Wget -q --content-on-error

nemo · January 1, 2021, 5:37am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
/etc/init.d/acme restart

It produced this output:

daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 5
daemon.err run-acme[29823]: ret='5'
daemon.err run-acme[29823]: Can not init api.
daemon.err run-acme[29823]: Try new-authz for the 0 time.
daemon.err run-acme[29823]: url
daemon.err run-acme[29823]: payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "mydomain"}}'
daemon.err run-acme[29823]: RSA key
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.err run-acme[29823]: GET
daemon.err run-acme[29823]: url='https://acme-v02.api.letsencrypt.org/directory'
daemon.err run-acme[29823]: timeout=
daemon.err run-acme[29823]: _WGET='wget -q --content-on-error '
daemon.err run-acme[29823]: ret='0'
daemon.info run-acme[29823]: Could not get nonce, let's try again.
daemon.info run-acme[29823]: Giving up sending to CA server after 20 retries.
daemon.err run-acme[29823]: Can not get domain new authz.
daemon.err run-acme[29823]: pid
daemon.err run-acme[29823]: No need to restore nginx, skip.
daemon.err run-acme[29823]: _clearupdns
daemon.err run-acme[29823]: dns_entries
daemon.err run-acme[29823]: skip dns.
daemon.err run-acme[29823]: _on_issue_err
daemon.err run-acme[29823]: Please add '--debug' or '--log' to check more details.
daemon.err run-acme[29823]: See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
daemon.err run-acme[29823]: Diagnosis versions:
daemon.err run-acme[29823]: openssl:openssl
daemon.err run-acme[29823]: OpenSSL 1.1.1g  21 Apr 2020
daemon.err run-acme[29823]: apache:
daemon.err run-acme[29823]: apache doesn't exist.
daemon.err run-acme[29823]: nginx:
daemon.err run-acme[29823]: nginx doesn't exist.
daemon.err run-acme[29823]: socat:
daemon.err run-acme[29823]: socat by Gerhard Rieger and contributors - see www.dest-unreach.org
daemon.err run-acme[29823]: socat version 1.7.3.3 on 1594382154
daemon.err run-acme[29823]:    running on Linux version #0 Thu Feb 27 21:05:12 2020, release 4.14.171, machine mips
daemon.err run-acme[29823]: features:
daemon.err run-acme[29823]:   #define WITH_STDIO 1
daemon.err run-acme[29823]:   #define WITH_FDNUM 1
daemon.err run-acme[29823]:   #define WITH_FILE 1
daemon.err run-acme[29823]:   #define WITH_CREAT 1
daemon.err run-acme[29823]:   #define WITH_GOPEN 1
daemon.err run-acme[29823]:   #define WITH_TERMIOS 1
daemon.err run-acme[29823]:   #define WITH_PIPE 1
daemon.err run-acme[29823]:   #define WITH_UNIX 1
daemon.err run-acme[29823]:   #define WITH_ABSTRACT_UNIXSOCKET 1
daemon.err run-acme[29823]:   #define WITH_IP4 1
daemon.err run-acme[29823]:   #define WITH_IP6 1
daemon.err run-acme[29823]:   #define WITH_RAWIP 1
daemon.err run-acme[29823]:   #define WITH_GENERICSOCKET 1
daemon.err run-acme[29823]:   #define WITH_INTERFACE 1
daemon.err run-acme[29823]:   #define WITH_TCP 1
daemon.err run-acme[29823]:   #define WITH_UDP 1
daemon.err run-acme[29823]:   #define WITH_SCTP 1
daemon.err run-acme[29823]:   #define WITH_LISTEN 1
daemon.err run-acme[29823]:   #define WITH_SOCKS4 1
daemon.err run-acme[29823]:   #define WITH_SOCKS4A 1
daemon.err run-acme[29823]:   #define WITH_PROXY 1
daemon.err run-acme[29823]:   #define WITH_SYSTEM 1
daemon.err run-acme[29823]:   #define WITH_EXEC 1
daemon.err run-acme[29823]:   #undef WITH_READLINE
daemon.err run-acme[29823]:   #define WITH_TUN 1
daemon.err run-acme[29823]:   #define WITH_PTY 1
daemon.err run-acme[29823]:   #undef WITH_OPENSSL
daemon.err run-acme[29823]:   #undef WITH_FIPS
daemon.err run-acme[29823]:   #undef WITH_LIBWRAP
daemon.err run-acme[29823]:   #define WITH_SYCLS 1
daemon.err run-acme[29823]:   #define WITH_FILAN 1
daemon.err run-acme[29823]:   #define WITH_RETRY 1
daemon.err run-acme[29823]:   #define WITH_MSGLEVEL 0 /*debug*/
daemon.err acme: Issuing cert for mydomain failed.

My web server is (include version):
uhttpd

The operating system my web server runs on is (include version):
openwrt

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
v3

I'm using acme.h 2.8.8. and i have tried update the code in acme.h from
_ACME_WGET="$_ACME_WGET --content-on-error "
to
_ACME_WGET="$_ACME_WGET --content-on-error --no-check-certificate "

it still can't works.

rg305 · January 1, 2021, 8:05am

Please show the output of:
curl https://acme-v02.api.letsencrypt.org/directory
[from that system]

nemo · January 1, 2021, 8:21am

thank you for reply, the output is:
curl: (77) Error reading ca cert file /etc/ssl/certs/ca-certificates.crt - mbedTLS: (-0x3E00) PK - Read/write of file failed

rg305 · January 1, 2021, 8:22am

hmm....
Try:
sudo curl https://acme-v02.api.letsencrypt.org/directory

nemo · January 1, 2021, 8:25am

I'm under root user.(it's a openwrt router.) the output is:
-ash: sudo: not found

rg305 · January 1, 2021, 8:26am

Try:
apt install ca-certificates

nemo · January 1, 2021, 8:32am

oh my god. I delete the certs folder several week ago

nemo · January 1, 2021, 8:40am

I notice the /etc/ssl/certs direcotry is recovery. but the
curl https://acme-v02.api.letsencrypt.org/directory
still
curl: (77) Error reading ca cert file /etc/ssl/certs/ca-certificates.crt - mbedTLS: (-0x3E00) PK - Read/write of file failed

nemo · January 1, 2021, 8:43am

there is no ca-certificates.crt in the certs directory.

rg305 · January 1, 2021, 8:50am

ls -l /etc/ssl/certs/

nemo · January 1, 2021, 8:56am

lrwxrwxrwx    1 root     root            45 Jan  1 02:53 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx    1 root     root            36 Jan  1 02:53 03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx    1 root     root            25 Jan  1 02:53 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx    1 root     root            50 Jan  1 02:53 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 080911ac.0 -> QuoVadis_Root_CA.crt
lrwxrwxrwx    1 root     root            54 Jan  1 02:53 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     root            15 Jan  1 02:53 0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx    1 root     root            16 Jan  1 02:53 0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx    1 root     root            44 Jan  1 02:53 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx    1 root     root            34 Jan  1 02:53 0c4c9b6c.0 -> Global_Chambersign_Root_-_2008.crt
lrwxrwxrwx    1 root     root            32 Jan  1 02:53 0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx    1 root     root            15 Jan  1 02:53 1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx    1 root     root            46 Jan  1 02:53 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx    1 root     root            35 Jan  1 02:53 128805a3.0 -> EE_Certification_Centre_Root_CA.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx    1 root     root            59 Jan  1 02:53 1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx    1 root     root            23 Jan  1 02:53 18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx    1 root     root            31 Jan  1 02:53 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx    1 root     root            37 Jan  1 02:53 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx    1 root     root            32 Jan  1 02:53 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx    1 root     root            38 Jan  1 02:53 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx    1 root     root            23 Jan  1 02:53 2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx    1 root     root            18 Jan  1 02:53 2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx    1 root     root            59 Jan  1 02:53 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx    1 root     root            10 Jan  1 02:53 349f2832.0 -> EC-ACC.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx    1 root     root            61 Jan  1 02:53 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx    1 root     root            31 Jan  1 02:53 40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx    1 root     root            16 Jan  1 02:53 4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx    1 root     root            34 Jan  1 02:53 40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx    1 root     root            23 Jan  1 02:53 406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx    1 root     root            43 Jan  1 02:53 4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx    1 root     root            29 Jan  1 02:53 48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx    1 root     root            45 Jan  1 02:53 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx    1 root     root            35 Jan  1 02:53 5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx    1 root     root            32 Jan  1 02:53 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx    1 root     root            28 Jan  1 02:53 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx    1 root     root            38 Jan  1 02:53 5a4d6896.0 -> Staat_der_Nederlanden_Root_CA_-_G3.crt
lrwxrwxrwx    1 root     root            22 Jan  1 02:53 5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx    1 root     root            38 Jan  1 02:53 5c44d531.0 -> Staat_der_Nederlanden_Root_CA_-_G2.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx    1 root     root            45 Jan  1 02:53 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx    1 root     root            23 Jan  1 02:53 5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx    1 root     root            15 Jan  1 02:53 626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx    1 root     root            15 Jan  1 02:53 6410666e.0 -> Taiwan_GRCA.crt
lrwxrwxrwx    1 root     root            29 Jan  1 02:53 653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx    1 root     root            40 Jan  1 02:53 6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx    1 root     root            44 Jan  1 02:53 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx    1 root     root            24 Jan  1 02:53 706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx    1 root     root            25 Jan  1 02:53 749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx    1 root     root            28 Jan  1 02:53 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx    1 root     root            22 Jan  1 02:53 76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx    1 root     root            63 Jan  1 02:53 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx    1 root     root            35 Jan  1 02:53 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx    1 root     root            18 Jan  1 02:53 7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx    1 root     root            31 Jan  1 02:53 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx    1 root     root            34 Jan  1 02:53 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 8867006a.0 -> GeoTrust_Universal_CA_2.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx    1 root     root            34 Jan  1 02:53 930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx    1 root     root            48 Jan  1 02:53 988a38cb.0 -> NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 9c2e7d30.0 -> Sonera_Class_2_Root_CA.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx    1 root     root            31 Jan  1 02:53 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
-rw-r--r--    1 root     root          2772 Dec 17 15:16 ACCVRAIZ1.crt
-rw-r--r--    1 root     root          1972 Dec 17 15:16 AC_RAIZ_FNMT-RCM.crt
-rw-r--r--    1 root     root          2049 Dec 17 15:16 Actalis_Authentication_Root_CA.crt
-rw-r--r--    1 root     root          1204 Dec 17 15:16 AffirmTrust_Commercial.crt
-rw-r--r--    1 root     root          1204 Dec 17 15:16 AffirmTrust_Networking.crt
-rw-r--r--    1 root     root          1891 Dec 17 15:16 AffirmTrust_Premium.crt
-rw-r--r--    1 root     root           753 Dec 17 15:16 AffirmTrust_Premium_ECC.crt
-rw-r--r--    1 root     root          1188 Dec 17 15:16 Amazon_Root_CA_1.crt
-rw-r--r--    1 root     root          1883 Dec 17 15:16 Amazon_Root_CA_2.crt
-rw-r--r--    1 root     root           656 Dec 17 15:16 Amazon_Root_CA_3.crt
-rw-r--r--    1 root     root           737 Dec 17 15:16 Amazon_Root_CA_4.crt
-rw-r--r--    1 root     root          1261 Dec 17 15:16 Atos_TrustedRoot_2011.crt
-rw-r--r--    1 root     root          2167 Dec 17 15:16 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
-rw-r--r--    1 root     root          1261 Dec 17 15:16 Baltimore_CyberTrust_Root.crt
-rw-r--r--    1 root     root          1915 Dec 17 15:16 Buypass_Class_2_Root_CA.crt
-rw-r--r--    1 root     root          1915 Dec 17 15:16 Buypass_Class_3_Root_CA.crt
-rw-r--r--    1 root     root          1935 Dec 17 15:16 CA_Disig_Root_R2.crt
-rw-r--r--    1 root     root          1984 Dec 17 15:16 CFCA_EV_ROOT.crt
-rw-r--r--    1 root     root          1489 Dec 17 15:16 COMODO_Certification_Authority.crt
-rw-r--r--    1 root     root           940 Dec 17 15:16 COMODO_ECC_Certification_Authority.crt
-rw-r--r--    1 root     root          2086 Dec 17 15:16 COMODO_RSA_Certification_Authority.crt
-rw-r--r--    1 root     root          1330 Dec 17 15:16 Certigna.crt
-rw-r--r--    1 root     root          2264 Dec 17 15:16 Certigna_Root_CA.crt
-rw-r--r--    1 root     root          1354 Dec 17 15:16 Certum_Trusted_Network_CA.crt
-rw-r--r--    1 root     root          2078 Dec 17 15:16 Certum_Trusted_Network_CA_2.crt
-rw-r--r--    1 root     root          2594 Dec 17 15:16 Chambers_of_Commerce_Root_-_2008.crt
-rw-r--r--    1 root     root          1517 Dec 17 15:16 Comodo_AAA_Services_root.crt
-rw-r--r--    1 root     root          1318 Dec 17 15:16 Cybertrust_Global_Root.crt
-rw-r--r--    1 root     root          1517 Dec 17 15:16 D-TRUST_Root_Class_3_CA_2_2009.crt
-rw-r--r--    1 root     root          1537 Dec 17 15:16 D-TRUST_Root_Class_3_CA_2_EV_2009.crt
-rw-r--r--    1 root     root          1200 Dec 17 15:16 DST_Root_CA_X3.crt
-rw-r--r--    1 root     root          1350 Dec 17 15:16 DigiCert_Assured_ID_Root_CA.crt
-rw-r--r--    1 root     root          1306 Dec 17 15:16 DigiCert_Assured_ID_Root_G2.crt
-rw-r--r--    1 root     root           851 Dec 17 15:16 DigiCert_Assured_ID_Root_G3.crt
-rw-r--r--    1 root     root          1338 Dec 17 15:16 DigiCert_Global_Root_CA.crt
-rw-r--r--    1 root     root          1294 Dec 17 15:16 DigiCert_Global_Root_G2.crt
-rw-r--r--    1 root     root           839 Dec 17 15:16 DigiCert_Global_Root_G3.crt
-rw-r--r--    1 root     root          1367 Dec 17 15:16 DigiCert_High_Assurance_EV_Root_CA.crt
-rw-r--r--    1 root     root          1988 Dec 17 15:16 DigiCert_Trusted_Root_G4.crt
-rw-r--r--    1 root     root          2244 Dec 17 15:16 E-Tugra_Certification_Authority.crt
-rw-r--r--    1 root     root          1911 Dec 17 15:16 EC-ACC.crt
-rw-r--r--    1 root     root          1452 Dec 17 15:16 EE_Certification_Centre_Root_CA.crt
-rw-r--r--    1 root     root          1505 Dec 17 15:16 Entrust.net_Premium_2048_Secure_Server_CA.crt
-rw-r--r--    1 root     root          1643 Dec 17 15:16 Entrust_Root_Certification_Authority.crt
-rw-r--r--    1 root     root          1090 Dec 17 15:16 Entrust_Root_Certification_Authority_-_EC1.crt
-rw-r--r--    1 root     root          1533 Dec 17 15:16 Entrust_Root_Certification_Authority_-_G2.crt
-rw-r--r--    1 root     root          2244 Dec 17 15:16 Entrust_Root_Certification_Authority_-_G4.crt
-rw-r--r--    1 root     root          1980 Dec 17 15:16 GDCA_TrustAUTH_R5_ROOT.crt
-rw-r--r--    1 root     root          1915 Dec 17 15:16 GTS_Root_R1.crt
-rw-r--r--    1 root     root          1915 Dec 17 15:16 GTS_Root_R2.crt
-rw-r--r--    1 root     root           769 Dec 17 15:16 GTS_Root_R3.crt
-rw-r--r--    1 root     root           769 Dec 17 15:16 GTS_Root_R4.crt
-rw-r--r--    1 root     root          1939 Dec 17 15:16 GeoTrust_Universal_CA_2.crt
-rw-r--r--    1 root     root           713 Dec 17 15:16 GlobalSign_ECC_Root_CA_-_R4.crt
-rw-r--r--    1 root     root           794 Dec 17 15:16 GlobalSign_ECC_Root_CA_-_R5.crt
-rw-r--r--    1 root     root          1261 Dec 17 15:16 GlobalSign_Root_CA.crt
-rw-r--r--    1 root     root          1354 Dec 17 15:16 GlobalSign_Root_CA_-_R2.crt
-rw-r--r--    1 root     root          1229 Dec 17 15:16 GlobalSign_Root_CA_-_R3.crt
-rw-r--r--    1 root     root          1972 Dec 17 15:16 GlobalSign_Root_CA_-_R6.crt
-rw-r--r--    1 root     root          2585 Dec 17 15:16 Global_Chambersign_Root_-_2008.crt
-rw-r--r--    1 root     root          1448 Dec 17 15:16 Go_Daddy_Class_2_CA.crt
-rw-r--r--    1 root     root          1367 Dec 17 15:16 Go_Daddy_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     root          1017 Dec 17 15:16 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
-rw-r--r--    1 root     root          1513 Dec 17 15:16 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
-rw-r--r--    1 root     root          2155 Dec 17 15:16 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
-rw-r--r--    1 root     root          1168 Dec 17 15:16 Hongkong_Post_Root_CA_1.crt
-rw-r--r--    1 root     root          2074 Dec 17 15:16 Hongkong_Post_Root_CA_3.crt
-rw-r--r--    1 root     root          1939 Dec 17 15:16 ISRG_Root_X1.crt
-rw-r--r--    1 root     root          1923 Dec 17 15:16 IdenTrust_Commercial_Root_CA_1.crt
-rw-r--r--    1 root     root          1931 Dec 17 15:16 IdenTrust_Public_Sector_Root_CA_1.crt
-rw-r--r--    1 root     root          2122 Dec 17 15:16 Izenpe.com.crt
-rw-r--r--    1 root     root          2057 Dec 17 15:16 LuxTrust_Global_Root_2.crt
-rw-r--r--    1 root     root          1460 Dec 17 15:16 Microsec_e-Szigno_Root_CA_2009.crt
-rw-r--r--    1 root     root          1476 Dec 17 15:16 NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
-rw-r--r--    1 root     root          1411 Dec 17 15:16 Network_Solutions_Certificate_Authority.crt
-rw-r--r--    1 root     root          1428 Dec 17 15:16 OISTE_WISeKey_Global_Root_GA_CA.crt
-rw-r--r--    1 root     root          1346 Dec 17 15:16 OISTE_WISeKey_Global_Root_GB_CA.crt
-rw-r--r--    1 root     root           895 Dec 17 15:16 OISTE_WISeKey_Global_Root_GC_CA.crt
-rw-r--r--    1 root     root          2078 Dec 17 15:16 QuoVadis_Root_CA.crt
-rw-r--r--    1 root     root          1923 Dec 17 15:16 QuoVadis_Root_CA_1_G3.crt
-rw-r--r--    1 root     root          2041 Dec 17 15:16 QuoVadis_Root_CA_2.crt
-rw-r--r--    1 root     root          1923 Dec 17 15:16 QuoVadis_Root_CA_2_G3.crt
-rw-r--r--    1 root     root          2354 Dec 17 15:16 QuoVadis_Root_CA_3.crt
-rw-r--r--    1 root     root          1923 Dec 17 15:16 QuoVadis_Root_CA_3_G3.crt
-rw-r--r--    1 root     root           956 Dec 17 15:16 SSL.com_EV_Root_Certification_Authority_ECC.crt
-rw-r--r--    1 root     root          2114 Dec 17 15:16 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
-rw-r--r--    1 root     root           944 Dec 17 15:16 SSL.com_Root_Certification_Authority_ECC.crt
-rw-r--r--    1 root     root          2094 Dec 17 15:16 SSL.com_Root_Certification_Authority_RSA.crt
-rw-r--r--    1 root     root          1257 Dec 17 15:16 SZAFIR_ROOT_CA2.crt
-rw-r--r--    1 root     root          1249 Dec 17 15:16 SecureSign_RootCA11.crt
-rw-r--r--    1 root     root          1350 Dec 17 15:16 SecureTrust_CA.crt
-rw-r--r--    1 root     root          1354 Dec 17 15:16 Secure_Global_CA.crt
-rw-r--r--    1 root     root          1261 Dec 17 15:16 Security_Communication_RootCA2.crt
-rw-r--r--    1 root     root          1224 Dec 17 15:16 Security_Communication_Root_CA.crt
-rw-r--r--    1 root     root          1143 Dec 17 15:16 Sonera_Class_2_Root_CA.crt
-rw-r--r--    1 root     root          1948 Dec 17 15:16 Staat_der_Nederlanden_EV_Root_CA.crt
-rw-r--r--    1 root     root          2069 Dec 17 15:16 Staat_der_Nederlanden_Root_CA_-_G2.crt
-rw-r--r--    1 root     root          1952 Dec 17 15:16 Staat_der_Nederlanden_Root_CA_-_G3.crt
-rw-r--r--    1 root     root          1468 Dec 17 15:16 Starfield_Class_2_CA.crt
-rw-r--r--    1 root     root          1399 Dec 17 15:16 Starfield_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     root          1424 Dec 17 15:16 Starfield_Services_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     root          2045 Dec 17 15:16 SwissSign_Gold_CA_-_G2.crt
-rw-r--r--    1 root     root          2049 Dec 17 15:16 SwissSign_Silver_CA_-_G2.crt
-rw-r--r--    1 root     root          1367 Dec 17 15:16 T-TeleSec_GlobalRoot_Class_2.crt
-rw-r--r--    1 root     root          1367 Dec 17 15:16 T-TeleSec_GlobalRoot_Class_3.crt
-rw-r--r--    1 root     root          1582 Dec 17 15:16 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
-rw-r--r--    1 root     root          1883 Dec 17 15:16 TWCA_Global_Root_CA.crt
-rw-r--r--    1 root     root          1269 Dec 17 15:16 TWCA_Root_Certification_Authority.crt
-rw-r--r--    1 root     root          1948 Dec 17 15:16 Taiwan_GRCA.crt
-rw-r--r--    1 root     root          1870 Dec 17 15:16 TeliaSonera_Root_CA_v1.crt
-rw-r--r--    1 root     root          1493 Dec 17 15:16 TrustCor_ECA-1.crt
-rw-r--r--    1 root     root          1513 Dec 17 15:16 TrustCor_RootCert_CA-1.crt
-rw-r--r--    1 root     root          2204 Dec 17 15:16 TrustCor_RootCert_CA-2.crt
-rw-r--r--    1 root     root          1241 Dec 17 15:16 Trustis_FPS_Root_CA.crt
-rw-r--r--    1 root     root          1915 Dec 17 15:16 UCA_Extended_Validation_Root.crt
-rw-r--r--    1 root     root          1891 Dec 17 15:16 UCA_Global_G2_Root.crt
-rw-r--r--    1 root     root           948 Dec 17 15:16 USERTrust_ECC_Certification_Authority.crt
-rw-r--r--    1 root     root          2094 Dec 17 15:16 USERTrust_RSA_Certification_Authority.crt
-rw-r--r--    1 root     root          1484 Dec 17 15:16 Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
-rw-r--r--    1 root     root          1513 Dec 17 15:16 XRamp_Global_CA_Root.crt
lrwxrwxrwx    1 root     root            15 Jan  1 02:53 a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx    1 root     root            13 Jan  1 02:53 a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx    1 root     root            45 Jan  1 02:53 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx    1 root     root            31 Jan  1 02:53 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx    1 root     root            31 Jan  1 02:53 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx    1 root     root            35 Jan  1 02:53 b1b8a7f3.0 -> OISTE_WISeKey_Global_Root_GA_CA.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx    1 root     root            23 Jan  1 02:53 b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx    1 root     root            37 Jan  1 02:53 b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     root            22 Jan  1 02:53 c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx    1 root     root            64 Jan  1 02:53 c0ff1f52.0 -> Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx    1 root     root            34 Jan  1 02:53 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx    1 root     root            36 Jan  1 02:53 c47d9980.0 -> Chambers_of_Commerce_Root_-_2008.crt
lrwxrwxrwx    1 root     root            37 Jan  1 02:53 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     root            44 Jan  1 02:53 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     root            14 Jan  1 02:53 cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx    1 root     root            34 Jan  1 02:53 cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 ce5e74ef.0 -> Amazon_Root_CA_1.crt
-rw-r--r--    1 root     root          1176 Dec 17 15:16 certSIGN_ROOT_CA.crt
lrwxrwxrwx    1 root     root            37 Jan  1 02:53 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx    1 root     root            38 Jan  1 02:53 d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx    1 root     root            22 Jan  1 02:53 d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx    1 root     root            23 Jan  1 02:53 d853d49e.0 -> Trustis_FPS_Root_CA.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx    1 root     root            26 Jan  1 02:53 def36a68.0 -> LuxTrust_Global_Root_2.crt
lrwxrwxrwx    1 root     root            12 Jan  1 02:53 e113c810.0 -> Certigna.crt
lrwxrwxrwx    1 root     root            25 Jan  1 02:53 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx    1 root     root            25 Jan  1 02:53 e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx    1 root     root            35 Jan  1 02:53 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx    1 root     root            27 Jan  1 02:53 e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
-rw-r--r--    1 root     root          2033 Dec 17 15:16 ePKI_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     root            28 Jan  1 02:53 ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx    1 root     root            38 Jan  1 02:53 eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx    1 root     root            34 Jan  1 02:53 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
-rw-r--r--    1 root     root           814 Dec 17 15:16 emSign_ECC_Root_CA_-_C3.crt
-rw-r--r--    1 root     root           859 Dec 17 15:16 emSign_ECC_Root_CA_-_G3.crt
-rw-r--r--    1 root     root          1257 Dec 17 15:16 emSign_Root_CA_-_C1.crt
-rw-r--r--    1 root     root          1302 Dec 17 15:16 emSign_Root_CA_-_G1.crt
lrwxrwxrwx    1 root     root            23 Jan  1 02:53 f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx    1 root     root            47 Jan  1 02:53 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx    1 root     root            41 Jan  1 02:53 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx    1 root     root            34 Jan  1 02:53 f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx    1 root     root            24 Jan  1 02:53 f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx    1 root     root            18 Jan  1 02:53 f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx    1 root     root            20 Jan  1 02:53 f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx    1 root     root            41 Jan  1 02:53 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx    1 root     root            19 Jan  1 02:53 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx    1 root     root            49 Jan  1 02:53 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt

nemo · January 1, 2021, 9:12am

I copied the ca-certificates.crt from another router.

nemo · January 1, 2021, 11:12am

Hi,
my server is setup on my inner router through port forwarding.

when i update my certificate. get token url alwayse get my first level router's login page.

daemon.err run-acme[2007]: Debug: get token url.
daemon.err run-acme[2007]: GET
daemon.err run-acme[2007]: url='http://mydomain/.well-known/acme-challenge/UIZlZkHYQb8feTman4PD0he4u-ANuAPSyDWT99mcIpI'
daemon.err run-acme[2007]: timeout=1
daemon.err run-acme[2007]: _CURL='curl --silent --dump-header /etc/acme/http.header  -L  -g  --connect-timeout 1'
daemon.info run-acme[2007]: <!DOCTYPE html>
daemon.info run-acme[2007]: <html lang='en'>
daemon.info run-acme[2007]: <head>
daemon.info run-acme[2007]: <meta charset="utf-8">
daemon.info run-acme[2007]: <title></title>
daemon.info run-acme[2007]: <meta name="viewport" content="width=device-width, initial-scale=1.0">
daemon.info run-acme[2007]: <meta name="description" content="">
daemon.info run-acme[2007]: <meta name="author" content="">

but https works.

https://mydomain/.well-known/acme-challenge/UIZlZkHYQb8feTman4PD0he4u-ANuAPSyDWT99mcIpI

can you give me any idea?

rg305 · January 1, 2021, 11:14am

Can your first level router port forward http (port 80) ?

nemo · January 1, 2021, 11:22am

yeah, you mean port forward 80 to 443?

rg305 · January 1, 2021, 11:23am

No I mean:
80 to 80 server
443 to 443 server

rg305 · January 1, 2021, 11:24am

Not:
80 to router
443 to 443 server

nemo · January 1, 2021, 11:45am

Thank you so much. friend. Happy new year. do you have email? I would like to share you my website.

system · January 31, 2021, 11:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.