Problem to renew a cert using acme.sh

mscherer · January 13, 2019, 7:47pm

I’m trying to renew a cert with acme.sh using nginx. The comand I’m using is sudo ./acme.sh --renew -d api3.everdragons.com --test --force --debug

Error message:

new-authz error: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/","status": 429}

Below now the whole debug out but I can’t see what acutally went wrong:

[Sun Jan 13 19:40:34 UTC 2019] Lets find script dir.
[Sun Jan 13 19:40:34 UTC 2019] _SCRIPT_='./acme.sh'
[Sun Jan 13 19:40:34 UTC 2019] _script='/home/ubuntu/.acme.sh/acme.sh'
[Sun Jan 13 19:40:34 UTC 2019] _script_home='/home/ubuntu/.acme.sh'
[Sun Jan 13 19:40:34 UTC 2019] Using default home:/home/ubuntu/.acme.sh
[Sun Jan 13 19:40:34 UTC 2019] Using config home:/home/ubuntu/.acme.sh
[Sun Jan 13 19:40:34 UTC 2019] Using config home:/home/ubuntu/.acme.sh
[Sun Jan 13 19:40:34 UTC 2019] ACME_DIRECTORY='https://acme-staging.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:34 UTC 2019] DOMAIN_PATH='/home/ubuntu/.acme.sh/api3.everdragons.com'
[Sun Jan 13 19:40:34 UTC 2019] Le_API='https://acme-v01.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:34 UTC 2019] Using config home:/home/ubuntu/.acme.sh
[Sun Jan 13 19:40:34 UTC 2019] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:34 UTC 2019] _main_domain='api3.everdragons.com'
[Sun Jan 13 19:40:34 UTC 2019] _alt_domains='no'
[Sun Jan 13 19:40:34 UTC 2019] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Sun Jan 13 19:40:34 UTC 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sun Jan 13 19:40:34 UTC 2019] GET
[Sun Jan 13 19:40:34 UTC 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:34 UTC 2019] timeout=
[Sun Jan 13 19:40:34 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header  -g '
[Sun Jan 13 19:40:34 UTC 2019] ret='0'
[Sun Jan 13 19:40:34 UTC 2019] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Sun Jan 13 19:40:34 UTC 2019] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sun Jan 13 19:40:34 UTC 2019] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Sun Jan 13 19:40:34 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Sun Jan 13 19:40:34 UTC 2019] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Sun Jan 13 19:40:34 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun Jan 13 19:40:34 UTC 2019] ACME_NEW_NONCE
[Sun Jan 13 19:40:34 UTC 2019] ACME_VERSION
[Sun Jan 13 19:40:34 UTC 2019] Le_NextRenewTime='1544723361'
[Sun Jan 13 19:40:35 UTC 2019] _on_before_issue
[Sun Jan 13 19:40:35 UTC 2019] _chk_main_domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] _chk_alt_domains
[Sun Jan 13 19:40:35 UTC 2019] Le_LocalAddress
[Sun Jan 13 19:40:35 UTC 2019] d='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] Check for domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] _currentRoot='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] d
[Sun Jan 13 19:40:35 UTC 2019] _saved_account_key_hash is not changed, skip register account.
[Sun Jan 13 19:40:35 UTC 2019] Read key length:
[Sun Jan 13 19:40:35 UTC 2019] _createcsr
[Sun Jan 13 19:40:35 UTC 2019] d='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] _w='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] _currentRoot='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sun Jan 13 19:40:35 UTC 2019] Try new-authz for the 0 time.
[Sun Jan 13 19:40:35 UTC 2019] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sun Jan 13 19:40:35 UTC 2019] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "api3.everdragons.com"}}'
[Sun Jan 13 19:40:35 UTC 2019] RSA key
[Sun Jan 13 19:40:35 UTC 2019] GET
[Sun Jan 13 19:40:35 UTC 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:35 UTC 2019] timeout=
[Sun Jan 13 19:40:35 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header  -g '
[Sun Jan 13 19:40:35 UTC 2019] ret='0'
[Sun Jan 13 19:40:35 UTC 2019] POST
[Sun Jan 13 19:40:35 UTC 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sun Jan 13 19:40:35 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header  -g '
[Sun Jan 13 19:40:35 UTC 2019] _ret='0'
[Sun Jan 13 19:40:35 UTC 2019] code='201'
[Sun Jan 13 19:40:35 UTC 2019] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340","token":"17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A"'
[Sun Jan 13 19:40:35 UTC 2019] token='17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A'
[Sun Jan 13 19:40:35 UTC 2019] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:35 UTC 2019] keyauthorization='17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk'
[Sun Jan 13 19:40:35 UTC 2019] dvlist='api3.everdragons.com#17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk#https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340#http-01#nginx:'
[Sun Jan 13 19:40:35 UTC 2019] d
[Sun Jan 13 19:40:35 UTC 2019] vlist='api3.everdragons.com#17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk#https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340#http-01#nginx:,'
[Sun Jan 13 19:40:35 UTC 2019] d='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] ok, let's start to verify
[Sun Jan 13 19:40:35 UTC 2019] d='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] keyauthorization='17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk'
[Sun Jan 13 19:40:35 UTC 2019] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:35 UTC 2019] _currentRoot='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] _croot='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] _start_f
[Sun Jan 13 19:40:35 UTC 2019] find start conf from nginx command
[Sun Jan 13 19:40:35 UTC 2019] NGINX_CONF='--conf-path=/etc/nginx/nginx.conf'
[Sun Jan 13 19:40:35 UTC 2019] NGINX_CONF='/etc/nginx/nginx.conf'
[Sun Jan 13 19:40:35 UTC 2019] Found nginx conf file:/etc/nginx/nginx.conf
[Sun Jan 13 19:40:35 UTC 2019] Start detect nginx conf for api3.everdragons.com from:/etc/nginx/nginx.conf
[Sun Jan 13 19:40:35 UTC 2019] Start _checkConf from:/etc/nginx/nginx.conf
[Sun Jan 13 19:40:35 UTC 2019] single
[Sun Jan 13 19:40:35 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/nginx.conf
[Sun Jan 13 19:40:35 UTC 2019] Try include files
[Sun Jan 13 19:40:35 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-http-geoip.conf
[Sun Jan 13 19:40:35 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-http-geoip.conf
[Sun Jan 13 19:40:35 UTC 2019] single
[Sun Jan 13 19:40:35 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-http-geoip.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-http-image-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-mail.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-mail.conf
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-mail.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-stream.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-stream.conf
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-stream.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/mime.types
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/mime.types
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/mime.types
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/conf.d/*.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/conf.d/*.conf
[Sun Jan 13 19:40:36 UTC 2019] wildcard
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:36 UTC 2019] _fln='5'
[Sun Jan 13 19:40:36 UTC 2019] _start='1:server {'
[Sun Jan 13 19:40:36 UTC 2019] _start_n='1'
[Sun Jan 13 19:40:36 UTC 2019] _start_nn='2'
[Sun Jan 13 19:40:36 UTC 2019] _end='24:    server 127.0.0.1:3001;'
[Sun Jan 13 19:40:36 UTC 2019] _end_n='24'
[Sun Jan 13 19:40:36 UTC 2019] _seg_n='  client_max_body_size   50M;
  listen 443 ssl;
  listen [::]:443;
  server_name api3.everdragons.com;

  ssl                     on;
  ssl_certificate         /home/ubuntu/.acme.sh/api3.everdragons.com/fullchain.cer;
  ssl_certificate_key     /home/ubuntu/.acme.sh/api3.everdragons.com/api3.everdragons.com.key ;
  ssl_session_timeout     300m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  location /  {
    proxy_pass http://localhost:3000;
    proxy_set_header X-Real-IP $remote_addr;  # http://wiki.nginx.org/HttpProxyModule
    proxy_set_header Host $host;  # pass the host header - http://wiki.nginx.org/HttpProxyModule#proxy_pass
    proxy_http_version 1.1;  # recommended with keepalive connections - http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version
    # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }
}

upstream my_nodejs_upstream {
    server 127.0.0.1:3001;'
[Sun Jan 13 19:40:36 UTC 2019] /etc/nginx/sites-enabled/default is found.
[Sun Jan 13 19:40:36 UTC 2019] _ln='5'
[Sun Jan 13 19:40:36 UTC 2019] _lnn='6'
[Sun Jan 13 19:40:36 UTC 2019] _start_tag
[Sun Jan 13 19:40:36 UTC 2019] _backup_conf='/home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf'
[Sun Jan 13 19:40:36 UTC 2019] _realConf='/etc/nginx/sites-enabled/default'
[Sun Jan 13 19:40:37 UTC 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:37 UTC 2019] payload='{"resource": "challenge", "type": "http-01", "keyAuthorization": "17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk"}'
[Sun Jan 13 19:40:37 UTC 2019] POST
[Sun Jan 13 19:40:37 UTC 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:37 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header  -g '
[Sun Jan 13 19:40:37 UTC 2019] _ret='0'
[Sun Jan 13 19:40:37 UTC 2019] code='202'
[Sun Jan 13 19:40:37 UTC 2019] sleep 2 secs to verify
[Sun Jan 13 19:40:39 UTC 2019] checking
[Sun Jan 13 19:40:39 UTC 2019] GET
[Sun Jan 13 19:40:39 UTC 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:39 UTC 2019] timeout=
[Sun Jan 13 19:40:39 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header  -g '
[Sun Jan 13 19:40:39 UTC 2019] ret='0'
[Sun Jan 13 19:40:39 UTC 2019] api3.everdragons.com:Verify error:Invalid response from http://api3.everdragons.com/.well-known/acme-challenge/17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A:
[Sun Jan 13 19:40:39 UTC 2019] Debug: get token url.
[Sun Jan 13 19:40:39 UTC 2019] GET
[Sun Jan 13 19:40:39 UTC 2019] url='http://api3.everdragons.com/.well-known/acme-challenge/17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A'
[Sun Jan 13 19:40:39 UTC 2019] timeout=1
[Sun Jan 13 19:40:39 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header  -g  --connect-timeout 1'
[Sun Jan 13 19:40:40 UTC 2019] ret='0'
[Sun Jan 13 19:40:40 UTC 2019] Skip for removelevel:
[Sun Jan 13 19:40:40 UTC 2019] pid
[Sun Jan 13 19:40:40 UTC 2019] _restoreNginx
[Sun Jan 13 19:40:40 UTC 2019] NGINX_RESTORE_VLIST='api3.everdragons.com#/etc/nginx/sites-enabled/default#/home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf,'
[Sun Jan 13 19:40:40 UTC 2019] ng_entry='api3.everdragons.com#/etc/nginx/sites-enabled/default#/home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf'
[Sun Jan 13 19:40:40 UTC 2019] _clearupdns
[Sun Jan 13 19:40:40 UTC 2019] skip dns.
[Sun Jan 13 19:40:40 UTC 2019] _on_issue_err
[Sun Jan 13 19:40:40 UTC 2019] Please add '--debug' or '--log' to check more details.
[Sun Jan 13 19:40:40 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Sun Jan 13 19:40:40 UTC 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:40 UTC 2019] payload='{"resource": "challenge", "type": "", "keyAuthorization": "17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk"}'
[Sun Jan 13 19:40:40 UTC 2019] POST
[Sun Jan 13 19:40:40 UTC 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:40 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header  -g '
[Sun Jan 13 19:40:40 UTC 2019] _ret='0'
[Sun Jan 13 19:40:40 UTC 2019] code='400'
[Sun Jan 13 19:40:40 UTC 2019] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0g  2 Nov 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.0g  2 Nov 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-FIJPpj/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]     groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>        groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>       groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>  groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>      groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>        groups=FD,SOCKET,RETRY,UNIX
      create:<filename> groups=FD,REG,NAMED
      exec:<command-line>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>  groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>     groups=FD,SOCKET
      ip-datagram:<host>:<protocol>     groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>    groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>       groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>       groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>      groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>    groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>       groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>   groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>      groups=FD,SOCKET,IP6
      open:<filename>   groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>     groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>     groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>   groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty       groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>       groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>       groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>       groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>    groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>        groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>       groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>      groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout    groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>    groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>        groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]    groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>        groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>  groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>        groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>  groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>       groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>        groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>       groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>        groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>      groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>   groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>    groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>  groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>    groups=FD,SOCKET,NAMED,RETRY,UNIX
ubuntu@ip-172-31-25-156:~/.acme.sh$ cat out.log
https://github.com/Neilpang/acme.sh
v2.8.0
[Sun Jan 13 19:40:34 UTC 2019] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Sun Jan 13 19:40:34 UTC 2019] Renew: 'api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] Single domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] Getting domain auth token for each domain
[Sun Jan 13 19:40:35 UTC 2019] Getting webroot for domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] Getting new-authz for domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] The new-authz request is ok.
[Sun Jan 13 19:40:35 UTC 2019] Verifying:api3.everdragons.com
[Sun Jan 13 19:40:35 UTC 2019] Nginx mode for domain:api3.everdragons.com
[Sun Jan 13 19:40:36 UTC 2019] Found conf file: /etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:36 UTC 2019] Backup /etc/nginx/sites-enabled/default to /home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf
[Sun Jan 13 19:40:36 UTC 2019] Check the nginx conf before setting up.
[Sun Jan 13 19:40:36 UTC 2019] OK, Set up nginx config file
[Sun Jan 13 19:40:36 UTC 2019] nginx conf is done, let's check it again.
[Sun Jan 13 19:40:36 UTC 2019] Reload nginx
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.14.0 (Ubuntu)</center>
</body>
</html>
[Sun Jan 13 19:40:40 UTC 2019] Restoring from /home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf to /etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:40 UTC 2019] Reload nginx

rg305 · January 13, 2019, 11:15pm

Cut to the chase:
[Sun Jan 13 19:40:39 UTC 2019] api3.everdragons.com:Verify error:Invalid response from http://api3.everdragons.com/.well-known/acme-challenge/17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A:

[Sun Jan 13 19:40:40 UTC 2019] _restoreNginx

[Sun Jan 13 19:40:40 UTC 2019] NGINX_RESTORE_VLIST=‘api3.everdragons.com#
/etc/nginx/sites-enabled/default#
/home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf,’

[Sun Jan 13 19:40:40 UTC 2019] ng_entry=‘api3.everdragons.com#
/etc/nginx/sites-enabled/default#
/home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf’

Can you show the file:
/etc/nginx/sites-enabled/default

Can you use --webroot instead?

JuergenAuer · January 13, 2019, 11:23pm

Hi @mscherer

your server want's a login (via api3.everdragons.com - Make your website better - DNS, redirects, mixed content, certificates ):

Domainname	Http-Status	Sec.	G
• http://api3.everdragons.com/
54.202.17.28	401	0.366	M
Unauthorized

• https://api3.everdragons.com/
54.202.17.28	404	4.683	N
Not Found
Certificate error: RemoteCertificateNameMismatch

• http://api3.everdragons.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
54.202.17.28	401	0.366	M
Unauthorized

There should be a 404 or a 200, but not a login form. A login form can't work.

mscherer · January 17, 2019, 10:44am

Thank you very much for your help. I stopped nginx and used the standalone server as workaround.

My understanding was the nginx config would be replaced by acme.sh during the update so I’m not sure why there is a login form. But I will have a look at my config.

system · February 16, 2019, 10:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.