Acme.sh: Error, can not get domain token

Created on 30 May 2016  ·  41Comments  ·  Source: acmesh-official/acme.sh

latest attempt on 2.2.5 gives me following error

acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2

[Mon May 30 18:51:44 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Mon May 30 18:51:44 UTC 2016] Le_NextRenewTime
[Mon May 30 18:51:44 UTC 2016] OK
[Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
[Mon May 30 18:51:44 UTC 2016] OK
[Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
[Mon May 30 18:51:44 UTC 2016] OK
[Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
[Mon May 30 18:51:44 UTC 2016] OK
[Mon May 30 18:51:44 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
[Mon May 30 18:51:44 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
[Mon May 30 18:51:44 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
[Mon May 30 18:51:44 UTC 2016] RSA key
[Mon May 30 18:51:44 UTC 2016] pub_exp='010001'
[Mon May 30 18:51:44 UTC 2016] let exists=0
[Mon May 30 18:51:44 UTC 2016] uselet='1'
[Mon May 30 18:51:44 UTC 2016] _URGLY_PRINTF
[Mon May 30 18:51:44 UTC 2016] e='AQAB'
[Mon May 30 18:51:44 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Mon May 30 18:51:44 UTC 2016] let exists=0
[Mon May 30 18:51:44 UTC 2016] uselet='1'
[Mon May 30 18:51:44 UTC 2016] _URGLY_PRINTF
[Mon May 30 18:51:47 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Mon May 30 18:51:47 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Mon May 30 18:51:47 UTC 2016] Skip register account key
[Mon May 30 18:51:47 UTC 2016] Creating csr
[Mon May 30 18:51:47 UTC 2016] Single domain='acme.domain.com'
[Mon May 30 18:51:47 UTC 2016] Verify each domain
[Mon May 30 18:51:47 UTC 2016] Getting webroot for domain='acme.domain.com'
[Mon May 30 18:51:47 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
[Mon May 30 18:51:47 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Mon May 30 18:51:47 UTC 2016] Getting token for domain='acme.domain.com'
[Mon May 30 18:51:47 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Mon May 30 18:51:47 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
[Mon May 30 18:51:47 UTC 2016] RSA key
[Mon May 30 18:51:47 UTC 2016] pub_exp='010001'
[Mon May 30 18:51:47 UTC 2016] let exists=0
[Mon May 30 18:51:47 UTC 2016] uselet='1'
[Mon May 30 18:51:47 UTC 2016] _URGLY_PRINTF
[Mon May 30 18:51:47 UTC 2016] e='AQAB'
[Mon May 30 18:51:47 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Mon May 30 18:51:47 UTC 2016] let exists=0
[Mon May 30 18:51:47 UTC 2016] uselet='1'
[Mon May 30 18:51:47 UTC 2016] _URGLY_PRINTF
[Mon May 30 18:51:49 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Mon May 30 18:51:49 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Mon May 30 18:51:50 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
[Mon May 30 18:51:50 UTC 2016] GET
[Mon May 30 18:51:50 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Mon May 30 18:51:50 UTC 2016] curl exists=0
[Mon May 30 18:51:53 UTC 2016] nonce
[Mon May 30 18:51:53 UTC 2016] protected='{"nonce": "", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Mon May 30 18:51:53 UTC 2016] protected64='eyJub25jZSI6ICIiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJuX0c3alBvdXM3SjFUTFdGcWlra3pjUURLMlJ5VDBUcUJBX0EwOUxFRzV0SVV1Q2JWRkNKTGNCNWgxSFR1WTZncGttbHRTdWF2VS1HRS13TVNNQ1p0aERQT3Ffbm1SbXZSbVB1RktZRmNLS2xXV3VPNmFQZ05sS0J3a2tYVXYtd3JFTG1xU20xeVRBRHppbVF5R2Zxb2FiMGRzZF9DUHZ6c3dNaTZXQW5EYVd1bWdweml3a3NvZGJOYkx2d3g0NnZqZE5WcGV4eV9hdVJFQUV2NnVpaHRCRlhKNHdBcllRVy1LVlFrLU44SDZ2Z3MxVUFLallhR1ItSHZaV1lNM1JRa1MzM1FXU3gyZ21GSFY2eGFaUFZhdEM2MHIwblBQcWpZak1uRnRGM2NQOUNrekpRazJKMURpUlJqb0JuNnluaEJhY3owMllVdHdsYk1Zcm1mOUVUVlEifX0'
[Mon May 30 18:51:53 UTC 2016] sig='hyYMIC9TQ9nqCXEUNpa2ZVaaGDnX8v42ldjvsSTsGtamLOCOgndgolIDe2gMMT2mJg1jgnRqGU3ao2hOWv_zpI19-ZUEuGpi7fwfyO0tDqtP1lu4MKMl72sPOZ9UgLpIWCgaExrjYgHZ7KECsmlelR3UrWvSqOE7MXjtG78159vZnOqFl8MV8-kXrnqPuHwoOjSaqLCCCZPsBhftVdl9XAlF5KKROh2hgUewh6MAK6Z-FSaEJqVNnA_dHZK5fHNBhQqkhLUAv3jOGpcjRJjZX4_Kkp4i4f6UQ_Ll6f89ilfOqWxme36M9wM2j7LIFpcfgzjTF8GQjdgTLUI82KgAMA'
[Mon May 30 18:51:53 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICIiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJuX0c3alBvdXM3SjFUTFdGcWlra3pjUURLMlJ5VDBUcUJBX0EwOUxFRzV0SVV1Q2JWRkNKTGNCNWgxSFR1WTZncGttbHRTdWF2VS1HRS13TVNNQ1p0aERQT3Ffbm1SbXZSbVB1RktZRmNLS2xXV3VPNmFQZ05sS0J3a2tYVXYtd3JFTG1xU20xeVRBRHppbVF5R2Zxb2FiMGRzZF9DUHZ6c3dNaTZXQW5EYVd1bWdweml3a3NvZGJOYkx2d3g0NnZqZE5WcGV4eV9hdVJFQUV2NnVpaHRCRlhKNHdBcllRVy1LVlFrLU44SDZ2Z3MxVUFLallhR1ItSHZaV1lNM1JRa1MzM1FXU3gyZ21GSFY2eGFaUFZhdEM2MHIwblBQcWpZak1uRnRGM2NQOUNrekpRazJKMURpUlJqb0JuNnluaEJhY3owMllVdHdsYk1Zcm1mOUVUVlEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ", "signature": "hyYMIC9TQ9nqCXEUNpa2ZVaaGDnX8v42ldjvsSTsGtamLOCOgndgolIDe2gMMT2mJg1jgnRqGU3ao2hOWv_zpI19-ZUEuGpi7fwfyO0tDqtP1lu4MKMl72sPOZ9UgLpIWCgaExrjYgHZ7KECsmlelR3UrWvSqOE7MXjtG78159vZnOqFl8MV8-kXrnqPuHwoOjSaqLCCCZPsBhftVdl9XAlF5KKROh2hgUewh6MAK6Z-FSaEJqVNnA_dHZK5fHNBhQqkhLUAv3jOGpcjRJjZX4_Kkp4i4f6UQ_Ll6f89ilfOqWxme36M9wM2j7LIFpcfgzjTF8GQjdgTLUI82KgAMA"}'
[Mon May 30 18:51:53 UTC 2016] POST
[Mon May 30 18:51:53 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Mon May 30 18:51:53 UTC 2016] curl exists=0
[Mon May 30 18:51:56 UTC 2016] original
[Mon May 30 18:51:56 UTC 2016] responseHeaders
[Mon May 30 18:51:56 UTC 2016] response
[Mon May 30 18:51:56 UTC 2016] code
[Mon May 30 18:51:56 UTC 2016] entry
[Mon May 30 18:51:56 UTC 2016] Error, can not get domain token acme.domain.com
[Mon May 30 18:51:56 UTC 2016] pid
picture centminmod

All 41 comments

maybe related to json format changes https://community.letsencrypt.org/t/cannot-install-due-to-unknown-error/16182/10 ?

centminmod picture centminmod on 31 May 2016

Please try again. I added more log.

Neilpang picture Neilpang on 31 May 2016

with update the error ended at

acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2
[Tue May 31 11:42:21 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue May 31 11:42:21 UTC 2016] Le_NextRenewTime
[Tue May 31 11:42:21 UTC 2016] OK
[Tue May 31 11:42:21 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
[Tue May 31 11:42:21 UTC 2016] OK
[Tue May 31 11:42:21 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
[Tue May 31 11:42:21 UTC 2016] OK
[Tue May 31 11:42:21 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
[Tue May 31 11:42:21 UTC 2016] OK
[Tue May 31 11:42:21 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
[Tue May 31 11:42:21 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
[Tue May 31 11:42:21 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
[Tue May 31 11:42:21 UTC 2016] RSA key
[Tue May 31 11:42:21 UTC 2016] pub_exp='010001'
[Tue May 31 11:42:21 UTC 2016] let exists=0
[Tue May 31 11:42:21 UTC 2016] uselet='1'
[Tue May 31 11:42:21 UTC 2016] _URGLY_PRINTF
[Tue May 31 11:42:21 UTC 2016] e='AQAB'
[Tue May 31 11:42:21 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 11:42:21 UTC 2016] let exists=0
[Tue May 31 11:42:21 UTC 2016] uselet='1'
[Tue May 31 11:42:21 UTC 2016] _URGLY_PRINTF
[Tue May 31 11:42:24 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 11:42:24 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 11:42:24 UTC 2016] Skip register account key
[Tue May 31 11:42:24 UTC 2016] Creating csr
[Tue May 31 11:42:24 UTC 2016] Single domain='acme.domain.com'
[Tue May 31 11:42:24 UTC 2016] Verify each domain
[Tue May 31 11:42:24 UTC 2016] Getting webroot for domain='acme.domain.com'
[Tue May 31 11:42:24 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 11:42:24 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 11:42:24 UTC 2016] Getting token for domain='acme.domain.com'
[Tue May 31 11:42:24 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 11:42:24 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
[Tue May 31 11:42:24 UTC 2016] RSA key
[Tue May 31 11:42:24 UTC 2016] pub_exp='010001'
[Tue May 31 11:42:24 UTC 2016] let exists=0
[Tue May 31 11:42:24 UTC 2016] uselet='1'
[Tue May 31 11:42:24 UTC 2016] _URGLY_PRINTF
[Tue May 31 11:42:24 UTC 2016] e='AQAB'
[Tue May 31 11:42:25 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 11:42:25 UTC 2016] let exists=0
[Tue May 31 11:42:25 UTC 2016] uselet='1'
[Tue May 31 11:42:25 UTC 2016] _URGLY_PRINTF
[Tue May 31 11:42:27 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 11:42:27 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 11:42:27 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
[Tue May 31 11:42:27 UTC 2016] GET
[Tue May 31 11:42:27 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 11:42:28 UTC 2016] curl exists=0
[Tue May 31 11:42:31 UTC 2016] nonce
[Tue May 31 11:42:31 UTC 2016] protected='{"nonce": "", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 11:42:31 UTC 2016] protected64='eyJub25jZSI6ICIiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJuX0c3alBvdXM3SjFUTFdGcWlra3pjUURLMlJ5VDBUcUJBX0EwOUxFRzV0SVV1Q2JWRkNKTGNCNWgxSFR1WTZncGttbHRTdWF2VS1HRS13TVNNQ1p0aERQT3Ffbm1SbXZSbVB1RktZRmNLS2xXV3VPNmFQZ05sS0J3a2tYVXYtd3JFTG1xU20xeVRBRHppbVF5R2Zxb2FiMGRzZF9DUHZ6c3dNaTZXQW5EYVd1bWdweml3a3NvZGJOYkx2d3g0NnZqZE5WcGV4eV9hdVJFQUV2NnVpaHRCRlhKNHdBcllRVy1LVlFrLU44SDZ2Z3MxVUFLallhR1ItSHZaV1lNM1JRa1MzM1FXU3gyZ21GSFY2eGFaUFZhdEM2MHIwblBQcWpZak1uRnRGM2NQOUNrekpRazJKMURpUlJqb0JuNnluaEJhY3owMllVdHdsYk1Zcm1mOUVUVlEifX0'
[Tue May 31 11:42:31 UTC 2016] sig='hyYMIC9TQ9nqCXEUNpa2ZVaaGDnX8v42ldjvsSTsGtamLOCOgndgolIDe2gMMT2mJg1jgnRqGU3ao2hOWv_zpI19-ZUEuGpi7fwfyO0tDqtP1lu4MKMl72sPOZ9UgLpIWCgaExrjYgHZ7KECsmlelR3UrWvSqOE7MXjtG78159vZnOqFl8MV8-kXrnqPuHwoOjSaqLCCCZPsBhftVdl9XAlF5KKROh2hgUewh6MAK6Z-FSaEJqVNnA_dHZK5fHNBhQqkhLUAv3jOGpcjRJjZX4_Kkp4i4f6UQ_Ll6f89ilfOqWxme36M9wM2j7LIFpcfgzjTF8GQjdgTLUI82KgAMA'
[Tue May 31 11:42:31 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICIiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJuX0c3alBvdXM3SjFUTFdGcWlra3pjUURLMlJ5VDBUcUJBX0EwOUxFRzV0SVV1Q2JWRkNKTGNCNWgxSFR1WTZncGttbHRTdWF2VS1HRS13TVNNQ1p0aERQT3Ffbm1SbXZSbVB1RktZRmNLS2xXV3VPNmFQZ05sS0J3a2tYVXYtd3JFTG1xU20xeVRBRHppbVF5R2Zxb2FiMGRzZF9DUHZ6c3dNaTZXQW5EYVd1bWdweml3a3NvZGJOYkx2d3g0NnZqZE5WcGV4eV9hdVJFQUV2NnVpaHRCRlhKNHdBcllRVy1LVlFrLU44SDZ2Z3MxVUFLallhR1ItSHZaV1lNM1JRa1MzM1FXU3gyZ21GSFY2eGFaUFZhdEM2MHIwblBQcWpZak1uRnRGM2NQOUNrekpRazJKMURpUlJqb0JuNnluaEJhY3owMllVdHdsYk1Zcm1mOUVUVlEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ", "signature": "hyYMIC9TQ9nqCXEUNpa2ZVaaGDnX8v42ldjvsSTsGtamLOCOgndgolIDe2gMMT2mJg1jgnRqGU3ao2hOWv_zpI19-ZUEuGpi7fwfyO0tDqtP1lu4MKMl72sPOZ9UgLpIWCgaExrjYgHZ7KECsmlelR3UrWvSqOE7MXjtG78159vZnOqFl8MV8-kXrnqPuHwoOjSaqLCCCZPsBhftVdl9XAlF5KKROh2hgUewh6MAK6Z-FSaEJqVNnA_dHZK5fHNBhQqkhLUAv3jOGpcjRJjZX4_Kkp4i4f6UQ_Ll6f89ilfOqWxme36M9wM2j7LIFpcfgzjTF8GQjdgTLUI82KgAMA"}'
[Tue May 31 11:42:31 UTC 2016] POST
[Tue May 31 11:42:31 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 11:42:31 UTC 2016] curl exists=0
[Tue May 31 11:42:32 UTC 2016] _ret='0'
[Tue May 31 11:42:32 UTC 2016] original='{
  "type": "urn:acme:error:badNonce",
  "detail": "JWS has no anti-replay nonce",
  "status": 400
}'
[Tue May 31 11:42:32 UTC 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 31 May 2016 11:42:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 100
Replay-Nonce: XLQ3BJ8EglLjV_HaXflm5IQmAjikkLTa0KBgm2T3HI8
Expires: Tue, 31 May 2016 11:42:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 11:42:31 GMT
Connection: close
'
[Tue May 31 11:42:32 UTC 2016] response='{"type":"urn:acme:error:badNonce","detail":"JWS has no anti-replay nonce","status": 400}'
[Tue May 31 11:42:32 UTC 2016] code='400'
[Tue May 31 11:42:32 UTC 2016] new-authz error: {"type":"urn:acme:error:badNonce","detail":"JWS has no anti-replay nonce","status": 400}
[Tue May 31 11:42:32 UTC 2016] pid
centminmod picture centminmod on 31 May 2016

maybe similar issue to https://community.letsencrypt.org/t/getting-the-client-sent-an-unacceptable-anti-replay-nonce/9172/14?u=eva2000 ?

boulder suggests client should retry on badNonce https://github.com/letsencrypt/boulder/issues/1217

centminmod picture centminmod on 31 May 2016

can you please run 

curl --dump-header  h.txt     https://acme-staging.api.letsencrypt.org/directory

cat h.txt
Neilpang picture Neilpang on 31 May 2016

I have run all the test cast in my test machine, no errors there.

Neilpang picture Neilpang on 31 May 2016

I made a fix. please try again. a272ee4f59bc19cf5d5bd3449bb79bc09106c297

Neilpang picture Neilpang on 31 May 2016

h.txt contents

curl --dump-header  h.txt     https://acme-staging.api.letsencrypt.org/directory
cat h.txt
curl: (7) Failed to connect to 2600:1417:a:191::3d5: Network is unreachable

maybe force ipv4 if they have ipv6 issues ?

centminmod picture centminmod on 31 May 2016

retried

acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2
[Tue May 31 12:23:10 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue May 31 12:23:10 UTC 2016] Le_NextRenewTime
[Tue May 31 12:23:10 UTC 2016] OK
[Tue May 31 12:23:10 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
[Tue May 31 12:23:10 UTC 2016] OK
[Tue May 31 12:23:10 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
[Tue May 31 12:23:10 UTC 2016] OK
[Tue May 31 12:23:10 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
[Tue May 31 12:23:10 UTC 2016] OK
[Tue May 31 12:23:10 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
[Tue May 31 12:23:10 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
[Tue May 31 12:23:10 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
[Tue May 31 12:23:10 UTC 2016] RSA key
[Tue May 31 12:23:10 UTC 2016] pub_exp='010001'
[Tue May 31 12:23:10 UTC 2016] let exists=0
[Tue May 31 12:23:10 UTC 2016] uselet='1'
[Tue May 31 12:23:11 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:23:11 UTC 2016] e='AQAB'
[Tue May 31 12:23:11 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 12:23:11 UTC 2016] let exists=0
[Tue May 31 12:23:11 UTC 2016] uselet='1'
[Tue May 31 12:23:11 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:23:13 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 12:23:13 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:23:13 UTC 2016] Skip register account key
[Tue May 31 12:23:13 UTC 2016] Creating csr
[Tue May 31 12:23:13 UTC 2016] Single domain='acme.domain.com'
[Tue May 31 12:23:13 UTC 2016] Verify each domain
[Tue May 31 12:23:13 UTC 2016] Getting webroot for domain='acme.domain.com'
[Tue May 31 12:23:13 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 12:23:13 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 12:23:13 UTC 2016] Getting token for domain='acme.domain.com'
[Tue May 31 12:23:13 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 12:23:13 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
[Tue May 31 12:23:14 UTC 2016] RSA key
[Tue May 31 12:23:14 UTC 2016] pub_exp='010001'
[Tue May 31 12:23:14 UTC 2016] let exists=0
[Tue May 31 12:23:14 UTC 2016] uselet='1'
[Tue May 31 12:23:14 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:23:14 UTC 2016] e='AQAB'
[Tue May 31 12:23:14 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 12:23:14 UTC 2016] let exists=0
[Tue May 31 12:23:14 UTC 2016] uselet='1'
[Tue May 31 12:23:14 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:23:16 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 12:23:16 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:23:16 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
[Tue May 31 12:23:16 UTC 2016] GET
[Tue May 31 12:23:16 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 12:23:16 UTC 2016] curl exists=0
[Tue May 31 12:23:19 UTC 2016] Can not connect to https://acme-staging.api.letsencrypt.org/directory to get nonce.
[Tue May 31 12:23:20 UTC 2016] entry
[Tue May 31 12:23:20 UTC 2016] Error, can not get domain token acme.domain.com
[Tue May 31 12:23:20 UTC 2016] pid
centminmod picture centminmod on 31 May 2016

tried again and now get

curl --dump-header h.txt https://acme-staging.api.letsencrypt.org/directory      
{
  "new-authz": "https://acme-staging.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-staging.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-staging.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-staging.api.letsencrypt.org/acme/revoke-cert"
}

cat h.txt 
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Replay-Nonce: ZaOJwnTx4l12CtfnTx61hCqmSaC19_YPa1tWtjPTtHU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 12:26:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 12:26:59 GMT
Connection: keep-alive

then repeat again and get

curl --dump-header h.txt https://acme-staging.api.letsencrypt.org/directory
curl: (7) Failed to connect to 2a02:26f0:105:192::3d5: Network is unreachable

weird

curl -4 --dump-header h.txt https://acme-staging.api.letsencrypt.org/directory; cat h.txt 
curl: (7) Failed connect to acme-staging.api.letsencrypt.org:443; No route to host

[Tue May 31 12:32:54 UTC 2016] Can not connect to https://acme-staging.api.letsencrypt.org/directory to get nonce.
[Tue May 31 12:32:54 UTC 2016] acme.domain.com:Challenge error: {"identifier":{"type":"dns","value":"acme.domain.com"},"status":"pending","expires":"2016-06-07T12:32:48.18879666Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/Zf3mrf47bZJgvPwZJvpFTbaWwW0Co_Z1skhN5wyE66g/7553447","token":"mFcffInT-xY8DzyV6zOBdDtBDMXl0rnsv_mAy7Iz32U"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/Zf3mrf47bZJgvPwZJvpFTbaWwW0Co_Z1skhN5wyE66g/7553448","token":"PD-4M0sXjKOqGhU3ued89lo3iJhEhgSlA5rMIRQOzhs"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/Zf3mrf47bZJgvPwZJvpFTbaWwW0Co_Z1skhN5wyE66g/7553449","token":"vfUDWQgwKsIFU05tBj7YDaIrtJKFoiiBDz-eqrC0UXk"}],"combinations":[[1],[2],[0]]}
[Tue May 31 12:32:54 UTC 2016] remove /home/nginx/domains/acme.domain.com/public/.well-known
[Tue May 31 12:32:54 UTC 2016] pid
centminmod picture centminmod on 31 May 2016

made another fix: c4d8fd83d446ab53161d4310f3b6157037b62a24

please try again

Neilpang picture Neilpang on 31 May 2016

For the previous error: curl: (7) Failed to connect to 2600:1417:a:191::3d5: Network is unreachable

it seems your your ipv6 network issue.

Neilpang picture Neilpang on 31 May 2016

yeah i tried over ipv4 too and can not connect so could be network related

here's latest

acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2
[Tue May 31 12:36:34 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue May 31 12:36:34 UTC 2016] Le_NextRenewTime
[Tue May 31 12:36:34 UTC 2016] OK
[Tue May 31 12:36:34 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
[Tue May 31 12:36:34 UTC 2016] OK
[Tue May 31 12:36:34 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
[Tue May 31 12:36:34 UTC 2016] OK
[Tue May 31 12:36:34 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
[Tue May 31 12:36:34 UTC 2016] OK
[Tue May 31 12:36:34 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
[Tue May 31 12:36:34 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
[Tue May 31 12:36:34 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
[Tue May 31 12:36:34 UTC 2016] RSA key
[Tue May 31 12:36:34 UTC 2016] pub_exp='010001'
[Tue May 31 12:36:34 UTC 2016] let exists=0
[Tue May 31 12:36:34 UTC 2016] uselet='1'
[Tue May 31 12:36:34 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:36:35 UTC 2016] e='AQAB'
[Tue May 31 12:36:35 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 12:36:35 UTC 2016] let exists=0
[Tue May 31 12:36:35 UTC 2016] uselet='1'
[Tue May 31 12:36:35 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:36:37 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 12:36:37 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:36:37 UTC 2016] Skip register account key
[Tue May 31 12:36:37 UTC 2016] Creating csr
[Tue May 31 12:36:37 UTC 2016] Single domain='acme.domain.com'
[Tue May 31 12:36:37 UTC 2016] Verify each domain
[Tue May 31 12:36:37 UTC 2016] Getting webroot for domain='acme.domain.com'
[Tue May 31 12:36:37 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 12:36:37 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 12:36:37 UTC 2016] Getting token for domain='acme.domain.com'
[Tue May 31 12:36:37 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 12:36:37 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
[Tue May 31 12:36:37 UTC 2016] RSA key
[Tue May 31 12:36:38 UTC 2016] pub_exp='010001'
[Tue May 31 12:36:38 UTC 2016] let exists=0
[Tue May 31 12:36:38 UTC 2016] uselet='1'
[Tue May 31 12:36:38 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:36:38 UTC 2016] e='AQAB'
[Tue May 31 12:36:38 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 12:36:38 UTC 2016] let exists=0
[Tue May 31 12:36:38 UTC 2016] uselet='1'
[Tue May 31 12:36:38 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:36:40 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 12:36:40 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:36:40 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
[Tue May 31 12:36:40 UTC 2016] GET
[Tue May 31 12:36:40 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 12:36:40 UTC 2016] curl exists=0
[Tue May 31 12:36:41 UTC 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Replay-Nonce: qvLfNHwLv5e5psDXF52RpJVhr_OCpMytppZfU9UH7YU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 12:36:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 12:36:41 GMT
Connection: keep-alive
'
[Tue May 31 12:36:41 UTC 2016] nonce='qvLfNHwLv5e5psDXF52RpJVhr_OCpMytppZfU9UH7YU'
[Tue May 31 12:36:41 UTC 2016] protected='{"nonce": "qvLfNHwLv5e5psDXF52RpJVhr_OCpMytppZfU9UH7YU", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:36:41 UTC 2016] protected64='eyJub25jZSI6ICJxdkxmTkh3THY1ZTVwc0RYRjUyUnBKVmhyX09DcE15dHBwWmZVOVVIN1lVIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19'
[Tue May 31 12:36:42 UTC 2016] sig='Vdg-WBVw5gRP2TB18DxNpgeBcetnG_uslJYKfwpIWVp2PFvoVk68ydItN1qA8CnwLTC3kzXzhM6ijnv6MIpZu-4EXijw96RYnglM5Y1niS87_ADOitjZRSBFCtblOHYU7lK1x2bfB0NtX_hfJ5UMgqrmC5hJxEKuGbDCWo4Uve6DSQJYVcQ08pIjSSUOyEm0HOqtTZZMNR6_yDgdZ9mI95LIXAHNl7-RO5SgHHezF8YAB41Ycz1KDgpt-tJv0hDh5MPZSQcPlbBsrtjddhINAi3BjhjqSdzqxpmvVX6AVcM2C_OGzXr7fDKB-IdKxUEwufHw3I7pOixA-6WKfmzjiA'
[Tue May 31 12:36:42 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICJxdkxmTkh3THY1ZTVwc0RYRjUyUnBKVmhyX09DcE15dHBwWmZVOVVIN1lVIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ", "signature": "Vdg-WBVw5gRP2TB18DxNpgeBcetnG_uslJYKfwpIWVp2PFvoVk68ydItN1qA8CnwLTC3kzXzhM6ijnv6MIpZu-4EXijw96RYnglM5Y1niS87_ADOitjZRSBFCtblOHYU7lK1x2bfB0NtX_hfJ5UMgqrmC5hJxEKuGbDCWo4Uve6DSQJYVcQ08pIjSSUOyEm0HOqtTZZMNR6_yDgdZ9mI95LIXAHNl7-RO5SgHHezF8YAB41Ycz1KDgpt-tJv0hDh5MPZSQcPlbBsrtjddhINAi3BjhjqSdzqxpmvVX6AVcM2C_OGzXr7fDKB-IdKxUEwufHw3I7pOixA-6WKfmzjiA"}'
[Tue May 31 12:36:42 UTC 2016] POST
[Tue May 31 12:36:42 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 12:36:42 UTC 2016] curl exists=0
[Tue May 31 12:37:03 UTC 2016] _ret='7'
[Tue May 31 12:37:03 UTC 2016] Can not post to https://acme-staging.api.letsencrypt.org/acme/new-authz.
[Tue May 31 12:37:03 UTC 2016] Can not get domain token.
[Tue May 31 12:37:03 UTC 2016] pid
centminmod picture centminmod on 31 May 2016

Look at this line:

[Tue May 31 12:37:03 UTC 2016] _ret='7'

curl returns 7

https://curl.haxx.se/libcurl/c/libcurl-errors.html

CURLE_COULDNT_CONNECT (7)

Failed to connect() to host or proxy.
Neilpang picture Neilpang on 31 May 2016
1

It's your network issue.

Neilpang picture Neilpang on 31 May 2016
👍1

I just ran again all the test case here. they all are working.

Neilpang picture Neilpang on 31 May 2016

doh.. ok, cheers @Neilpang

centminmod picture centminmod on 31 May 2016

Thanks.

The error message is much clearer now.

Thanks for your help.

Neilpang picture Neilpang on 31 May 2016
👍1

indeed looks better for troubleshooting issues :+1:

maybe add if _ret='7' then print "Failed to connect() to host or proxy" to output too

centminmod picture centminmod on 31 May 2016

rebooted server and got further into the issue process just got verify error

acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2
[Tue May 31 12:47:30 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue May 31 12:47:30 UTC 2016] Le_NextRenewTime
[Tue May 31 12:47:30 UTC 2016] OK
[Tue May 31 12:47:30 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
[Tue May 31 12:47:30 UTC 2016] OK
[Tue May 31 12:47:30 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
[Tue May 31 12:47:30 UTC 2016] OK
[Tue May 31 12:47:30 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
[Tue May 31 12:47:30 UTC 2016] OK
[Tue May 31 12:47:30 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
[Tue May 31 12:47:30 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
[Tue May 31 12:47:30 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
[Tue May 31 12:47:30 UTC 2016] RSA key
[Tue May 31 12:47:30 UTC 2016] pub_exp='010001'
[Tue May 31 12:47:30 UTC 2016] let exists=0
[Tue May 31 12:47:30 UTC 2016] uselet='1'
[Tue May 31 12:47:30 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:47:30 UTC 2016] e='AQAB'
[Tue May 31 12:47:30 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 12:47:30 UTC 2016] let exists=0
[Tue May 31 12:47:30 UTC 2016] uselet='1'
[Tue May 31 12:47:30 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:47:33 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 12:47:33 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:47:33 UTC 2016] Skip register account key
[Tue May 31 12:47:33 UTC 2016] Creating csr
[Tue May 31 12:47:33 UTC 2016] Single domain='acme.domain.com'
[Tue May 31 12:47:33 UTC 2016] Verify each domain
[Tue May 31 12:47:33 UTC 2016] Getting webroot for domain='acme.domain.com'
[Tue May 31 12:47:33 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 12:47:33 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 12:47:33 UTC 2016] Getting token for domain='acme.domain.com'
[Tue May 31 12:47:33 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 12:47:33 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
[Tue May 31 12:47:33 UTC 2016] RSA key
[Tue May 31 12:47:33 UTC 2016] pub_exp='010001'
[Tue May 31 12:47:33 UTC 2016] let exists=0
[Tue May 31 12:47:33 UTC 2016] uselet='1'
[Tue May 31 12:47:33 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:47:33 UTC 2016] e='AQAB'
[Tue May 31 12:47:33 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 12:47:33 UTC 2016] let exists=0
[Tue May 31 12:47:33 UTC 2016] uselet='1'
[Tue May 31 12:47:33 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:47:36 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 12:47:36 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:47:36 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
[Tue May 31 12:47:36 UTC 2016] GET
[Tue May 31 12:47:36 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 12:47:36 UTC 2016] curl exists=0
[Tue May 31 12:47:38 UTC 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Replay-Nonce: apGGV1BhP7rk59l0t8e2pkWCSYq3QW0ST8KMHCSS2ew
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 12:47:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 12:47:38 GMT
Connection: keep-alive
'
[Tue May 31 12:47:38 UTC 2016] nonce='apGGV1BhP7rk59l0t8e2pkWCSYq3QW0ST8KMHCSS2ew'
[Tue May 31 12:47:38 UTC 2016] protected='{"nonce": "apGGV1BhP7rk59l0t8e2pkWCSYq3QW0ST8KMHCSS2ew", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:47:38 UTC 2016] protected64='eyJub25jZSI6ICJhcEdHVjFCaFA3cms1OWwwdDhlMnBrV0NTWXEzUVcwU1Q4S01IQ1NTMmV3IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19'
[Tue May 31 12:47:38 UTC 2016] sig='RYkI9ofV1zaX3eoXnpzx59xC2IV02H6yuvHZLHhRLkWTG-zYsKv-H8p_hSsI4z-8VmTj2tgCknCltygEL1Pe0Ag1IkBF3ln7dlaBV1ifg-DUa8xDAccNP4ucGfQ_NwQo7T4Q5M1LuDzCiNfQD5eALcbnfYvzAqxy4S-8y4dbImJf-wNk5UE8fwXKZGz_ATzvLDIZmSC4JpSHfzPxPrebtuleghwFeUnvRcwSrwJPRfqh34wqmkvKHBb1sqkNTNxLQX9fxjLzpjiFlPeC8ytyw9aZH0Mxcogq5hVqIks0x2qbKltDcx2mLja2pBtajqbFIs4nhva_vYtrx7adLd-DKg'
[Tue May 31 12:47:38 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICJhcEdHVjFCaFA3cms1OWwwdDhlMnBrV0NTWXEzUVcwU1Q4S01IQ1NTMmV3IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ", "signature": "RYkI9ofV1zaX3eoXnpzx59xC2IV02H6yuvHZLHhRLkWTG-zYsKv-H8p_hSsI4z-8VmTj2tgCknCltygEL1Pe0Ag1IkBF3ln7dlaBV1ifg-DUa8xDAccNP4ucGfQ_NwQo7T4Q5M1LuDzCiNfQD5eALcbnfYvzAqxy4S-8y4dbImJf-wNk5UE8fwXKZGz_ATzvLDIZmSC4JpSHfzPxPrebtuleghwFeUnvRcwSrwJPRfqh34wqmkvKHBb1sqkNTNxLQX9fxjLzpjiFlPeC8ytyw9aZH0Mxcogq5hVqIks0x2qbKltDcx2mLja2pBtajqbFIs4nhva_vYtrx7adLd-DKg"}'
[Tue May 31 12:47:38 UTC 2016] POST
[Tue May 31 12:47:38 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 12:47:38 UTC 2016] curl exists=0
[Tue May 31 12:47:41 UTC 2016] _ret='0'
[Tue May 31 12:47:41 UTC 2016] original='{
  "identifier": {
    "type": "dns",
    "value": "acme.domain.com"
  },
  "status": "pending",
  "expires": "2016-06-07T12:47:41.287852666Z",
  "challenges": [
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554653",
      "token": "EOAlVaUtawh3KsQccsczsYjDW9Qgv9kwxwt2fcFeTQs"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654",
      "token": "f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554655",
      "token": "ORq9bl35w3jXg5tyYcVIwr2Cvz08IDKHUDov2ZgIwag"
    }
  ],
  "combinations": [
    [
      2
    ],
    [
      0
    ],
    [
      1
    ]
  ]
}'
[Tue May 31 12:47:41 UTC 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 31 May 2016 12:47:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1010
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk
Replay-Nonce: m1Nc0IF8K_97ZA87nb-og6RK7qBR2fKvxut6GNZThB0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 12:47:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 12:47:41 GMT
Connection: keep-alive
'
[Tue May 31 12:47:41 UTC 2016] response='{"identifier":{"type":"dns","value":"acme.domain.com"},"status":"pending","expires":"2016-06-07T12:47:41.287852666Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554653","token":"EOAlVaUtawh3KsQccsczsYjDW9Qgv9kwxwt2fcFeTQs"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654","token":"f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554655","token":"ORq9bl35w3jXg5tyYcVIwr2Cvz08IDKHUDov2ZgIwag"}],"combinations":[[2],[0],[1]]}'
[Tue May 31 12:47:41 UTC 2016] code='201'
[Tue May 31 12:47:41 UTC 2016] entry='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654","token":"f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os"'
[Tue May 31 12:47:41 UTC 2016] token='f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os'
[Tue May 31 12:47:41 UTC 2016] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654'
[Tue May 31 12:47:41 UTC 2016] keyauthorization='f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI'
[Tue May 31 12:47:41 UTC 2016] dvlist='acme.domain.com#f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI#https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654#http-01#/home/nginx/domains/acme.domain.com/public'
[Tue May 31 12:47:41 UTC 2016] ok, let's start to verify
[Tue May 31 12:47:41 UTC 2016] Verifying:acme.domain.com
[Tue May 31 12:47:41 UTC 2016] d='acme.domain.com'
[Tue May 31 12:47:41 UTC 2016] keyauthorization='f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI'
[Tue May 31 12:47:41 UTC 2016] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654'
[Tue May 31 12:47:41 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 12:47:41 UTC 2016] wellknown_path='/home/nginx/domains/acme.domain.com/public/.well-known/acme-challenge'
[Tue May 31 12:47:41 UTC 2016] writing token:f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os to /home/nginx/domains/acme.domain.com/public/.well-known/acme-challenge/f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os
[Tue May 31 12:47:41 UTC 2016] Changing owner/group of .well-known to nginx:nginx
[Tue May 31 12:47:41 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654'
[Tue May 31 12:47:41 UTC 2016] payload='{"resource": "challenge", "keyAuthorization": "f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI"}'
[Tue May 31 12:47:42 UTC 2016] RSA key
[Tue May 31 12:47:42 UTC 2016] pub_exp='010001'
[Tue May 31 12:47:42 UTC 2016] let exists=0
[Tue May 31 12:47:42 UTC 2016] uselet='1'
[Tue May 31 12:47:42 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:47:42 UTC 2016] e='AQAB'
[Tue May 31 12:47:42 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 12:47:42 UTC 2016] let exists=0
[Tue May 31 12:47:42 UTC 2016] uselet='1'
[Tue May 31 12:47:42 UTC 2016] _URGLY_PRINTF
[Tue May 31 12:47:44 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 12:47:44 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:47:44 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJmNmtqS1pCX0lXUXY1cllTY3p2MGRwT2tBM3NFZjZVcEJtYVNQQUtLMU9zLkJKY0xnMlJBYkhlVkEwR3NqU0g4QnVvVWs0b25PYXotX3RRMmpmY0ZaWUkifQ'
[Tue May 31 12:47:44 UTC 2016] GET
[Tue May 31 12:47:44 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 12:47:44 UTC 2016] curl exists=0
[Tue May 31 12:47:46 UTC 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Replay-Nonce: 3PSB2VT3fiaYQrOgFLGtRVIMcwxov_uLzs6REfo3JV8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 12:47:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 12:47:45 GMT
Connection: keep-alive
'
[Tue May 31 12:47:46 UTC 2016] nonce='3PSB2VT3fiaYQrOgFLGtRVIMcwxov_uLzs6REfo3JV8'
[Tue May 31 12:47:46 UTC 2016] protected='{"nonce": "3PSB2VT3fiaYQrOgFLGtRVIMcwxov_uLzs6REfo3JV8", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 12:47:46 UTC 2016] protected64='eyJub25jZSI6ICIzUFNCMlZUM2ZpYVlRck9nRkxHdFJWSU1jd3hvdl91THpzNlJFZm8zSlY4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19'
[Tue May 31 12:47:46 UTC 2016] sig='E_y5iXrvKiJxWeq_uTwCDL6LwI7WFdhCsSuGRSOj5lQE2SZrXGEd_t21MXs7K8XeNPBWtO7Vm_0VRgTL_SDOW40IuMj15-iKb6MlCLdvO_ryUCoGtOkHSftf5_2Uk59w7sWqvgvpwYXfQXAfNaos3JE2zuyQtp7nssrvW0pxG4DEu5bc7txU1MKdKbA2yPwSK9uxSjjV1wihWbNEupUE0PoSS4hZ449bkVTLfL8_ntkP6riX3fNeNra9Z2qrz4uExA490FKSCXSug3H1sU8MA_CMQgZxkSMDjcFhOHpNgvbSeb5YJ0qCg5EQ-glXf2D32mINWhaKw4o3Ziytfuprew'
[Tue May 31 12:47:46 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICIzUFNCMlZUM2ZpYVlRck9nRkxHdFJWSU1jd3hvdl91THpzNlJFZm8zSlY4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJmNmtqS1pCX0lXUXY1cllTY3p2MGRwT2tBM3NFZjZVcEJtYVNQQUtLMU9zLkJKY0xnMlJBYkhlVkEwR3NqU0g4QnVvVWs0b25PYXotX3RRMmpmY0ZaWUkifQ", "signature": "E_y5iXrvKiJxWeq_uTwCDL6LwI7WFdhCsSuGRSOj5lQE2SZrXGEd_t21MXs7K8XeNPBWtO7Vm_0VRgTL_SDOW40IuMj15-iKb6MlCLdvO_ryUCoGtOkHSftf5_2Uk59w7sWqvgvpwYXfQXAfNaos3JE2zuyQtp7nssrvW0pxG4DEu5bc7txU1MKdKbA2yPwSK9uxSjjV1wihWbNEupUE0PoSS4hZ449bkVTLfL8_ntkP6riX3fNeNra9Z2qrz4uExA490FKSCXSug3H1sU8MA_CMQgZxkSMDjcFhOHpNgvbSeb5YJ0qCg5EQ-glXf2D32mINWhaKw4o3Ziytfuprew"}'
[Tue May 31 12:47:46 UTC 2016] POST
[Tue May 31 12:47:46 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654'
[Tue May 31 12:47:46 UTC 2016] curl exists=0
[Tue May 31 12:47:48 UTC 2016] _ret='0'
[Tue May 31 12:47:48 UTC 2016] original='{
  "type": "http-01",
  "status": "pending",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654",
  "token": "f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os",
  "keyAuthorization": "f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI"
}'
[Tue May 31 12:47:48 UTC 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 31 May 2016 12:47:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654
Replay-Nonce: hzIqMMRxcFNWtazGOLQ0l0o-ZD0Hh1MNINMTC5zGa3U
Expires: Tue, 31 May 2016 12:47:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 12:47:47 GMT
Connection: keep-alive
'
[Tue May 31 12:47:48 UTC 2016] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654","token":"f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os","keyAuthorization":"f6kjKZB_IWQv5rYSczv0dpOkA3sEf6UpBmaSPAKK1Os.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI"}'
[Tue May 31 12:47:48 UTC 2016] code='202'
[Tue May 31 12:47:48 UTC 2016] sleep 5 secs to verify
[Tue May 31 12:47:53 UTC 2016] checking
[Tue May 31 12:47:53 UTC 2016] GET
[Tue May 31 12:47:53 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654'
[Tue May 31 12:47:53 UTC 2016] curl exists=0
[Tue May 31 12:47:56 UTC 2016] response
[Tue May 31 12:47:56 UTC 2016] acme.domain.com:Verify error:
[Tue May 31 12:47:56 UTC 2016] remove /home/nginx/domains/acme.domain.com/public/.well-known
[Tue May 31 12:47:56 UTC 2016] pid
centminmod picture centminmod on 31 May 2016

try

curl  https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654
Neilpang picture Neilpang on 31 May 2016

guess it's still network related heh

curl  https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654
curl: (7) Failed to connect to 2600:1417:a:195::3d5: Network is unreachable
centminmod picture centminmod on 31 May 2016

I think so.

I'm trying to make a better error message now.

Neilpang picture Neilpang on 31 May 2016

looks like disabling IPv6 only way for now

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

strange that even curl -4 didn't work

still 

[Tue May 31 13:08:34 UTC 2016] GET
[Tue May 31 13:08:34 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 13:08:34 UTC 2016] curl exists=0
[Tue May 31 13:08:38 UTC 2016] Can not connect to https://acme-staging.api.letsencrypt.org/directory to get nonce.
[Tue May 31 13:08:38 UTC 2016] Can not get domain token.
[Tue May 31 13:08:38 UTC 2016] pid

so something is messed up network wise

curl -4 --dump-header h.txt https://acme-staging.api.letsencrypt.org/directory; cat h.txt 
curl: (7) Failed connect to acme-staging.api.letsencrypt.org:443; No route to host

curl --dump-header h.txt https://acme-staging.api.letsencrypt.org/directory; cat h.txt    
curl: (7) Failed to connect to 2600:141b:5:292::3d5: Network is unreachable

ping -c4 acme-staging.api.letsencrypt.org
PING e981.dscb.akamaiedge.net (23.78.168.127) 56(84) bytes of data.
From domain.com (ip) icmp_seq=1 Destination Host Unreachable
From domain.com (ip) icmp_seq=2 Destination Host Unreachable
From domain.com (ip) icmp_seq=3 Destination Host Unreachable
From domain.com (ip) icmp_seq=4 Destination Host Unreachable

--- e981.dscb.akamaiedge.net ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 2999ms
pipe 4

ping -c4 google.com
PING google.com (74.125.21.102) 56(84) bytes of data.
64 bytes from yv-in-f102.1e100.net (74.125.21.102): icmp_seq=1 ttl=48 time=9.86 ms
64 bytes from yv-in-f102.1e100.net (74.125.21.102): icmp_seq=2 ttl=48 time=10.3 ms
64 bytes from yv-in-f102.1e100.net (74.125.21.102): icmp_seq=3 ttl=48 time=10.0 ms
64 bytes from yv-in-f102.1e100.net (74.125.21.102): icmp_seq=4 ttl=48 time=10.0 ms

--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 9.866/10.067/10.351/0.202 ms
centminmod picture centminmod on 31 May 2016

have tried wget over ipv6 ?

wget -O-    https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654
Neilpang picture Neilpang on 31 May 2016 
wget -O-    https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654
--2016-05-31 13:21:34--  https://acme-staging.api.letsencrypt.org/acme/challenge/HQFGeYXHxi1K89UJ5jXH0boZ5aq7bkgbF85WN4ZmJhk/7554654
Resolving acme-staging.api.letsencrypt.org (acme-staging.api.letsencrypt.org)... 23.78.168.127, 2600:1402:a:482::3d5, 2600:1402:a:480::3d5
Connecting to acme-staging.api.letsencrypt.org (acme-staging.api.letsencrypt.org)|23.78.168.127|:443... failed: No route to host.
Connecting to acme-staging.api.letsencrypt.org (acme-staging.api.letsencrypt.org)|2600:1402:a:482::3d5|:443... failed: Network is unreachable.
Connecting to acme-staging.api.letsencrypt.org (acme-staging.api.letsencrypt.org)|2600:1402:a:480::3d5|:443... failed: Network is unreachable.
centminmod picture centminmod on 31 May 2016

Have a better error message now: 9aaf36cd0c3fbff1e05ad16a57292b579cf3d654

Please try again.

Neilpang picture Neilpang on 31 May 2016

It seems that your ipv6 newwork is not working.

Neilpang picture Neilpang on 31 May 2016

yeah will contact my web host

as to latest run with better messages here is output

acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2
[Tue May 31 13:24:24 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue May 31 13:24:24 UTC 2016] Le_NextRenewTime
[Tue May 31 13:24:24 UTC 2016] OK
[Tue May 31 13:24:24 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
[Tue May 31 13:24:24 UTC 2016] OK
[Tue May 31 13:24:24 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
[Tue May 31 13:24:24 UTC 2016] OK
[Tue May 31 13:24:24 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
[Tue May 31 13:24:24 UTC 2016] OK
[Tue May 31 13:24:24 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
[Tue May 31 13:24:24 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
[Tue May 31 13:24:24 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
[Tue May 31 13:24:24 UTC 2016] RSA key
[Tue May 31 13:24:24 UTC 2016] pub_exp='010001'
[Tue May 31 13:24:24 UTC 2016] let exists=0
[Tue May 31 13:24:24 UTC 2016] uselet='1'
[Tue May 31 13:24:24 UTC 2016] _URGLY_PRINTF
[Tue May 31 13:24:24 UTC 2016] e='AQAB'
[Tue May 31 13:24:24 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 13:24:24 UTC 2016] let exists=0
[Tue May 31 13:24:24 UTC 2016] uselet='1'
[Tue May 31 13:24:24 UTC 2016] _URGLY_PRINTF
[Tue May 31 13:24:27 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 13:24:27 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 13:24:27 UTC 2016] Skip register account key
[Tue May 31 13:24:27 UTC 2016] Creating csr
[Tue May 31 13:24:27 UTC 2016] Single domain='acme.domain.com'
[Tue May 31 13:24:27 UTC 2016] Verify each domain
[Tue May 31 13:24:27 UTC 2016] Getting webroot for domain='acme.domain.com'
[Tue May 31 13:24:27 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 13:24:27 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 13:24:27 UTC 2016] Getting token for domain='acme.domain.com'
[Tue May 31 13:24:27 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 13:24:27 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
[Tue May 31 13:24:27 UTC 2016] RSA key
[Tue May 31 13:24:27 UTC 2016] pub_exp='010001'
[Tue May 31 13:24:27 UTC 2016] let exists=0
[Tue May 31 13:24:27 UTC 2016] uselet='1'
[Tue May 31 13:24:27 UTC 2016] _URGLY_PRINTF
[Tue May 31 13:24:27 UTC 2016] e='AQAB'
[Tue May 31 13:24:27 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 13:24:27 UTC 2016] let exists=0
[Tue May 31 13:24:27 UTC 2016] uselet='1'
[Tue May 31 13:24:28 UTC 2016] _URGLY_PRINTF
[Tue May 31 13:24:30 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 13:24:30 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 13:24:30 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
[Tue May 31 13:24:30 UTC 2016] GET
[Tue May 31 13:24:30 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 13:24:30 UTC 2016] curl exists=0
[Tue May 31 13:24:33 UTC 2016] 
[Tue May 31 13:24:33 UTC 2016] Can not connect to https://acme-staging.api.letsencrypt.org/directory to get nonce.
[Tue May 31 13:24:33 UTC 2016] Can not get domain token.
[Tue May 31 13:24:33 UTC 2016] pid
centminmod picture centminmod on 31 May 2016

it might be a specific server at acme-staging.api.letsencrypt.org as i run it a few times and successful connects are with a different destination ip

curl forced ipv4

curl -v -4 --dump-header h.txt https://acme-staging.api.letsencrypt.org/directory
* About to connect() to acme-staging.api.letsencrypt.org port 443 (#0)
*   Trying 23.78.168.127...
* No route to host
* Failed connect to acme-staging.api.letsencrypt.org:443; No route to host
* Closing connection 0
curl: (7) Failed connect to acme-staging.api.letsencrypt.org:443; No route to host

curl -v -4 --dump-header h.txt https://acme-staging.api.letsencrypt.org/directory
* About to connect() to acme-staging.api.letsencrypt.org port 443 (#0)
*   Trying 104.101.161.90...
* Connected to acme-staging.api.letsencrypt.org (104.101.161.90) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: C=US,ST=California,L=Mountain View,O=INTERNET SECURITY RESEARCH GROUP,CN=*.api.letsencrypt.org
*       start date: Jun 26 17:05:45 2015 GMT
*       expire date: Jun 25 17:05:45 2018 GMT
*       common name: *.api.letsencrypt.org
*       issuer: CN=TrustID Server CA A52,OU=TrustID Server,O=IdenTrust,C=US
> GET /directory HTTP/1.1
> User-Agent: curl/7.29.0
> Host: acme-staging.api.letsencrypt.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx
< Content-Type: application/json
< Content-Length: 296
< Replay-Nonce: g9wheYZCRChenxhIyGGutmZ3ffOqHZFjzDOac7Z4qjc
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
< Expires: Tue, 31 May 2016 13:45:19 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Tue, 31 May 2016 13:45:19 GMT
< Connection: keep-alive
< 
{
  "new-authz": "https://acme-staging.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-staging.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-staging.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-staging.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-staging.api.letsencrypt.org left intact
}
centminmod picture centminmod on 31 May 2016

Yes, the ipv6 server of letsencrypt is buggy.

Neilpang picture Neilpang on 31 May 2016

maybe just override it in acme.sh to use curl over ipv4 if ipv4 is detected ? still wouldn't help for me as it seems ip 23.78.168.127 for acme-staging.api.letsencrypt.org is the culprit with both ipv4 and ipv6 issues while acme-staging.api.letsencrypt.org on 104.101.161.90 connects fine over ipv4

centminmod picture centminmod on 31 May 2016

also maybe in light of this maybe if you can't connect, let acme.sh try a retry issue and reconnect to see if it connects to another server ip ?

centminmod picture centminmod on 31 May 2016

Oh, That is too far away. :)

Neilpang picture Neilpang on 31 May 2016

i see.. on that to do list :)

centminmod picture centminmod on 31 May 2016

nice idea at https://community.letsencrypt.org/t/problem-connecting-to-letsencrypt-only-from-one-server/16278/7?u=eva2000

you can do a precheck for acme api url's ip and do that curl dump header check and look for the exit code if it's successful, you could do issuance via the working ip instead of hostname ? if the exit code suggests unable to connect, could do a retry loop for set amount of times until a successful ip is found and then exit after a set amount of loop times if still failed with a retry to connect to letsencrypt failed message

maybe add this function as an optional flag --retryconnect and only enable retries if the flag is present at --issue time

hmm you'd get certificate issues if you connect via ip heh

curl -v -4 --dump-header h.txt https://104.101.161.90/directory
* About to connect() to 104.101.161.90 port 443 (#0)
*   Trying 104.101.161.90...
* Connected to 104.101.161.90 (104.101.161.90) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: C=US,ST=California,L=Mountain View,O=INTERNET SECURITY RESEARCH GROUP,CN=*.api.letsencrypt.org
*       start date: Jun 26 17:05:45 2015 GMT
*       expire date: Jun 25 17:05:45 2018 GMT
*       common name: *.api.letsencrypt.org
*       issuer: CN=TrustID Server CA A52,OU=TrustID Server,O=IdenTrust,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
``
centminmod picture centminmod on 31 May 2016

webhost has however fixed ipv6 on the server

 curl -v --dump-header h.txt https://acme-staging.api.letsencrypt.org/directory
* About to connect() to acme-staging.api.letsencrypt.org port 443 (#0)
*   Trying 2600:1402:a:482::3d5...
* Connected to acme-staging.api.letsencrypt.org (2600:1402:a:482::3d5) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: C=US,ST=California,L=Mountain View,O=INTERNET SECURITY RESEARCH GROUP,CN=*.api.letsencrypt.org
*       start date: Jun 26 17:05:45 2015 GMT
*       expire date: Jun 25 17:05:45 2018 GMT
*       common name: *.api.letsencrypt.org
*       issuer: CN=TrustID Server CA A52,OU=TrustID Server,O=IdenTrust,C=US
> GET /directory HTTP/1.1
> User-Agent: curl/7.29.0
> Host: acme-staging.api.letsencrypt.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx
< Content-Type: application/json
< Content-Length: 296
< Replay-Nonce: bK9VUwr1Ks_I5V1gCaXpIgPHXgbtCb85OyiwccQYdJA
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
< Expires: Tue, 31 May 2016 14:16:14 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Tue, 31 May 2016 14:16:14 GMT
< Connection: keep-alive
< 
{
  "new-authz": "https://acme-staging.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-staging.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-staging.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-staging.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-staging.api.letsencrypt.org left intact
}

so seems to be combination of issues, maybe some letsencrypt staging servers are ipv6 only so don't work with ipv4 ?

working out put via my acmetool.sh wrapper for acme.sh usage and nginx vhost setup

./acmetool.sh issue acme.domain.com
Reloading nginx configuration (via systemctl):  [  OK  ]

issue & install letsencrypt ssl certificate for acme.domain.com
/root/.acme.sh/acme.sh --staging --issue -d acme.domain.com -w /home/nginx/domains/acme.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --debug 2
[Tue May 31 14:17:50 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Tue May 31 14:17:50 UTC 2016] Le_NextRenewTime
[Tue May 31 14:17:50 UTC 2016] OK
[Tue May 31 14:17:50 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:1:Le_Domain="acme.domain.com"
[Tue May 31 14:17:50 UTC 2016] OK
[Tue May 31 14:17:50 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:2:Le_Alt="no"
[Tue May 31 14:17:50 UTC 2016] OK
[Tue May 31 14:17:50 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:3:Le_Webroot="/home/nginx/domains/acme.domain.com/public"
[Tue May 31 14:17:50 UTC 2016] OK
[Tue May 31 14:17:50 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:4:Le_Keylength="2048"
[Tue May 31 14:17:50 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'no'
[Tue May 31 14:17:50 UTC 2016] '/home/nginx/domains/acme.domain.com/public' does not contain 'apache'
[Tue May 31 14:17:50 UTC 2016] RSA key
[Tue May 31 14:17:50 UTC 2016] pub_exp='010001'
[Tue May 31 14:17:50 UTC 2016] let exists=0
[Tue May 31 14:17:50 UTC 2016] uselet='1'
[Tue May 31 14:17:50 UTC 2016] _URGLY_PRINTF
[Tue May 31 14:17:50 UTC 2016] e='AQAB'
[Tue May 31 14:17:50 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 14:17:50 UTC 2016] let exists=0
[Tue May 31 14:17:50 UTC 2016] uselet='1'
[Tue May 31 14:17:50 UTC 2016] _URGLY_PRINTF
[Tue May 31 14:17:53 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 14:17:53 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 14:17:53 UTC 2016] Skip register account key
[Tue May 31 14:17:53 UTC 2016] Creating csr
[Tue May 31 14:17:53 UTC 2016] Single domain='acme.domain.com'
[Tue May 31 14:17:53 UTC 2016] Verify each domain
[Tue May 31 14:17:53 UTC 2016] Getting webroot for domain='acme.domain.com'
[Tue May 31 14:17:53 UTC 2016] _w='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 14:17:53 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 14:17:53 UTC 2016] Getting token for domain='acme.domain.com'
[Tue May 31 14:17:53 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 14:17:53 UTC 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acme.domain.com"}}'
[Tue May 31 14:17:53 UTC 2016] RSA key
[Tue May 31 14:17:53 UTC 2016] pub_exp='010001'
[Tue May 31 14:17:53 UTC 2016] let exists=0
[Tue May 31 14:17:53 UTC 2016] uselet='1'
[Tue May 31 14:17:53 UTC 2016] _URGLY_PRINTF
[Tue May 31 14:17:53 UTC 2016] e='AQAB'
[Tue May 31 14:17:53 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 14:17:53 UTC 2016] let exists=0
[Tue May 31 14:17:53 UTC 2016] uselet='1'
[Tue May 31 14:17:53 UTC 2016] _URGLY_PRINTF
[Tue May 31 14:17:56 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 14:17:56 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 14:17:56 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ'
[Tue May 31 14:17:56 UTC 2016] GET
[Tue May 31 14:17:56 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 14:17:56 UTC 2016] curl exists=0
[Tue May 31 14:17:57 UTC 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Replay-Nonce: v2kp-Q4O6UY5vcX2ivTjpNll4p7CvSFImKopIIDfpZ0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 14:17:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 14:17:57 GMT
Connection: keep-alive
'
[Tue May 31 14:17:57 UTC 2016] nonce='v2kp-Q4O6UY5vcX2ivTjpNll4p7CvSFImKopIIDfpZ0'
[Tue May 31 14:17:57 UTC 2016] protected='{"nonce": "v2kp-Q4O6UY5vcX2ivTjpNll4p7CvSFImKopIIDfpZ0", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 14:17:57 UTC 2016] protected64='eyJub25jZSI6ICJ2MmtwLVE0TzZVWTV2Y1gyaXZUanBObGw0cDdDdlNGSW1Lb3BJSURmcFowIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19'
[Tue May 31 14:17:57 UTC 2016] sig='cMRy5t5J7xtTB6VVXq7hHlGqL3NQ_EbV2JrpjAVpMw-ijHdirBd7kG_JoO1HdaAPlykrOp0L15cs1eXW9kJ9HHW31FDnMzBKp3aFGazmKXfvfA6O-9x3WJlZRYix5a6PO2YziXRwaPz0mCscHHQX3k5n5TqKsIrelzra5aCRwvn1YIbE74e8Krvu93ryRsuaVe7gS4EkJTsGuAPnCCwT6tpnLSUJgnpVW6kZRnt5WYmKbdLASXQUB0L1d0MQ-wWVvmdUc_xg5sdt3k4ZVghlOC6tJtGBBZf0kX368flsWL1WKOM80v5hFkvjq68soV8RDen77gUlERsvePixUObAeg'
[Tue May 31 14:17:57 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICJ2MmtwLVE0TzZVWTV2Y1gyaXZUanBObGw0cDdDdlNGSW1Lb3BJSURmcFowIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiYWNtZS5jZW50bWlubW9kLmNvbSJ9fQ", "signature": "cMRy5t5J7xtTB6VVXq7hHlGqL3NQ_EbV2JrpjAVpMw-ijHdirBd7kG_JoO1HdaAPlykrOp0L15cs1eXW9kJ9HHW31FDnMzBKp3aFGazmKXfvfA6O-9x3WJlZRYix5a6PO2YziXRwaPz0mCscHHQX3k5n5TqKsIrelzra5aCRwvn1YIbE74e8Krvu93ryRsuaVe7gS4EkJTsGuAPnCCwT6tpnLSUJgnpVW6kZRnt5WYmKbdLASXQUB0L1d0MQ-wWVvmdUc_xg5sdt3k4ZVghlOC6tJtGBBZf0kX368flsWL1WKOM80v5hFkvjq68soV8RDen77gUlERsvePixUObAeg"}'
[Tue May 31 14:17:57 UTC 2016] POST
[Tue May 31 14:17:57 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Tue May 31 14:17:57 UTC 2016] curl exists=0
[Tue May 31 14:17:59 UTC 2016] _ret='0'
[Tue May 31 14:17:59 UTC 2016] original='{
  "identifier": {
    "type": "dns",
    "value": "acme.domain.com"
  },
  "status": "pending",
  "expires": "2016-06-07T14:17:59.209980735Z",
  "challenges": [
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563842",
      "token": "Bx4a0M6MXoGqB0YojzRfMiT05rMeN3U8cDTyYRpRe_U"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843",
      "token": "lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563844",
      "token": "9KwYTs8cZfSIGml4Wbg_i6wV-74nmjFKD8JWzsbsIms"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      0
    ],
    [
      2
    ]
  ]
}'
[Tue May 31 14:17:59 UTC 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 31 May 2016 14:17:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1010
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM
Replay-Nonce: mNuz4oUQYdH9JvWQW2OSB8T_4rRF9w32Mr_CzuLn1Ck
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 14:17:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 14:17:59 GMT
Connection: keep-alive
'
[Tue May 31 14:17:59 UTC 2016] response='{"identifier":{"type":"dns","value":"acme.domain.com"},"status":"pending","expires":"2016-06-07T14:17:59.209980735Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563842","token":"Bx4a0M6MXoGqB0YojzRfMiT05rMeN3U8cDTyYRpRe_U"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843","token":"lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563844","token":"9KwYTs8cZfSIGml4Wbg_i6wV-74nmjFKD8JWzsbsIms"}],"combinations":[[1],[0],[2]]}'
[Tue May 31 14:17:59 UTC 2016] code='201'
[Tue May 31 14:17:59 UTC 2016] entry='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843","token":"lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc"'
[Tue May 31 14:17:59 UTC 2016] token='lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc'
[Tue May 31 14:17:59 UTC 2016] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843'
[Tue May 31 14:17:59 UTC 2016] keyauthorization='lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI'
[Tue May 31 14:17:59 UTC 2016] dvlist='acme.domain.com#lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI#https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843#http-01#/home/nginx/domains/acme.domain.com/public'
[Tue May 31 14:17:59 UTC 2016] ok, let's start to verify
[Tue May 31 14:17:59 UTC 2016] Verifying:acme.domain.com
[Tue May 31 14:17:59 UTC 2016] d='acme.domain.com'
[Tue May 31 14:17:59 UTC 2016] keyauthorization='lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI'
[Tue May 31 14:17:59 UTC 2016] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843'
[Tue May 31 14:17:59 UTC 2016] _currentRoot='/home/nginx/domains/acme.domain.com/public'
[Tue May 31 14:17:59 UTC 2016] wellknown_path='/home/nginx/domains/acme.domain.com/public/.well-known/acme-challenge'
[Tue May 31 14:17:59 UTC 2016] writing token:lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc to /home/nginx/domains/acme.domain.com/public/.well-known/acme-challenge/lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc
[Tue May 31 14:17:59 UTC 2016] Changing owner/group of .well-known to nginx:nginx
[Tue May 31 14:17:59 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843'
[Tue May 31 14:17:59 UTC 2016] payload='{"resource": "challenge", "keyAuthorization": "lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI"}'
[Tue May 31 14:17:59 UTC 2016] RSA key
[Tue May 31 14:17:59 UTC 2016] pub_exp='010001'
[Tue May 31 14:17:59 UTC 2016] let exists=0
[Tue May 31 14:17:59 UTC 2016] uselet='1'
[Tue May 31 14:17:59 UTC 2016] _URGLY_PRINTF
[Tue May 31 14:17:59 UTC 2016] e='AQAB'
[Tue May 31 14:17:59 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 14:17:59 UTC 2016] let exists=0
[Tue May 31 14:17:59 UTC 2016] uselet='1'
[Tue May 31 14:17:59 UTC 2016] _URGLY_PRINTF
[Tue May 31 14:18:02 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 14:18:02 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 14:18:02 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJsR0ZHUEQzVmJfQ01YbS0ydURMWWhyeHc3Yi1ndTBHYjhhaFZpU2JhR01jLkJKY0xnMlJBYkhlVkEwR3NqU0g4QnVvVWs0b25PYXotX3RRMmpmY0ZaWUkifQ'
[Tue May 31 14:18:02 UTC 2016] GET
[Tue May 31 14:18:02 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 14:18:02 UTC 2016] curl exists=0
[Tue May 31 14:18:02 UTC 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Replay-Nonce: XaPaR2fHHGhqRQ-WxGTG6AlYOf-sxoUFuVa5a20vWOA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 14:18:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 14:18:02 GMT
Connection: keep-alive
'
[Tue May 31 14:18:02 UTC 2016] nonce='XaPaR2fHHGhqRQ-WxGTG6AlYOf-sxoUFuVa5a20vWOA'
[Tue May 31 14:18:03 UTC 2016] protected='{"nonce": "XaPaR2fHHGhqRQ-WxGTG6AlYOf-sxoUFuVa5a20vWOA", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 14:18:03 UTC 2016] protected64='eyJub25jZSI6ICJYYVBhUjJmSEhHaHFSUS1XeEdURzZBbFlPZi1zeG9VRnVWYTVhMjB2V09BIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19'
[Tue May 31 14:18:03 UTC 2016] sig='PG001vPZjNIpqeHRnT1fekpgXZcr5xIuvFBwuK1Tjjr9TQlWb1kCuegiJwvE6DWRKSJib_b78flVz-Y170oS_wdkwJK-v_IZukfBcQjXUQee6-P4419_ybbftgsVnUP__6xt5GNBJIG7eizvWW4cWAdwSvVK71USZUo8zfFvTcVUetayDv5tzdDGyiq8dIdzxHMjWuHCJ7h0J9Q5C8Ihew9cwQAUYCcHHo5k5_huswpPO3BjcARwMXSfnsaugiZpnggXcB0Qdcg9Q6wB2kUnzQVcwHNmk7JdOsJqINu3hmC6L2fwhNOaH0K3a4gIU1dwfuY-nvuwaUyE3pyPDBPULw'
[Tue May 31 14:18:03 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICJYYVBhUjJmSEhHaHFSUS1XeEdURzZBbFlPZi1zeG9VRnVWYTVhMjB2V09BIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJsR0ZHUEQzVmJfQ01YbS0ydURMWWhyeHc3Yi1ndTBHYjhhaFZpU2JhR01jLkJKY0xnMlJBYkhlVkEwR3NqU0g4QnVvVWs0b25PYXotX3RRMmpmY0ZaWUkifQ", "signature": "PG001vPZjNIpqeHRnT1fekpgXZcr5xIuvFBwuK1Tjjr9TQlWb1kCuegiJwvE6DWRKSJib_b78flVz-Y170oS_wdkwJK-v_IZukfBcQjXUQee6-P4419_ybbftgsVnUP__6xt5GNBJIG7eizvWW4cWAdwSvVK71USZUo8zfFvTcVUetayDv5tzdDGyiq8dIdzxHMjWuHCJ7h0J9Q5C8Ihew9cwQAUYCcHHo5k5_huswpPO3BjcARwMXSfnsaugiZpnggXcB0Qdcg9Q6wB2kUnzQVcwHNmk7JdOsJqINu3hmC6L2fwhNOaH0K3a4gIU1dwfuY-nvuwaUyE3pyPDBPULw"}'
[Tue May 31 14:18:03 UTC 2016] POST
[Tue May 31 14:18:03 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843'
[Tue May 31 14:18:03 UTC 2016] curl exists=0
[Tue May 31 14:18:03 UTC 2016] _ret='0'
[Tue May 31 14:18:03 UTC 2016] original='{
  "type": "http-01",
  "status": "pending",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843",
  "token": "lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc",
  "keyAuthorization": "lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI"
}'
[Tue May 31 14:18:03 UTC 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 31 May 2016 14:18:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843
Replay-Nonce: x-0lzyc5MRtm7U2aM9KddxP-9Urgm-ITKQkKTf-dF5M
Expires: Tue, 31 May 2016 14:18:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 14:18:03 GMT
Connection: keep-alive
'
[Tue May 31 14:18:03 UTC 2016] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843","token":"lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc","keyAuthorization":"lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI"}'
[Tue May 31 14:18:03 UTC 2016] code='202'
[Tue May 31 14:18:03 UTC 2016] sleep 5 secs to verify
[Tue May 31 14:18:08 UTC 2016] checking
[Tue May 31 14:18:08 UTC 2016] GET
[Tue May 31 14:18:08 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843'
[Tue May 31 14:18:08 UTC 2016] curl exists=0
[Tue May 31 14:18:09 UTC 2016] original='{
  "type": "http-01",
  "status": "valid",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843",
  "token": "lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc",
  "keyAuthorization": "lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI",
  "validationRecord": [
    {
      "url": "http://acme.domain.com/.well-known/acme-challenge/lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc",
      "hostname": "acme.domain.com",
      "port": "80",
      "addressesResolved": [
        "23.92.216.164"
      ],
      "addressUsed": "23.92.216.164"
    }
  ]
}'
[Tue May 31 14:18:09 UTC 2016] response='{"type":"http-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/JFM-AKrVxnurKRhghO66-yCW4vO1awhpOKBInf4R0aM/7563843","token":"lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc","keyAuthorization":"lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc.BJcLg2RAbHeVA0GsjSH8BuoUk4onOaz-_tQ2jfcFZYI","validationRecord":[{"url":"http://acme.domain.com/.well-known/acme-challenge/lGFGPD3Vb_CMXm-2uDLYhrxw7b-gu0Gb8ahViSbaGMc","hostname":"acme.domain.com","port":"80","addressesResolved":["23.92.216.164"],"addressUsed":"23.92.216.164"}]}'
[Tue May 31 14:18:10 UTC 2016] Success
[Tue May 31 14:18:10 UTC 2016] pid
[Tue May 31 14:18:10 UTC 2016] remove /home/nginx/domains/acme.domain.com/public/.well-known
[Tue May 31 14:18:10 UTC 2016] pid
[Tue May 31 14:18:10 UTC 2016] Verify finished, start to sign.
[Tue May 31 14:18:10 UTC 2016] i='2'
[Tue May 31 14:18:10 UTC 2016] j='14'
[Tue May 31 14:18:10 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Tue May 31 14:18:10 UTC 2016] payload='{"resource": "new-cert", "csr": "MIICYzCCAUsCAQAwHjEcMBoGA1UEAxMTYWNtZS5jZW50bWlubW9kLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMcmTV7Y3QMqZpqoAHnggx3PD_hrMt1KnxzS9RBNZ7L9Wi2GT9j2s5e11hOcjAI_kdbVRQgc4SgH8VmqHV7m_Qeqxkn8UWoav-S5C8TXYKjvEsk42Wqpk4wME5EilhCtMB5eiDDGNJOkM1BFnyggCRMZ4C6hIwYGNtLpNvgr0KMRFIHDYPUpl4TUfn2-G8Xpj1I2AcOLEgfZ6Kyg3DQ-sKuq4HBFJ1tTuEhzYgTzqV0m0aD-bXzjt4zuOzI-_pUcVwzMsaVmCyfbKzeg5fbju3LEnfHDVPUorLxXlovN6VZO8PqV1KGaC_2vriCqQZUhlPPkET0JUnJNZi-ELRWZujECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQArz4lIkIEsP7HE9qaH8ryOXrNgbj2kf-qywP2qZtAixnij2YhLwOoVtd8U54hXjnX1DNCQq69qcqGgmSwAsWY0hiZSGx3qY3ASjqcZaUMkOxZr9Zc7aDmcHeQ3ZVOHQGVl0z6XB2xgJZ8LyMUYcwaoMkaUMh4tPtIdlp04FHcXcqUTqz7zEd8lNT4tj4zlP4alhlZQwszJItISe1R8V2ZwPIP8fLvsNUGWlsfFntyzFhX21tTAJAxmBhkxu4QAt6m6Sr7DC0Yc7C6j5BneGv3h0KXYzcjwyh__60DeTphGWrBlPJGMCEPaEe-0wuqa04_pythLOVN8-2yItq7_Br3C"}'
[Tue May 31 14:18:10 UTC 2016] RSA key
[Tue May 31 14:18:10 UTC 2016] pub_exp='010001'
[Tue May 31 14:18:10 UTC 2016] let exists=0
[Tue May 31 14:18:10 UTC 2016] uselet='1'
[Tue May 31 14:18:10 UTC 2016] _URGLY_PRINTF
[Tue May 31 14:18:10 UTC 2016] e='AQAB'
[Tue May 31 14:18:10 UTC 2016] modulus='9FF1BB8CFA2EB3B2754CB585AA2924CDC4032B64724F44EA040FC0D3D2C41B9B4852E09B5450892DC0798751D3B98EA0A649A5B52B9ABD4F8613EC0C48C099B610CF3AAFE79919AF4663EE14A60570A2A5596B8EE9A3E0365281C2491752FFB0AC42E6A929B5C93003CE2990C867EAA1A6F476C77F08FBF3B30322E960270DA5AE9A0A738B092CA1D6CD6CBBF0C78EAF8DD355A5EC72FDAB9110012FEAE8A1B41157278C00AD8416F8A55093E37C1FABE0B355002A361A191F87BD9598337450912DF74164B1DA09851D5EB16993D56AD0BAD2BD273CFAA362332716D17770FF429332509362750E24518E8067EB29E105A733D36614B7095B318AE67FD11355'
[Tue May 31 14:18:10 UTC 2016] let exists=0
[Tue May 31 14:18:10 UTC 2016] uselet='1'
[Tue May 31 14:18:10 UTC 2016] _URGLY_PRINTF
[Tue May 31 14:18:12 UTC 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}'
[Tue May 31 14:18:12 UTC 2016] HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 14:18:13 UTC 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJQ1l6Q0NBVXNDQVFBd0hqRWNNQm9HQTFVRUF4TVRZV050WlM1alpXNTBiV2x1Ylc5a0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNY21UVjdZM1FNcVpwcW9BSG5nZ3gzUERfaHJNdDFLbnh6UzlSQk5aN0w5V2kyR1Q5ajJzNWUxMWhPY2pBSV9rZGJWUlFnYzRTZ0g4Vm1xSFY3bV9RZXF4a244VVdvYXYtUzVDOFRYWUtqdkVzazQyV3FwazR3TUU1RWlsaEN0TUI1ZWlEREdOSk9rTTFCRm55Z2dDUk1aNEM2aEl3WUdOdExwTnZncjBLTVJGSUhEWVBVcGw0VFVmbjItRzhYcGoxSTJBY09MRWdmWjZLeWczRFEtc0t1cTRIQkZKMXRUdUVoellnVHpxVjBtMGFELWJYemp0NHp1T3pJLV9wVWNWd3pNc2FWbUN5ZmJLemVnNWZianUzTEVuZkhEVlBVb3JMeFhsb3ZONlZaTzhQcVYxS0dhQ18ydnJpQ3FRWlVobFBQa0VUMEpVbkpOWmktRUxSV1p1akVDQXdFQUFhQUFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFyejRsSWtJRXNQN0hFOXFhSDhyeU9Yck5nYmoya2YtcXl3UDJxWnRBaXhuaWoyWWhMd09vVnRkOFU1NGhYam5YMUROQ1FxNjlxY3FHZ21Td0FzV1kwaGlaU0d4M3FZM0FTanFjWmFVTWtPeFpyOVpjN2FEbWNIZVEzWlZPSFFHVmwwejZYQjJ4Z0paOEx5TVVZY3dhb01rYVVNaDR0UHRJZGxwMDRGSGNYY3FVVHF6N3pFZDhsTlQ0dGo0emxQNGFsaGxaUXdzekpJdElTZTFSOFYyWndQSVA4Zkx2c05VR1dsc2ZGbnR5ekZoWDIxdFRBSkF4bUJoa3h1NFFBdDZtNlNyN0RDMFljN0M2ajVCbmVHdjNoMEtYWXpjand5aF9fNjBEZVRwaEdXckJsUEpHTUNFUGFFZS0wd3VxYTA0X3B5dGhMT1ZOOC0yeUl0cTdfQnIzQyJ9'
[Tue May 31 14:18:13 UTC 2016] GET
[Tue May 31 14:18:13 UTC 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Tue May 31 14:18:13 UTC 2016] curl exists=0
[Tue May 31 14:18:14 UTC 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Replay-Nonce: Ltbu8lXaWTcAiEXz6_t_Jim0D8XJ2hzwu_eN4PqIddw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 14:18:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 14:18:14 GMT
Connection: keep-alive
'
[Tue May 31 14:18:14 UTC 2016] nonce='Ltbu8lXaWTcAiEXz6_t_Jim0D8XJ2hzwu_eN4PqIddw'
[Tue May 31 14:18:14 UTC 2016] protected='{"nonce": "Ltbu8lXaWTcAiEXz6_t_Jim0D8XJ2hzwu_eN4PqIddw", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}'
[Tue May 31 14:18:14 UTC 2016] protected64='eyJub25jZSI6ICJMdGJ1OGxYYVdUY0FpRVh6Nl90X0ppbTBEOFhKMmh6d3VfZU40UHFJZGR3IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19'
[Tue May 31 14:18:14 UTC 2016] sig='hRpoE7oaLTUNPl8zY-sjMh-7F29PjI1JdE3rdI0LWxmEq8WMriz5f2_h_yzEuMAs34eH5pUafFDVShGddTBlAvlLBRB-5hwtBnHvBzdPFQI6PgXzYsMz4T-P3PqF8dXzpIcpILh3PGsS0Jl3j-pBxSgR_Rxk9yY-8V_czjjCVEmmlSASY68yRUZLIuAVuuj31n1mgwkVuWilfNzc8LxeJEODu9fVF_tu6eaIywSr26xp-dH-0GA9fds5USd2v46vyGUOl01WoVptIpeYVO2opWGgY5vaCBz9hl4JiABZuAsUePBvIJPZCpEz4ZqTJya8o0cvWBdWaxDv7I7OSs8Dew'
[Tue May 31 14:18:14 UTC 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "n_G7jPous7J1TLWFqikkzcQDK2RyT0TqBA_A09LEG5tIUuCbVFCJLcB5h1HTuY6gpkmltSuavU-GE-wMSMCZthDPOq_nmRmvRmPuFKYFcKKlWWuO6aPgNlKBwkkXUv-wrELmqSm1yTADzimQyGfqoab0dsd_CPvzswMi6WAnDaWumgpziwksodbNbLvwx46vjdNVpexy_auREAEv6uihtBFXJ4wArYQW-KVQk-N8H6vgs1UAKjYaGR-HvZWYM3RQkS33QWSx2gmFHV6xaZPVatC60r0nPPqjYjMnFtF3cP9CkzJQk2J1DiRRjoBn6ynhBacz02YUtwlbMYrmf9ETVQ"}}, "protected": "eyJub25jZSI6ICJMdGJ1OGxYYVdUY0FpRVh6Nl90X0ppbTBEOFhKMmh6d3VfZU40UHFJZGR3IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAibl9HN2pQb3VzN0oxVExXRnFpa2t6Y1FESzJSeVQwVHFCQV9BMDlMRUc1dElVdUNiVkZDSkxjQjVoMUhUdVk2Z3BrbWx0U3VhdlUtR0Utd01TTUNadGhEUE9xX25tUm12Um1QdUZLWUZjS0tsV1d1TzZhUGdObEtCd2trWFV2LXdyRUxtcVNtMXlUQUR6aW1ReUdmcW9hYjBkc2RfQ1B2enN3TWk2V0FuRGFXdW1ncHppd2tzb2RiTmJMdnd4NDZ2amROVnBleHlfYXVSRUFFdjZ1aWh0QkZYSjR3QXJZUVctS1ZRay1OOEg2dmdzMVVBS2pZYUdSLUh2WldZTTNSUWtTMzNRV1N4MmdtRkhWNnhhWlBWYXRDNjByMG5QUHFqWWpNbkZ0RjNjUDlDa3pKUWsySjFEaVJSam9CbjZ5bmhCYWN6MDJZVXR3bGJNWXJtZjlFVFZRIn19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJQ1l6Q0NBVXNDQVFBd0hqRWNNQm9HQTFVRUF4TVRZV050WlM1alpXNTBiV2x1Ylc5a0xtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNY21UVjdZM1FNcVpwcW9BSG5nZ3gzUERfaHJNdDFLbnh6UzlSQk5aN0w5V2kyR1Q5ajJzNWUxMWhPY2pBSV9rZGJWUlFnYzRTZ0g4Vm1xSFY3bV9RZXF4a244VVdvYXYtUzVDOFRYWUtqdkVzazQyV3FwazR3TUU1RWlsaEN0TUI1ZWlEREdOSk9rTTFCRm55Z2dDUk1aNEM2aEl3WUdOdExwTnZncjBLTVJGSUhEWVBVcGw0VFVmbjItRzhYcGoxSTJBY09MRWdmWjZLeWczRFEtc0t1cTRIQkZKMXRUdUVoellnVHpxVjBtMGFELWJYemp0NHp1T3pJLV9wVWNWd3pNc2FWbUN5ZmJLemVnNWZianUzTEVuZkhEVlBVb3JMeFhsb3ZONlZaTzhQcVYxS0dhQ18ydnJpQ3FRWlVobFBQa0VUMEpVbkpOWmktRUxSV1p1akVDQXdFQUFhQUFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFyejRsSWtJRXNQN0hFOXFhSDhyeU9Yck5nYmoya2YtcXl3UDJxWnRBaXhuaWoyWWhMd09vVnRkOFU1NGhYam5YMUROQ1FxNjlxY3FHZ21Td0FzV1kwaGlaU0d4M3FZM0FTanFjWmFVTWtPeFpyOVpjN2FEbWNIZVEzWlZPSFFHVmwwejZYQjJ4Z0paOEx5TVVZY3dhb01rYVVNaDR0UHRJZGxwMDRGSGNYY3FVVHF6N3pFZDhsTlQ0dGo0emxQNGFsaGxaUXdzekpJdElTZTFSOFYyWndQSVA4Zkx2c05VR1dsc2ZGbnR5ekZoWDIxdFRBSkF4bUJoa3h1NFFBdDZtNlNyN0RDMFljN0M2ajVCbmVHdjNoMEtYWXpjand5aF9fNjBEZVRwaEdXckJsUEpHTUNFUGFFZS0wd3VxYTA0X3B5dGhMT1ZOOC0yeUl0cTdfQnIzQyJ9", "signature": "hRpoE7oaLTUNPl8zY-sjMh-7F29PjI1JdE3rdI0LWxmEq8WMriz5f2_h_yzEuMAs34eH5pUafFDVShGddTBlAvlLBRB-5hwtBnHvBzdPFQI6PgXzYsMz4T-P3PqF8dXzpIcpILh3PGsS0Jl3j-pBxSgR_Rxk9yY-8V_czjjCVEmmlSASY68yRUZLIuAVuuj31n1mgwkVuWilfNzc8LxeJEODu9fVF_tu6eaIywSr26xp-dH-0GA9fds5USd2v46vyGUOl01WoVptIpeYVO2opWGgY5vaCBz9hl4JiABZuAsUePBvIJPZCpEz4ZqTJya8o0cvWBdWaxDv7I7OSs8Dew"}'
[Tue May 31 14:18:14 UTC 2016] POST
[Tue May 31 14:18:14 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Tue May 31 14:18:14 UTC 2016] curl exists=0
[Tue May 31 14:18:16 UTC 2016] _ret='0'
[Tue May 31 14:18:16 UTC 2016] original='MIIE6zCCA9OgAwIBAgITAPpXYOSxo+bDv0vjSBGZBuo1WTANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjA1MzExMzE4MDBaFw0xNjA4MjkxMzE4MDBaMB4xHDAaBgNVBAMTE2FjbWUuY2VudG1pbm1vZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHJk1e2N0DKmaaqAB54IMdzw/4azLdSp8c0vUQTWey/Vothk/Y9rOXtdYTnIwCP5HW1UUIHOEoB/FZqh1e5v0HqsZJ/FFqGr/kuQvE12Co7xLJONlqqZOMDBORIpYQrTAeXogwxjSTpDNQRZ8oIAkTGeAuoSMGBjbS6Tb4K9CjERSBw2D1KZeE1H59vhvF6Y9SNgHDixIH2eisoNw0PrCrquBwRSdbU7hIc2IE86ldJtGg/m1847eM7jsyPv6VHFcMzLGlZgsn2ys3oOX247tyxJ3xw1T1KKy8V5aLzelWTvD6ldShmgv9r64gqkGVIZTz5BE9CVJyTWYvhC0VmboxAgMBAAGjggIcMIICGDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNB+35czkBEgCnNMzTi01fCQ6zbAMB8GA1UdIwQYMBaAFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHgGCCsGAQUFBwEBBGwwajAzBggrBgEFBQcwAYYnaHR0cDovL29jc3Auc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMDMGCCsGAQUFBzAChidodHRwOi8vY2VydC5zdGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wHgYDVR0RBBcwFYITYWNtZS5jZW50bWlubW9kLmNvbTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCeMeGiPku9yRRA1ouvIoo58uJqSRvp6x+nzMwjdcuTs0YxVeUcnmLt6kkV+/FA7OFOynS6IU8fBFfTSiXQGQ4I12xhB57bmmgXMfxTuQN6m2ZJQMi7dRwfR7gZEGT6IuIV5gjbEpHTPMeEQ5BJ2k4cEs76Dx/i/grhgPOR81M8wb3teINtECHUkM4gOii4K7DAcVZwFbESjTwE9P175uCEX6Aw10s3iGKm3U8OJfWBBkJONs5YOxryMjW+Dx5+KBJu7OuSExOauOF5uZWYI+NalAvLDZG2xMRRrHcLivdvYcicGjlL5aaeViOlb2e4r864pPR3vdkweQt1B9xQOXR/'
[Tue May 31 14:18:16 UTC 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 31 May 2016 14:18:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/pkix-cert
Content-Length: 1263
Link: <https://acme-staging.api.letsencrypt.org/acme/issuer-cert>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/cert/fa5760e4b1a3e6c3bf4be348119906ea3559
Replay-Nonce: GtaR3fkfw6T6pxX0Qo1J6qPG6nIbxkTIDOhfAF98D-I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 31 May 2016 14:18:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 31 May 2016 14:18:16 GMT
Connection: keep-alive
'
[Tue May 31 14:18:16 UTC 2016] response='MIIE6zCCA9OgAwIBAgITAPpXYOSxo+bDv0vjSBGZBuo1WTANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjA1MzExMzE4MDBaFw0xNjA4MjkxMzE4MDBaMB4xHDAaBgNVBAMTE2FjbWUuY2VudG1pbm1vZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHJk1e2N0DKmaaqAB54IMdzw/4azLdSp8c0vUQTWey/Vothk/Y9rOXtdYTnIwCP5HW1UUIHOEoB/FZqh1e5v0HqsZJ/FFqGr/kuQvE12Co7xLJONlqqZOMDBORIpYQrTAeXogwxjSTpDNQRZ8oIAkTGeAuoSMGBjbS6Tb4K9CjERSBw2D1KZeE1H59vhvF6Y9SNgHDixIH2eisoNw0PrCrquBwRSdbU7hIc2IE86ldJtGg/m1847eM7jsyPv6VHFcMzLGlZgsn2ys3oOX247tyxJ3xw1T1KKy8V5aLzelWTvD6ldShmgv9r64gqkGVIZTz5BE9CVJyTWYvhC0VmboxAgMBAAGjggIcMIICGDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNB+35czkBEgCnNMzTi01fCQ6zbAMB8GA1UdIwQYMBaAFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHgGCCsGAQUFBwEBBGwwajAzBggrBgEFBQcwAYYnaHR0cDovL29jc3Auc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMDMGCCsGAQUFBzAChidodHRwOi8vY2VydC5zdGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wHgYDVR0RBBcwFYITYWNtZS5jZW50bWlubW9kLmNvbTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCeMeGiPku9yRRA1ouvIoo58uJqSRvp6x+nzMwjdcuTs0YxVeUcnmLt6kkV+/FA7OFOynS6IU8fBFfTSiXQGQ4I12xhB57bmmgXMfxTuQN6m2ZJQMi7dRwfR7gZEGT6IuIV5gjbEpHTPMeEQ5BJ2k4cEs76Dx/i/grhgPOR81M8wb3teINtECHUkM4gOii4K7DAcVZwFbESjTwE9P175uCEX6Aw10s3iGKm3U8OJfWBBkJONs5YOxryMjW+Dx5+KBJu7OuSExOauOF5uZWYI+NalAvLDZG2xMRRrHcLivdvYcicGjlL5aaeViOlb2e4r864pPR3vdkweQt1B9xQOXR/'
[Tue May 31 14:18:16 UTC 2016] code='201'
[Tue May 31 14:18:16 UTC 2016] APP
[Tue May 31 14:18:16 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:10:Le_LinkCert="https://acme-staging.api.letsencrypt.org/acme/cert/fa5760e4b1a3e6c3bf4be348119906ea3559"
[Tue May 31 14:18:16 UTC 2016] GET
[Tue May 31 14:18:16 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/cert/fa5760e4b1a3e6c3bf4be348119906ea3559'
[Tue May 31 14:18:16 UTC 2016] curl exists=0
[Tue May 31 14:18:16 UTC 2016] Cert success.
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgITAPpXYOSxo+bDv0vjSBGZBuo1WTANBgkqhkiG9w0BAQsF
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjA1MzEx
MzE4MDBaFw0xNjA4MjkxMzE4MDBaMB4xHDAaBgNVBAMTE2FjbWUuY2VudG1pbm1v
ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHJk1e2N0DKmaa
qAB54IMdzw/4azLdSp8c0vUQTWey/Vothk/Y9rOXtdYTnIwCP5HW1UUIHOEoB/FZ
qh1e5v0HqsZJ/FFqGr/kuQvE12Co7xLJONlqqZOMDBORIpYQrTAeXogwxjSTpDNQ
RZ8oIAkTGeAuoSMGBjbS6Tb4K9CjERSBw2D1KZeE1H59vhvF6Y9SNgHDixIH2eis
oNw0PrCrquBwRSdbU7hIc2IE86ldJtGg/m1847eM7jsyPv6VHFcMzLGlZgsn2ys3
oOX247tyxJ3xw1T1KKy8V5aLzelWTvD6ldShmgv9r64gqkGVIZTz5BE9CVJyTWYv
hC0VmboxAgMBAAGjggIcMIICGDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNB+35cz
kBEgCnNMzTi01fCQ6zbAMB8GA1UdIwQYMBaAFMDMA0a5WCDMXHJw8+EuyyCm9Wg6
MHgGCCsGAQUFBwEBBGwwajAzBggrBgEFBQcwAYYnaHR0cDovL29jc3Auc3RnLWlu
dC14MS5sZXRzZW5jcnlwdC5vcmcvMDMGCCsGAQUFBzAChidodHRwOi8vY2VydC5z
dGctaW50LXgxLmxldHNlbmNye2dxLm9yZy8wHgYDVR0RBBcwFYITYWNtZS5jZW50
bWlubW9kLmNvbTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMB
AQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGr
BggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVs
aWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFu
Y2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8v
bGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCe
MeGiPku9yRRA1ouvIoo58uJqSRvp6x+nzMwjdcuTs0YxVeUcnmLt6kkV+/FA7OFO
ynS6IU8fBFfTSiXQGQ4I12xhB57bmmgXMfxTuQN6m2ZJQMi7dRwfR7gZEGT6IuIV
5gjbEpHTPMeEQ5BJ2k4cEs76Dx/i/grhgPOR81M8wb3teINtECHUkM4gOii4K7DA
cVZwFbESjTwE9P175uCEX6Aw10s3iGKm3U8OJfWBBkJONs5YOxryMjW+Dx5+KBJu
7OuSExOauOF5uZWYI+NalAvLDZG2xMRRrHcLivdvYcicGjlL5aaeViOlb2e4r864
pPR3vdkweQt1B9xQOXR/
-----END CERTIFICATE-----
[Tue May 31 14:18:16 UTC 2016] Your cert is in /root/.acme.sh/acme.domain.com/acme.domain.com.cer
[Tue May 31 14:18:16 UTC 2016] /root/.acme.sh/account.conf:18:USER_PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin"
[Tue May 31 14:18:16 UTC 2016] options='s/^Le_Vlist.*$//'
[Tue May 31 14:18:17 UTC 2016] Using sed  -i
[Tue May 31 14:18:17 UTC 2016] APP
[Tue May 31 14:18:17 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:11:Le_LinkIssuer="https://acme-staging.api.letsencrypt.org/acme/issuer-cert"
[Tue May 31 14:18:17 UTC 2016] GET
[Tue May 31 14:18:17 UTC 2016] url='https://acme-staging.api.letsencrypt.org/acme/issuer-cert'
[Tue May 31 14:18:17 UTC 2016] curl exists=0
[Tue May 31 14:18:17 UTC 2016] The intermediate CA cert is in /root/.acme.sh/acme.domain.com/ca.cer
[Tue May 31 14:18:17 UTC 2016] And the full chain certs is there: /root/.acme.sh/acme.domain.com/fullchain.cer
[Tue May 31 14:18:17 UTC 2016] APP
[Tue May 31 14:18:17 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:12:Le_CertCreateTime="1464704297"
[Tue May 31 14:18:17 UTC 2016] APP
[Tue May 31 14:18:17 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:13:Le_CertCreateTimeStr="Tue May 31 14:18:17 UTC 2016"
[Tue May 31 14:18:17 UTC 2016] APP
[Tue May 31 14:18:17 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:14:Le_RenewalDays="80"
[Tue May 31 14:18:17 UTC 2016] APP
[Tue May 31 14:18:17 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:15:Le_NextRenewTime="1471616297"
[Tue May 31 14:18:17 UTC 2016] APP
[Tue May 31 14:18:17 UTC 2016] /root/.acme.sh/acme.domain.com/acme.domain.com.conf:16:Le_NextRenewTimeStr="Fri Aug 19 14:18:17 UTC 2016"
[Tue May 31 14:18:18 UTC 2016] OK
[Tue May 31 14:18:18 UTC 2016] /root/.acme.sh/account.conf:16:USER_AGENT="centminmod-centos7-acmesh-webroot"
  ssl_certificate      /usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.key;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.cer;  

install cert
/root/.acme.sh/acme.sh --installcert -d acme.domain.com --certpath /usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.cer --keypath /usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.key --capath /usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-fullchain-acme.key
[Tue May 31 14:18:18 UTC 2016] Installing cert to:/usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.cer
[Tue May 31 14:18:18 UTC 2016] Installing CA to:/usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.cer
[Tue May 31 14:18:18 UTC 2016] Installing key to:/usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.key
[Tue May 31 14:18:18 UTC 2016] Installing full chain to:/usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-fullchain-acme.key
[Tue May 31 14:18:18 UTC 2016] Run Le_ReloadCmd: /usr/bin/ngxreload
Reloading nginx configuration (via systemctl):  [  OK  ]
[Tue May 31 14:18:18 UTC 2016] Reload success.

letsencrypt ssl certificate setup completed
ssl certs located at: /usr/local/nginx/conf/ssl/acme.domain.com

openssl x509 -noout -text < /usr/local/nginx/conf/ssl/acme.domain.com/acme.domain.com-acme.cer
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            fa:57:60:e4:b1:a3:e6:c3:bf:4b:e3:48:11:99:06:ea:35:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Fake LE Intermediate X1
        Validity
            Not Before: May 31 13:18:00 2016 GMT
            Not After : Aug 29 13:18:00 2016 GMT
        Subject: CN=acme.domain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c7:26:4d:5e:d8:dd:03:2a:66:9a:a8:00:79:e0:
                    83:1d:cf:0f:f8:6b:32:dd:4a:9f:1c:d2:f5:10:4d:
                    67:b2:fd:5a:2d:86:4f:d8:f6:b3:97:b5:d6:13:9c:
                    8c:02:3f:91:d6:d5:45:08:1c:e1:28:07:f1:59:aa:
                    1d:5e:e6:fd:07:aa:c6:49:fc:51:6a:1a:bf:e4:b9:
                    0b:c4:d7:60:a8:ef:12:c9:38:d9:6a:a9:93:8c:0c:
                    13:91:22:96:10:ad:30:1e:5e:88:30:c6:34:93:a4:
                    33:50:45:9f:28:20:09:13:19:e0:2e:a1:23:06:06:
                    36:d2:e9:36:f8:2b:d0:a3:11:14:81:c3:60:f5:29:
                    97:84:d4:7e:7d:be:1b:c5:e9:8f:52:36:01:c3:8b:
                    12:07:d9:e8:ac:a0:dc:34:3e:b0:ab:aa:e0:70:45:
                    27:5b:53:b8:48:73:62:04:f3:a9:5d:26:d1:a0:fe:
                    6d:7c:e3:b7:8c:ee:3b:32:3e:fe:95:1c:57:0c:cc:
                    b1:a5:66:0b:27:db:2b:37:a0:e5:f6:e3:bb:72:c4:
                    9d:f1:c3:54:f5:28:ac:bc:57:96:8b:cd:e9:56:4e:
                    f0:fa:95:d4:a1:9a:0b:fd:af:ae:20:aa:41:95:21:
                    94:f3:e4:11:3d:09:52:72:4d:66:2f:84:2d:15:99:
                    ba:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                D0:7E:DF:97:33:90:11:20:0A:73:4C:CD:38:B4:D5:F0:90:EB:36:C0
            X509v3 Authority Key Identifier: 
                keyid:C0:CC:03:46:B9:58:20:CC:5C:72:70:F3:E1:2E:CB:20:A6:F5:68:3A

            Authority Information Access: 
                OCSP - URI:http://ocsp.stg-int-x1.letsencrypt.org/
                CA Issuers - URI:http://cert.stg-int-x1.letsencrypt.org/

            X509v3 Subject Alternative Name: 
                DNS:acme.domain.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org
                  User Notice:
                    Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/

    Signature Algorithm: sha256WithRSAEncryption
         9e:31:e1:a2:3e:4b:bd:c9:14:40:d6:8b:af:22:8a:39:f2:e2:
         6a:49:1b:e9:eb:1f:a7:cc:cc:23:75:cb:93:b3:46:31:55:e5:
         1c:9e:62:ed:ea:49:15:fb:f1:40:ec:e1:4e:ca:74:ba:21:4f:
         1f:04:57:d3:4a:25:d0:19:0e:08:d7:6c:61:07:9e:db:9a:68:
         17:31:fc:53:b9:03:7a:9b:66:49:40:c8:bb:75:1c:1f:47:b8:
         19:10:64:fa:22:e2:15:e6:08:db:12:91:d3:3c:c7:84:43:90:
         49:da:4e:1c:12:ce:fa:0f:1f:e2:fe:0a:e1:80:f3:91:f3:53:
         3c:c1:bd:ed:78:83:6d:10:21:d4:90:ce:20:3a:28:b8:2b:b0:
         c0:71:56:70:15:b1:12:8d:3c:04:f4:fd:7b:e6:e0:84:5f:a0:
         30:d7:4b:37:88:62:a6:dd:4f:0e:25:f5:81:06:42:4e:36:ce:
         58:3b:1a:f2:32:35:be:0f:1e:7e:28:12:6e:ec:eb:92:13:13:
         9a:b8:e1:79:b9:95:98:23:e3:5a:94:0b:cb:0d:91:b6:c4:c4:
         51:ac:77:0b:8a:f7:6f:61:c8:9c:1a:39:4b:e5:a6:9e:56:23:
         a5:6f:67:b8:af:ce:b8:a4:f4:77:bd:d9:30:79:0b:75:07:dc:
         50:39:74:7f
centminmod picture centminmod on 31 May 2016

I read your post, but I'm afraid it's not a good idea to do such stuffs.

That's too far away, which may hide the real the network problems that should be taken care of by the user or letsencrypt official team.
.

Neilpang picture Neilpang on 31 May 2016

glad to see it works for you now.

Neilpang picture Neilpang on 31 May 2016

you are genius

Neilpang picture Neilpang on 31 May 2016

yeah probably best to let letsencrypt deal with their staging server issues :)

thanks to acme.sh doing all the heavy lifting, my acmetool.sh was much easier to implement as a wrapper :)

centminmod picture centminmod on 31 May 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

vitaly80 picture vitaly80  ·  4Comments
MarcusWolschon picture MarcusWolschon  ·  3Comments
extensionsapp picture extensionsapp  ·  4Comments
xiagw picture xiagw  ·  3Comments
p3x-robot picture p3x-robot  ·  5Comments