Definitely.
@raha Can you retry the acme.sh command but adding --debug 2
Then upload the log from that result
4 Likes
Yes I can
root@srvcyberpanelnoemail:~# wget -O - https://get.acme.sh | sh --debug 2
sh: 0: Illegal option --
--2022-07-20 00:10:05-- https://get.acme.sh/
Resolving get.acme.sh (get.acme.sh)... 188.114.96.3, 188.114.97.3, 2a06:98c1:3120::3, ...
Connecting to get.acme.sh (get.acme.sh)|188.114.96.3|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: βSTDOUTβ
- [ <=> ] 0 --.-KB/s in 0s
Cannot write to β-β (Success).
You only need to wget that once.
[which you have already done]
Normal use is like:
/root/.acme.sh/acme.sh [then whatever]
3 Likes
/root/.acme.sh/acme.sh --issue -d [redacted] --cert-file /etc/letsencrypt/live/[redacted]/cert.pem --key-file /etc/letsencrypt/live/[redacted]/privkey.pem --fullchain-file /etc/letsencrypt/live/[redacted]/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt
No, the one that looks like this in the log. Or, does that get run by your Panel?
If so, is there any way to add extra options in your panel command?
4 Likes
I'm using ssh now , but the panel have not much log file and also it have not command line in it , so I just use the cli
root@srvcyberpanelnoemail:~/.acme.sh# acme.sh --debug 2
[Wed 20 Jul 2022 12:14:10 AM +0430] Lets find script dir.
[Wed 20 Jul 2022 12:14:10 AM +0430] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed 20 Jul 2022 12:14:10 AM +0430] _script='/root/.acme.sh/acme.sh'
[Wed 20 Jul 2022 12:14:10 AM +0430] _script_home='/root/.acme.sh'
[Wed 20 Jul 2022 12:14:10 AM +0430] Using config home:/root/.acme.sh
[Wed 20 Jul 2022 12:14:10 AM +0430] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.5
[Wed 20 Jul 2022 12:14:10 AM +0430] Running cmd:
[Wed 20 Jul 2022 12:14:10 AM +0430] Using config home:/root/.acme.sh
[Wed 20 Jul 2022 12:14:10 AM +0430] default_acme_server
[Wed 20 Jul 2022 12:14:10 AM +0430] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Wed 20 Jul 2022 12:14:10 AM +0430] _ACME_SERVER_HOST='acme.zerossl.com'
[Wed 20 Jul 2022 12:14:10 AM +0430] _ACME_SERVER_PATH='v2/DV90'
https://github.com/acmesh-official/acme.sh
v3.0.5
Usage: acme.sh <command> ... [parameters ...]
Commands:
-h, --help Show this help message.
-v, --version Show version info.
--install Install acme.sh to your system.
--uninstall Uninstall acme.sh, and uninstall the cron job.
--upgrade Upgrade acme.sh to the latest code from https://github.com/acmesh-official/acme.sh.
--issue Issue a cert.
--deploy Deploy the cert to your server.
-i, --install-cert Install the issued cert to apache/nginx or any other server.
-r, --renew Renew a cert.
--renew-all Renew all the certs.
--revoke Revoke a cert.
--remove Remove the cert from list of certs known to acme.sh.
--list List all the certs.
--info Show the acme.sh configs, or the configs for a domain with [-d domain] parameter.
--to-pkcs12 Export the certificate and key to a pfx file.
--to-pkcs8 Convert to pkcs8 format.
--sign-csr Issue a cert from an existing csr.
--show-csr Show the content of a csr.
-ccr, --create-csr Create CSR, professional use.
--create-domain-key Create an domain private key, professional use.
--update-account Update account info.
--register-account Register account key.
--deactivate-account Deactivate the account.
--create-account-key Create an account private key, professional use.
--install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automa tically install the cron job.
--uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
--cron Run cron job to renew all the certs.
--set-notify Set the cron notification hook, level or mode.
--deactivate Deactivate the domain authz, professional use.
--set-default-ca Used with '--server', Set the default CA to use.
See: https://github.com/acmesh-official/acme.sh/wiki/Server
--set-default-chain Set the default preferred chain for a CA.
See: https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain
Parameters:
-d, --domain <domain.tld> Specifies a domain, used to issue, renew or revoke etc.
--challenge-alias <domain.tld> The challenge domain alias for DNS alias mode.
See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
--domain-alias <domain.tld> The domain alias for DNS alias mode.
See: https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode
--preferred-chain <chain> If the CA offers multiple certificate chains, prefer the chain with an issuer matching th is Subject Common Name.
If no match, the default offered chain will be used. (default: empty)
See: https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain
--valid-to <date-time> Request the NotAfter field of the cert.
See: https://github.com/acmesh-official/acme.sh/wiki/Validity
--valid-from <date-time> Request the NotBefore field of the cert.
See: https://github.com/acmesh-official/acme.sh/wiki/Validity
-f, --force Force install, force cert renewal or override sudo restrictions.
--staging, --test Use staging server, for testing.
--debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted.
--output-insecure Output all the sensitive messages.
By default all the credentials/sensitive messages are hidden from the output/debug/log fo r security.
-w, --webroot <directory> Specifies the web root folder for web root mode.
--standalone Use standalone mode.
--alpn Use standalone alpn mode.
--stateless Use stateless mode.
See: https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode
--apache Use apache mode.
--dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted.
See: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
--dnssleep <seconds> The time in seconds to wait for all the txt records to propagate in dns api mode.
It's not necessary to use this by default, acme.sh polls dns status by DOH automatically.
-k, --keylength <bits> Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
-ak, --accountkeylength <bits> Specifies the account key length: 2048, 3072, 4096
--log [file] Specifies the log file. Defaults to "/root/.acme.sh/acme.sh.log" if argument is omitted.
--log-level <1|2> Specifies the log level, default is 1.
--syslog <0|3|6|7> Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
--eab-kid <eab_key_id> Key Identifier for External Account Binding.
--eab-hmac-key <eab_hmac_key> HMAC key for External Account Binding.
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file <file> Path to copy the cert file to after issue/renew..
--key-file <file> Path to copy the key file to after issue/renew.
--ca-file <file> Path to copy the intermediate cert file to after issue/renew.
--fullchain-file <file> Path to copy the fullchain cert file to after issue/renew.
--reloadcmd <command> Command to execute after issue/renew to reload the server.
--server <server_uri> ACME Directory Resource URI. (default: https://acme.zerossl.com/v2/DV90)
See: https://github.com/acmesh-official/acme.sh/wiki/Server
--accountconf <file> Specifies a customized account config file.
--home <directory> Specifies the home dir for acme.sh.
--cert-home <directory> Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home <directory> Specifies the home dir to save all the configurations.
--useragent <string> Specifies the user agent string. it will be saved for future use too.
-m, --email <email> Specifies the account email, only valid for the '--install' and '--update-account' comman d.
--accountkey <file> Specifies the account key path, only valid for the '--install' command.
--days <ndays> Specifies the days to renew the cert when using '--issue' command. The default value is 6 0 days.
--httpport <port> Specifies the standalone listening port. Only valid if the server is behind a reverse pro xy or load balancer.
--tlsport <port> Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address <ip> Specifies the standalone/tls server listening address, in case you have multiple ip addre sses.
--listraw Only used for '--list' command, list the certs in raw format.
-se, --stop-renew-on-error Only valid for '--renew-all' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may no t be trusted.
--ca-bundle <file> Specifies the path to the CA certificate bundle to verify api server's certificate.
--ca-path <directory> Specifies directory containing CA certificates in PEM format, used by wget or curl.
--no-cron Only valid for '--install' command, which means: do not install the default cron job.
In this case, the certs will not be renewed automatically.
--no-profile Only valid for '--install' command, which means: do not install aliases to user profile.
--no-color Do not output color text.
--force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-M ails.
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--to-p kcs12' and '--create-csr'
--csr <file> Specifies the input csr.
--pre-hook <command> Command to be run before obtaining any certificates.
--post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of wheth er obtain/renew succeeded or failed.
--renew-hook <command> Command to be run after each successfully renewed certificate.
--deploy-hook <hookname> The hook file to deploy cert
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Def aults to 1 if argument is omitted.
--listen-v4 Force standalone/tls server to listen at ipv4.
--listen-v6 Force standalone/tls server to listen at ipv6.
--openssl-bin <file> Specifies a custom openssl bin location.
--use-wget Force to use wget, if you have both curl and wget installed.
--yes-I-know-dns-manual-mode-enough-go-ahead-please Force use of dns manual mode.
See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode
-b, --branch <branch> Only valid for '--upgrade' command, specifies the branch name to upgrade to.
--notify-level <0|1|2|3> Set the notification level: Default value is 2.
0: disabled, no notification will be sent.
1: send notifications only when there is an error.
2: send notifications when a cert is successfully renewed, or there is an error.
3: send notifications when a cert is skipped, renewed, or error.
--notify-mode <0|1> Set notification mode. Default value is 0.
0: Bulk mode. Send all the domain's notifications in one message(mail).
1: Cert mode. Send a message for every single cert.
--notify-hook <hookname> Set the notify hook
--revoke-reason <0-10> The reason for revocation, can be used in conjunction with the '--revoke' command.
See: https://github.com/acmesh-official/acme.sh/wiki/revokecert
--password <password> Add a password to exported pfx file. Use with --to-pkcs12.
@MikeMcQ is right, normally the panel does it for you.
You can do that same line - but remove "--force" and add "--debug 2"
3 Likes
Would you please give me the command ? becuse I did not add "--force"
The command is also in my post #25 
3 Likes
root@srvcyberpanelnoemail:~# /root/.acme.sh/acme.sh --issue -d [redacted] --cert-file /etc/letsencrypt/live/[redacted]/cert.pem --key-file /etc/letsencrypt/live/[redacted]/privkey.pem --fullchain-file /etc/letsencrypt/live/[redacted]/fullchain.pem -w /usr/local/lsws/Example/html -k ec-256 --debug 2 --server letsencrypt
[Wed 20 Jul 2022 12:20:48 AM +0430] _selectServer try snames='zerossl.com,zerossl'
[Wed 20 Jul 2022 12:20:48 AM +0430] _selectServer try snames='letsencrypt.org,letsencrypt'
[Wed 20 Jul 2022 12:20:48 AM +0430] _selectServer match letsencrypt
[Wed 20 Jul 2022 12:20:48 AM +0430] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Wed 20 Jul 2022 12:20:48 AM +0430] Lets find script dir.
[Wed 20 Jul 2022 12:20:48 AM +0430] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed 20 Jul 2022 12:20:48 AM +0430] _script='/root/.acme.sh/acme.sh'
[Wed 20 Jul 2022 12:20:48 AM +0430] _script_home='/root/.acme.sh'
[Wed 20 Jul 2022 12:20:48 AM +0430] Using config home:/root/.acme.sh
[Wed 20 Jul 2022 12:20:48 AM +0430] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.5
[Wed 20 Jul 2022 12:20:48 AM +0430] Using server: https://acme-v02.api.letsencrypt.org/directory
[Wed 20 Jul 2022 12:20:48 AM +0430] Running cmd: issue
[Wed 20 Jul 2022 12:20:48 AM +0430] _main_domain='ourwebsiteshop.xyz.ir'
[Wed 20 Jul 2022 12:20:48 AM +0430] _alt_domains='no'
[Wed 20 Jul 2022 12:20:48 AM +0430] Using config home:/root/.acme.sh
[Wed 20 Jul 2022 12:20:48 AM +0430] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed 20 Jul 2022 12:20:48 AM +0430] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Wed 20 Jul 2022 12:20:48 AM +0430] _ACME_SERVER_PATH='directory'
[Wed 20 Jul 2022 12:20:48 AM +0430] DOMAIN_PATH='/root/.acme.sh/[redacted]_ecc'
[Wed 20 Jul 2022 12:20:48 AM +0430] '/usr/local/lsws/Example/html' does not contain 'dns'
[Wed 20 Jul 2022 12:20:48 AM +0430] Le_NextRenewTime
[Wed 20 Jul 2022 12:20:48 AM +0430] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Wed 20 Jul 2022 12:20:48 AM +0430] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed 20 Jul 2022 12:20:48 AM +0430] GET
[Wed 20 Jul 2022 12:20:48 AM +0430] url='https://acme-v02.api.letsencrypt.org/directory'
[Wed 20 Jul 2022 12:20:48 AM +0430] timeout=
[Wed 20 Jul 2022 12:20:48 AM +0430] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.tuIrgUnrWs -g '
[Wed 20 Jul 2022 12:20:49 AM +0430] ret='0'
[Wed 20 Jul 2022 12:20:49 AM +0430] response='{
"UUuhXHKC_q4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Wed 20 Jul 2022 12:20:49 AM +0430] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Wed 20 Jul 2022 12:20:49 AM +0430] ACME_NEW_AUTHZ
[Wed 20 Jul 2022 12:20:49 AM +0430] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed 20 Jul 2022 12:20:49 AM +0430] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed 20 Jul 2022 12:20:49 AM +0430] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed 20 Jul 2022 12:20:49 AM +0430] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Wed 20 Jul 2022 12:20:49 AM +0430] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed 20 Jul 2022 12:20:49 AM +0430] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed 20 Jul 2022 12:20:49 AM +0430] _on_before_issue
[Wed 20 Jul 2022 12:20:49 AM +0430] _chk_main_domain='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] _chk_alt_domains
[Wed 20 Jul 2022 12:20:49 AM +0430] '/usr/local/lsws/Example/html' does not contain 'no'
[Wed 20 Jul 2022 12:20:49 AM +0430] Le_LocalAddress
[Wed 20 Jul 2022 12:20:49 AM +0430] d='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] Check for domain='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] _currentRoot='/usr/local/lsws/Example/html'
[Wed 20 Jul 2022 12:20:49 AM +0430] d
[Wed 20 Jul 2022 12:20:49 AM +0430] '/usr/local/lsws/Example/html' does not contain 'apache'
[Wed 20 Jul 2022 12:20:49 AM +0430] _saved_account_key_hash='nT/nkuZvgfeUkK4SS+j1C8grfA0NvIIaZyoInc8sIIQ='
[Wed 20 Jul 2022 12:20:49 AM +0430] _saved_account_key_hash is not changed, skip register account.
[Wed 20 Jul 2022 12:20:49 AM +0430] Read key length:ec-256
[Wed 20 Jul 2022 12:20:49 AM +0430] _createcsr
[Wed 20 Jul 2022 12:20:49 AM +0430] domain='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] domainlist
[Wed 20 Jul 2022 12:20:49 AM +0430] csrkey='/root/.acme.sh/ourwebsiteshop.xyz.ir_ecc/[redacted].key'
[Wed 20 Jul 2022 12:20:49 AM +0430] csr='/root/.acme.sh/ourwebsiteshop.xyz.ir_ecc/[redacted].csr'
[Wed 20 Jul 2022 12:20:49 AM +0430] csrconf='/root/.acme.sh/ourwebsiteshop.xyz.ir_ecc/[redacted].csr.conf'
[Wed 20 Jul 2022 12:20:49 AM +0430] Single domain='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] seg='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] _is_idn_d='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] _idn_temp
[Wed 20 Jul 2022 12:20:49 AM +0430] _is_idn_d='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] _idn_temp
[Wed 20 Jul 2022 12:20:49 AM +0430] _csr_cn='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] seg='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] Getting domain auth token for each domain
[Wed 20 Jul 2022 12:20:49 AM +0430] seg='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] _is_idn_d='[redacted]'
[Wed 20 Jul 2022 12:20:49 AM +0430] _idn_temp
[Wed 20 Jul 2022 12:20:49 AM +0430] d
[Wed 20 Jul 2022 12:20:49 AM +0430] _identifiers='{"type":"dns","value":"[redacted]"}'
[Wed 20 Jul 2022 12:20:49 AM +0430] _notBefore
[Wed 20 Jul 2022 12:20:49 AM +0430] _notAfter
[Wed 20 Jul 2022 12:20:49 AM +0430] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed 20 Jul 2022 12:20:49 AM +0430] payload='{"identifiers": [{"type":"dns","value":"[redacted]"}]}'
[Wed 20 Jul 2022 12:20:49 AM +0430] RSA key
[Wed 20 Jul 2022 12:20:49 AM +0430] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed 20 Jul 2022 12:20:49 AM +0430] HEAD
[Wed 20 Jul 2022 12:20:49 AM +0430] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed 20 Jul 2022 12:20:49 AM +0430] body
[Wed 20 Jul 2022 12:20:49 AM +0430] _postContentType='application/jose+json'
[Wed 20 Jul 2022 12:20:49 AM +0430] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.lCHVRe9bFm -g -I '
[Wed 20 Jul 2022 12:20:50 AM +0430] _ret='0'
[Wed 20 Jul 2022 12:20:50 AM +0430] _headers='HTTP/2 200
server: nginx
date: Tue, 19 Jul 2022 19:50:50 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002JJboH8cS-FKuRpRnUK6vfLh3tKfZqpSX1ugV-f8vJpk
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Wed 20 Jul 2022 12:20:50 AM +0430] _CACHED_NONCE='0002JJboH8cS-FKuRpRnUK6vfLh3tKfZqpSX1ugV-f8vJpk'
[Wed 20 Jul 2022 12:20:50 AM +0430] nonce='0002JJboH8cS-FKuRpRnUK6vfLh3tKfZqpSX1ugV-f8vJpk'
[Wed 20 Jul 2022 12:20:50 AM +0430] POST
[Wed 20 Jul 2022 12:20:50 AM +0430] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed 20 Jul 2022 12:20:50 AM +0430] body='{"protected": "eyJub25jZSI6ICIwMDAySkpib0g4Y1MtRkt1UnBSblVLNnZmTGgzdEtmWnFwU1gxdWdWLWY4dkpwayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82MzgyNjk1NDYifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IjM3MTAuaXIifV19", "signature": "sEykeVU4JNW213ae9oS6TW7CzZ4EfNfIL0zLG94xb8e9Ktx5dHaVh3VrpfQPVrFrJ1lOpqDocjqkxEnrCzy8jrnJXA7hi28BOXBDvjSV2291pUT5_FsIbU63o77NDept36EOGSsDeYAABoFmBgttyhgEx3vZ1OfK411Kr2_wr_ocvy6G-6hpxuiwvYk2luR1hJ_5_E2-ePXX7uoQxCgZcAjDxQ74g4VLfOHlCcyvr0fhBg_4h_afgbsvXwipo4dZzExD9Fn2vTF98K_Oxjpv144SE1R38VsSpXtKVORhp7svoXu0A_MXcOn4_CbIBNNU-ocbubvNkuCZfg09t21e3g"}'
[Wed 20 Jul 2022 12:20:50 AM +0430] _postContentType='application/jose+json'
[Wed 20 Jul 2022 12:20:50 AM +0430] Http already initialized.
[Wed 20 Jul 2022 12:20:50 AM +0430] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.lCHVRe9bFm -g '
[Wed 20 Jul 2022 12:20:51 AM +0430] _ret='0'
[Wed 20 Jul 2022 12:20:51 AM +0430] responseHeaders='HTTP/2 429
server: nginx
date: Tue, 19 Jul 2022 19:50:51 GMT
content-type: application/problem+json
content-length: 279
boulder-requester: 638269546
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0001qDvADpSmkSCRf6Pps1Ym5fOFrE7PyerwHdwpgeJ_1S8
'
[Wed 20 Jul 2022 12:20:51 AM +0430] code='429'
[Wed 20 Jul 2022 12:20:51 AM +0430] original='{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: [redacted]: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
"status": 429
}'
[Wed 20 Jul 2022 12:20:51 AM +0430] response='{
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: [redacted]: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
"status": 429
}'
[Wed 20 Jul 2022 12:20:51 AM +0430] Le_LinkOrder
[Wed 20 Jul 2022 12:20:51 AM +0430] Le_OrderFinalize
[Wed 20 Jul 2022 12:20:51 AM +0430] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: ourwebsiteshop.xyz.ir: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
"status": 429
}
[Wed 20 Jul 2022 12:20:51 AM +0430] pid
[Wed 20 Jul 2022 12:20:51 AM +0430] No need to restore nginx, skip.
[Wed 20 Jul 2022 12:20:51 AM +0430] _clearupdns
[Wed 20 Jul 2022 12:20:51 AM +0430] dns_entries
[Wed 20 Jul 2022 12:20:51 AM +0430] skip dns.
[Wed 20 Jul 2022 12:20:51 AM +0430] _on_issue_err
[Wed 20 Jul 2022 12:20:51 AM +0430] Please add '--debug' or '--log' to check more details.
[Wed 20 Jul 2022 12:20:51 AM +0430] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Wed 20 Jul 2022 12:20:51 AM +0430] _chk_vlist
[Wed 20 Jul 2022 12:20:51 AM +0430] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1f 31 Mar 2020
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.3 on Oct 26 2019 17:42:04
running on Linux version #138-Ubuntu SMP Wed Jun 22 15:00:31 UTC 2022, release 5.4.0-122-generic, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#undef WITH_READLINE
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /*debug*/
root@srvcyberpanelnoemail:~#
Show:
/root/.acme.sh/acme.sh --list
2 Likes
root@srvcyberpanelnoemail:~# /root/.acme.sh/acme.sh --list
Main_Domain KeyLength SAN_Domains CA Created Renew
[redacted] "ec-256" no LetsEncrypt.org
root@srvcyberpanelnoemail:~#
Something has gone wrong: It shows it but without any dates.
Show:
ls -l /etc/letsencrypt/live/[redacted]/
3 Likes
root@srvcyberpanelnoemail:~# ls -l /etc/letsencrypt/live/[redacted]/
total 8
-rw-r--r-- 1 root root 1285 Jul 19 23:09 fullchain.pem
-rw------- 1 root root 1704 Jul 19 23:09 privkey.pem
The cert.pem file is missing, but with those two files they should be enough to use the cert.
4 Likes
Would you please tell me how can I use them?
That "too many issued certs" error is a consequence of it using "--force".
[very bad practice]
5 Likes
So , What should I do now?
Try to use that cert - restart LiteSpeed OR the whole server.
If a web server restart doesn't do it, then I'm not sure.
You would have to review the LiteSpeed code for clue(s).
4 Likes