNT_KEY_TYPE
checked PRIVATE_KEY_ALG
checking domain ehr-crm.com
DNS lookup using dig ehr-crm.com
DNS lookup using host ehr-crm.com
DNS lookup using nslookup -query AAAA ehr-crm.com
found IPv4 record for ehr-crm.com
ehr-crm.com: check_config completed - all OK
ca_all_loc from https://acme-staging-v02.api.letsencrypt.org gives
Boulder: The Let's Encrypt CA
<div class="col-xs-6 text-left">
<h1>Boulder<br>
<small>The Let's Encrypt CA</small></h1>
</div>
</div>
<div class="row">
<div class="col-xs-8 col-xs-offset-2 text-center">
<h3>This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a> Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.</h3>
<p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href="https://letsencrypt.org/"><tt>https://letsencrypt.org/</tt></a> for help.</p>
<p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href="https://acme-staging-v02.api.letsencrypt.org/directory"><tt>https://acme-staging-v02.api.letsencrypt.org/directory</a></tt>.</p>
</div>
</div>
<div class="row">
<div class="col-xs-4 col-xs-offset-2 text-center">
<p><a href="https://letsencrypt.status.io" title="Twitter">
<i class="fa fa-area-chart"></i>
Service Status (letsencrypt.status.io)
</a></p>
</div>
<div class="col-xs-4 text-center">
<p><a href="https://twitter.com/letsencrypt" title="Twitter">
<i class="fa fa-twitter"></i>
Check with us on Twitter
</a></p>
</div>
</div> <!-- row -->
ca_all_loc from https://acme-staging-v02.api.letsencrypt.org/directory gives {
"7ieBqxqoAV4": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Using API v2
getting certificate for ehr-crm.com from remote server (ehr-crm.com)
ehr-crm.com: no certificate obtained from host
creating account key /home/oracle/.getssl/account.key
creating key - /home/oracle/.getssl/account.key
creating key - /home/oracle/.getssl/ehr-crm.com/ehr-crm.com.key
created SAN list = subjectAltName=DNS:ehr-crm.com
creating domain csr - /home/oracle/.getssl/ehr-crm.com/ehr-crm.com.csr
jwk alg = RS256
Registering account
url https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
KID is blank, so using jwk
payload = {"termsOfServiceAgreed": true}
responseHeaders HTTP/1.1 100 Continue
HTTP/1.1 201 Created
Server: nginx
Date: Wed, 28 Apr 2021 13:08:48 GMT
Content-Type: application/json
Content-Length: 868
Connection: keep-alive
Boulder-Requester: 19284140
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Link: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf;rel="terms-of-service"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/acct/19284140
Replay-Nonce: 00048GtmYDcXiHsUp9N2sRbYK3Ho9v8BDqgJ7L2LFr8OOZk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
response { "key": { "kty": "RSA", "n": "tgI2lEjig7xRMyNfr0kT3srwqa7dg4su2tf_a6RrmD4T1MJCw6xHPFHvB0ugx32xywq7Kpl4_B9i_opg9jDcS-CI5dtvMrV02icMXHZy1AVTCyo2B5KYZQD8UJIRDnRH19KSs0_VGILzDYPBFzMzkJDQTgmkVwsUs3FhFB_pEC0N2PEqfaqfrZk_s-SorCHUL_ViPR8BEqMKovOoNClwTwUgBcn2RcdcP-qvGyomGR3A-q-8AuuFFdn1xABKcjL9sWbD9gXUS5MtmAsrgej4onEujZ7WNsPGViGT7eU1o7oric21y2mVyAPAf2DTzlIOCAudTt3NqZ1R01UwnPPlnQOubDhBgMOkGoDaXhkMPcPUjTB8sPp3hxIEwnw0o_w9VE7gzF1ggVmBG7eqiLcCLqmHuPJMJXVA6QOcWjHhE8EyI-4Ho0ueDBzodW566yrUsZvYnd4j0z3E6FkBTsOCx4WNuk73WDh7_neQCkYsji5C_QPBjMFf99YaneBJSvI8oR_rfTkQPWOvW9CFKV_I8DXbI0BCDZ7SMJDFRYR2vpljWQiCFhDpGAaBAO1c81VAZhr12d8xfeYVk1WViN2hl4Bzzq5NzYK5xXwCOWp1pWi4jeguXe18YZbN4FJ-h_hAQwZoOhCtGMVdXoHIUv6KYC29QKOm1gUt7D54TYOHMt8", "e": "AQAB" }, "contact": , "initialIp": "132.145.63.124", "createdAt": "2021-04-28T13:08:48.042006692Z", "status": "valid"}
code 201
response status = valid
Registered
KID=https://acme-staging-v02.api.letsencrypt.org/acme/acct/19284140}
Verify each domain
url https://acme-staging-v02.api.letsencrypt.org/acme/new-order
using KID=https://acme-staging-v02.api.letsencrypt.org/acme/acct/19284140
payload = {"identifiers": [{"type":"dns","value":"ehr-crm.com"}]}
responseHeaders HTTP/1.1 100 Continue
HTTP/1.1 201 Created
Server: nginx
Date: Wed, 28 Apr 2021 13:08:49 GMT
Content-Type: application/json
Content-Length: 343
Connection: keep-alive
Boulder-Requester: 19284140
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/19284140/40745209
Replay-Nonce: 0004dGZsBBwtVtgdfl0fNJBPfjQys93CJOSFrnfTD52Fqh8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
response { "status": "pending", "expires": "2021-05-05T13:08:49Z", "identifiers": [ { "type": "dns", "value": "ehr-crm.com" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/36431836" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/19284140/40745209"}
code 201
response status = pending
Order link https://acme-staging-v02.api.letsencrypt.org/acme/order/19284140/40745209
Finalize link https://acme-staging-v02.api.letsencrypt.org/acme/finalize/19284140/40745209
Requesting authorizations link for https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/36431836
url https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/36431836
using KID=https://acme-staging-v02.api.letsencrypt.org/acme/acct/19284140
payload =
responseHeaders HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Apr 2021 13:08:50 GMT
Content-Type: application/json
Content-Length: 807
Connection: keep-alive
Boulder-Requester: 19284140
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003nLc5RcpoWsK82FLmzpyD2NJ6YLV-P0bwum8IaIRpGDU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
response { "identifier": { "type": "dns", "value": "ehr-crm.com" }, "status": "pending", "expires": "2021-05-05T13:08:49Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/FkwURA", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/-B0ffA", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" } ]}
code 200
response status = pending
wildcard=
Saving authorization response for ehr-crm.com for domain alldomains[0]
Response = { "identifier": { "type": "dns", "value": "ehr-crm.com" }, "status": "pending", "expires": "2021-05-05T13:08:49Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/FkwURA", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/-B0ffA", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" } ]}
Verifying ehr-crm.com
authlink response = { "identifier": { "type": "dns", "value": "ehr-crm.com" }, "status": "pending", "expires": "2021-05-05T13:08:49Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/FkwURA", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/-B0ffA", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304" } ]}
uri https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ
copying file from /home/oracle/.getssl/ehr-crm.com/tmp/XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304 to /opt/oracle/ords/conf/ords/standalone/doc_root/.well-known/acme-challenge
copying challenge token to /opt/oracle/ords/conf/ords/standalone/doc_root/.well-known/acme-challenge/XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304
copied /home/oracle/.getssl/ehr-crm.com/tmp/XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304 to /opt/oracle/ords/conf/ords/standalone/doc_root/.well-known/acme-challenge/XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304
wellknown_url http://ehr-crm.com/.well-known/acme-challenge/XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304
sending request to ACME server saying we're ready for challenge
url https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ
using KID=https://acme-staging-v02.api.letsencrypt.org/acme/acct/19284140
payload = {}
responseHeaders HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Apr 2021 13:08:51 GMT
Content-Type: application/json
Content-Length: 191
Connection: keep-alive
Boulder-Requester: 19284140
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Link: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/36431836;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ
Replay-Nonce: 0003NlJN5iEX8xM2uDCo6U290_pkhc7Ms1nw-D4kZ-YvVpY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
response { "type": "http-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304"}
code 200
response status = pending
checking if challenge is complete
url https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ
using KID=https://acme-staging-v02.api.letsencrypt.org/acme/acct/19284140
payload =
responseHeaders HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Apr 2021 13:08:53 GMT
Content-Type: application/json
Content-Length: 1111
Connection: keep-alive
Boulder-Requester: 19284140
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Link: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/36431836;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ
Replay-Nonce: 0003EpcMyoDSM48CT-ty5LSQPNH6iETzPpn3MrkJFD1uWm8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
response { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Invalid response from http://ehr-crm.com/.well-known/acme-challenge/XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304 [2a02:4780:a:493:0:ec4:8b84:4]: "\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003eopenresty\u003c/cente"", "status": 403 }, "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/36431836/W8OxfQ", "token": "XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304", "validationRecord": [ { "url": "http://ehr-crm.com/.well-known/acme-challenge/XTE1ymitkC1SJmsMVpXTfFCXB2oso39TOQ0U-250304", "hostname": "ehr-crm.com", "port": "80", "addressesResolved": [ "152.67.136.178", "2a02:4780:a:493:0:ec4:8b84:4" ], "addressUsed": "2a02:4780:a:493:0:ec4:8b84:4" } ], "validated": "2021-04-28T13:08:51Z"}
code 200
response status = invalid