Comments (19)
yes, adding it
from acme.sh.
$ ./acme.sh --staging --issue -d acmesh.imperialus.house --dns dns_cf --keylength ec-256
$ ./acme.sh --staging --issue -d acmesh.imperialus.house --dns dns_cf --keylength ec-256 --ecc
Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
from acme.sh.
Show me your version:
acme.sh -v
from acme.sh.
@FernandoMiguel
Did you manually change the account.key to a ECC key ?
from acme.sh.
Didn't charge anything, was just trying to generate an elliptic curve key instead of rsa.
Couldn't find exact documentation for it, except those two commands in -h
Please advise
from acme.sh.
Paste the debug log here:
https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
from acme.sh.
$ ./acme.sh --staging --issue -d acmeshEC256.imperialus.house --dns dns_cf --keylength ec-256 --debug
[Thu 22 Sep 2016 11:01:47 BST] Lets guess script dir.
[Thu 22 Sep 2016 11:01:47 BST] SCRIPT='./acme.sh'
[Thu 22 Sep 2016 11:01:47 BST] _script
[Thu 22 Sep 2016 11:01:47 BST] _script_home='.'
[Thu 22 Sep 2016 11:01:47 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 11:01:47 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 11:01:47 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmeshEC256.imperialus.house_ecc'
[Thu 22 Sep 2016 11:01:47 BST] RSA key
[Thu 22 Sep 2016 11:01:48 BST] Skip register account key
[Thu 22 Sep 2016 11:01:48 BST] Read key length:ec-256
[Thu 22 Sep 2016 11:01:48 BST] Creating domain key
[Thu 22 Sep 2016 11:01:49 BST] Use length 256
[Thu 22 Sep 2016 11:01:49 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 11:01:49 BST] _createcsr
[Thu 22 Sep 2016 11:01:49 BST] Single domain='acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:49 BST] Verify each domain
[Thu 22 Sep 2016 11:01:49 BST] Getting webroot for domain='acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:49 BST] _w='dns_cf'
[Thu 22 Sep 2016 11:01:49 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 11:01:49 BST] Getting token for domain='acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:49 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:01:49 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmeshEC256.imperialus.house"}}'
[Thu 22 Sep 2016 11:01:49 BST] RSA key
[Thu 22 Sep 2016 11:01:50 BST] GET
[Thu 22 Sep 2016 11:01:50 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 11:01:50 BST] timeout
[Thu 22 Sep 2016 11:01:50 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:51 BST] ret='0'
[Thu 22 Sep 2016 11:01:51 BST] POST
[Thu 22 Sep 2016 11:01:51 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:01:51 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:52 BST] _ret='0'
[Thu 22 Sep 2016 11:01:52 BST] code='201'
[Thu 22 Sep 2016 11:01:52 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22gx5ZXXX"'
[Thu 22 Sep 2016 11:01:52 BST] token='-MtU9K4YXXX'
[Thu 22 Sep 2016 11:01:52 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22gxXXX'
[Thu 22 Sep 2016 11:01:52 BST] keyauthorization='-MtU9K4YEyXXX'
[Thu 22 Sep 2016 11:01:52 BST] dvlist='acmeshEC256.imperialus.house#-MtU9K4YEyMhhwvXXXX#https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22XXXX/14975275#dns-01#dns_cf'
[Thu 22 Sep 2016 11:01:52 BST] txtdomain='_acme-challenge.acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:52 BST] txt='KA_oYXXX'
[Thu 22 Sep 2016 11:01:52 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 11:01:52 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 11:01:52 BST] First detect the root zone
[Thu 22 Sep 2016 11:01:52 BST] zones?name=acmeshEC256.imperialus.house
[Thu 22 Sep 2016 11:01:52 BST] GET
[Thu 22 Sep 2016 11:01:52 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:52 BST] timeout
[Thu 22 Sep 2016 11:01:52 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:53 BST] ret='0'
[Thu 22 Sep 2016 11:01:53 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 11:01:53 BST] GET
[Thu 22 Sep 2016 11:01:53 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 11:01:53 BST] timeout
[Thu 22 Sep 2016 11:01:53 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:54 BST] ret='0'
[Thu 22 Sep 2016 11:01:54 BST] _domain_id='XXX'
[Thu 22 Sep 2016 11:01:54 BST] _sub_domain='_acme-challenge.acmeshEC256'
[Thu 22 Sep 2016 11:01:54 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 11:01:54 BST] Getting txt records
[Thu 22 Sep 2016 11:01:54 BST] zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC256.imperialus.house
[Thu 22 Sep 2016 11:01:54 BST] GET
[Thu 22 Sep 2016 11:01:54 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:54 BST] timeout
[Thu 22 Sep 2016 11:01:54 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:55 BST] ret='0'
[Thu 22 Sep 2016 11:01:55 BST] count='0'
[Thu 22 Sep 2016 11:01:55 BST] Adding record
[Thu 22 Sep 2016 11:01:55 BST] zones/XXX/dns_records
[Thu 22 Sep 2016 11:01:55 BST] data='{"type":"TXT","name":"_acme-challenge.acmeshEC256.imperialus.house","content":"XXX-XXX","ttl":120}'
[Thu 22 Sep 2016 11:01:55 BST] POST
[Thu 22 Sep 2016 11:01:55 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records'
[Thu 22 Sep 2016 11:01:55 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:56 BST] _ret='0'
[Thu 22 Sep 2016 11:01:56 BST] Add txt record error.
[Thu 22 Sep 2016 11:01:56 BST] Error add txt for domain:_acme-challenge.acmeshEC256.imperialus.house
[Thu 22 Sep 2016 11:01:56 BST] pid
FYI, this subdomain didnt exist prior to run this command , not sure if an A record is required
from acme.sh.
add --debug 2
from acme.sh.
I hope i've removed all API keys, but let me know if i'm exposing something that needs to be revoked.
$ ./acme.sh --staging --issue -d acmeshEC2562.imperialus.house --dns dns_cf --keylength ec-256 --debug 2
[Thu 22 Sep 2016 11:31:33 BST] Lets guess script dir.
[Thu 22 Sep 2016 11:31:33 BST] _SCRIPT_='./acme.sh'
[Thu 22 Sep 2016 11:31:33 BST] _script
[Thu 22 Sep 2016 11:31:33 BST] _script_home='.'
[Thu 22 Sep 2016 11:31:33 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 11:31:33 BST] 20:USER_AGENT=""
[Thu 22 Sep 2016 11:31:33 BST] 6:ACCOUNT_EMAIL=""
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 11:31:33 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 11:31:33 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc'
[Thu 22 Sep 2016 11:31:33 BST] 1:Le_Domain="acmeshEC2562.imperialus.house"
[Thu 22 Sep 2016 11:31:33 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 11:31:33 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 11:31:33 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 11:31:33 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 11:31:33 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 11:31:33 BST] RSA key
[Thu 22 Sep 2016 11:31:35 BST] Registering account
[Thu 22 Sep 2016 11:31:35 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 11:31:35 BST] payload='{"resource": "new-reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Thu 22 Sep 2016 11:31:35 BST] RSA key
[Thu 22 Sep 2016 11:31:36 BST] GET
[Thu 22 Sep 2016 11:31:36 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 11:31:36 BST] timeout
[Thu 22 Sep 2016 11:31:36 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXX/T/tmp.kiSFJLeV '
[Thu 22 Sep 2016 11:31:37 BST] ret='0'
[Thu 22 Sep 2016 11:31:37 BST] POST
[Thu 22 Sep 2016 11:31:37 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 11:31:37 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXX"}'
[Thu 22 Sep 2016 11:31:37 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXX/T/tmp.OCjDMxuf '
[Thu 22 Sep 2016 11:31:38 BST] _ret='0'
[Thu 22 Sep 2016 11:31:38 BST] original='{
"type": "urn:acme:error:malformed",
"detail": "Registration key is already in use",
"status": 409
}'
[Thu 22 Sep 2016 11:31:38 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 10:31:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Location: https://acme-staging.api.letsencrypt.org/acme/reg/340385
Replay-Nonce: XXX
Expires: Thu, 22 Sep 2016 10:31:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 10:31:38 GMT
Connection: close
'
[Thu 22 Sep 2016 11:31:38 BST] response='{"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status": 409}'
[Thu 22 Sep 2016 11:31:38 BST] code='409'
[Thu 22 Sep 2016 11:31:38 BST] Already registered
[Thu 22 Sep 2016 11:31:38 BST] 18:ACCOUNT_KEY_HASH="H/XX="
[Thu 22 Sep 2016 11:31:38 BST] Read key length:ec-256
[Thu 22 Sep 2016 11:31:38 BST] Creating domain key
[Thu 22 Sep 2016 11:31:38 BST] Use length 256
[Thu 22 Sep 2016 11:31:38 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 11:31:38 BST] _createcsr
[Thu 22 Sep 2016 11:31:38 BST] domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] domainlist
[Thu 22 Sep 2016 11:31:38 BST] csrkey='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.key'
[Thu 22 Sep 2016 11:31:38 BST] csr='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.csr'
[Thu 22 Sep 2016 11:31:38 BST] csrconf='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.csr.conf'
[Thu 22 Sep 2016 11:31:38 BST] Single domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 11:31:38 BST] Verify each domain
[Thu 22 Sep 2016 11:31:38 BST] Getting webroot for domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] _w='dns_cf'
[Thu 22 Sep 2016 11:31:38 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 11:31:38 BST] Getting token for domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:31:38 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmeshEC2562.imperialus.house"}}'
[Thu 22 Sep 2016 11:31:38 BST] RSA key
[Thu 22 Sep 2016 11:31:40 BST] GET
[Thu 22 Sep 2016 11:31:40 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 11:31:40 BST] timeout
[Thu 22 Sep 2016 11:31:40 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXX/T/tmp.laRSV7dp '
[Thu 22 Sep 2016 11:31:40 BST] ret='0'
[Thu 22 Sep 2016 11:31:40 BST] POST
[Thu 22 Sep 2016 11:31:40 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:31:40 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "XXX"}'
[Thu 22 Sep 2016 11:31:40 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXX/T/tmp.ls8WBqsS '
[Thu 22 Sep 2016 11:31:41 BST] _ret='0'
[Thu 22 Sep 2016 11:31:41 BST] original='{
"identifier": {
"type": "dns",
"value": "acmeshec2562.imperialus.house"
},
"status": "pending",
"expires": "2016-09-29T10:31:41.844001602Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XX",
"token": "SII4LwmkELXXX"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX",
"token": "iODhfz6bEVmtXXXX"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XX",
"token": "qlTeMeXXX"
}
],
"combinations": [
[
0
],
[
1
],
[
2
]
]
}'
[Thu 22 Sep 2016 11:31:41 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 10:31:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1023
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/XXX
Replay-Nonce: XXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 10:31:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 10:31:41 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 11:31:42 BST] response='{"identifier":{"type":"dns","value":"acmeshec2562.imperialus.house"},"status":"pending","expires":"2016-09-29T10:31:41.844001602Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/XXXX}],"combinations":[[0],[1],[2]]}'
[Thu 22 Sep 2016 11:31:42 BST] code='201'
[Thu 22 Sep 2016 11:31:42 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX","token":"XXX"'
[Thu 22 Sep 2016 11:31:42 BST] token='XXX'
[Thu 22 Sep 2016 11:31:42 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XX/XXX'
[Thu 22 Sep 2016 11:31:42 BST] keyauthorization='XXX.XXX'
[Thu 22 Sep 2016 11:31:42 BST] dvlist='acmeshEC2562.imperialus.house#XXX.XX#https://acme-staging.api.letsencrypt.org/acme/challenge/XX/XXX#dns-01#dns_cf'
[Thu 22 Sep 2016 11:31:42 BST] txtdomain='_acme-challenge.acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:42 BST] txt='XXX-XXX'
[Thu 22 Sep 2016 11:31:42 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 11:31:42 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 11:31:42 BST] 28:CF_Key="XX"
[Thu 22 Sep 2016 11:31:42 BST] 30:CF_Email="XXX"
[Thu 22 Sep 2016 11:31:42 BST] First detect the root zone
[Thu 22 Sep 2016 11:31:42 BST] zones?name=acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:42 BST] GET
[Thu 22 Sep 2016 11:31:42 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:42 BST] timeout
[Thu 22 Sep 2016 11:31:42 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXX/T/tmp.HymEP1uA '
[Thu 22 Sep 2016 11:31:43 BST] ret='0'
[Thu 22 Sep 2016 11:31:43 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:43 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 11:31:43 BST] GET
[Thu 22 Sep 2016 11:31:43 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 11:31:43 BST] timeout
[Thu 22 Sep 2016 11:31:43 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXX/T/tmp.pKhvJjr1 '
[Thu 22 Sep 2016 11:31:44 BST] ret='0'
[Thu 22 Sep 2016 11:31:44 BST] response='{"result":[{"id":"XXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T10:24:57.680746Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXXX","email":"XXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"0feeeeeeeeeeeeeeeeeeeeeeeeeeeeee","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:44 BST] _domain_id='XXX'
[Thu 22 Sep 2016 11:31:44 BST] _sub_domain='_acme-challenge.acmeshEC2562'
[Thu 22 Sep 2016 11:31:44 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 11:31:44 BST] Getting txt records
[Thu 22 Sep 2016 11:31:44 BST] zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:44 BST] GET
[Thu 22 Sep 2016 11:31:44 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:44 BST] timeout
[Thu 22 Sep 2016 11:31:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.2zCoSfTi '
[Thu 22 Sep 2016 11:31:44 BST] ret='0'
[Thu 22 Sep 2016 11:31:44 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:44 BST] count='0'
[Thu 22 Sep 2016 11:31:44 BST] Adding record
[Thu 22 Sep 2016 11:31:44 BST] zones/XXX/dns_records
[Thu 22 Sep 2016 11:31:44 BST] data='{"type":"TXT","name":"_acme-challenge.acmeshEC2562.imperialus.house","content":"XXX-XX","ttl":120}'
[Thu 22 Sep 2016 11:31:44 BST] POST
[Thu 22 Sep 2016 11:31:44 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records'
[Thu 22 Sep 2016 11:31:44 BST] body='{"type":"TXT","name":"_acme-challenge.acmeshEC2562.imperialus.house","content":"XXX-XX","ttl":120}'
[Thu 22 Sep 2016 11:31:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXX/T/tmp.sUM6UiC7 '
[Thu 22 Sep 2016 11:31:45 BST] _ret='0'
[Thu 22 Sep 2016 11:31:45 BST] response='{"result":{"id":"XXX","type":"TXT","name":"_acme-challenge.acmeshec2562.imperialus.house","content":"XXX-XXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"XXX","zone_name":"imperialus.house","modified_on":"2016-09-22T10:31:45.632349Z","created_on":"2016-09-22T10:31:45.632349Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:45 BST] Add txt record error.
[Thu 22 Sep 2016 11:31:45 BST] Error add txt for domain:_acme-challenge.acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:45 BST] pid
from acme.sh.
@FernandoMiguel
I made a fix: cfdaff5
Please upgrade to latest code and try again:
acme.sh --upgrade
from acme.sh.
$ ./acme.sh --staging --issue -d acmesh2565.imperialus.house --dns dns_cf --keylength ec-256 --debug 2
[Thu 22 Sep 2016 13:52:39 BST] Lets guess script dir.
[Thu 22 Sep 2016 13:52:39 BST] _SCRIPT_='./acme.sh'
[Thu 22 Sep 2016 13:52:39 BST] _script
[Thu 22 Sep 2016 13:52:39 BST] _script_home='.'
[Thu 22 Sep 2016 13:52:39 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 13:52:39 BST] 20:USER_AGENT=""
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 13:52:39 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 13:52:39 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc'
[Thu 22 Sep 2016 13:52:39 BST] 1:Le_Domain="acmesh2565.imperialus.house"
[Thu 22 Sep 2016 13:52:39 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 13:52:39 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 13:52:39 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 13:52:39 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 13:52:39 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 13:52:39 BST] RSA key
[Thu 22 Sep 2016 13:52:41 BST] Registering account
[Thu 22 Sep 2016 13:52:41 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 13:52:41 BST] payload='{"resource": "new-reg", "contact": ["mailto: [email protected]"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Thu 22 Sep 2016 13:52:41 BST] RSA key
[Thu 22 Sep 2016 13:52:42 BST] GET
[Thu 22 Sep 2016 13:52:42 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:52:42 BST] timeout
[Thu 22 Sep 2016 13:52:42 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.tUBFIFoD '
[Thu 22 Sep 2016 13:52:43 BST] ret='0'
[Thu 22 Sep 2016 13:52:43 BST] POST
[Thu 22 Sep 2016 13:52:43 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 13:52:43 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXXX"}'
[Thu 22 Sep 2016 13:52:43 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.8fADt6I1 '
[Thu 22 Sep 2016 13:52:44 BST] _ret='0'
[Thu 22 Sep 2016 13:52:44 BST] original='{
"type": "urn:acme:error:malformed",
"detail": "Registration key is already in use",
"status": 409
}'
[Thu 22 Sep 2016 13:52:44 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:52:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Request-Id: Mle4VXXX
Boulder-Requester: 340385
Location: https://acme-staging.api.letsencrypt.org/acme/reg/340385
Replay-Nonce: XXXX
Expires: Thu, 22 Sep 2016 12:52:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:52:44 GMT
Connection: close
'
[Thu 22 Sep 2016 13:52:44 BST] response='{"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status": 409}'
[Thu 22 Sep 2016 13:52:44 BST] code='409'
[Thu 22 Sep 2016 13:52:44 BST] Already registered
[Thu 22 Sep 2016 13:52:44 BST] 18:ACCOUNT_KEY_HASH="XXXX="
[Thu 22 Sep 2016 13:52:44 BST] Read key length:ec-256
[Thu 22 Sep 2016 13:52:44 BST] Creating domain key
[Thu 22 Sep 2016 13:52:44 BST] Use length 256
[Thu 22 Sep 2016 13:52:44 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 13:52:44 BST] _createcsr
[Thu 22 Sep 2016 13:52:44 BST] domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] domainlist
[Thu 22 Sep 2016 13:52:44 BST] csrkey='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.key'
[Thu 22 Sep 2016 13:52:44 BST] csr='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.csr'
[Thu 22 Sep 2016 13:52:44 BST] csrconf='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.csr.conf'
[Thu 22 Sep 2016 13:52:44 BST] Single domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 13:52:44 BST] Verify each domain
[Thu 22 Sep 2016 13:52:44 BST] Getting webroot for domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] _w='dns_cf'
[Thu 22 Sep 2016 13:52:44 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 13:52:44 BST] Getting token for domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 13:52:44 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmesh2565.imperialus.house"}}'
[Thu 22 Sep 2016 13:52:44 BST] RSA key
[Thu 22 Sep 2016 13:52:46 BST] GET
[Thu 22 Sep 2016 13:52:46 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:52:46 BST] timeout
[Thu 22 Sep 2016 13:52:46 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.UBCpiWgT '
[Thu 22 Sep 2016 13:52:47 BST] ret='0'
[Thu 22 Sep 2016 13:52:47 BST] POST
[Thu 22 Sep 2016 13:52:47 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 13:52:47 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "XXX"}'
[Thu 22 Sep 2016 13:52:47 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.HxhW0X3Y '
[Thu 22 Sep 2016 13:52:48 BST] _ret='0'
[Thu 22 Sep 2016 13:52:48 BST] original='{
"identifier": {
"type": "dns",
"value": "acmesh2565.imperialus.house"
},
"status": "pending",
"expires": "2016-09-29T12:52:47.934326806Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX",
"token": "XXXX"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX",
"token": "XXX"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/IK_e3RGFc7XXX",
"token": "tJn4RXXX"
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}'
[Thu 22 Sep 2016 13:52:48 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:52:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1021
Boulder-Request-Id: XXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/XXXX
Replay-Nonce: _FM5YZXXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 12:52:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:52:48 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 13:52:48 BST] response='{"identifier":{"type":"dns","value":"acmesh2565.imperialus.house"},"status":"pending","expires":"2016-09-29T12:52:47.934326806Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX","token":"XXXX"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993884","token":"tJn4RmXXX"}],"combinations":[[0],[2],[1]]}'
[Thu 22 Sep 2016 13:52:48 BST] code='201'
[Thu 22 Sep 2016 13:52:48 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX"'
[Thu 22 Sep 2016 13:52:48 BST] token='-MLCOWF6kXXX'
[Thu 22 Sep 2016 13:52:48 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:52:48 BST] keyauthorization='-MLCXXX'
[Thu 22 Sep 2016 13:52:48 BST] dvlist='acmesh2565.imperialus.house#-MLCOWXXXX#https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883#dns-01#dns_cf'
[Thu 22 Sep 2016 13:52:48 BST] txtdomain='_acme-challenge.acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:48 BST] txt='XXXX'
[Thu 22 Sep 2016 13:52:48 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 13:52:48 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 13:52:48 BST] 28:CF_Key="XXXX"
[Thu 22 Sep 2016 13:52:48 BST] 30:CF_Email="XXXX"
[Thu 22 Sep 2016 13:52:48 BST] First detect the root zone
[Thu 22 Sep 2016 13:52:48 BST] zones?name=acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:52:48 BST] GET
[Thu 22 Sep 2016 13:52:48 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:48 BST] timeout
[Thu 22 Sep 2016 13:52:48 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.vBbJkPvN '
[Thu 22 Sep 2016 13:52:48 BST] ret='0'
[Thu 22 Sep 2016 13:52:48 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:48 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 13:52:49 BST] GET
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] timeout
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.erxtJZKg '
[Thu 22 Sep 2016 13:52:49 BST] ret='0'
[Thu 22 Sep 2016 13:52:49 BST] response='{"result":[{"id":"XXXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T12:50:45.268289Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXX","email":"XXXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"XXX","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:49 BST] _domain_id='XXXX'
[Thu 22 Sep 2016 13:52:49 BST] _sub_domain='_acme-challenge.acmesh2565'
[Thu 22 Sep 2016 13:52:49 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] Getting txt records
[Thu 22 Sep 2016 13:52:49 BST] zones/XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:52:49 BST] GET
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones/XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] timeout
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.tilQpVoO '
[Thu 22 Sep 2016 13:52:49 BST] ret='0'
[Thu 22 Sep 2016 13:52:49 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:49 BST] count='0'
[Thu 22 Sep 2016 13:52:49 BST] Adding record
[Thu 22 Sep 2016 13:52:49 BST] zones/XXXX/dns_records
[Thu 22 Sep 2016 13:52:49 BST] data='{"type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","ttl":120}'
[Thu 22 Sep 2016 13:52:49 BST] POST
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones/XXXX/dns_records'
[Thu 22 Sep 2016 13:52:49 BST] body='{"type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","ttl":120}'
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.vbJsjUvv '
[Thu 22 Sep 2016 13:52:50 BST] _ret='0'
[Thu 22 Sep 2016 13:52:50 BST] response='{"result":{"id":"XXXX","type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"XXXX","zone_name":"imperialus.house","modified_on":"2016-09-22T12:52:50.187501Z","created_on":"2016-09-22T12:52:50.187501Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:50 BST] Added, sleeping 10 seconds
[Thu 22 Sep 2016 13:53:00 BST] Sleep 10 seconds for the txt records to take effect
[Thu 22 Sep 2016 13:53:10 BST] ok, let's start to verify
[Thu 22 Sep 2016 13:53:10 BST] Verifying:acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:53:10 BST] d='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:53:10 BST] keyauthorization='-MLCOWXXXX'
[Thu 22 Sep 2016 13:53:10 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:10 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 13:53:10 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:10 BST] payload='{"resource": "challenge", "keyAuthorization": "-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:10 BST] RSA key
[Thu 22 Sep 2016 13:53:12 BST] GET
[Thu 22 Sep 2016 13:53:12 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:53:12 BST] timeout
[Thu 22 Sep 2016 13:53:12 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.nmsSlYiH '
[Thu 22 Sep 2016 13:53:12 BST] ret='0'
[Thu 22 Sep 2016 13:53:12 BST] POST
[Thu 22 Sep 2016 13:53:12 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:12 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXXX"}}, "protected": "XXX", "payload": "XXX", "signature": "XXX-ZC"}'
[Thu 22 Sep 2016 13:53:12 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.v04YMPvs '
[Thu 22 Sep 2016 13:53:13 BST] _ret='0'
[Thu 22 Sep 2016 13:53:13 BST] original='{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883",
"token": "-XXXX",
"keyAuthorization": "-MLCOWXXXX"
}'
[Thu 22 Sep 2016 13:53:13 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:53:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/XXXX>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883
Replay-Nonce: XXXX
Expires: Thu, 22 Sep 2016 12:53:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:53:13 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 13:53:13 BST] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX","keyAuthorization":"-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:13 BST] code='202'
[Thu 22 Sep 2016 13:53:13 BST] sleep 5 secs to verify
[Thu 22 Sep 2016 13:53:18 BST] checking
[Thu 22 Sep 2016 13:53:18 BST] GET
[Thu 22 Sep 2016 13:53:18 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:18 BST] timeout
[Thu 22 Sep 2016 13:53:18 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/XXXX/T/tmp.PnYcF233 '
[Thu 22 Sep 2016 13:53:19 BST] ret='0'
[Thu 22 Sep 2016 13:53:19 BST] original='{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Correct value not found for DNS challenge",
"status": 403
},
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883",
"token": "-XXXX",
"keyAuthorization": "-MLCOWXXXX"
}'
[Thu 22 Sep 2016 13:53:19 BST] response='{"type":"dns-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Correct value not found for DNS challenge","status": 403},"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX","keyAuthorization":"-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:19 BST] error='"error":{"type":"urn:acme:error:unauthorized","detail":"Correct value not found for DNS challenge","status": 403}'
[Thu 22 Sep 2016 13:53:19 BST] errordetail='Correct value not found for DNS challenge'
[Thu 22 Sep 2016 13:53:19 BST] acmesh2565.imperialus.house:Verify error:Correct value not found for DNS challenge
[Thu 22 Sep 2016 13:53:19 BST] Skip for removelevel:
[Thu 22 Sep 2016 13:53:19 BST] pid
from acme.sh.
@FernandoMiguel
Can you please log in to your cloudflare account to see if the txt record is added successfully?
_acme-challenge.acmesh2565.imperialus.house
from acme.sh.
$ alias acme.sh="/Users/Fernando/.acme.sh/acme.sh"
$ acme.sh --staging --issue -d acmesh2566.imperialus.house --dns dns_cf --keylength ec-256
[Thu 22 Sep 2016 14:27:30 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 14:27:31 BST] Skip register account key
[Thu 22 Sep 2016 14:27:31 BST] Creating domain key
[Thu 22 Sep 2016 14:27:31 BST] Single domain='acmesh2566.imperialus.house'
[Thu 22 Sep 2016 14:27:31 BST] Verify each domain
[Thu 22 Sep 2016 14:27:31 BST] Getting webroot for domain='acmesh2566.imperialus.house'
[Thu 22 Sep 2016 14:27:31 BST] Getting token for domain='acmesh2566.imperialus.house'
[Thu 22 Sep 2016 14:27:34 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 14:27:37 BST] Adding record
[Thu 22 Sep 2016 14:27:38 BST] Added, sleeping 10 seconds
[Thu 22 Sep 2016 14:27:48 BST] Sleep 10 seconds for the txt records to take effect
[Thu 22 Sep 2016 14:27:58 BST] Verifying:acmesh2566.imperialus.house
[Thu 22 Sep 2016 14:28:07 BST] Success
[Thu 22 Sep 2016 14:28:07 BST] Verify finished, start to sign.
[Thu 22 Sep 2016 14:28:10 BST] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
from acme.sh.
--debug 2
from acme.sh.
$ dig TXT _acme-challenge.acmesh2567.imperialus.house +short
"zpBADYWquyZfXXXX"
$ acme.sh --staging --issue -d acmesh2567.imperialus.house --dns dns_cf --keylength ec-256 --debug 2
[Thu 22 Sep 2016 19:30:22 BST] Lets guess script dir.
[Thu 22 Sep 2016 19:30:22 BST] _SCRIPT_='/Users/Fernando/.acme.sh/acme.sh'
[Thu 22 Sep 2016 19:30:22 BST] _script
[Thu 22 Sep 2016 19:30:22 BST] _script_home='.'
[Thu 22 Sep 2016 19:30:22 BST] It seems that acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 19:30:22 BST] 20:USER_AGENT=""
[Thu 22 Sep 2016 19:30:22 BST] 6:ACCOUNT_EMAIL="XXXX"
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 19:30:22 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 19:30:22 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc'
[Thu 22 Sep 2016 19:30:22 BST] 1:Le_Domain="acmesh2567.imperialus.house"
[Thu 22 Sep 2016 19:30:22 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 19:30:22 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 19:30:22 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 19:30:22 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 19:30:22 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 19:30:22 BST] RSA key
[Thu 22 Sep 2016 19:30:24 BST] Skip register account key
[Thu 22 Sep 2016 19:30:24 BST] Read key length:ec-256
[Thu 22 Sep 2016 19:30:24 BST] Creating domain key
[Thu 22 Sep 2016 19:30:24 BST] Use length 256
[Thu 22 Sep 2016 19:30:24 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 19:30:24 BST] _createcsr
[Thu 22 Sep 2016 19:30:24 BST] domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] domainlist
[Thu 22 Sep 2016 19:30:24 BST] csrkey='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.key'
[Thu 22 Sep 2016 19:30:24 BST] csr='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.csr'
[Thu 22 Sep 2016 19:30:24 BST] csrconf='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.csr.conf'
[Thu 22 Sep 2016 19:30:24 BST] Single domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 19:30:24 BST] Verify each domain
[Thu 22 Sep 2016 19:30:24 BST] Getting webroot for domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] _w='dns_cf'
[Thu 22 Sep 2016 19:30:24 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 19:30:24 BST] Getting new-authz for domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 19:30:24 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmesh2567.imperialus.house"}}'
[Thu 22 Sep 2016 19:30:24 BST] RSA key
[Thu 22 Sep 2016 19:30:26 BST] GET
[Thu 22 Sep 2016 19:30:26 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:30:26 BST] timeout
[Thu 22 Sep 2016 19:30:26 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.KJQAdPZv '
[Thu 22 Sep 2016 19:30:27 BST] ret='0'
[Thu 22 Sep 2016 19:30:27 BST] POST
[Thu 22 Sep 2016 19:30:27 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 19:30:27 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB--S---XXXX"}}, "protected": "eyJuXXXX", "payload": "eyJyXXXX", "signature": "FypNZ_XXX"}'
[Thu 22 Sep 2016 19:30:27 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.KNtxJfNd '
[Thu 22 Sep 2016 19:30:28 BST] _ret='0'
[Thu 22 Sep 2016 19:30:28 BST] original='{
"identifier": {
"type": "dns",
"value": "acmesh2567.imperialus.house"
},
"status": "pending",
"expires": "2016-09-29T18:30:28.046026987Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX/15029723",
"token": "ifzlkDXXXX"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029724",
"token": "Ym_jLwV_PXXXXX"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029725",
"token": "ffCxV_jJMpXXXX"
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}'
[Thu 22 Sep 2016 19:30:28 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:30:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1021
Boulder-Request-Id: 8RofDXXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/EblzXXXX
Replay-Nonce: RNK_DEXXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 18:30:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:30:28 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 19:30:28 BST] response='{"identifier":{"type":"dns","value":"acmesh2567.imperialus.house"},"status":"pending","expires":"2016-09-29T18:30:28.046026987Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029724","token":"Ym_jLwV_PXXXXX"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029725","token":"ffCxV_jJMpXXXX"}],"combinations":[[0],[2],[1]]}'
[Thu 22 Sep 2016 19:30:28 BST] code='201'
[Thu 22 Sep 2016 19:30:28 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX"'
[Thu 22 Sep 2016 19:30:28 BST] token='ifzlkDXXXX'
[Thu 22 Sep 2016 19:30:28 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:30:28 BST] keyauthorization='ifzlkDXXXX.XXXX'
[Thu 22 Sep 2016 19:30:28 BST] dvlist='acmesh2567.imperialus.house#ifzlkDXXXX.XXXXo#https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX#dns-01#dns_cf'
[Thu 22 Sep 2016 19:30:28 BST] txtdomain='_acme-challenge.acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:28 BST] txt='zpBAXXXX'
[Thu 22 Sep 2016 19:30:28 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 19:30:28 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 19:30:28 BST] 28:CF_Key="XXX"
[Thu 22 Sep 2016 19:30:28 BST] 30:CF_Email="XXXX"
[Thu 22 Sep 2016 19:30:28 BST] First detect the root zone
[Thu 22 Sep 2016 19:30:28 BST] zones?name=acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:30:28 BST] GET
[Thu 22 Sep 2016 19:30:28 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:28 BST] timeout
[Thu 22 Sep 2016 19:30:28 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.Ch48xyIP '
[Thu 22 Sep 2016 19:30:30 BST] ret='0'
[Thu 22 Sep 2016 19:30:30 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:30 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 19:30:30 BST] GET
[Thu 22 Sep 2016 19:30:30 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 19:30:30 BST] timeout
[Thu 22 Sep 2016 19:30:30 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.BX3sRG0G '
[Thu 22 Sep 2016 19:30:30 BST] ret='0'
[Thu 22 Sep 2016 19:30:30 BST] response='{"result":[{"id":"027XXXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T13:29:31.210521Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXX","email":"XXXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"XXXX","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:30 BST] _domain_id='027XXXX'
[Thu 22 Sep 2016 19:30:30 BST] _sub_domain='_acme-challenge.acmesh2567'
[Thu 22 Sep 2016 19:30:31 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 19:30:31 BST] Getting txt records
[Thu 22 Sep 2016 19:30:31 BST] zones/027XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:30:31 BST] GET
[Thu 22 Sep 2016 19:30:31 BST] url='https://api.cloudflare.com/client/v4/zones/027XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:31 BST] timeout
[Thu 22 Sep 2016 19:30:31 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.2urfdcpt '
[Thu 22 Sep 2016 19:30:31 BST] ret='0'
[Thu 22 Sep 2016 19:30:31 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:31 BST] count='0'
[Thu 22 Sep 2016 19:30:31 BST] Adding record
[Thu 22 Sep 2016 19:30:31 BST] zones/027XXXX/dns_records
[Thu 22 Sep 2016 19:30:31 BST] data='{"type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","ttl":120}'
[Thu 22 Sep 2016 19:30:31 BST] POST
[Thu 22 Sep 2016 19:30:31 BST] url='https://api.cloudflare.com/client/v4/zones/027XXXX/dns_records'
[Thu 22 Sep 2016 19:30:31 BST] body='{"type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","ttl":120}'
[Thu 22 Sep 2016 19:30:31 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.4JT9n0F4 '
[Thu 22 Sep 2016 19:30:32 BST] _ret='0'
[Thu 22 Sep 2016 19:30:32 BST] response='{"result":{"id":"97caXXXX","type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"027XXXX","zone_name":"imperialus.house","modified_on":"2016-09-22T18:30:32.506831Z","created_on":"2016-09-22T18:30:32.506831Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:32 BST] Added, sleeping 10 seconds
[Thu 22 Sep 2016 19:30:42 BST] Sleep 120 seconds for the txt records to take effect
[Thu 22 Sep 2016 19:32:42 BST] ok, let's start to verify
[Thu 22 Sep 2016 19:32:42 BST] Verifying:acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:32:42 BST] d='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:32:42 BST] keyauthorization='ifzlkDXXXX.XXXX'
[Thu 22 Sep 2016 19:32:42 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:42 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 19:32:42 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:42 BST] payload='{"resource": "challenge", "keyAuthorization": "ifzlkDXXXX.XXXX"}'
[Thu 22 Sep 2016 19:32:42 BST] RSA key
[Thu 22 Sep 2016 19:32:44 BST] GET
[Thu 22 Sep 2016 19:32:44 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:32:44 BST] timeout
[Thu 22 Sep 2016 19:32:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.DFxbNy94 '
[Thu 22 Sep 2016 19:32:45 BST] ret='0'
[Thu 22 Sep 2016 19:32:45 BST] POST
[Thu 22 Sep 2016 19:32:45 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:45 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-fguXXXX"}}, "protected": "eyJXXXX", "payload": "eyJyXXXX", "signature": "E0SbVXXXXX"}'
[Thu 22 Sep 2016 19:32:45 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.92B4ZoYY '
[Thu 22 Sep 2016 19:32:46 BST] _ret='0'
[Thu 22 Sep 2016 19:32:46 BST] original='{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX",
"token": "ifzlkDXXXX",
"keyAuthorization": "ifzlkDXXXX.XXXX"
}'
[Thu 22 Sep 2016 19:32:46 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:32:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Boulder-Request-Id: 1LAmYXXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/EblzXXXX>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXX
Replay-Nonce: yhXwPXXXX
Expires: Thu, 22 Sep 2016 18:32:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:32:46 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 19:32:46 BST] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXX","token":"ifzlkDXXXX","keyAuthorization":"XXX.XXXX"}'
[Thu 22 Sep 2016 19:32:46 BST] code='202'
[Thu 22 Sep 2016 19:32:46 BST] sleep 5 secs to verify
[Thu 22 Sep 2016 19:32:51 BST] checking
[Thu 22 Sep 2016 19:32:51 BST] GET
[Thu 22 Sep 2016 19:32:52 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXX'
[Thu 22 Sep 2016 19:32:52 BST] timeout
[Thu 22 Sep 2016 19:32:52 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.ad8Y3WwU '
[Thu 22 Sep 2016 19:32:52 BST] ret='0'
[Thu 22 Sep 2016 19:32:52 BST] original='{
"type": "dns-01",
"status": "valid",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX",
"token": "ifzlkDXXXX",
"keyAuthorization": "ifzlkDXXXX.XXXX",
"validationRecord": [
{
"hostname": "acmesh2567.imperialus.house",
"port": "",
"addressesResolved": null,
"addressUsed": ""
}
]
}'
[Thu 22 Sep 2016 19:32:52 BST] response='{"type":"dns-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX","keyAuthorization":"ifzlkDXXXX.XXXX","validationRecord":[{"hostname":"acmesh2567.imperialus.house","port":"","addressesResolved": null,"addressUsed":""}]}'
[Thu 22 Sep 2016 19:32:52 BST] Success
[Thu 22 Sep 2016 19:32:52 BST] pid
[Thu 22 Sep 2016 19:32:52 BST] Skip for removelevel:
[Thu 22 Sep 2016 19:32:52 BST] pid
[Thu 22 Sep 2016 19:32:52 BST] Verify finished, start to sign.
[Thu 22 Sep 2016 19:32:52 BST] i='2'
[Thu 22 Sep 2016 19:32:52 BST] j='7'
[Thu 22 Sep 2016 19:32:52 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Thu 22 Sep 2016 19:32:52 BST] payload='{"resource": "new-cert", "csr": "MIH-XXXX"}'
[Thu 22 Sep 2016 19:32:52 BST] RSA key
[Thu 22 Sep 2016 19:32:54 BST] GET
[Thu 22 Sep 2016 19:32:54 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:32:54 BST] timeout
[Thu 22 Sep 2016 19:32:54 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.rV81srQ9 '
[Thu 22 Sep 2016 19:32:55 BST] ret='0'
[Thu 22 Sep 2016 19:32:55 BST] POST
[Thu 22 Sep 2016 19:32:55 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Thu 22 Sep 2016 19:32:55 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-fguXXXX"}}, "protected": "eyJub25jXXXX", "payload": "eyJyXXXX", "signature": "TkfXXXX"}'
[Thu 22 Sep 2016 19:32:55 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.SXFPfFKr '
[Thu 22 Sep 2016 19:32:56 BST] _ret='0'
[Thu 22 Sep 2016 19:32:56 BST] original='ewogXXXX'
[Thu 22 Sep 2016 19:32:56 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:32:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 133
Boulder-Request-Id: 8CXXXX
Boulder-Requester: 340385
Replay-Nonce: R5pXXXX
Expires: Thu, 22 Sep 2016 18:32:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:32:55 GMT
Connection: close
'
[Thu 22 Sep 2016 19:32:56 BST] response='ewogXXXX'
[Thu 22 Sep 2016 19:32:56 BST] code='400'
[Thu 22 Sep 2016 19:32:56 BST] 8:Le_LinkCert=""
[Thu 22 Sep 2016 19:32:56 BST] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
/Users/Fernando/.acme.sh/acme.sh: line 3721: syntax error near unexpected token `fi'
/Users/Fernando/.acme.sh/acme.sh: line 3721: `"$@";fi'
these two lines at the end are new
from acme.sh.
然而 account key 还是只支持RSA嘛。
from acme.sh.
@Rememberli i noticed the same.... no idea what's going on
from acme.sh.
@Rememberli @Rememberli
Yes, because my ECC account signature was not same with boulder.
That's why this issue is still open.
RSA account key seems working good. It's just the account key, not the domain key.
I will fix this later when I have time.
from acme.sh.
https://tools.ietf.org/html/rfc3278#section-8.2
http://bitcoin.stackexchange.com/questions/2376/ecdsa-r-s-encoding-as-a-signature
http://davidederosa.com/basic-blockchain-programming/elliptic-curve-digital-signatures/
from acme.sh.
Related Issues (20)
- On OpenBSD acme.sh fails to tell nc/socat to listen for IPv6 traffic HOT 2
- Gcore DNS API not working, "$" character is removed from the account.conf HOT 3
- Single-line eab_hmac_key decoded as multi-line HOT 1
- External Account Binding doesn't work for Google HOT 3
- GoDaddy Instructions Can Be Updated HOT 2
- Forced use of DoH in the script caused it to fail HOT 4
- If a domain name is on two servers, how should the variable be written? HOT 3
- revoke old certificates HOT 2
- issue to auth with DSM 2FA open HOT 4
- DNS Alias Mode does not work if txt record exists on main domain HOT 1
- [contribution] Convert LE account data from certbot to acme.sh HOT 5
- 关于同一个主机下多个域名在不同华为云账号下的dns验证写法?(不是bug) HOT 3
- "Invalid domain" error when authenticating HOT 1
- 我能否通过ACME.sh更新七牛云自定义源站域名 HOT 1
- HAProxy / HAProxy Enterprise with acme.sh for cert renewal - ALL or NOTHING ? (Also renewal date is weird) HOT 3
- crap in my cer file. HOT 9
- cron renew makes encrypt algorithm fallback to default one? HOT 3
- Received a lot of unfriendly requests when cert success HOT 1
- Custom csr support in _createcsr function HOT 7
- Feature request - can we add portunity here HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme.sh.