Hi
I use acme in a pfsense installation.
Today I have had the necessity to create a certificate for a new domain, after entering the necessary information and clicked on “Issue/Renew” I receive this message
lets-kwan
Renewing certificate
account: SpazioWeb-test
server: letsencrypt-staging
/usr/local/pkg/acme/acme.sh --issue -d ‘www.kwantkdbiella.it’ -d ‘kwantkdbiella.it’ --home ‘/tmp/acme/lets-kwan/’ --accountconf ‘/tmp/acme/lets-kwan/accountconf.conf’ --force --reloadCmd ‘/tmp/acme/lets-kwan/reloadcmd.sh’ --webroot pfSenseacme --log-level 3 --log ‘/tmp/acme/lets-kwan/acme_issuecert.log’
Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[ftpserver] => sftp://web1.kpn.esseweb.intra
[username] => acme
[password] => get8Fg64Dcf94354
[folder] => /webs/esseweb/acme/verifiche
)
[Tue Sep 24 12:26:20 CEST 2019] Registering account
[Tue Sep 24 12:26:20 CEST 2019] Could not get nonce, let’s try again.
[Tue Sep 24 12:26:23 CEST 2019] Could not get nonce, let’s try again.
[Tue Sep 24 12:26:26 CEST 2019] Could not get nonce, let’s try again.
[Tue Sep 24 12:26:29 CEST 2019] Could not get nonce, let’s try again.
[Tue Sep 24 12:26:31 CEST 2019] Could not get nonce, let’s try again.
[Tue Sep 24 12:26:33 CEST 2019] Registered
[Tue Sep 24 12:26:33 CEST 2019] Can not find account id url.
[Tue Sep 24 12:26:33 CEST 2019]
[Tue Sep 24 12:26:33 CEST 2019] Please check log file for more details: /tmp/acme/lets-kwan/acme_issuecert.log
in the log i see
[Tue Sep 24 12:28:13 CEST 2019] readlink exists=0
[Tue Sep 24 12:28:13 CEST 2019] dirname exists=0
[Tue Sep 24 12:28:13 CEST 2019] Lets find script dir.
[Tue Sep 24 12:28:13 CEST 2019] SCRIPT=’/usr/local/pkg/acme/acme.sh’
[Tue Sep 24 12:28:13 CEST 2019] _script=’/usr/local/pkg/acme/acme.sh’
[Tue Sep 24 12:28:13 CEST 2019] _script_home=’/usr/local/pkg/acme’
[Tue Sep 24 12:28:13 CEST 2019] Using config home:/tmp/acme/lets-kwan/
[Tue Sep 24 12:28:13 CEST 2019] APP
[Tue Sep 24 12:28:13 CEST 2019] 2:LOG_FILE=’/tmp/acme/lets-kwan/acme_issuecert.log’
[Tue Sep 24 12:28:13 CEST 2019] APP
[Tue Sep 24 12:28:13 CEST 2019] 3:LOG_LEVEL=‘3’
[Tue Sep 24 12:28:13 CEST 2019] LE_WORKING_DIR=’/tmp/acme/lets-kwan/’
[Tue Sep 24 12:28:13 CEST 2019] _main_domain=‘www.kwantkdbiella.it’
[Tue Sep 24 12:28:13 CEST 2019] _alt_domains=‘kwantkdbiella.it’
[Tue Sep 24 12:28:13 CEST 2019] Using config home:/tmp/acme/lets-kwan/
[Tue Sep 24 12:28:13 CEST 2019] ACME_DIRECTORY=’…’
[Tue Sep 24 12:28:13 CEST 2019] _ACME_SERVER_HOST=‘acme-staging.api.letsencrypt.org’
[Tue Sep 24 12:28:13 CEST 2019] CA_CONF=’/tmp/acme/lets-kwan//ca/acme-staging.api.letsencrypt.org/ca.conf’
[Tue Sep 24 12:28:13 CEST 2019] DOMAIN_PATH=’/tmp/acme/lets-kwan//www.kwantkdbiella.it’
[Tue Sep 24 12:28:13 CEST 2019] ‘pfSenseacme’ does not contain ‘dns’
[Tue Sep 24 12:28:13 CEST 2019] Using ACME_DIRECTORY: …
[Tue Sep 24 12:28:13 CEST 2019] _init api for server: …
[Tue Sep 24 12:28:13 CEST 2019] GET
[Tue Sep 24 12:28:13 CEST 2019] url=’…’
[Tue Sep 24 12:28:13 CEST 2019] timeout=
[Tue Sep 24 12:28:13 CEST 2019] curl exists=0
[Tue Sep 24 12:28:13 CEST 2019] wget exists=127
[Tue Sep 24 12:28:13 CEST 2019] _CURL=‘curl -L --silent --dump-header /tmp/acme/lets-kwan//http.header -g ’
[Tue Sep 24 12:28:13 CEST 2019] ret=‘0’
[Tue Sep 24 12:28:13 CEST 2019] response=’{
“ShnBSmLUXqA”: “…”,
“key-change”: “…”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“terms-of-service”: “…”,
“website”: “…”
},
“new-authz”: “https://acme-staging.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-staging.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-staging.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-staging.api.letsencrypt.org/acme/revoke-cert”
}’
[Tue Sep 24 12:28:13 CEST 2019] ACME_KEY_CHANGE=‘https://acme-staging.api.letsencrypt.org/acme/key-change’
[Tue Sep 24 12:28:13 CEST 2019] ACME_NEW_AUTHZ=‘https://acme-staging.api.letsencrypt.org/acme/new-authz’
[Tue Sep 24 12:28:13 CEST 2019] ACME_NEW_ORDER=‘https://acme-staging.api.letsencrypt.org/acme/new-cert’
[Tue Sep 24 12:28:13 CEST 2019] ACME_NEW_ACCOUNT=‘https://acme-staging.api.letsencrypt.org/acme/new-reg’
[Tue Sep 24 12:28:13 CEST 2019] ACME_REVOKE_CERT=‘https://acme-staging.api.letsencrypt.org/acme/revoke-cert’
[Tue Sep 24 12:28:13 CEST 2019] ACME_AGREEMENT=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’
[Tue Sep 24 12:28:13 CEST 2019] ACME_NEW_NONCE
[Tue Sep 24 12:28:13 CEST 2019] ACME_VERSION
[Tue Sep 24 12:28:13 CEST 2019] Le_NextRenewTime
[Tue Sep 24 12:28:13 CEST 2019] OK
[Tue Sep 24 12:28:13 CEST 2019] 2:Le_Domain=‘www.kwantkdbiella.it’
[Tue Sep 24 12:28:13 CEST 2019] OK
[Tue Sep 24 12:28:13 CEST 2019] 3:Le_Alt=‘kwantkdbiella.it’
[Tue Sep 24 12:28:13 CEST 2019] OK
[Tue Sep 24 12:28:14 CEST 2019] 4:Le_Webroot=‘pfSenseacme’
[Tue Sep 24 12:28:14 CEST 2019] OK
[Tue Sep 24 12:28:14 CEST 2019] 5:Le_PreHook=’’
[Tue Sep 24 12:28:14 CEST 2019] OK
[Tue Sep 24 12:28:14 CEST 2019] 6:Le_PostHook=’’
[Tue Sep 24 12:28:14 CEST 2019] OK
[Tue Sep 24 12:28:14 CEST 2019] 7:Le_RenewHook=’’
[Tue Sep 24 12:28:14 CEST 2019] OK
[Tue Sep 24 12:28:14 CEST 2019] 8:Le_API=‘https://acme-staging.api.letsencrypt.org/directory’
[Tue Sep 24 12:28:14 CEST 2019] _on_before_issue
[Tue Sep 24 12:28:14 CEST 2019] _chk_main_domain=‘www.kwantkdbiella.it’
[Tue Sep 24 12:28:14 CEST 2019] _chk_alt_domains=‘kwantkdbiella.it’
[Tue Sep 24 12:28:14 CEST 2019] ‘pfSenseacme’ does not contain ‘no’
[Tue Sep 24 12:28:14 CEST 2019] Le_LocalAddress
[Tue Sep 24 12:28:14 CEST 2019] d=‘www.kwantkdbiella.it’
[Tue Sep 24 12:28:14 CEST 2019] Check for domain=‘www.kwantkdbiella.it’
[Tue Sep 24 12:28:14 CEST 2019] _currentRoot=‘pfSenseacme’
[Tue Sep 24 12:28:14 CEST 2019] d=‘kwantkdbiella.it’
[Tue Sep 24 12:28:14 CEST 2019] Check for domain=‘kwantkdbiella.it’
[Tue Sep 24 12:28:14 CEST 2019] _currentRoot=‘pfSenseacme’
[Tue Sep 24 12:28:14 CEST 2019] d
[Tue Sep 24 12:28:14 CEST 2019] ‘pfSenseacme’ does not contain ‘apache’
[Tue Sep 24 12:28:14 CEST 2019] config file is empty, can not read CA_KEY_HASH
[Tue Sep 24 12:28:14 CEST 2019] _saved_account_key_hash
[Tue Sep 24 12:28:14 CEST 2019] Using config home:/tmp/acme/lets-kwan/
[Tue Sep 24 12:28:14 CEST 2019] ACME_DIRECTORY=‘https://acme-staging.api.letsencrypt.org/directory’
[Tue Sep 24 12:28:14 CEST 2019] _ACME_SERVER_HOST=‘acme-staging.api.letsencrypt.org’
[Tue Sep 24 12:28:14 CEST 2019] CA_CONF=’/tmp/acme/lets-kwan//ca/acme-staging.api.letsencrypt.org/ca.conf’
[Tue Sep 24 12:28:14 CEST 2019] _regAccount
[Tue Sep 24 12:28:14 CEST 2019] _init api for server: https://acme-staging.api.letsencrypt.org/directory
[Tue Sep 24 12:28:14 CEST 2019] RSA key
[Tue Sep 24 12:28:14 CEST 2019] pub_exp=‘010001’
[Tue Sep 24 12:28:14 CEST 2019] [Tue Sep 24 12:28:14 CEST 2019] base64 single line.xxd exists=127
[Tue Sep 24 12:28:14 CEST 2019] URGLY_PRINTF=‘1’
[Tue Sep 24 12:28:14 CEST 2019] e=‘AQAB’
[Tue Sep 24 12:28:14 CEST 2019] modulus=‘C4653F7D936D9977B8DA9875E52C910A3C8D233ECD45BA222E8A2E510FC91DB3487CC6F8BF078BFC892D2BF5AA0928685A87F1852A5D973B0F14B9DD38C41EFD82FE6C037C041D9369F3AE35CF29E35C3408218887CA972EE235C13621AD34A3D2EEB4AD44E3051F9C34FD6B5693D9B4D41B8EAE5779F5BDF201B39519AB3E0A22981CBA93D5B0BF132681C8149FAC96C3E6953BB9F78AF6EE85B6037D57DE9C4E4F84A6662A94977F3151A3E0667EC4E5D73A7D9F77B4473EB31881D445A001384EAA7012E8FE2A5DD28BD3A9DA42BA0C684EFAA93F81FFD6B702B3308763D0729ACF3DEDFBD801F7DD5B345F691C40FAB2B81101BCECA2AF5108680D972429E3E43D9F06F4B68B2D06E7A5F0DE7A17042DAFFB192A58D9A17F3F57C79EC3B3FFB2C7DEA2BF1EC33E3064C40574F95E5F66ED76FF02E6BCB4ED65487D91A33A723E1B4581035BC6347145BA5F4843C1E55AC035E3E6DF4B978F1B2027AA58AD3A4E41C2A212789CCA41B9246605B1E19E8940C9B3CDB5D80935F3F746EA4F8F52DF357F36C6825B164FB9C7BBC6DA20AAA16345E97E22E03B2956D66D508B40F82CBA5DD6C66B6CE039F86F8778C9F546ED620C6EB1BF283AC0275234DAE018D293A89ACBEF7B837FD7821EE38A9FAF7B51029BA76803E3FF9675C7E90612DB863BCE9B89FDB9A03B059AC65B2F8E03AA65F30E8602A5C7E7107CB9B69B5925’
[Tue Sep 24 12:28:14 CEST 2019] xxd exists=127[Tue Sep 24 12:28:14 CEST 2019]
base64 single line.
[Tue Sep 24 12:28:14 CEST 2019] URGLY_PRINTF=‘1’
[Tue Sep 24 12:28:14 CEST 2019] n='xGU_fZNtmXe42ph15SyRCjyNIz7NRboiLoouUQ_JHbNIfMb4vweL_IktK_WqCShoWofxhSpdlzsPFLndOMQe_YL-bAN8BB2TafOuNc8p41w0CCGIh8qXLuI1wTYhrTSj0u60rUTjBR-cNP1rVpPZtNQbjq5XefW98gGzlRmrPgoimBy6k9WwvxMmgcgUn6yWw-aVO7n3ivbuhbYDfVfenE5PhKZmKpSXfzFRo-BmfsTl1zp9n3e0Rz6zGIHURaABOE6qcBLo_ipd0ovTqdpCugxoTvqpP4H_1rcCszCHY9Byms897fvYAffdWzRfaRxA-rK4EQG87KKvUQhoDZckKePkPZ8G9LaLLQbnpfDeehcELa_7GSpY2aF_P1fHnsOz_7LH3qK_HsM-MGTEBXT5Xl9m7Xb_Aua8tO1lSH2RozpyPhtFgQNbxjRxRbpfSEPB5VrANePm30uXjxsgJ6pYrTpOQcKiEnicykG5JGYFseGeiUDJs8212Ak18_dG6k-PUt81fzbGglsWT7nHu8baIKqhY0XpfiLgOylW1m1Qi0D4LLpd1sZrbOA5-G-HeMn1Ru1iDG6xvyg6wCdSNNrgGNKTqJrL73uDf9eCHuOKn697UQKbp2gD4-WdcfpBhLbhjvOm4n9uaA7BZrGWy-OA6pl8w6GAqXH5xB8ubabWSU’
[Tue Sep 24 12:28:14 CEST 2019] jwk=’{“e”: “AQAB”, “kty”: “RSA”, “n”: "xGU_fZNtmXe42ph15SyRCjyNIz7NRboiLoouUQ_JHbNIfMb4vweL_IktK_WqCShoWofxhSpdlzsPFLndOMQe_YL-bAN8BB2TafOuNc8p41w0CCGIh8qXLuI1wTYhrTSj0u60rUTjBR-cNP1rVpPZtNQbjq5XefW98gGzlRmrPgoimBy6k9WwvxMmgcgUn6yWw-aVO7n3ivbuhbYDfVfenE5PhKZmKpSXfzFRo-BmfsTl1zp9n3e0Rz6zGIHURaABOE6qcBLo_ipd0ovTqdpCugxoTvqpP4H_1rcCszCHY9Byms897fvYAffdWzRfaRxA-rK4EQG87KKvUQhoDZckKePkPZ8G9LaLLQbnpfDeehcELa_7GSpY2aF_P1fHnsOz_7LH3qK_HsM-MGTEBXT5Xl9m7Xb_Aua8tO1lSH2RozpyPhtFgQNbxjRxRbpfSEPB5VrANePm30uXjxsgJ6pYrTpOQcKiEnicykG5JGYFseGeiUDJs8212Ak18_dG6k-PUt81fzbGglsWT7nHu8baIKqhY0XpfiLgOylW1m1Qi0D4LLpd1sZrbOA5-G-HeMn1Ru1iDG6xvyg6wCdSNNrgGNKTqJrL73uDf9eCHuOKn697UQKbp2gD4-WdcfpBhLbhjvOm4n9uaA7BZrGWy-OA6pl8w6GAqXH5xB8ubabWSU"}’
[Tue Sep 24 12:28:14 CEST 2019] JWK_HEADER=’{“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “xGU_fZNtmXe42ph15SyRCjyNIz7NRboiLoouUQ_JHbNIfMb4vweL_IktK_WqCShoWofxhSpdlzsPFLndOMQe_YL-bAN8BB2TafOuNc8p41w0CCGIh8qXLuI1wTYhrTSj0u60rUTjBR-cNP1rVpPZtNQbjq5XefW98gGzlRmrPgoimBy6k9WwvxMmgcgUn6yWw-aVO7n3ivbuhbYDfVfenE5PhKZmKpSXfzFRo-BmfsTl1zp9n3e0Rz6zGIHURaABOE6qcBLo_ipd0ovTqdpCugxoTvqpP4H_1rcCszCHY9Byms897fvYAffdWzRfaRxA-rK4EQG87KKvUQhoDZckKePkPZ8G9LaLLQbnpfDeehcELa_7GSpY2aF_P1fHnsOz_7LH3qK_HsM-MGTEBXT5Xl9m7Xb_Aua8tO1lSH2RozpyPhtFgQNbxjRxRbpfSEPB5VrANePm30uXjxsgJ6pYrTpOQcKiEnicykG5JGYFseGeiUDJs8212Ak18_dG6k-PUt81fzbGglsWT7nHu8baIKqhY0XpfiLgOylW1m1Qi0D4LLpd1sZrbOA5-G-HeMn1Ru1iDG6xvyg6wCdSNNrgGNKTqJrL73uDf9eCHuOKn697UQKbp2gD4_-WdcfpBhLbhjvOm4n9uaA7BZrGWy-OA6pl8w6GAqXH5xB8ubabWSU”}}’
[Tue Sep 24 12:28:14 CEST 2019] Registering account
[Tue Sep 24 12:28:14 CEST 2019] url=‘https://acme-staging.api.letsencrypt.org/acme/new-reg’
[Tue Sep 24 12:28:14 CEST 2019] payload=’{“resource”: “new-reg”, “terms-of-service-agreed”: true, “agreement”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”}’
[Tue Sep 24 12:28:14 CEST 2019] Use cached jwk for file: /tmp/acme/lets-kwan//ca/acme-staging.api.letsencrypt.org/account.key
[Tue Sep 24 12:28:14 CEST 2019] base64 single line.
[Tue Sep 24 12:28:14 CEST 2019] payload64=‘eyJyZXNvdXJjZSI6ICJuZXctcmVnIiwgInRlcm1zLW9mLXNlcnZpY2UtYWdyZWVkIjogdHJ1ZSwgImFncmVlbWVudCI6ICJodHRwczovL2xldHNlbmNyeXB0Lm9yZy9kb2N1bWVudHMvTEUtU0EtdjEuMi1Ob3ZlbWJlci0xNS0yMDE3LnBkZiJ9’
[Tue Sep 24 12:28:14 CEST 2019] _request_retry_times=‘1’
[Tue Sep 24 12:28:14 CEST 2019] Get nonce. ACME_DIRECTORY=‘https://acme-staging.api.letsencrypt.org/directory’
[Tue Sep 24 12:28:14 CEST 2019] GET
[Tue Sep 24 12:28:14 CEST 2019] url=‘https://acme-staging.api.letsencrypt.org/directory’
[Tue Sep 24 12:28:14 CEST 2019] timeout=
[Tue Sep 24 12:28:14 CEST 2019] curl exists=0
[Tue Sep 24 12:28:14 CEST 2019] wget exists=127
[Tue Sep 24 12:28:14 CEST 2019] _CURL='curl -L --silent --dump-header /tmp/acme/lets-kwan//http.header -g ’
[Tue Sep 24 12:28:15 CEST 2019] ret=‘0’
[Tue Sep 24 12:28:15 CEST 2019] _headers='HTTP/2 200
server: nginx
date: Tue, 24 Sep 2019 10:28:15 GMT
content-type: application/json
content-length: 704
cache-control: public, max-age=0, no-cache
replay-nonce: 0002r9BpI6VET6PWYSwQ2Yo6WZnCL12OYSb0LLHOzjfVYvc
x-frame-options: DENY
strict-transport-security: max-age=604800
’
…
[Tue Sep 24 12:28:26 CEST 2019] _CACHED_NONCE
[Tue Sep 24 12:28:26 CEST 2019] nonce
[Tue Sep 24 12:28:26 CEST 2019] Could not get nonce, let’s try again.
[Tue Sep 24 12:28:28 CEST 2019] Registered
[Tue Sep 24 12:28:28 CEST 2019] responseHeaders
[Tue Sep 24 12:28:28 CEST 2019] _accUri
[Tue Sep 24 12:28:28 CEST 2019] Can not find account id url.
[Tue Sep 24 12:28:28 CEST 2019]
[Tue Sep 24 12:28:28 CEST 2019] _on_issue_err
[Tue Sep 24 12:28:28 CEST 2019] Please check log file for more details: /tmp/acme/lets-kwan/acme_issuecert.log
[Tue Sep 24 12:28:28 CEST 2019] _chk_vlist
Then I tried to renew a different certificate and to register a new account, but the answer was the same
What can i do? What’s wrong?
Best Regards