Ran with the double debug output below, looks like it doesn't like the CSR, how can I fix this? :
le64.exe --key AccountKey.key -csr "20221207 renewal request.csr" -crt domain-crt.crt --handle-as dns --generate-missing --live --debug --debug
2022/12/07 12:10:05 [ Crypt::LE client v0.38 started. ]
2022/12/07 12:10:05 Loading an account key from AccountKey.key
2022/12/07 12:10:05 Account key loaded.
2022/12/07 12:10:05 Loading a CSR from 20221207 renewal request.csr
2022/12/07 12:10:05 Loaded domain names from CSR: kitsaptransit.com, autodiscover.kitsaptransit.com, owa.kitsaptransit.com, webmail.kitsaptransit.com
2022/12/07 12:10:05 CSR loaded.
2022/12/07 12:10:05 Connecting to https://acme-v02.api.letsencrypt.org/directory
2022/12/07 12:10:07 $VAR1 = {
'reason' => 'OK',
'success' => 1,
'status' => '200',
'content' => '{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"yaGDRw5eP2M": "Adding random entries to the directory"
}',
'headers' => {
'connection' => 'keep-alive',
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT',
'content-type' => 'application/json',
'content-length' => '659',
'strict-transport-security' => 'max-age=604800',
'x-frame-options' => 'DENY',
'cache-control' => 'public, max-age=0, no-cache',
'server' => 'nginx'
},
'protocol' => 'HTTP/1.1',
'url' => 'https://acme-v02.api.letsencrypt.org/directory'
};
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/new-nonce
2022/12/07 12:10:07 $VAR1 = {
'x-frame-options' => 'DENY',
'strict-transport-security' => 'max-age=604800',
'server' => 'nginx',
'cache-control' => 'public, max-age=0, no-cache',
'replay-nonce' => 'F9771oxCVMmaaiFUJkE7a88-xi_2GLGFaVAbWjFvOcQ-SXY',
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT',
'connection' => 'keep-alive',
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"'
};
2022/12/07 12:10:07 Directory loaded successfully.
2022/12/07 12:10:07 Registering the account key
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/new-acct
2022/12/07 12:10:07 $VAR1 = {
'url' => 'https://acme-v02.api.letsencrypt.org/acme/new-acct',
'protocol' => 'HTTP/1.1',
'headers' => {
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT',
'connection' => 'keep-alive',
'boulder-requester' => '70096866',
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'content-type' => 'application/json',
'content-length' => '898',
'strict-transport-security' => 'max-age=604800',
'x-frame-options' => 'DENY',
'cache-control' => 'public, max-age=0, no-cache',
'server' => 'nginx',
'location' => 'https://acme-v02.api.letsencrypt.org/acme/acct/70096866',
'replay-nonce' => 'F977i36GMooWusjl74afSypLmPgVFJ1PpiJ0PMINDm-mBTE'
},
'content' => '{
"key": {
"kty": "RSA",
"n": "jHvzrOGnLuuNAtrlotScfmP7_3NorpFvvgWP0Adhu9xndlKfA5EbFfKLdKJFeSLWZLZ0VQJymg_L41Qa_-x841VIcd0UjETtM-wlP0xDysJUGaDU5Ud71rggy_pLUfgrPjIOnM6voPQl4lskMqVUy_a8lnGKPUbb5aZ4GHtBtpeVUKuCsuJJx5LUQnyuNJe6S8ZYvo-A-SGVUSgMzpWXsKSwWpQItcmUGrrfJ-4jmHG70f9EuXQXnbasrKz349WTXn--QTfCDsrQTL79a9wmWDopYoki3kBuDyiBy095RofD7C7Bq2_jSIm2OGQwaeqgW2WXuah4xBnjqCZebYvF-GTHB6SHDwq9tK2kcOJfqevyZ44E4yeBkhh8xwVJngbCHO88EPyXahHLHhWytJoV2I9qX40xtQ_UMjju-oCjeGwPmd7LdtqWhd3uT-u97psVWq_e9FMdUVW8Wr67j0oPy1Isu1JUGJYKIcSzOf1hdTMVs8UpfXBp0hwCSLAzy3XjDkxdxqBwofFsc2smqKjfXlmKBwdh6-aWesQw-2ouDSAdKrdo8ArSCYhsiZQA2hsQ-hlKsF-h5WxJgRsY85bYgwq4ITk0xBj215NqVpBC9i_KH2gnJ6cZaOgnlyeFj1XzHHCgRRujJpF7O2fz2XC5wBSO6e4f81JDkoPor07Jkq8",
"e": "AQAB"
},
"contact": [
"mailto:dono@kitsaptransit.com"
],
"initialIp": "207.108.221.172",
"createdAt": "2019-10-23T15:08:42Z",
"status": "valid"
}',
'status' => '200',
'success' => 1,
'reason' => 'OK'
};
2022/12/07 12:10:07 Key is already registered, reg path: https://acme-v02.api.letsencrypt.org/acme/acct/70096866.
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/acct/70096866
2022/12/07 12:10:07 $VAR1 = {
'headers' => {
'replay-nonce' => 'F977SqPG8wChpTRyi0MTZ440Stxrk29ESr3mJlTbWYhbUW8',
'cache-control' => 'public, max-age=0, no-cache',
'server' => 'nginx',
'strict-transport-security' => 'max-age=604800',
'x-frame-options' => 'DENY',
'content-length' => '898',
'link' => [
'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf;rel="terms-of-service"'
],
'boulder-requester' => '70096866',
'content-type' => 'application/json',
'connection' => 'keep-alive',
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT'
},
'content' => '{
"key": {
"kty": "RSA",
"n": "jHvzrOGnLuuNAtrlotScfmP7_3NorpFvvgWP0Adhu9xndlKfA5EbFfKLdKJFeSLWZLZ0VQJymg_L41Qa_-x841VIcd0UjETtM-wlP0xDysJUGaDU5Ud71rggy_pLUfgrPjIOnM6voPQl4lskMqVUy_a8lnGKPUbb5aZ4GHtBtpeVUKuCsuJJx5LUQnyuNJe6S8ZYvo-A-SGVUSgMzpWXsKSwWpQItcmUGrrfJ-4jmHG70f9EuXQXnbasrKz349WTXn--QTfCDsrQTL79a9wmWDopYoki3kBuDyiBy095RofD7C7Bq2_jSIm2OGQwaeqgW2WXuah4xBnjqCZebYvF-GTHB6SHDwq9tK2kcOJfqevyZ44E4yeBkhh8xwVJngbCHO88EPyXahHLHhWytJoV2I9qX40xtQ_UMjju-oCjeGwPmd7LdtqWhd3uT-u97psVWq_e9FMdUVW8Wr67j0oPy1Isu1JUGJYKIcSzOf1hdTMVs8UpfXBp0hwCSLAzy3XjDkxdxqBwofFsc2smqKjfXlmKBwdh6-aWesQw-2ouDSAdKrdo8ArSCYhsiZQA2hsQ-hlKsF-h5WxJgRsY85bYgwq4ITk0xBj215NqVpBC9i_KH2gnJ6cZaOgnlyeFj1XzHHCgRRujJpF7O2fz2XC5wBSO6e4f81JDkoPor07Jkq8",
"e": "AQAB"
},
"contact": [
"mailto:dono@kitsaptransit.com"
],
"initialIp": "207.108.221.172",
"createdAt": "2019-10-23T15:08:42Z",
"status": "valid"
}',
'reason' => 'OK',
'success' => 1,
'status' => '200',
'url' => 'https://acme-v02.api.letsencrypt.org/acme/acct/70096866',
'protocol' => 'HTTP/1.1'
};
2022/12/07 12:10:07 Account ID: 70096866
2022/12/07 12:10:07 Registration success: TOS change status - 0, new registration flag - 0.
2022/12/07 12:10:07 The key is already registered. ID: 70096866
2022/12/07 12:10:07 TOS has NOT been changed, no need to accept again.
2022/12/07 12:10:07 Current contact details: dono@kitsaptransit.com
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/new-order
2022/12/07 12:10:07 $VAR1 = {
'success' => 1,
'reason' => 'Created',
'status' => '201',
'content' => '{
"status": "ready",
"expires": "2022-12-14T19:16:17Z",
"identifiers": [
{
"type": "dns",
"value": "autodiscover.kitsaptransit.com"
},
{
"type": "dns",
"value": "kitsaptransit.com"
},
{
"type": "dns",
"value": "owa.kitsaptransit.com"
},
{
"type": "dns",
"value": "webmail.kitsaptransit.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188407",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188417",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188427",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188437"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/70096866/151302973937"
}',
'headers' => {
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'boulder-requester' => '70096866',
'content-type' => 'application/json',
'connection' => 'keep-alive',
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT',
'strict-transport-security' => 'max-age=604800',
'x-frame-options' => 'DENY',
'content-length' => '784',
'replay-nonce' => '2712MDKmENbQCr_VReYSS-vDmKVpUqhmR32XOYcd9vQYpM8',
'cache-control' => 'public, max-age=0, no-cache',
'location' => 'https://acme-v02.api.letsencrypt.org/acme/order/70096866/151302973937',
'server' => 'nginx'
},
'protocol' => 'HTTP/1.1',
'url' => 'https://acme-v02.api.letsencrypt.org/acme/new-order'
};
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/finalize/70096866/151302973937
2022/12/07 12:10:07 $VAR1 = {
'success' => '',
'reason' => 'Bad Request',
'status' => '400',
'content' => '{
"type": "urn:ietf:params:acme:error:badCSR",
"detail": "Error finalizing order :: signature algorithm not supported",
"status": 400
}',
'headers' => {
'content-type' => 'application/problem+json',
'boulder-requester' => '70096866',
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'connection' => 'keep-alive',
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT',
'content-length' => '141',
'replay-nonce' => '2712Z7a_gugH24dbb48AmBsRyIOdhwo93U5pWjl8kUTMQ2o',
'server' => 'nginx',
'cache-control' => 'public, max-age=0, no-cache'
},
'protocol' => 'HTTP/1.1',
'url' => 'https://acme-v02.api.letsencrypt.org/acme/finalize/70096866/151302973937'
};
2022/12/07 12:10:07 Could not finalize an order.
2022/12/07 12:10:07 Requesting challenge.
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188407
2022/12/07 12:10:07 $VAR1 = {
'content' => '{
"identifier": {
"type": "dns",
"value": "autodiscover.kitsaptransit.com"
},
"status": "valid",
"expires": "2023-01-06T19:20:38Z",
"challenges": [
{
"type": "dns-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/185108188407/1rmJ8w",
"token": "1AYnaZT5Kb-MpO8lnslxlyUCJsUtBBeCBP9cOUlcH0M",
"validationRecord": [
{
"hostname": "autodiscover.kitsaptransit.com"
}
],
"validated": "2022-12-07T19:20:35Z"
}
]
}',
'headers' => {
'cache-control' => 'public, max-age=0, no-cache',
'server' => 'nginx',
'replay-nonce' => 'C400YolYKHV9Ov_TiEwIrPuldE9V3GMuTGIuS-IJC_BDF34',
'content-length' => '535',
'strict-transport-security' => 'max-age=604800',
'x-frame-options' => 'DENY',
'connection' => 'keep-alive',
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT',
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'boulder-requester' => '70096866',
'content-type' => 'application/json'
},
'reason' => 'OK',
'success' => 1,
'status' => '200',
'protocol' => 'HTTP/1.1',
'url' => 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188407'
};
2022/12/07 12:10:07 Received challenges for autodiscover.kitsaptransit.com.
2022/12/07 12:10:07 Requesting challenge.
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188417
2022/12/07 12:10:07 $VAR1 = {
'reason' => 'OK',
'success' => 1,
'status' => '200',
'content' => '{
"identifier": {
"type": "dns",
"value": "kitsaptransit.com"
},
"status": "valid",
"expires": "2023-01-06T19:20:33Z",
"challenges": [
{
"type": "dns-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/185108188417/xthsAg",
"token": "Atd8whhngGcYX29xVymh59h1Q4azym5hmH-ViUgeJYM",
"validationRecord": [
{
"hostname": "kitsaptransit.com"
}
],
"validated": "2022-12-07T19:20:33Z"
}
]
}',
'headers' => {
'strict-transport-security' => 'max-age=604800',
'x-frame-options' => 'DENY',
'content-length' => '509',
'replay-nonce' => 'A5FENdiUypum4MAgIgr2LcQJQkmRXocH-EIhsF_XSwejxws',
'cache-control' => 'public, max-age=0, no-cache',
'server' => 'nginx',
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'boulder-requester' => '70096866',
'content-type' => 'application/json',
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT',
'connection' => 'keep-alive'
},
'protocol' => 'HTTP/1.1',
'url' => 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188417'
};
2022/12/07 12:10:07 Received challenges for kitsaptransit.com.
2022/12/07 12:10:07 Requesting challenge.
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188427
2022/12/07 12:10:07 $VAR1 = {
'url' => 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188427',
'protocol' => 'HTTP/1.1',
'success' => 1,
'status' => '200',
'reason' => 'OK',
'headers' => {
'cache-control' => 'public, max-age=0, no-cache',
'server' => 'nginx',
'replay-nonce' => '271211GqnCBBzP6rLeuYIZDFpsfDeO6LV3EAIUpPoocatJ0',
'content-length' => '517',
'strict-transport-security' => 'max-age=604800',
'x-frame-options' => 'DENY',
'date' => 'Wed, 07 Dec 2022 20:10:07 GMT',
'connection' => 'keep-alive',
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'boulder-requester' => '70096866',
'content-type' => 'application/json'
},
'content' => '{
"identifier": {
"type": "dns",
"value": "owa.kitsaptransit.com"
},
"status": "valid",
"expires": "2023-01-06T19:20:40Z",
"challenges": [
{
"type": "dns-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/185108188427/zDgcng",
"token": "dhx8S8o7Eut7VyDA7gOWxT_LJuRtDw4KWza9xIT3tpA",
"validationRecord": [
{
"hostname": "owa.kitsaptransit.com"
}
],
"validated": "2022-12-07T19:20:40Z"
}
]
}'
};
2022/12/07 12:10:07 Received challenges for owa.kitsaptransit.com.
2022/12/07 12:10:07 Requesting challenge.
2022/12/07 12:10:07 Connecting to https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188437
2022/12/07 12:10:08 $VAR1 = {
'success' => 1,
'status' => '200',
'reason' => 'OK',
'headers' => {
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'boulder-requester' => '70096866',
'content-type' => 'application/json',
'connection' => 'keep-alive',
'date' => 'Wed, 07 Dec 2022 20:10:08 GMT',
'replay-nonce' => 'F977fnAs76Oh2afzIZSJsT-3swJ9WKl0EXjdh7xjDMNwLA0',
'cache-control' => 'public, max-age=0, no-cache',
'server' => 'nginx',
'strict-transport-security' => 'max-age=604800',
'x-frame-options' => 'DENY',
'content-length' => '525'
},
'content' => '{
"identifier": {
"type": "dns",
"value": "webmail.kitsaptransit.com"
},
"status": "valid",
"expires": "2023-01-06T19:20:42Z",
"challenges": [
{
"type": "dns-01",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/185108188437/9tz9LQ",
"token": "tu200AmFP6rKJ0BGmvyQV0TIu2ZlQ1DDwzmNe2y_8mM",
"validationRecord": [
{
"hostname": "webmail.kitsaptransit.com"
}
],
"validated": "2022-12-07T19:20:42Z"
}
]
}',
'url' => 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/185108188437',
'protocol' => 'HTTP/1.1'
};
2022/12/07 12:10:08 Received challenges for webmail.kitsaptransit.com.
2022/12/07 12:10:08 Requested challenges for 4 domain(s).
2022/12/07 12:10:08 Domain kitsaptransit.com has been already validated, skipping.
2022/12/07 12:10:08 Domain autodiscover.kitsaptransit.com has been already validated, skipping.
2022/12/07 12:10:08 Domain owa.kitsaptransit.com has been already validated, skipping.
2022/12/07 12:10:08 Domain webmail.kitsaptransit.com has been already validated, skipping.
2022/12/07 12:10:08 There are no domains for which challenges need to be accepted.
2022/12/07 12:10:08 Connecting to https://acme-v02.api.letsencrypt.org/directory
2022/12/07 12:10:08 $VAR1 = {
'protocol' => 'HTTP/1.1',
'url' => 'https://acme-v02.api.letsencrypt.org/directory',
'content' => '{
"7I4uaY5GNtA": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}',
'headers' => {
'content-type' => 'application/json',
'date' => 'Wed, 07 Dec 2022 20:10:08 GMT',
'connection' => 'keep-alive',
'server' => 'nginx',
'cache-control' => 'public, max-age=0, no-cache',
'x-frame-options' => 'DENY',
'strict-transport-security' => 'max-age=604800',
'content-length' => '659'
},
'reason' => 'OK',
'success' => 1,
'status' => '200'
};
2022/12/07 12:10:08 Connecting to https://acme-v02.api.letsencrypt.org/acme/new-nonce
2022/12/07 12:10:08 $VAR1 = {
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'connection' => 'keep-alive',
'date' => 'Wed, 07 Dec 2022 20:10:08 GMT',
'replay-nonce' => 'C400T2Spj6RKebkPfkJ0SWomykw_ZG_gNXgWYXfq7_36lkQ',
'server' => 'nginx',
'cache-control' => 'public, max-age=0, no-cache',
'x-frame-options' => 'DENY',
'strict-transport-security' => 'max-age=604800'
};
2022/12/07 12:10:08 Directory loaded successfully.
2022/12/07 12:10:08 There are no active challenges to verify
2022/12/07 12:10:08 Requesting domain certificate.
2022/12/07 12:10:08 Connecting to https://acme-v02.api.letsencrypt.org/acme/finalize/70096866/151302973937
2022/12/07 12:10:08 $VAR1 = {
'protocol' => 'HTTP/1.1',
'url' => 'https://acme-v02.api.letsencrypt.org/acme/finalize/70096866/151302973937',
'success' => '',
'reason' => 'Bad Request',
'status' => '400',
'content' => '{
"type": "urn:ietf:params:acme:error:badCSR",
"detail": "Error finalizing order :: signature algorithm not supported",
"status": 400
}',
'headers' => {
'content-length' => '141',
'cache-control' => 'public, max-age=0, no-cache',
'server' => 'nginx',
'replay-nonce' => '2712-J_0HCvyfPWkSPQ5BJ6YxltPKP1kbCQiE2w3Jmki6r4',
'date' => 'Wed, 07 Dec 2022 20:10:08 GMT',
'connection' => 'keep-alive',
'boulder-requester' => '70096866',
'link' => 'https://acme-v02.api.letsencrypt.org/directory;rel="index"',
'content-type' => 'application/problem+json'
}
};
2022/12/07 12:10:08 Could not finalize an order.
2022/12/07 12:10:08 Could not finalize an order.