I’m trying to renew a cert with acme.sh using nginx. The comand I’m using is sudo ./acme.sh --renew -d api3.everdragons.com --test --force --debug
Error message:
new-authz error: {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/","status": 429}
Below now the whole debug out but I can’t see what acutally went wrong:
[Sun Jan 13 19:40:34 UTC 2019] Lets find script dir.
[Sun Jan 13 19:40:34 UTC 2019] _SCRIPT_='./acme.sh'
[Sun Jan 13 19:40:34 UTC 2019] _script='/home/ubuntu/.acme.sh/acme.sh'
[Sun Jan 13 19:40:34 UTC 2019] _script_home='/home/ubuntu/.acme.sh'
[Sun Jan 13 19:40:34 UTC 2019] Using default home:/home/ubuntu/.acme.sh
[Sun Jan 13 19:40:34 UTC 2019] Using config home:/home/ubuntu/.acme.sh
[Sun Jan 13 19:40:34 UTC 2019] Using config home:/home/ubuntu/.acme.sh
[Sun Jan 13 19:40:34 UTC 2019] ACME_DIRECTORY='https://acme-staging.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:34 UTC 2019] DOMAIN_PATH='/home/ubuntu/.acme.sh/api3.everdragons.com'
[Sun Jan 13 19:40:34 UTC 2019] Le_API='https://acme-v01.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:34 UTC 2019] Using config home:/home/ubuntu/.acme.sh
[Sun Jan 13 19:40:34 UTC 2019] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:34 UTC 2019] _main_domain='api3.everdragons.com'
[Sun Jan 13 19:40:34 UTC 2019] _alt_domains='no'
[Sun Jan 13 19:40:34 UTC 2019] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Sun Jan 13 19:40:34 UTC 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sun Jan 13 19:40:34 UTC 2019] GET
[Sun Jan 13 19:40:34 UTC 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:34 UTC 2019] timeout=
[Sun Jan 13 19:40:34 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sun Jan 13 19:40:34 UTC 2019] ret='0'
[Sun Jan 13 19:40:34 UTC 2019] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Sun Jan 13 19:40:34 UTC 2019] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sun Jan 13 19:40:34 UTC 2019] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Sun Jan 13 19:40:34 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Sun Jan 13 19:40:34 UTC 2019] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Sun Jan 13 19:40:34 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun Jan 13 19:40:34 UTC 2019] ACME_NEW_NONCE
[Sun Jan 13 19:40:34 UTC 2019] ACME_VERSION
[Sun Jan 13 19:40:34 UTC 2019] Le_NextRenewTime='1544723361'
[Sun Jan 13 19:40:35 UTC 2019] _on_before_issue
[Sun Jan 13 19:40:35 UTC 2019] _chk_main_domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] _chk_alt_domains
[Sun Jan 13 19:40:35 UTC 2019] Le_LocalAddress
[Sun Jan 13 19:40:35 UTC 2019] d='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] Check for domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] _currentRoot='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] d
[Sun Jan 13 19:40:35 UTC 2019] _saved_account_key_hash is not changed, skip register account.
[Sun Jan 13 19:40:35 UTC 2019] Read key length:
[Sun Jan 13 19:40:35 UTC 2019] _createcsr
[Sun Jan 13 19:40:35 UTC 2019] d='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] _w='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] _currentRoot='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sun Jan 13 19:40:35 UTC 2019] Try new-authz for the 0 time.
[Sun Jan 13 19:40:35 UTC 2019] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sun Jan 13 19:40:35 UTC 2019] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "api3.everdragons.com"}}'
[Sun Jan 13 19:40:35 UTC 2019] RSA key
[Sun Jan 13 19:40:35 UTC 2019] GET
[Sun Jan 13 19:40:35 UTC 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Sun Jan 13 19:40:35 UTC 2019] timeout=
[Sun Jan 13 19:40:35 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sun Jan 13 19:40:35 UTC 2019] ret='0'
[Sun Jan 13 19:40:35 UTC 2019] POST
[Sun Jan 13 19:40:35 UTC 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sun Jan 13 19:40:35 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sun Jan 13 19:40:35 UTC 2019] _ret='0'
[Sun Jan 13 19:40:35 UTC 2019] code='201'
[Sun Jan 13 19:40:35 UTC 2019] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340","token":"17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A"'
[Sun Jan 13 19:40:35 UTC 2019] token='17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A'
[Sun Jan 13 19:40:35 UTC 2019] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:35 UTC 2019] keyauthorization='17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk'
[Sun Jan 13 19:40:35 UTC 2019] dvlist='api3.everdragons.com#17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk#https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340#http-01#nginx:'
[Sun Jan 13 19:40:35 UTC 2019] d
[Sun Jan 13 19:40:35 UTC 2019] vlist='api3.everdragons.com#17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk#https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340#http-01#nginx:,'
[Sun Jan 13 19:40:35 UTC 2019] d='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] ok, let's start to verify
[Sun Jan 13 19:40:35 UTC 2019] d='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] keyauthorization='17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk'
[Sun Jan 13 19:40:35 UTC 2019] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:35 UTC 2019] _currentRoot='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] _croot='nginx:'
[Sun Jan 13 19:40:35 UTC 2019] _start_f
[Sun Jan 13 19:40:35 UTC 2019] find start conf from nginx command
[Sun Jan 13 19:40:35 UTC 2019] NGINX_CONF='--conf-path=/etc/nginx/nginx.conf'
[Sun Jan 13 19:40:35 UTC 2019] NGINX_CONF='/etc/nginx/nginx.conf'
[Sun Jan 13 19:40:35 UTC 2019] Found nginx conf file:/etc/nginx/nginx.conf
[Sun Jan 13 19:40:35 UTC 2019] Start detect nginx conf for api3.everdragons.com from:/etc/nginx/nginx.conf
[Sun Jan 13 19:40:35 UTC 2019] Start _checkConf from:/etc/nginx/nginx.conf
[Sun Jan 13 19:40:35 UTC 2019] single
[Sun Jan 13 19:40:35 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/nginx.conf
[Sun Jan 13 19:40:35 UTC 2019] Try include files
[Sun Jan 13 19:40:35 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-http-geoip.conf
[Sun Jan 13 19:40:35 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-http-geoip.conf
[Sun Jan 13 19:40:35 UTC 2019] single
[Sun Jan 13 19:40:35 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-http-geoip.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-http-image-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-mail.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-mail.conf
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-mail.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/modules-enabled/50-mod-stream.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/modules-enabled/50-mod-stream.conf
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/modules-enabled/50-mod-stream.conf
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/mime.types
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/mime.types
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/mime.types
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/conf.d/*.conf
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/conf.d/*.conf
[Sun Jan 13 19:40:36 UTC 2019] wildcard
[Sun Jan 13 19:40:36 UTC 2019] check included /etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:36 UTC 2019] Start _checkConf from:/etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:36 UTC 2019] single
[Sun Jan 13 19:40:36 UTC 2019] _isRealNginxConf api3.everdragons.com /etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:36 UTC 2019] _fln='5'
[Sun Jan 13 19:40:36 UTC 2019] _start='1:server {'
[Sun Jan 13 19:40:36 UTC 2019] _start_n='1'
[Sun Jan 13 19:40:36 UTC 2019] _start_nn='2'
[Sun Jan 13 19:40:36 UTC 2019] _end='24: server 127.0.0.1:3001;'
[Sun Jan 13 19:40:36 UTC 2019] _end_n='24'
[Sun Jan 13 19:40:36 UTC 2019] _seg_n=' client_max_body_size 50M;
listen 443 ssl;
listen [::]:443;
server_name api3.everdragons.com;
ssl on;
ssl_certificate /home/ubuntu/.acme.sh/api3.everdragons.com/fullchain.cer;
ssl_certificate_key /home/ubuntu/.acme.sh/api3.everdragons.com/api3.everdragons.com.key ;
ssl_session_timeout 300m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header Host $host; # pass the host header - http://wiki.nginx.org/HttpProxyModule#proxy_pass
proxy_http_version 1.1; # recommended with keepalive connections - http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
upstream my_nodejs_upstream {
server 127.0.0.1:3001;'
[Sun Jan 13 19:40:36 UTC 2019] /etc/nginx/sites-enabled/default is found.
[Sun Jan 13 19:40:36 UTC 2019] _ln='5'
[Sun Jan 13 19:40:36 UTC 2019] _lnn='6'
[Sun Jan 13 19:40:36 UTC 2019] _start_tag
[Sun Jan 13 19:40:36 UTC 2019] _backup_conf='/home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf'
[Sun Jan 13 19:40:36 UTC 2019] _realConf='/etc/nginx/sites-enabled/default'
[Sun Jan 13 19:40:37 UTC 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:37 UTC 2019] payload='{"resource": "challenge", "type": "http-01", "keyAuthorization": "17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk"}'
[Sun Jan 13 19:40:37 UTC 2019] POST
[Sun Jan 13 19:40:37 UTC 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:37 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sun Jan 13 19:40:37 UTC 2019] _ret='0'
[Sun Jan 13 19:40:37 UTC 2019] code='202'
[Sun Jan 13 19:40:37 UTC 2019] sleep 2 secs to verify
[Sun Jan 13 19:40:39 UTC 2019] checking
[Sun Jan 13 19:40:39 UTC 2019] GET
[Sun Jan 13 19:40:39 UTC 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:39 UTC 2019] timeout=
[Sun Jan 13 19:40:39 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sun Jan 13 19:40:39 UTC 2019] ret='0'
[Sun Jan 13 19:40:39 UTC 2019] api3.everdragons.com:Verify error:Invalid response from http://api3.everdragons.com/.well-known/acme-challenge/17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A:
[Sun Jan 13 19:40:39 UTC 2019] Debug: get token url.
[Sun Jan 13 19:40:39 UTC 2019] GET
[Sun Jan 13 19:40:39 UTC 2019] url='http://api3.everdragons.com/.well-known/acme-challenge/17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A'
[Sun Jan 13 19:40:39 UTC 2019] timeout=1
[Sun Jan 13 19:40:39 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g --connect-timeout 1'
[Sun Jan 13 19:40:40 UTC 2019] ret='0'
[Sun Jan 13 19:40:40 UTC 2019] Skip for removelevel:
[Sun Jan 13 19:40:40 UTC 2019] pid
[Sun Jan 13 19:40:40 UTC 2019] _restoreNginx
[Sun Jan 13 19:40:40 UTC 2019] NGINX_RESTORE_VLIST='api3.everdragons.com#/etc/nginx/sites-enabled/default#/home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf,'
[Sun Jan 13 19:40:40 UTC 2019] ng_entry='api3.everdragons.com#/etc/nginx/sites-enabled/default#/home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf'
[Sun Jan 13 19:40:40 UTC 2019] _clearupdns
[Sun Jan 13 19:40:40 UTC 2019] skip dns.
[Sun Jan 13 19:40:40 UTC 2019] _on_issue_err
[Sun Jan 13 19:40:40 UTC 2019] Please add '--debug' or '--log' to check more details.
[Sun Jan 13 19:40:40 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Sun Jan 13 19:40:40 UTC 2019] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:40 UTC 2019] payload='{"resource": "challenge", "type": "", "keyAuthorization": "17pgmtOaD6NKuLVLBo0IXd9skMshw8999c7SrE8-r1A.6aq7LU03-dRpQRswLy3Iw_y3zHWxbUQp3Lqjs6QjAHk"}'
[Sun Jan 13 19:40:40 UTC 2019] POST
[Sun Jan 13 19:40:40 UTC 2019] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/7OgvvXcWhjga5NyTwI3Mu7auQ-2zOvJjpz00ebJBVLs/11427573340'
[Sun Jan 13 19:40:40 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sun Jan 13 19:40:40 UTC 2019] _ret='0'
[Sun Jan 13 19:40:40 UTC 2019] code='400'
[Sun Jan 13 19:40:40 UTC 2019] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0g 2 Nov 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-FIJPpj/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
ubuntu@ip-172-31-25-156:~/.acme.sh$ cat out.log
https://github.com/Neilpang/acme.sh
v2.8.0
[Sun Jan 13 19:40:34 UTC 2019] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Sun Jan 13 19:40:34 UTC 2019] Renew: 'api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] Single domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] Getting domain auth token for each domain
[Sun Jan 13 19:40:35 UTC 2019] Getting webroot for domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] Getting new-authz for domain='api3.everdragons.com'
[Sun Jan 13 19:40:35 UTC 2019] The new-authz request is ok.
[Sun Jan 13 19:40:35 UTC 2019] Verifying:api3.everdragons.com
[Sun Jan 13 19:40:35 UTC 2019] Nginx mode for domain:api3.everdragons.com
[Sun Jan 13 19:40:36 UTC 2019] Found conf file: /etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:36 UTC 2019] Backup /etc/nginx/sites-enabled/default to /home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf
[Sun Jan 13 19:40:36 UTC 2019] Check the nginx conf before setting up.
[Sun Jan 13 19:40:36 UTC 2019] OK, Set up nginx config file
[Sun Jan 13 19:40:36 UTC 2019] nginx conf is done, let's check it again.
[Sun Jan 13 19:40:36 UTC 2019] Reload nginx
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.14.0 (Ubuntu)</center>
</body>
</html>
[Sun Jan 13 19:40:40 UTC 2019] Restoring from /home/ubuntu/.acme.sh/api3.everdragons.com/backup/api3.everdragons.com.nginx.conf to /etc/nginx/sites-enabled/default
[Sun Jan 13 19:40:40 UTC 2019] Reload nginx