# acme.sh --issue -d nas.fernandomiguel.net --dns dns_cf --dnssleep 10 --certpath /usr/syno/etc/certificate/system/default/cert.pem --keypath /usr/syno/etc/certificate/system/default/privkey.pem --fullchainpath /usr/syno/etc/certificate/system/default/fullchain.pem -k ec-256 --debug 2
[Fri Nov 4 11:01:03 GMT 2016] Lets find script dir.
[Fri Nov 4 11:01:03 GMT 2016] _SCRIPT_='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov 4 11:01:03 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov 4 11:01:03 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
/volume1/@appstore/.acme.sh/acme.sh: line 1225: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 11:01:03 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
/volume1/@appstore/.acme.sh/acme.sh: line 1225: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 11:01:03 GMT 2016]
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri Nov 4 11:01:03 GMT 2016] Using api:
[Fri Nov 4 11:01:03 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas.fernandomiguel.net_ecc'
[Fri Nov 4 11:01:03 GMT 2016] 1:Le_Domain='nas.fernandomiguel.net'
[Fri Nov 4 11:01:03 GMT 2016] 2:Le_Alt='no'
[Fri Nov 4 11:01:03 GMT 2016] 3:Le_Webroot='dns_cf'
[Fri Nov 4 11:01:03 GMT 2016] 4:Le_PreHook=''
[Fri Nov 4 11:01:03 GMT 2016] 5:Le_PostHook=''
[Fri Nov 4 11:01:03 GMT 2016] 6:Le_RenewHook=''
[Fri Nov 4 11:01:03 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Fri Nov 4 11:01:03 GMT 2016] Using sed -i
[Fri Nov 4 11:01:04 GMT 2016] 7:Le_API='https://acme-v01.api.letsencrypt.org'
[Fri Nov 4 11:01:04 GMT 2016] _on_before_issue
[Fri Nov 4 11:01:04 GMT 2016] 'dns_cf' does not contain 'no'
[Fri Nov 4 11:01:04 GMT 2016] Le_LocalAddress
[Fri Nov 4 11:01:04 GMT 2016] Check for domain='nas.fernandomiguel.net'
[Fri Nov 4 11:01:04 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 11:01:04 GMT 2016] 'dns_cf' does not contain 'apache'
[Fri Nov 4 11:01:04 GMT 2016] config file is empty, can not read CA_KEY_HASH
[Fri Nov 4 11:01:04 GMT 2016] _saved_account_key_hash
[Fri Nov 4 11:01:04 GMT 2016] EC key
[Fri Nov 4 11:01:06 GMT 2016] AGREEMENT
[Fri Nov 4 11:01:06 GMT 2016] Registering account
[Fri Nov 4 11:01:06 GMT 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 11:01:06 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: XXXX"], "agreement": ""}'
[Fri Nov 4 11:01:06 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Fri Nov 4 11:01:06 GMT 2016] Get nonce.
[Fri Nov 4 11:01:06 GMT 2016] GET
[Fri Nov 4 11:01:06 GMT 2016] url='https://acme-v01.api.letsencrypt.org/directory'
[Fri Nov 4 11:01:06 GMT 2016] timeout
[Fri Nov 4 11:01:06 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.XXX '
[Fri Nov 4 11:01:06 GMT 2016] ret='0'
[Fri Nov 4 11:01:07 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 280
Boulder-Request-Id: XXX
Replay-Nonce: XXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 11:01:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 11:01:06 GMT
Connection: keep-alive
'
[Fri Nov 4 11:01:07 GMT 2016] _CACHED_NONCE='XXX'
[Fri Nov 4 11:01:07 GMT 2016] nonce='XXX'
Error Signing Data
13172:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
Error: offset too large
printf: usage: printf [-v var] format [arguments]
[Fri Nov 4 11:01:07 GMT 2016] POST
[Fri Nov 4 11:01:07 GMT 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 11:01:07 GMT 2016] body='{"header": {"alg": "ES256", "jwk": {"crv": "", "kty": "EC", "x": "0XXX", "y": "SBIUEfbgqVAOQ3e1aNoFOLE1do9fiTjgj7WivSy0_x8"}}, "protected": "eyXXXX", "payload": "eyJXXX", "signature": ""}'
[Fri Nov 4 11:01:07 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.XXX '
[Fri Nov 4 11:01:07 GMT 2016] _ret='0'
[Fri Nov 4 11:01:07 GMT 2016] original='{
"type": "urn:acme:error:malformed",
"detail": "Parse error reading JWS",
"status": 400
}'
[Fri Nov 4 11:01:07 GMT 2016] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 96
Boulder-Request-Id: XXX
Replay-Nonce: XXX
Expires: Fri, 04 Nov 2016 11:01:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 11:01:07 GMT
Connection: close
'
[Fri Nov 4 11:01:07 GMT 2016] response='{"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}'
[Fri Nov 4 11:01:07 GMT 2016] code='400'
[Fri Nov 4 11:01:07 GMT 2016] Register account Error: {"type":"urn:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
[Fri Nov 4 11:01:07 GMT 2016] _on_issue_err
[Fri Nov 4 11:01:07 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Fri Nov 4 11:01:07 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
FernandoMiguel
All 62 comments
@FernandoMiguel
Did you try rsa key ?
Neilpang
on 4 Nov 2016
i tried afterwards with RSA too.
it worked a couple of times, but also failed many more.
FernandoMiguel
on 4 Nov 2016
./acme.sh --issue -d nas2.fernandomiguel.net --dns dns_cf --test -k 2048 --debug 2 --dnssleep 10
did work with success
FernandoMiguel
on 4 Nov 2016
acme.sh --issue -d nas3.fernandomiguel.net --dns dns_cf --test -k ec-256 --debug 2 --dnssleep 10
[Fri 4 Nov 2016 13:51:36 GMT] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
[Fri 4 Nov 2016 13:51:36 GMT] _on_issue_err
[Fri 4 Nov 2016 13:51:36 GMT] Please use add '--debug' or '--log' to check more details.
[Fri 4 Nov 2016 13:51:36 GMT] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
i really dont know what's causing different behaviours all the time
FernandoMiguel
on 4 Nov 2016
run:
openssl ecparam -name prime256v1 -genkey
openssl version
From my laptop:
$ openssl ecparam -name prime256v1 -genkey
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIA1JLUpnr1RGkESceCKfuLeRKjt3VAOwIAOD7siy3SBvoAoGCCqGSM49
AwEHoUQDQgAEio6Za289TcSSfa6mtGznqKACWsvfkJsOwEGLgxcMuWMe90plXrOA
XX==
-----END EC PRIVATE KEY-----
$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016
FernandoMiguel
on 4 Nov 2016
@FernandoMiguel
wait a moment.
Neilpang
on 4 Nov 2016
from my Synology NAS, where I first detected the issue
openssl ecparam -name prime256v1 -genkey
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIK1PtOxmBv3gMfgY98vOXx+Afj1LRupx8FTD+u8XWRzvoAoGCCqGSM49
AwEHoUQDQgAEEWoIarmcteq5NAUOX1f0RZvAQlgwVOT5orKlV2sdpwCh0U8TWEYb
XXX==
-----END EC PRIVATE KEY-----
openssl version
OpenSSL 0.9.8v 19 Apr 2012
FernandoMiguel
on 4 Nov 2016
this might be related
http://stackoverflow.com/questions/15185661/update-openssl-on-os-x-with-homebrew
FernandoMiguel
on 4 Nov 2016
I just added more debug info in dev branch, please upgrade and try again.
export BRANCH=dev
acme.sh --upgrade
acme.sh --issue .... -k ec-256 --debug 2
well, i replaced my system openssl bin by brew one (no idea why it isnt linking the right one) and now it works.
so seems acme.sh is broken or not suporting <1.0 openssl :/
FernandoMiguel
on 4 Nov 2016
Yes, I guess so. some old version openssl doesn't support ecc key well.
Neilpang
on 4 Nov 2016
confirmed. maybe add a check on the version and show a better error message if openssl is too old for ecc?
FernandoMiguel
on 4 Nov 2016
Yes, I'm adding more error check and error report code there.
Neilpang
on 4 Nov 2016
here's dev with old openssl
acme.sh --issue -d nas6.fernandomiguel.net --dns dns_cf --test -k ec-256 --debug 2 --dnssleep 10
[Fri 4 Nov 2016 14:18:14 GMT] Lets find script dir.
[Fri 4 Nov 2016 14:18:14 GMT] _SCRIPT_='./acme.sh'
[Fri 4 Nov 2016 14:18:14 GMT] _script='/Users/fernando/temp/acme.sh/acme.sh'
[Fri 4 Nov 2016 14:18:14 GMT] _script_home='/Users/fernando/temp/acme.sh'
[Fri 4 Nov 2016 14:18:14 GMT] It seems that acme.sh is already installed in /Users/fernando/.acme.sh
[Fri 4 Nov 2016 14:18:14 GMT] 15:AUTO_UPGRADE='1'
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri 4 Nov 2016 14:18:14 GMT] Using api:
[Fri 4 Nov 2016 14:18:15 GMT] Using stage api:https://acme-staging.api.letsencrypt.org
[Fri 4 Nov 2016 14:18:15 GMT] DOMAIN_PATH='/Users/fernando/.acme.sh/nas6.fernandomiguel.net_ecc'
[Fri 4 Nov 2016 14:18:15 GMT] Le_NextRenewTime
[Fri 4 Nov 2016 14:18:15 GMT] 1:Le_Domain='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] 2:Le_Alt='no'
[Fri 4 Nov 2016 14:18:15 GMT] 3:Le_Webroot='dns_cf'
[Fri 4 Nov 2016 14:18:15 GMT] 4:Le_PreHook=''
[Fri 4 Nov 2016 14:18:15 GMT] 5:Le_PostHook=''
[Fri 4 Nov 2016 14:18:15 GMT] 6:Le_RenewHook=''
[Fri 4 Nov 2016 14:18:15 GMT] options='s/^Le_LocalAddress.*$//'
[Fri 4 Nov 2016 14:18:15 GMT] No -i support in sed
[Fri 4 Nov 2016 14:18:15 GMT] 7:Le_API='https://acme-staging.api.letsencrypt.org'
[Fri 4 Nov 2016 14:18:15 GMT] _on_before_issue
[Fri 4 Nov 2016 14:18:15 GMT] 'dns_cf' does not contain 'no'
[Fri 4 Nov 2016 14:18:15 GMT] Le_LocalAddress
[Fri 4 Nov 2016 14:18:15 GMT] Check for domain='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] _currentRoot='dns_cf'
[Fri 4 Nov 2016 14:18:15 GMT] 'dns_cf' does not contain 'apache'
[Fri 4 Nov 2016 14:18:15 GMT] _saved_account_key_hash=''
[Fri 4 Nov 2016 14:18:15 GMT] Read key length:ec-256
[Fri 4 Nov 2016 14:18:15 GMT] _createcsr
[Fri 4 Nov 2016 14:18:15 GMT] domain='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] domainlist
[Fri 4 Nov 2016 14:18:15 GMT] csrkey='/Users/fernando/.acme.sh/nas6.fernandomiguel.net_ecc/nas6.fernandomiguel.net.key'
[Fri 4 Nov 2016 14:18:15 GMT] csr='/Users/fernando/.acme.sh/nas6.fernandomiguel.net_ecc/nas6.fernandomiguel.net.csr'
[Fri 4 Nov 2016 14:18:15 GMT] csrconf='/Users/fernando/.acme.sh/nas6.fernandomiguel.net_ecc/nas6.fernandomiguel.net.csr.conf'
[Fri 4 Nov 2016 14:18:15 GMT] Single domain='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] _is_idn_d='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] _idn_temp
[Fri 4 Nov 2016 14:18:15 GMT] _csr_cn='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] 8:Le_Keylength='ec-256'
[Fri 4 Nov 2016 14:18:15 GMT] Getting domain auth token for each domain
[Fri 4 Nov 2016 14:18:15 GMT] Getting webroot for domain='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] _w='dns_cf'
[Fri 4 Nov 2016 14:18:15 GMT] _currentRoot='dns_cf'
[Fri 4 Nov 2016 14:18:15 GMT] Getting new-authz for domain='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] Try new-authz for the 0 time.
[Fri 4 Nov 2016 14:18:15 GMT] _is_idn_d='nas6.fernandomiguel.net'
[Fri 4 Nov 2016 14:18:15 GMT] _idn_temp
[Fri 4 Nov 2016 14:18:15 GMT] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Fri 4 Nov 2016 14:18:15 GMT] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "nas6.fernandomiguel.net"}}'
[Fri 4 Nov 2016 14:18:15 GMT] RSA key
[Fri 4 Nov 2016 14:18:17 GMT] Get nonce.
[Fri 4 Nov 2016 14:18:17 GMT] GET
[Fri 4 Nov 2016 14:18:17 GMT] url='https://acme-staging.api.letsencrypt.org/directory'
[Fri 4 Nov 2016 14:18:17 GMT] timeout
[Fri 4 Nov 2016 14:18:17 GMT] _CURL='curl -L --silent --dump-header /Users/fernando/.acme.sh/http.header --trace-ascii /var/folders/b4/y'
[Fri 4 Nov 2016 14:18:17 GMT] ret='0'
[Fri 4 Nov 2016 14:18:17 GMT] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Boulder-Request-Id: XX
Replay-Nonce: XXX-x3q1QKm_tVVXic
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 14:18:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 14:18:17 GMT
Connection: keep-alive
'
[Fri 4 Nov 2016 14:18:17 GMT] _CACHED_NONCE='-x3q1QKm_tVVXic'
[Fri 4 Nov 2016 14:18:17 GMT] nonce='-XXX'
[Fri 4 Nov 2016 14:18:17 GMT] POST
[Fri 4 Nov 2016 14:18:17 GMT] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Fri 4 Nov 2016 14:18:17 GMT] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "XXXw"}}, "protected": "XXX", "payload": "XXX", "signature": "XXX"}'
[Fri 4 Nov 2016 14:18:17 GMT] _CURL='curl -L --silent --dump-header /Users/fernando/.acme.sh/http.header --trace-ascii /var/folders/b4/l '
[Fri 4 Nov 2016 14:18:18 GMT] _ret='0'
[Fri 4 Nov 2016 14:18:18 GMT] original='{
"identifier": {
"type": "dns",
"value": "nas6.fernandomiguel.net"
},
"status": "valid",
"expires": "2017-01-03T14:22:05Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge//16497167",
"token": "crJX68JiSQO-"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge//16497168",
"token": "TrTvbSg5yk-bZl4KRAzEGLSoZhN036f_7Eo4hMnhY78"
},
{
"type": "dns-01",
"status": "valid",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge//16497169",
"token": "",
"keyAuthorization": "",
"validationRecord": [
{
"hostname": "nas6.fernandomiguel.net",
"port": "",
"addressesResolved": null,
"addressUsed": ""
}
]
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}'
[Fri 4 Nov 2016 14:18:18 GMT] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 04 Nov 2016 14:18:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1313
Boulder-Request-Id: XXX
Boulder-Requester: 470416
Link: https://acme-staging.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/
Replay-Nonce: XXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 14:18:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 14:18:18 GMT
Connection: keep-alive
'
[Fri 4 Nov 2016 14:18:18 GMT] response='{"identifier":{"type":"dns","value":"nas6.fernandomiguel.net"},"status":"valid","expires":"2017-01-03T14:22:05Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge//16497167","token":"crJX68JiSQO-"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge//16497168","token":"TrTvbSg5yk-XXXX"},{"type":"dns-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge//16497169","token":"","keyAuthorization":".XXX","validationRecord":[{"hostname":"nas6.fernandomiguel.net","port":"","addressesResolved": null,"addressUsed":""}]}],"combinations":[[0],[2],[1]]}'
[Fri 4 Nov 2016 14:18:18 GMT] code='201'
[Fri 4 Nov 2016 14:18:18 GMT] The new-authz request is ok.
[Fri 4 Nov 2016 14:18:18 GMT] entry='"type":"dns-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge//16497169","token":"","keyAuthorization":".","validationRecord":[{"hostname":"nas6.fernandomiguel.net","port":"","addressesResolved": null,"addressUsed":""'
[Fri 4 Nov 2016 14:18:18 GMT] token=''
[Fri 4 Nov 2016 14:18:18 GMT] uri='https://acme-staging.api.letsencrypt.org/acme/challenge//16497169'
[Fri 4 Nov 2016 14:18:18 GMT] keyauthorization='.'
[Fri 4 Nov 2016 14:18:19 GMT] nas6.fernandomiguel.net is already verified, skip.
[Fri 4 Nov 2016 14:18:19 GMT] keyauthorization='verified_ok'
[Fri 4 Nov 2016 14:18:19 GMT] dvlist='nas6.fernandomiguel.net#verified_ok#https://acme-staging.api.letsencrypt.org/acme/challenge//16497169#dns-01#dns_cf'
[Fri 4 Nov 2016 14:18:19 GMT] nas6.fernandomiguel.net is already verified, skip dns-01.
[Fri 4 Nov 2016 14:18:19 GMT] ok, let's start to verify
[Fri 4 Nov 2016 14:18:19 GMT] nas6.fernandomiguel.net is already verified, skip dns-01.
[Fri 4 Nov 2016 14:18:19 GMT] pid
[Fri 4 Nov 2016 14:18:19 GMT] _clearupdns
[Fri 4 Nov 2016 14:18:19 GMT] Dns not added, skip.
[Fri 4 Nov 2016 14:18:19 GMT] Verify finished, start to sign.
[Fri 4 Nov 2016 14:18:19 GMT] i='2'
[Fri 4 Nov 2016 14:18:19 GMT] j='7'
[Fri 4 Nov 2016 14:18:19 GMT] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Fri 4 Nov 2016 14:18:19 GMT] payload='{"resource": "new-cert", "csr": "XXX"}'
[Fri 4 Nov 2016 14:18:19 GMT] Use cached jwk for file: /Users/fernando/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri 4 Nov 2016 14:18:19 GMT] Use _CACHED_NONCE='XX'
[Fri 4 Nov 2016 14:18:19 GMT] nonce=''
[Fri 4 Nov 2016 14:18:19 GMT] POST
[Fri 4 Nov 2016 14:18:19 GMT] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Fri 4 Nov 2016 14:18:19 GMT] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "XXX"}}, "protected": "", "payload": "XXX", "signature": "XXX"}'
[Fri 4 Nov 2016 14:18:19 GMT] _CURL='curl -L --silent --dump-header /Users/fernando/.acme.sh/http.header --trace-ascii /var/folders/b4/
[Fri 4 Nov 2016 14:18:20 GMT] _ret='0'
[Fri 4 Nov 2016 14:18:20 GMT] original='XXX=='
[Fri 4 Nov 2016 14:18:20 GMT] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 04 Nov 2016 14:18:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 133
Boulder-Request-Id: XX
Boulder-Requester: 470416
Replay-Nonce: XXX
Expires: Fri, 04 Nov 2016 14:18:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 14:18:20 GMT
Connection: close
'
[Fri 4 Nov 2016 14:18:20 GMT] response='XXX=='
[Fri 4 Nov 2016 14:18:20 GMT] code='400'
[Fri 4 Nov 2016 14:18:20 GMT] 10:Le_LinkCert=''
[Fri 4 Nov 2016 14:18:20 GMT] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
[Fri 4 Nov 2016 14:18:20 GMT] _on_issue_err
[Fri 4 Nov 2016 14:18:20 GMT] Please use add '--debug' or '--log' to check more details.
[Fri 4 Nov 2016 14:18:20 GMT] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
FernandoMiguel
on 4 Nov 2016
offtopic is it possible to obtain a debug log without any of the keys? i'm always wary of leaking private keys into a public git issue
FernandoMiguel
on 4 Nov 2016
@FernandoMiguel
Your private is never displayed.
Neilpang
on 4 Nov 2016
even the hashes that were supposed to be added to DNS ? arent those somewhat sensitive ?
FernandoMiguel
on 4 Nov 2016
@FernandoMiguel
The hashes are also not sensitive.
I will add an option to hide the ip address and real domain.
Neilpang
on 4 Nov 2016
@FernandoMiguel
Please wait a moment. There seems a bug of the ecc key, I'm fixing .
Neilpang
on 4 Nov 2016
@FernandoMiguel
Please try again.
It's fixed now.
Thanks.
Neilpang
on 4 Nov 2016
dev or master?
FernandoMiguel
on 4 Nov 2016
master
Neilpang
on 4 Nov 2016
works on my mac.... not so well on my NAS
acme.sh --issue -d nas.fernandomiguel.net --dns dns_cf --certpath /usr/syno/etc/certificate/system/default/cert.pem --keypath /usr/syno/etc/certificate/system/default/privkey.pem --fullchainpath /usr/syno/etc/certificate/system/default/fullchain.pem -k ec-256 --debug 2
[Fri Nov 4 15:10:17 GMT 2016] Lets find script dir.
[Fri Nov 4 15:10:17 GMT 2016] _SCRIPT_='./acme.sh'
[Fri Nov 4 15:10:17 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov 4 15:10:17 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1277: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 15:10:17 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1277: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 15:10:17 GMT 2016]
[Fri Nov 4 15:10:17 GMT 2016] LE_WORKING_DIR='/volume1/@appstore/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri Nov 4 15:10:17 GMT 2016] Using api:
[Fri Nov 4 15:10:17 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas.fernandomiguel.net_ecc'
[Fri Nov 4 15:10:17 GMT 2016] Le_NextRenewTime
[Fri Nov 4 15:10:17 GMT 2016] 1:Le_Domain='nas.fernandomiguel.net'
[Fri Nov 4 15:10:17 GMT 2016] 2:Le_Alt='no'
[Fri Nov 4 15:10:17 GMT 2016] 3:Le_Webroot='dns_cf'
[Fri Nov 4 15:10:17 GMT 2016] 4:Le_PreHook=''
[Fri Nov 4 15:10:17 GMT 2016] 5:Le_PostHook=''
[Fri Nov 4 15:10:17 GMT 2016] 6:Le_RenewHook=''
[Fri Nov 4 15:10:17 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Fri Nov 4 15:10:17 GMT 2016] Using sed -i
[Fri Nov 4 15:10:18 GMT 2016] 7:Le_API='https://acme-v01.api.letsencrypt.org'
[Fri Nov 4 15:10:18 GMT 2016] _on_before_issue
[Fri Nov 4 15:10:18 GMT 2016] 'dns_cf' does not contain 'no'
[Fri Nov 4 15:10:18 GMT 2016] Le_LocalAddress
[Fri Nov 4 15:10:18 GMT 2016] Check for domain='nas.fernandomiguel.net'
[Fri Nov 4 15:10:18 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 15:10:18 GMT 2016] 'dns_cf' does not contain 'apache'
[Fri Nov 4 15:10:18 GMT 2016] config file is empty, can not read CA_KEY_HASH
[Fri Nov 4 15:10:18 GMT 2016] _saved_account_key_hash
[Fri Nov 4 15:10:18 GMT 2016] EC key
[Fri Nov 4 15:10:18 GMT 2016] Let's try ASN1 OID
[Fri Nov 4 15:10:19 GMT 2016] AGREEMENT
[Fri Nov 4 15:10:19 GMT 2016] Registering account
[Fri Nov 4 15:10:19 GMT 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 15:10:19 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: [email protected]"], "agreement": ""}'
[Fri Nov 4 15:10:19 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Fri Nov 4 15:10:19 GMT 2016] Get nonce.
[Fri Nov 4 15:10:19 GMT 2016] GET
[Fri Nov 4 15:10:19 GMT 2016] url='https://acme-v01.api.letsencrypt.org/directory'
[Fri Nov 4 15:10:19 GMT 2016] timeout
[Fri Nov 4 15:10:19 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.Dh4IZivPVU '
[Fri Nov 4 15:10:19 GMT 2016] ret='0'
[Fri Nov 4 15:10:19 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 280
Boulder-Request-Id: y-wfOXHQYn5BGZnXjWQ4QTJaKzeYj5DRXCT9WHqNup0
Replay-Nonce: TCL0eUMjUhv9gtiMDrpOBqx3MQeVbo50InEUlHI9GNY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 15:10:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 15:10:19 GMT
Connection: keep-alive
'
[Fri Nov 4 15:10:19 GMT 2016] _CACHED_NONCE='TCL0eUMjUhv9gtiMDrpOBqx3MQeVbo50InEUlHI9GNY'
[Fri Nov 4 15:10:19 GMT 2016] nonce='TCL0eUMjUhv9gtiMDrpOBqx3MQeVbo50InEUlHI9GNY'
Error Signing Data
30489:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
Error: offset too large
printf: usage: printf [-v var] format [arguments]
[Fri Nov 4 15:10:20 GMT 2016] POST
[Fri Nov 4 15:10:20 GMT 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 15:10:20 GMT 2016] body='{"header": {"alg": "ES256", "jwk": {"crv": "P-256", "kty": "EC", "x": "0TUMYEvsBYPG4gJK_N2L8JeAvgB9v_w2HSM4Sn-rdJE", "y": "SBIUEfbgqVAOQ3e1aNoFOLE1do9fiTjgj7WivSy0_x8"}}, "protected": "eyJub25jZSI6ICJUQ0wwZVVNalVodjlndGlNRHJwT0JxeDNNUWVWYm81MEluRVVsSEk5R05ZIiwgImFsZyI6ICJFUzI1NiIsICJqd2siOiB7ImNydiI6ICJQLTI1NiIsICJrdHkiOiAiRUMiLCAieCI6ICIwVFVNWUV2c0JZUEc0Z0pLX04yTDhKZUF2Z0I5dl93MkhTTTRTbi1yZEpFIiwgInkiOiAiU0JJVUVmYmdxVkFPUTNlMWFOb0ZPTEUxZG85ZmlUamdqN1dpdlN5MF94OCJ9fQ", "payload": "eyJyZXNvdXJjZSI6ICJuZXctcmVnIiwgImNvbnRhY3QiOiBbIm1haWx0bzogTkFTU1NMQEZlcm5hbmRvTWlndWVsLm5ldCJdLCAiYWdyZWVtZW50IjogIiJ9", "signature": ""}'
[Fri Nov 4 15:10:20 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.mW5v14UYC8 '
[Fri Nov 4 15:10:21 GMT 2016] _ret='0'
[Fri Nov 4 15:10:21 GMT 2016] original='{
"type": "urn:acme:error:malformed",
"detail": "JWS verification error",
"status": 400
}'
[Fri Nov 4 15:10:21 GMT 2016] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 95
Boulder-Request-Id: PI6h_8zH5w8EC7V4RJhVS-RPQMeKqUmQgJm70G8ROGc
Replay-Nonce: fIDu9Bs66n3PGbLbcYEx4M1CDbE5KSxNJouExiDokLs
Expires: Fri, 04 Nov 2016 15:10:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 15:10:20 GMT
Connection: close
'
[Fri Nov 4 15:10:21 GMT 2016] response='{"type":"urn:acme:error:malformed","detail":"JWS verification error","status": 400}'
[Fri Nov 4 15:10:21 GMT 2016] code='400'
[Fri Nov 4 15:10:21 GMT 2016] Register account Error: {"type":"urn:acme:error:malformed","detail":"JWS verification error","status": 400}
[Fri Nov 4 15:10:21 GMT 2016] _on_issue_err
[Fri Nov 4 15:10:21 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Fri Nov 4 15:10:21 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Nov 4 15:10:21 GMT 2016] nc doesn't exists.
[Fri Nov 4 15:10:21 GMT 2016] Diagnosis versions:
openssl:
OpenSSL 0.9.8v 19 Apr 2012
apache:
apache doesn't exists.
nc:
FernandoMiguel
on 4 Nov 2016
if i install netcat
nc:
[v1.10]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
-e filename program to exec after connect [dangerous!!]
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-k set keepalive option on socket
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of secs
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-x tos set Type Of Service
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp-data').
FernandoMiguel
on 4 Nov 2016
@FernandoMiguel
Can you please locate where those errors happen ?
[Fri Nov 4 15:10:17 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1277: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 15:10:17 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1277: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 15:10:17 GMT 2016]
.profile has
. "/volume1/@appstore/.acme.sh/acme.sh.env"
that file has
export LE_WORKING_DIR="/volume1/@appstore/.acme.sh"
alias acme.sh="/volume1/@appstore/.acme.sh/acme.sh"
FernandoMiguel
on 4 Nov 2016
@FernandoMiguel
Please try dev on your router.
export BRANCH=dev
acme.sh --upgrade
Then try again with ecc .
Neilpang
on 4 Nov 2016
acme.sh --issue -d nas4.fernandomiguel.net --dns dns_cf --dnssleep 10 --test -k ec-256 --debug 2
[Fri Nov 4 15:37:21 GMT 2016] Lets find script dir.
[Fri Nov 4 15:37:21 GMT 2016] _SCRIPT_='./acme.sh'
[Fri Nov 4 15:37:21 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov 4 15:37:21 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 15:37:21 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 15:37:21 GMT 2016]
[Fri Nov 4 15:37:21 GMT 2016] LE_WORKING_DIR='/volume1/@appstore/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri Nov 4 15:37:21 GMT 2016] Using api:
[Fri Nov 4 15:37:21 GMT 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Fri Nov 4 15:37:21 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas4.fernandomiguel.net_ecc'
[Fri Nov 4 15:37:21 GMT 2016] 1:Le_Domain='nas4.fernandomiguel.net'
[Fri Nov 4 15:37:21 GMT 2016] 2:Le_Alt='no'
[Fri Nov 4 15:37:21 GMT 2016] 3:Le_Webroot='dns_cf'
[Fri Nov 4 15:37:21 GMT 2016] 4:Le_PreHook=''
[Fri Nov 4 15:37:21 GMT 2016] 5:Le_PostHook=''
[Fri Nov 4 15:37:21 GMT 2016] 6:Le_RenewHook=''
[Fri Nov 4 15:37:21 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Fri Nov 4 15:37:21 GMT 2016] Using sed -i
[Fri Nov 4 15:37:22 GMT 2016] 7:Le_API='https://acme-staging.api.letsencrypt.org'
[Fri Nov 4 15:37:22 GMT 2016] _on_before_issue
[Fri Nov 4 15:37:22 GMT 2016] 'dns_cf' does not contain 'no'
[Fri Nov 4 15:37:22 GMT 2016] Le_LocalAddress
[Fri Nov 4 15:37:22 GMT 2016] Check for domain='nas4.fernandomiguel.net'
[Fri Nov 4 15:37:22 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 15:37:22 GMT 2016] 'dns_cf' does not contain 'apache'
[Fri Nov 4 15:37:22 GMT 2016] config file is empty, can not read CA_KEY_HASH
[Fri Nov 4 15:37:22 GMT 2016] _saved_account_key_hash
[Fri Nov 4 15:37:22 GMT 2016] EC key
[Fri Nov 4 15:37:22 GMT 2016] Let's try ASN1 OID
[Fri Nov 4 15:37:22 GMT 2016] AGREEMENT
[Fri Nov 4 15:37:22 GMT 2016] Registering account
[Fri Nov 4 15:37:22 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 15:37:22 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: [email protected]"], "agreement": ""}'
[Fri Nov 4 15:37:22 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 15:37:22 GMT 2016] Get nonce.
[Fri Nov 4 15:37:22 GMT 2016] GET
[Fri Nov 4 15:37:22 GMT 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Fri Nov 4 15:37:22 GMT 2016] timeout
[Fri Nov 4 15:37:22 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.q6ZdZx7oP1 '
[Fri Nov 4 15:37:23 GMT 2016] ret='0'
[Fri Nov 4 15:37:23 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Boulder-Request-Id: jOPtPjfc04yrTUb9JkU1givD0PraBnIwUpH13dqW5Kc
Replay-Nonce: IvQm9wCqnPZORbemAhc6nSL_oQpcTA2cSKWtD8_4gXA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 15:37:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 15:37:23 GMT
Connection: keep-alive
'
[Fri Nov 4 15:37:23 GMT 2016] _CACHED_NONCE='IvQm9wCqnPZORbemAhc6nSL_oQpcTA2cSKWtD8_4gXA'
[Fri Nov 4 15:37:23 GMT 2016] nonce='IvQm9wCqnPZORbemAhc6nSL_oQpcTA2cSKWtD8_4gXA'
Error Signing Data
6600:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
Error: offset too large
[Fri Nov 4 15:37:23 GMT 2016] Sign failed: openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha256
[Fri Nov 4 15:37:23 GMT 2016] Key file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 15:37:23 GMT 2016] Key content:-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIAOGlsvStpHWxtlX+l76tgrFKaS5cIZMP7z6yUSAs2FyoAoGCCqGSM49
AwEHoUQDQgAE8MS7daC9vE0TyL/1Rm6tBEkDA/vKHcT9MN4Qfdlb0aNbY4msr1dR
PFu4CRoh14WqF56SZvBO70bci4CpPfRHAQ==
-----END EC PRIVATE KEY-----
[Fri Nov 4 15:37:23 GMT 2016] Sign request failed.
[Fri Nov 4 15:37:23 GMT 2016] Register account Error:
[Fri Nov 4 15:37:23 GMT 2016] _on_issue_err
[Fri Nov 4 15:37:23 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Fri Nov 4 15:37:23 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Nov 4 15:37:23 GMT 2016] nc doesn't exists.
[Fri Nov 4 15:37:23 GMT 2016] Diagnosis versions:
openssl:
OpenSSL 0.9.8v 19 Apr 2012
apache:
apache doesn't exists.
nc:
FernandoMiguel
on 4 Nov 2016
Please try:
echo hello | openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha256
echo hello | openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha256
Error Signing Data
6676:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
FernandoMiguel
on 4 Nov 2016
guess that's too old to support that cipher
FernandoMiguel
on 4 Nov 2016
please try with sha1
echo hello | openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha1
echo hello | openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha1
Error Signing Data
6733:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
FernandoMiguel
on 4 Nov 2016
OpenSSL> ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
FernandoMiguel
on 4 Nov 2016
Please edit the key file:
/volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
remove the EC PARAMETERS :
left the private key only:
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIAOGlsvStpHWxtlX+l76tgrFKaS5cIZMP7z6yUSAs2FyoAoGCCqGSM49
AwEHoUQDQgAE8MS7daC9vE0TyL/1Rm6tBEkDA/vKHcT9MN4Qfdlb0aNbY4msr1dR
PFu4CRoh14WqF56SZvBO70bci4CpPfRHAQ==
-----END EC PRIVATE KEY-----
Then try again.
Neilpang
on 4 Nov 2016
nano /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
root@DS214play:/volume1/@appstore/.acme.sh# echo hello | openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha1
Error Signing Data
6897:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
root@DS214play:/volume1/@appstore/.acme.sh# echo hello | openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha256
Error Signing Data
6901:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
FernandoMiguel
on 4 Nov 2016
it seems that the openssl doesn't support to sign with ecc key.
However, you can still issue ecdsa cert.
#first remove the account.key file.
rm -f /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
# create an RSA account key:
acme.sh --createAccountKey --accountkeylength 2048
# then, you can issue ecdsa cert now:
acme.sh --issue -d .... -k ec-256
./acme.sh upgrade
[Fri Nov 4 16:01:07 GMT 2016] Installing from online archive.
[Fri Nov 4 16:01:08 GMT 2016] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Fri Nov 4 16:01:09 GMT 2016] Extracting master.tar.gz
[Fri Nov 4 16:01:09 GMT 2016] It is recommended to install nc first, try to install 'nc' or 'netcat'.
[Fri Nov 4 16:01:09 GMT 2016] We use nc for standalone server if you use standalone mode.
[Fri Nov 4 16:01:09 GMT 2016] If you don't use standalone mode, just ignore this warning.
[Fri Nov 4 16:01:09 GMT 2016] Installing to /volume1/@appstore/.acme.sh
[Fri Nov 4 16:01:09 GMT 2016] Installed to /volume1/@appstore/.acme.sh/acme.sh
[Fri Nov 4 16:01:10 GMT 2016] Installing alias to '/root/.profile'
[Fri Nov 4 16:01:10 GMT 2016] OK, Close and reopen your terminal to start using acme.sh
./acme.sh: line 3592: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:01:10 GMT 2016] Good, bash is found, so change the shebang to use bash as prefered.
[Fri Nov 4 16:01:10 GMT 2016] OK
[Fri Nov 4 16:01:10 GMT 2016] Install success!
[Fri Nov 4 16:01:10 GMT 2016] Upgrade success!
root@DS214play:/volume1/@appstore/.acme.sh# ./acme.sh --createAccountKey --accountkeylength 2048
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:01:25 GMT 2016] Creating account key
[Fri Nov 4 16:01:25 GMT 2016] Account key exists, skip
root@DS214play:/volume1/@appstore/.acme.sh# ./acme.sh --issue -d nas3.fernandomiguel.net --dns dns_cf --dnssleep 10 --test -k ec-256 --debug 2
[Fri Nov 4 16:01:36 GMT 2016] Lets find script dir.
[Fri Nov 4 16:01:36 GMT 2016] _SCRIPT_='./acme.sh'
[Fri Nov 4 16:01:36 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov 4 16:01:36 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:01:36 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:01:36 GMT 2016]
[Fri Nov 4 16:01:36 GMT 2016] LE_WORKING_DIR='/volume1/@appstore/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri Nov 4 16:01:36 GMT 2016] Using api:
[Fri Nov 4 16:01:36 GMT 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Fri Nov 4 16:01:37 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas3.fernandomiguel.net_ecc'
[Fri Nov 4 16:01:37 GMT 2016] Le_NextRenewTime
[Fri Nov 4 16:01:37 GMT 2016] 1:Le_Domain='nas3.fernandomiguel.net'
[Fri Nov 4 16:01:37 GMT 2016] 2:Le_Alt='no'
[Fri Nov 4 16:01:37 GMT 2016] 3:Le_Webroot='dns_cf'
[Fri Nov 4 16:01:37 GMT 2016] 4:Le_PreHook=''
[Fri Nov 4 16:01:37 GMT 2016] 5:Le_PostHook=''
[Fri Nov 4 16:01:37 GMT 2016] 6:Le_RenewHook=''
[Fri Nov 4 16:01:37 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Fri Nov 4 16:01:37 GMT 2016] Using sed -i
[Fri Nov 4 16:01:37 GMT 2016] 7:Le_API='https://acme-staging.api.letsencrypt.org'
[Fri Nov 4 16:01:37 GMT 2016] _on_before_issue
[Fri Nov 4 16:01:37 GMT 2016] 'dns_cf' does not contain 'no'
[Fri Nov 4 16:01:37 GMT 2016] Le_LocalAddress
[Fri Nov 4 16:01:37 GMT 2016] Check for domain='nas3.fernandomiguel.net'
[Fri Nov 4 16:01:37 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 16:01:37 GMT 2016] 'dns_cf' does not contain 'apache'
[Fri Nov 4 16:01:37 GMT 2016] config file is empty, can not read CA_KEY_HASH
[Fri Nov 4 16:01:37 GMT 2016] _saved_account_key_hash
[Fri Nov 4 16:01:37 GMT 2016] EC key
[Fri Nov 4 16:01:38 GMT 2016] Let's try ASN1 OID
[Fri Nov 4 16:01:38 GMT 2016] AGREEMENT
[Fri Nov 4 16:01:38 GMT 2016] Registering account
[Fri Nov 4 16:01:38 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 16:01:38 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: [email protected]"], "agreement": ""}'
[Fri Nov 4 16:01:38 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:01:38 GMT 2016] Get nonce.
[Fri Nov 4 16:01:38 GMT 2016] GET
[Fri Nov 4 16:01:38 GMT 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Fri Nov 4 16:01:38 GMT 2016] timeout
[Fri Nov 4 16:01:38 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.SITOdMVeEa '
[Fri Nov 4 16:01:39 GMT 2016] ret='0'
[Fri Nov 4 16:01:39 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Boulder-Request-Id: ctUUfy9ohxhMAIznpr3BZiv8wx46wj2umiHgjqNlGPo
Replay-Nonce: mBH-jaUBXY3T_ANqzFkPZztoX1YD68uyMsMMdzRY9Os
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 16:01:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:01:39 GMT
Connection: keep-alive
'
[Fri Nov 4 16:01:39 GMT 2016] _CACHED_NONCE='mBH-jaUBXY3T_ANqzFkPZztoX1YD68uyMsMMdzRY9Os'
[Fri Nov 4 16:01:39 GMT 2016] nonce='mBH-jaUBXY3T_ANqzFkPZztoX1YD68uyMsMMdzRY9Os'
Error Signing Data
9167:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
Error: offset too large
[Fri Nov 4 16:01:39 GMT 2016] Sign failed: openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha256
[Fri Nov 4 16:01:39 GMT 2016] Key file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:01:39 GMT 2016] Key content:8 lises
[Fri Nov 4 16:01:39 GMT 2016] Sign request failed.
[Fri Nov 4 16:01:39 GMT 2016] Register account Error:
[Fri Nov 4 16:01:39 GMT 2016] _on_issue_err
[Fri Nov 4 16:01:39 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Fri Nov 4 16:01:39 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Nov 4 16:01:39 GMT 2016] nc doesn't exists.
[Fri Nov 4 16:01:39 GMT 2016] Diagnosis versions:
openssl:
OpenSSL 0.9.8v 19 Apr 2012
apache:
apache doesn't exists.
nc:
FernandoMiguel
on 4 Nov 2016
please remove the existing account key:
rm -f /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
Then try again.
Neilpang
on 4 Nov 2016
rm ca/acme-staging.api.letsencrypt.org/account.key
./acme.sh --issue -d nas4.fernandomiguel.net --dns dns_cf --dnssleep 10 --test -k ec-256 --debug 2
[Fri Nov 4 16:09:12 GMT 2016] Lets find script dir.
[Fri Nov 4 16:09:12 GMT 2016] _SCRIPT_='./acme.sh'
[Fri Nov 4 16:09:12 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov 4 16:09:12 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:09:12 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:09:12 GMT 2016]
[Fri Nov 4 16:09:12 GMT 2016] LE_WORKING_DIR='/volume1/@appstore/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri Nov 4 16:09:12 GMT 2016] Using api:
[Fri Nov 4 16:09:12 GMT 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Fri Nov 4 16:09:12 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas4.fernandomiguel.net_ecc'
[Fri Nov 4 16:09:12 GMT 2016] 1:Le_Domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:09:12 GMT 2016] 2:Le_Alt='no'
[Fri Nov 4 16:09:12 GMT 2016] 3:Le_Webroot='dns_cf'
[Fri Nov 4 16:09:12 GMT 2016] 4:Le_PreHook=''
[Fri Nov 4 16:09:12 GMT 2016] 5:Le_PostHook=''
[Fri Nov 4 16:09:13 GMT 2016] 6:Le_RenewHook=''
[Fri Nov 4 16:09:13 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Fri Nov 4 16:09:13 GMT 2016] Using sed -i
[Fri Nov 4 16:09:13 GMT 2016] 7:Le_API='https://acme-staging.api.letsencrypt.org'
[Fri Nov 4 16:09:13 GMT 2016] _on_before_issue
[Fri Nov 4 16:09:13 GMT 2016] 'dns_cf' does not contain 'no'
[Fri Nov 4 16:09:13 GMT 2016] Le_LocalAddress
[Fri Nov 4 16:09:13 GMT 2016] Check for domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:09:13 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 16:09:13 GMT 2016] 'dns_cf' does not contain 'apache'
[Fri Nov 4 16:09:13 GMT 2016] config file is empty, can not read CA_KEY_HASH
[Fri Nov 4 16:09:13 GMT 2016] _saved_account_key_hash
[Fri Nov 4 16:09:13 GMT 2016] Creating account key
[Fri Nov 4 16:09:13 GMT 2016] length='ec-256'
[Fri Nov 4 16:09:13 GMT 2016] Use length 256
[Fri Nov 4 16:09:13 GMT 2016] Using ec name: prime256v1
[Fri Nov 4 16:09:14 GMT 2016] EC key
[Fri Nov 4 16:09:14 GMT 2016] Let's try ASN1 OID
[Fri Nov 4 16:09:15 GMT 2016] AGREEMENT
[Fri Nov 4 16:09:15 GMT 2016] Registering account
[Fri Nov 4 16:09:15 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 16:09:16 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: [email protected]"], "agreement": ""}'
[Fri Nov 4 16:09:16 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:09:16 GMT 2016] Get nonce.
[Fri Nov 4 16:09:16 GMT 2016] GET
[Fri Nov 4 16:09:16 GMT 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Fri Nov 4 16:09:16 GMT 2016] timeout
[Fri Nov 4 16:09:16 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.MeVVtxIMcg '
[Fri Nov 4 16:09:16 GMT 2016] ret='0'
[Fri Nov 4 16:09:16 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Boulder-Request-Id: aIX1XklkM3OSI5m4RreH9eIuFGQJEPTlMfZFyDhcpAk
Replay-Nonce: -rI4yRZUuPMi391jG9IrztBvzdQyYLn59LrosFcC34Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 16:09:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:09:16 GMT
Connection: keep-alive
'
[Fri Nov 4 16:09:17 GMT 2016] _CACHED_NONCE='-rI4yRZUuPMi391jG9IrztBvzdQyYLn59LrosFcC34Q'
[Fri Nov 4 16:09:17 GMT 2016] nonce='-rI4yRZUuPMi391jG9IrztBvzdQyYLn59LrosFcC34Q'
Error Signing Data
9860:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
Error: offset too large
[Fri Nov 4 16:09:17 GMT 2016] Sign failed: openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha256
[Fri Nov 4 16:09:17 GMT 2016] Key file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:09:17 GMT 2016] Key content:8 lises
[Fri Nov 4 16:09:17 GMT 2016] Sign request failed.
[Fri Nov 4 16:09:17 GMT 2016] Register account Error:
[Fri Nov 4 16:09:17 GMT 2016] _on_issue_err
[Fri Nov 4 16:09:17 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Fri Nov 4 16:09:17 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Nov 4 16:09:17 GMT 2016] nc doesn't exists.
[Fri Nov 4 16:09:17 GMT 2016] Diagnosis versions:
openssl:
OpenSSL 0.9.8v 19 Apr 2012
apache:
apache doesn't exists.
nc:
FernandoMiguel
on 4 Nov 2016
@FernandoMiguel
No, I mean, remove the account, then create account key, then issue cert.
rm -f /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
acme.sh --createAccountKey --accountkeylength 2048
acme.sh --issue -d .... -k ec-256
rm ca/acme-staging.api.letsencrypt.org/account.key
acme.sh --createAccountKey --accountkeylength 2048
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
/volume1/@appstore/.acme.sh/acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
/volume1/@appstore/.acme.sh/acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:19:07 GMT 2016] Creating account key
[Fri Nov 4 16:19:07 GMT 2016] Account key exists, skip
./acme.sh --issue -d nas4.fernandomiguel.net --dns dns_cf --dnssleep 10 --test -k ec-256 --debug 2
[Fri Nov 4 16:19:12 GMT 2016] Lets find script dir.
[Fri Nov 4 16:19:12 GMT 2016] _SCRIPT_='./acme.sh'
[Fri Nov 4 16:19:12 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov 4 16:19:12 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:19:12 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:19:12 GMT 2016]
[Fri Nov 4 16:19:12 GMT 2016] LE_WORKING_DIR='/volume1/@appstore/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri Nov 4 16:19:12 GMT 2016] Using api:
[Fri Nov 4 16:19:12 GMT 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Fri Nov 4 16:19:12 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas4.fernandomiguel.net_ecc'
[Fri Nov 4 16:19:12 GMT 2016] Le_NextRenewTime
[Fri Nov 4 16:19:13 GMT 2016] 1:Le_Domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:19:13 GMT 2016] 2:Le_Alt='no'
[Fri Nov 4 16:19:13 GMT 2016] 3:Le_Webroot='dns_cf'
[Fri Nov 4 16:19:13 GMT 2016] 4:Le_PreHook=''
[Fri Nov 4 16:19:13 GMT 2016] 5:Le_PostHook=''
[Fri Nov 4 16:19:13 GMT 2016] 6:Le_RenewHook=''
[Fri Nov 4 16:19:13 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Fri Nov 4 16:19:13 GMT 2016] Using sed -i
[Fri Nov 4 16:19:13 GMT 2016] 7:Le_API='https://acme-staging.api.letsencrypt.org'
[Fri Nov 4 16:19:13 GMT 2016] _on_before_issue
[Fri Nov 4 16:19:13 GMT 2016] 'dns_cf' does not contain 'no'
[Fri Nov 4 16:19:13 GMT 2016] Le_LocalAddress
[Fri Nov 4 16:19:13 GMT 2016] Check for domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:19:13 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 16:19:13 GMT 2016] 'dns_cf' does not contain 'apache'
[Fri Nov 4 16:19:13 GMT 2016] config file is empty, can not read CA_KEY_HASH
[Fri Nov 4 16:19:13 GMT 2016] _saved_account_key_hash
[Fri Nov 4 16:19:13 GMT 2016] Creating account key
[Fri Nov 4 16:19:13 GMT 2016] length='ec-256'
[Fri Nov 4 16:19:13 GMT 2016] Use length 256
[Fri Nov 4 16:19:13 GMT 2016] Using ec name: prime256v1
[Fri Nov 4 16:19:14 GMT 2016] EC key
[Fri Nov 4 16:19:14 GMT 2016] Let's try ASN1 OID
[Fri Nov 4 16:19:14 GMT 2016] AGREEMENT
[Fri Nov 4 16:19:14 GMT 2016] Registering account
[Fri Nov 4 16:19:14 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 16:19:14 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: [email protected]"], "agreement": ""}'
[Fri Nov 4 16:19:14 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:19:14 GMT 2016] Get nonce.
[Fri Nov 4 16:19:14 GMT 2016] GET
[Fri Nov 4 16:19:14 GMT 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Fri Nov 4 16:19:14 GMT 2016] timeout
[Fri Nov 4 16:19:14 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.Av92Hz5Dfz '
[Fri Nov 4 16:19:15 GMT 2016] ret='0'
[Fri Nov 4 16:19:15 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Boulder-Request-Id: tXZ_vCpWjZaeJ7-Uh8K-LcgLlPreMxBsf2B24c7uUj0
Replay-Nonce: KgqsLGfs8dddWDq-iw8n3B4CyeW40V6CD4ZEdS0m_R0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 16:19:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:19:15 GMT
Connection: keep-alive
'
[Fri Nov 4 16:19:15 GMT 2016] _CACHED_NONCE='KgqsLGfs8dddWDq-iw8n3B4CyeW40V6CD4ZEdS0m_R0'
[Fri Nov 4 16:19:15 GMT 2016] nonce='KgqsLGfs8dddWDq-iw8n3B4CyeW40V6CD4ZEdS0m_R0'
Error Signing Data
10703:error:0606B06E:digital envelope routines:EVP_SignFinal:wrong public key type:p_sign.c:99:
Error: offset too large
[Fri Nov 4 16:19:15 GMT 2016] Sign failed: openssl dgst -sign /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key -sha256
[Fri Nov 4 16:19:15 GMT 2016] Key file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:19:15 GMT 2016] Key content:8 lises
[Fri Nov 4 16:19:15 GMT 2016] Sign request failed.
[Fri Nov 4 16:19:15 GMT 2016] Register account Error:
[Fri Nov 4 16:19:15 GMT 2016] _on_issue_err
[Fri Nov 4 16:19:15 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Fri Nov 4 16:19:15 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Nov 4 16:19:15 GMT 2016] nc doesn't exists.
[Fri Nov 4 16:19:15 GMT 2016] Diagnosis versions:
openssl:
OpenSSL 0.9.8v 19 Apr 2012
apache:
apache doesn't exists.
nc:
FernandoMiguel
on 4 Nov 2016
Sorry.
Try:
rm -f ca/acme-staging.api.letsencrypt.org/account.key
acme.sh --createAccountKey --accountkeylength 2048 --test
./acme.sh --issue -d nas4.fernandomiguel.net --dns dns_cf --dnssleep 10 --test -k ec-256 --debug 2
oh right --test :) silly me
FernandoMiguel
on 4 Nov 2016
ohh i almost thought we got it
# rm -f ca/acme-staging.api.letsencrypt.org/account.key
root@DS214play:/volume1/@appstore/.acme.sh# acme.sh --createAccountKey --accountkeylength 2048 --test
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
/volume1/@appstore/.acme.sh/acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
/volume1/@appstore/.acme.sh/acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:24:33 GMT 2016] Creating account key
[Fri Nov 4 16:24:33 GMT 2016] Using stage api:https://acme-staging.api.letsencrypt.org
root@DS214play:/volume1/@appstore/.acme.sh# ll ca/acme-staging.api.letsencrypt.org/
total 12
drwxr-xr-x 2 root root 4096 Nov 4 16:24 .
drwxr-xr-x 4 root root 4096 Nov 4 15:58 ..
-rw-r--r-- 1 root root 1679 Nov 4 16:24 account.key
root@DS214play:/volume1/@appstore/.acme.sh# ./acme.sh --issue -d nas4.fernandomiguel.net --dns dns_cf --dnssleep 10 --test -k ec-256 --debug 2
[Fri Nov 4 16:24:58 GMT 2016] Lets find script dir.
[Fri Nov 4 16:24:58 GMT 2016] _SCRIPT_='./acme.sh'
[Fri Nov 4 16:24:58 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Fri Nov 4 16:24:58 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:24:58 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:24:58 GMT 2016]
[Fri Nov 4 16:24:58 GMT 2016] LE_WORKING_DIR='/volume1/@appstore/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.3
[Fri Nov 4 16:24:58 GMT 2016] Using api:
[Fri Nov 4 16:24:58 GMT 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Fri Nov 4 16:24:59 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas4.fernandomiguel.net_ecc'
[Fri Nov 4 16:24:59 GMT 2016] Le_NextRenewTime
[Fri Nov 4 16:24:59 GMT 2016] 1:Le_Domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:24:59 GMT 2016] 2:Le_Alt='no'
[Fri Nov 4 16:24:59 GMT 2016] 3:Le_Webroot='dns_cf'
[Fri Nov 4 16:24:59 GMT 2016] 4:Le_PreHook=''
[Fri Nov 4 16:24:59 GMT 2016] 5:Le_PostHook=''
[Fri Nov 4 16:24:59 GMT 2016] 6:Le_RenewHook=''
[Fri Nov 4 16:24:59 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Fri Nov 4 16:24:59 GMT 2016] Using sed -i
[Fri Nov 4 16:24:59 GMT 2016] 7:Le_API='https://acme-staging.api.letsencrypt.org'
[Fri Nov 4 16:24:59 GMT 2016] _on_before_issue
[Fri Nov 4 16:24:59 GMT 2016] 'dns_cf' does not contain 'no'
[Fri Nov 4 16:24:59 GMT 2016] Le_LocalAddress
[Fri Nov 4 16:24:59 GMT 2016] Check for domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:24:59 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 16:25:00 GMT 2016] 'dns_cf' does not contain 'apache'
[Fri Nov 4 16:25:00 GMT 2016] config file is empty, can not read CA_KEY_HASH
[Fri Nov 4 16:25:00 GMT 2016] _saved_account_key_hash
[Fri Nov 4 16:25:00 GMT 2016] RSA key
[Fri Nov 4 16:25:01 GMT 2016] AGREEMENT
[Fri Nov 4 16:25:01 GMT 2016] Registering account
[Fri Nov 4 16:25:01 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 16:25:01 GMT 2016] payload='{"resource": "new-reg", "contact": ["mailto: [email protected]"], "agreement": ""}'
[Fri Nov 4 16:25:01 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:25:01 GMT 2016] Get nonce.
[Fri Nov 4 16:25:01 GMT 2016] GET
[Fri Nov 4 16:25:01 GMT 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Fri Nov 4 16:25:01 GMT 2016] timeout
[Fri Nov 4 16:25:01 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.Uw2DYNDqpC '
[Fri Nov 4 16:25:02 GMT 2016] ret='0'
[Fri Nov 4 16:25:02 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Boulder-Request-Id: UId5-8wNtFSsjhk6DDLKn197QmjNgWtyjE-8w4upos8
Replay-Nonce: GVJ4XnN9BQmPuPQNUt_MqAqsZeDozp-9psQ_ILfc15Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 16:25:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:25:02 GMT
Connection: keep-alive
'
[Fri Nov 4 16:25:02 GMT 2016] _CACHED_NONCE='GVJ4XnN9BQmPuPQNUt_MqAqsZeDozp-9psQ_ILfc15Y'
[Fri Nov 4 16:25:02 GMT 2016] nonce='GVJ4XnN9BQmPuPQNUt_MqAqsZeDozp-9psQ_ILfc15Y'
[Fri Nov 4 16:25:03 GMT 2016] POST
[Fri Nov 4 16:25:03 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Fri Nov 4 16:25:03 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJHVko0WG5OOUJRbVB1UFFOVXRfTXFBcXNaZURvenAtOXBzUV9JTGZjMTVZIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctcmVnIiwgImNvbnRhY3QiOiBbIm1haWx0bzogTkFTU1NMQEZlcm5hbmRvTWlndWVsLm5ldCJdLCAiYWdyZWVtZW50IjogIiJ9", "signature": "wegEe4q-qn_-dthOz19kja4rh146ItMECW4pvVubvnvyeFerT8e2-aTsoTAy0eer6-cQOHqrvuTgDUdQObW_8S_qKdym3YH_qE01ZaDDMVPo6AVcZ392vG7luIOc-TlJwiF6JjiIWr5RegHxGvkrkrDF7Ezb9j_8Mr_nIbBD7z5ewQadDJmbosMeRwuRKSHf9nCS_QtrQ3cwbzUjBp9m9zNinBK6gorbORJnjq7_3k4R-niPfLN8wnD5lLRJKWVwcTXCRxbVZwXGKw3rQAOnWH7OV30LK044qwd8Czo1d_7Vrdckx5tRoKOqGRn1txO6D3WjrbqYF5rI_Gf0TOp1cA"}'
[Fri Nov 4 16:25:03 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.5IGNqMeYcj '
[Fri Nov 4 16:25:04 GMT 2016] _ret='0'
[Fri Nov 4 16:25:04 GMT 2016] original='{
"id": 471991,
"key": {
"kty": "RSA",
"n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw",
"e": "AQAB"
},
"contact": [
"mailto: [email protected]"
],
"initialIp": "89.155.203.100",
"createdAt": "2016-11-04T16:25:04.427565797Z",
"Status": ""
}'
[Fri Nov 4 16:25:04 GMT 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 04 Nov 2016 16:25:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 581
Boulder-Request-Id: Ful-E3_HugrSpp282km32-mc0z2JqIRaAOdGQdWj6-E
Boulder-Requester: 471991
Link: <https://acme-staging.api.letsencrypt.org/acme/new-authz>;rel="next"
Link: <https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf>;rel="terms-of-service"
Location: https://acme-staging.api.letsencrypt.org/acme/reg/471991
Replay-Nonce: lWhQAbMpedAWz9_kH7oGlYpdquHrnkNFZBZ-78_x0xc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 16:25:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:25:04 GMT
Connection: keep-alive
'
[Fri Nov 4 16:25:04 GMT 2016] response='{"id": 471991,"key":{"kty":"RSA","n":"2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw","e":"AQAB"},"contact":["mailto: [email protected]"],"initialIp":"89.155.203.100","createdAt":"2016-11-04T16:25:04.427565797Z","Status":""}'
[Fri Nov 4 16:25:04 GMT 2016] code='201'
[Fri Nov 4 16:25:04 GMT 2016] Registered
[Fri Nov 4 16:25:04 GMT 2016] _accUri='https://acme-staging.api.letsencrypt.org/acme/reg/471991'
[Fri Nov 4 16:25:04 GMT 2016] _tos='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
[Fri Nov 4 16:25:04 GMT 2016] AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
[Fri Nov 4 16:25:04 GMT 2016] Update tos: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
[Fri Nov 4 16:25:04 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/reg/471991'
[Fri Nov 4 16:25:04 GMT 2016] payload='{"resource": "reg", "contact": ["mailto: [email protected]"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Fri Nov 4 16:25:04 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:25:04 GMT 2016] Use _CACHED_NONCE='lWhQAbMpedAWz9_kH7oGlYpdquHrnkNFZBZ-78_x0xc'
[Fri Nov 4 16:25:04 GMT 2016] nonce='lWhQAbMpedAWz9_kH7oGlYpdquHrnkNFZBZ-78_x0xc'
[Fri Nov 4 16:25:05 GMT 2016] POST
[Fri Nov 4 16:25:05 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/reg/471991'
[Fri Nov 4 16:25:05 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJsV2hRQWJNcGVkQVd6OV9rSDdvR2xZcGRxdUhybmtORlpCWi03OF94MHhjIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJyZWciLCAiY29udGFjdCI6IFsibWFpbHRvOiBOQVNTU0xARmVybmFuZG9NaWd1ZWwubmV0Il0sICJhZ3JlZW1lbnQiOiAiaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvZG9jdW1lbnRzL0xFLVNBLXYxLjEuMS1BdWd1c3QtMS0yMDE2LnBkZiJ9", "signature": "Z3O7ARZ-3Ky9hWqVQrEyOrZSL1rsSd5JiiHCuNjKwVOxhjouKfUcD1Ekx4RMQ3B89mCAOAEz2E8axrvJOXfbBUmN90Z3YxAKKjRjvYCU-2eWsoM_OdXtssdkoPphwUm1U-XNsVyb1fzaHfPhQEDzM9ewTC9EOptjXOlRzTDm6ZpipQ7ayiMk0l-c_BZayDk6A5fsCp-Fl7vhS7yaEkG4tZCMpyY5WsEIKbjNynqH4LUZXTFGstFXGsjB8RYp4v4tJl8i5e_PKjpJLkZ5MsvtkR8Ai58Qqs5dRWMeeRSYcCn3HR3pMRRbGqzS32SMNBfnBKrMzmgSlf0WDWaN2-uOkg"}'
[Fri Nov 4 16:25:05 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.gwVhdIBmzg '
[Fri Nov 4 16:25:06 GMT 2016] _ret='0'
[Fri Nov 4 16:25:06 GMT 2016] original='{
"id": 471991,
"key": {
"kty": "RSA",
"n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw",
"e": "AQAB"
},
"contact": [
"mailto: [email protected]"
],
"agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
"initialIp": "89.155.203.100",
"createdAt": "2016-11-04T16:25:04Z",
"Status": ""
}'
[Fri Nov 4 16:25:06 GMT 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 04 Nov 2016 16:25:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 654
Boulder-Request-Id: JWDDeoDTRSqUHaGS15rCd37cxcaYkNGlGQnHH1YIda4
Boulder-Requester: 471991
Link: <https://acme-staging.api.letsencrypt.org/acme/new-authz>;rel="next"
Link: <https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf>;rel="terms-of-service"
Replay-Nonce: RZ8mychG49a7CBr7GO7UmBnMjjUlk40ZOAduvM2cWHQ
Expires: Fri, 04 Nov 2016 16:25:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:25:06 GMT
Connection: keep-alive
'
[Fri Nov 4 16:25:06 GMT 2016] response='{"id": 471991,"key":{"kty":"RSA","n":"2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw","e":"AQAB"},"contact":["mailto: [email protected]"],"agreement":"https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf","initialIp":"89.155.203.100","createdAt":"2016-11-04T16:25:04Z","Status":""}'
[Fri Nov 4 16:25:06 GMT 2016] code='202'
[Fri Nov 4 16:25:06 GMT 2016] Update success.
[Fri Nov 4 16:25:06 GMT 2016] Calc CA_KEY_HASH='GkkbJihJzpCsgUeWZNpdWA+aWhy7bWjyEAon43uBgew='
[Fri Nov 4 16:25:06 GMT 2016] 1:CA_KEY_HASH='GkkbJihJzpCsgUeWZNpdWA+aWhy7bWjyEAon43uBgew='
[Fri Nov 4 16:25:06 GMT 2016] Read key length:ec-256
[Fri Nov 4 16:25:06 GMT 2016] Creating domain key
[Fri Nov 4 16:25:06 GMT 2016] Use length 256
[Fri Nov 4 16:25:06 GMT 2016] Using ec name: prime256v1
[Fri Nov 4 16:25:06 GMT 2016] _createcsr
[Fri Nov 4 16:25:06 GMT 2016] domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:25:06 GMT 2016] domainlist
[Fri Nov 4 16:25:06 GMT 2016] csrkey='/volume1/@appstore/.acme.sh/nas4.fernandomiguel.net_ecc/nas4.fernandomiguel.net.key'
[Fri Nov 4 16:25:06 GMT 2016] csr='/volume1/@appstore/.acme.sh/nas4.fernandomiguel.net_ecc/nas4.fernandomiguel.net.csr'
[Fri Nov 4 16:25:06 GMT 2016] csrconf='/volume1/@appstore/.acme.sh/nas4.fernandomiguel.net_ecc/nas4.fernandomiguel.net.csr.conf'
[Fri Nov 4 16:25:06 GMT 2016] Single domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:25:06 GMT 2016] _is_idn_d='nas4.fernandomiguel.net'
[Fri Nov 4 16:25:06 GMT 2016] _idn_temp
[Fri Nov 4 16:25:06 GMT 2016] _csr_cn='nas4.fernandomiguel.net'
[Fri Nov 4 16:25:06 GMT 2016] 8:Le_Keylength='ec-256'
[Fri Nov 4 16:25:06 GMT 2016] Getting domain auth token for each domain
[Fri Nov 4 16:25:06 GMT 2016] Getting webroot for domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:25:06 GMT 2016] _w='dns_cf'
[Fri Nov 4 16:25:06 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 16:25:06 GMT 2016] Getting new-authz for domain='nas4.fernandomiguel.net'
[Fri Nov 4 16:25:06 GMT 2016] Try new-authz for the 0 time.
[Fri Nov 4 16:25:06 GMT 2016] _is_idn_d='nas4.fernandomiguel.net'
[Fri Nov 4 16:25:06 GMT 2016] _idn_temp
[Fri Nov 4 16:25:06 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Fri Nov 4 16:25:06 GMT 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "nas4.fernandomiguel.net"}}'
[Fri Nov 4 16:25:06 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:25:06 GMT 2016] Use _CACHED_NONCE='RZ8mychG49a7CBr7GO7UmBnMjjUlk40ZOAduvM2cWHQ'
[Fri Nov 4 16:25:06 GMT 2016] nonce='RZ8mychG49a7CBr7GO7UmBnMjjUlk40ZOAduvM2cWHQ'
[Fri Nov 4 16:25:06 GMT 2016] POST
[Fri Nov 4 16:25:06 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Fri Nov 4 16:25:07 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJSWjhteWNoRzQ5YTdDQnI3R083VW1Cbk1qalVsazQwWk9BZHV2TTJjV0hRIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAibmFzNC5mZXJuYW5kb21pZ3VlbC5uZXQifX0", "signature": "wSVWsLJ_B-3673m_8_TfxX66B12z9bZqhqPwwnUQHYJ-42sx8JsqNs36NUNFNPvL9j1Pfi5MAIOsqqMX0EXtnWzcCcOzdvFVyW5kSoneLq3sjfalP2naeULHTBizmsPUyOIZa9sInhak1pqKz4dbVX37wOTfGVWafOAkVnIg4S8Wj9IxrqsDQQMVjeRM9u0RXNq1k3xWjEOt2XiP7cxckIMHLCCEjtyaLMNGPgbSOC6Kjnp3tbNn77Bv2_LSyN01Ge5AXeY2LNitLSn92L0SoHwvedWRm2869IX2DRQB8HNp4FYpThNoCwVKvjY4WW06CPCUODlyijPDUmz2eIbEuw"}'
[Fri Nov 4 16:25:07 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.QmKW3AQoot '
[Fri Nov 4 16:25:08 GMT 2016] _ret='0'
[Fri Nov 4 16:25:08 GMT 2016] original='{
"identifier": {
"type": "dns",
"value": "nas4.fernandomiguel.net"
},
"status": "pending",
"expires": "2016-11-11T16:29:44.351137872Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500314",
"token": "WhFrKrSowtiqX8MWV7gEPWKffDuKdstya42lblg4FwY"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315",
"token": "THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500316",
"token": "YXCx8vs9-lBxKUPyp6bvb9ftuL12OkkKY2FzeexWKzk"
}
],
"combinations": [
[
2
],
[
0
],
[
1
]
]
}'
[Fri Nov 4 16:25:08 GMT 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 04 Nov 2016 16:25:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1017
Boulder-Request-Id: bEsYjqM7WlHZzUZNI-4SR4WAFKPI13bcx25SizMTRiw
Boulder-Requester: 471991
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8
Replay-Nonce: PLpgdMA3wpRl9j17HlzNRZGMgmfHaeTT9MUBknSeLF8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 04 Nov 2016 16:25:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:25:08 GMT
Connection: keep-alive
'
[Fri Nov 4 16:25:08 GMT 2016] response='{"identifier":{"type":"dns","value":"nas4.fernandomiguel.net"},"status":"pending","expires":"2016-11-11T16:29:44.351137872Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500314","token":"WhFrKrSowtiqX8MWV7gEPWKffDuKdstya42lblg4FwY"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315","token":"THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500316","token":"YXCx8vs9-lBxKUPyp6bvb9ftuL12OkkKY2FzeexWKzk"}],"combinations":[[2],[0],[1]]}'
[Fri Nov 4 16:25:08 GMT 2016] code='201'
[Fri Nov 4 16:25:08 GMT 2016] The new-authz request is ok.
[Fri Nov 4 16:25:08 GMT 2016] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315","token":"THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A"'
[Fri Nov 4 16:25:08 GMT 2016] token='THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A'
[Fri Nov 4 16:25:08 GMT 2016] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315'
[Fri Nov 4 16:25:08 GMT 2016] keyauthorization='THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU'
[Fri Nov 4 16:25:08 GMT 2016] dvlist='nas4.fernandomiguel.net#THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU#https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315#dns-01#dns_cf'
[Fri Nov 4 16:25:08 GMT 2016] txtdomain='_acme-challenge.nas4.fernandomiguel.net'
[Fri Nov 4 16:25:08 GMT 2016] txt='tz8izpVEg4WPzFe5KTDozTaaGBKwb72_esGdbotIrcc'
[Fri Nov 4 16:25:08 GMT 2016] d_api='/volume1/@appstore/.acme.sh/dnsapi/dns_cf.sh'
[Fri Nov 4 16:25:08 GMT 2016] Found domain api file: /volume1/@appstore/.acme.sh/dnsapi/dns_cf.sh
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:25:08 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
./acme.sh: line 1282: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Fri Nov 4 16:25:08 GMT 2016]
[Fri Nov 4 16:25:08 GMT 2016] First detect the root zone
[Fri Nov 4 16:25:08 GMT 2016] zones?name=nas4.fernandomiguel.net
[Fri Nov 4 16:25:08 GMT 2016] GET
[Fri Nov 4 16:25:08 GMT 2016] url='https://api.cloudflare.com/client/v4/zones?name=nas4.fernandomiguel.net'
[Fri Nov 4 16:25:08 GMT 2016] timeout
[Fri Nov 4 16:25:08 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.bSzkblyNU7 '
[Fri Nov 4 16:25:09 GMT 2016] ret='0'
[Fri Nov 4 16:25:09 GMT 2016] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Fri Nov 4 16:25:09 GMT 2016] zones?name=fernandomiguel.net
[Fri Nov 4 16:25:09 GMT 2016] GET
[Fri Nov 4 16:25:09 GMT 2016] url='https://api.cloudflare.com/client/v4/zones?name=fernandomiguel.net'
[Fri Nov 4 16:25:09 GMT 2016] timeout
[Fri Nov 4 16:25:09 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.NRISf3bVJg '
[Fri Nov 4 16:25:11 GMT 2016] ret='0'
[Fri Nov 4 16:25:11 GMT 2016] response='{"result":[{"id":"e24a1feb803d97610e3f96aa9438a573","name":"fernandomiguel.net","status":"active","paused":false,"type":"full","development_mode":-78563919,"name_servers":["eva.ns.cloudflare.com","jay.ns.cloudflare.com"],"original_name_servers":["DNS1.POINTHQ.COM","DNS2.POINTHQ.COM","DNS3.POINTHQ.COM","DNS4.POINTHQ.COM"],"original_registrar":"DreamHost","original_dnshost":null,"modified_on":"2016-11-04T15:29:50.666090Z","created_on":"2011-05-01T11:01:37.071341Z","vanity_name_servers":["name01.fernandomiguel.net","name02.fernandomiguel.net"],"meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":1,"page_rule_quota":50,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"1e1b16b5f7898b97f141918db6184852","email":"[email protected]"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"1ac039f6c29b691475c3d74fe588d1ae","name":"Business Website","price":0,"currency":"USD","frequency":"monthly","is_subscribed":true,"can_subscribe":true,"legacy_id":"business","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Fri Nov 4 16:25:11 GMT 2016] _domain_id='e24a1feb803d97610e3f96aa9438a573'
[Fri Nov 4 16:25:11 GMT 2016] _sub_domain='_acme-challenge.nas4'
[Fri Nov 4 16:25:11 GMT 2016] _domain='fernandomiguel.net'
[Fri Nov 4 16:25:11 GMT 2016] Getting txt records
[Fri Nov 4 16:25:11 GMT 2016] zones/e24a1feb803d97610e3f96aa9438a573/dns_records?type=TXT&name=_acme-challenge.nas4.fernandomiguel.net
[Fri Nov 4 16:25:11 GMT 2016] GET
[Fri Nov 4 16:25:11 GMT 2016] url='https://api.cloudflare.com/client/v4/zones/e24a1feb803d97610e3f96aa9438a573/dns_records?type=TXT&name=_acme-challenge.nas4.fernandomiguel.net'
[Fri Nov 4 16:25:11 GMT 2016] timeout
[Fri Nov 4 16:25:11 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.fPpGk9vCmr '
[Fri Nov 4 16:25:12 GMT 2016] ret='0'
[Fri Nov 4 16:25:12 GMT 2016] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Fri Nov 4 16:25:12 GMT 2016] count='0'
[Fri Nov 4 16:25:12 GMT 2016] Adding record
[Fri Nov 4 16:25:12 GMT 2016] zones/e24a1feb803d97610e3f96aa9438a573/dns_records
[Fri Nov 4 16:25:12 GMT 2016] data='{"type":"TXT","name":"_acme-challenge.nas4.fernandomiguel.net","content":"tz8izpVEg4WPzFe5KTDozTaaGBKwb72_esGdbotIrcc","ttl":120}'
[Fri Nov 4 16:25:12 GMT 2016] POST
[Fri Nov 4 16:25:12 GMT 2016] url='https://api.cloudflare.com/client/v4/zones/e24a1feb803d97610e3f96aa9438a573/dns_records'
[Fri Nov 4 16:25:12 GMT 2016] body='{"type":"TXT","name":"_acme-challenge.nas4.fernandomiguel.net","content":"tz8izpVEg4WPzFe5KTDozTaaGBKwb72_esGdbotIrcc","ttl":120}'
[Fri Nov 4 16:25:12 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.Nkdo8mwciB '
[Fri Nov 4 16:25:13 GMT 2016] _ret='0'
[Fri Nov 4 16:25:13 GMT 2016] response='{"result":{"id":"b7fbdecf10a2097ea12091cf61a0482f","type":"TXT","name":"_acme-challenge.nas4.fernandomiguel.net","content":"tz8izpVEg4WPzFe5KTDozTaaGBKwb72_esGdbotIrcc","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"e24a1feb803d97610e3f96aa9438a573","zone_name":"fernandomiguel.net","modified_on":"2016-11-04T16:25:13.271627Z","created_on":"2016-11-04T16:25:13.271627Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Fri Nov 4 16:25:13 GMT 2016] Added, sleeping 10 seconds
[Fri Nov 4 16:25:23 GMT 2016] 9:Le_DNSSleep='10'
[Fri Nov 4 16:25:23 GMT 2016] Sleep 10 seconds for the txt records to take effect
[Fri Nov 4 16:25:35 GMT 2016] ok, let's start to verify
[Fri Nov 4 16:25:35 GMT 2016] Verifying:nas4.fernandomiguel.net
[Fri Nov 4 16:25:35 GMT 2016] d='nas4.fernandomiguel.net'
[Fri Nov 4 16:25:35 GMT 2016] keyauthorization='THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU'
[Fri Nov 4 16:25:35 GMT 2016] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315'
[Fri Nov 4 16:25:35 GMT 2016] _currentRoot='dns_cf'
[Fri Nov 4 16:25:35 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315'
[Fri Nov 4 16:25:35 GMT 2016] payload='{"resource": "challenge", "keyAuthorization": "THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU"}'
[Fri Nov 4 16:25:35 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:25:35 GMT 2016] Use _CACHED_NONCE='PLpgdMA3wpRl9j17HlzNRZGMgmfHaeTT9MUBknSeLF8'
[Fri Nov 4 16:25:35 GMT 2016] nonce='PLpgdMA3wpRl9j17HlzNRZGMgmfHaeTT9MUBknSeLF8'
[Fri Nov 4 16:25:35 GMT 2016] POST
[Fri Nov 4 16:25:35 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315'
[Fri Nov 4 16:25:35 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJQTHBnZE1BM3dwUmw5ajE3SGx6TlJaR01nbWZIYWVUVDlNVUJrblNlTEY4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJUSEtZU094UFlUeEdBcjFXcG84cWZ4cGIwRTQyZURnQ3ZjbG9nWHdXeDJBLjFEbDlFM1BvU2MtemFGd1gzc3lWbW5jeS1NbWFrZEItUmZDZllwYlBFdlUifQ", "signature": "Mr-fMCmfKCIpdFndX97jeyjolWfmmR16LSh1idzus-aYWNyxbe5nIv7sDRbR6Pv8M8zCv4ki41YlPs-6DXZ729BGwi5hhZL0UJGGXLYk1xv-6FwpGGZzbc2CvX_3S_dPjUEoB4oLVhxTvhqBwSwBU26Dlh_ZqI2akiGpX-ZSoSaiWHIftVl47jjInS9VPnhLPpF2GAIoGILO-F2jtyn8zVw0TTWaUiqynxUdhcdruBWytj5R-LS53sqfwHUHwPUnq2nVIn8WYjDBTFoZ8baNEJbLyTK_g780URsBRvYKo6eaanLDSi0moAOZdo1544WmY3SWhwfF73bIpsUjWN8OlA"}'
[Fri Nov 4 16:25:35 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.8s0fxhWI4S '
[Fri Nov 4 16:25:36 GMT 2016] _ret='0'
[Fri Nov 4 16:25:36 GMT 2016] original='{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315",
"token": "THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A",
"keyAuthorization": "THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU"
}'
[Fri Nov 4 16:25:36 GMT 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 04 Nov 2016 16:25:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Boulder-Request-Id: 4CKmjbrLdJFYdetkRmwouzabi13NFOnmm_RNhzkWxxA
Boulder-Requester: 471991
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315
Replay-Nonce: x75OpbTkWsDrzFjYgDiecnEEn0NK5mSsmS8VQ1IpbHk
Expires: Fri, 04 Nov 2016 16:25:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:25:36 GMT
Connection: keep-alive
'
[Fri Nov 4 16:25:36 GMT 2016] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315","token":"THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A","keyAuthorization":"THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU"}'
[Fri Nov 4 16:25:36 GMT 2016] code='202'
[Fri Nov 4 16:25:36 GMT 2016] sleep 2 secs to verify
[Fri Nov 4 16:25:38 GMT 2016] checking
[Fri Nov 4 16:25:38 GMT 2016] GET
[Fri Nov 4 16:25:38 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315'
[Fri Nov 4 16:25:38 GMT 2016] timeout
[Fri Nov 4 16:25:38 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.q5ySi5f6dO '
[Fri Nov 4 16:25:39 GMT 2016] ret='0'
[Fri Nov 4 16:25:39 GMT 2016] original='{
"type": "dns-01",
"status": "valid",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315",
"token": "THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A",
"keyAuthorization": "THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU",
"validationRecord": [
{
"hostname": "nas4.fernandomiguel.net",
"port": "",
"addressesResolved": null,
"addressUsed": ""
}
]
}'
[Fri Nov 4 16:25:39 GMT 2016] response='{"type":"dns-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/TMZjg0pTRIAXfvqzqYPfW_56niOkc3BanQc0Ql5h3C8/16500315","token":"THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A","keyAuthorization":"THKYSOxPYTxGAr1Wpo8qfxpb0E42eDgCvclogXwWx2A.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU","validationRecord":[{"hostname":"nas4.fernandomiguel.net","port":"","addressesResolved": null,"addressUsed":""}]}'
[Fri Nov 4 16:25:39 GMT 2016] Success
[Fri Nov 4 16:25:39 GMT 2016] pid
[Fri Nov 4 16:25:39 GMT 2016] Skip for removelevel:
[Fri Nov 4 16:25:39 GMT 2016] pid
[Fri Nov 4 16:25:39 GMT 2016] _clearupdns
[Fri Nov 4 16:25:39 GMT 2016] d_api='/volume1/@appstore/.acme.sh/dnsapi/dns_cf.sh'
[Fri Nov 4 16:25:39 GMT 2016] Verify finished, start to sign.
[Fri Nov 4 16:25:39 GMT 2016] i='2'
[Fri Nov 4 16:25:39 GMT 2016] j='7'
[Fri Nov 4 16:25:39 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Fri Nov 4 16:25:39 GMT 2016] payload='{"resource": "new-cert", "csr": "MIH7MIGiAgEAMCIxIDAeBgNVBAMTF25hczQuZmVybmFuZG9taWd1ZWwubmV0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJD33wZ4Abdh5ezdsZxFgjWRP7cBug1edBIc0Dy7nEmh1Wr-nCJE27Jx4JrgJDtR1z-rKgM9_217C_JAXbO9IwKAeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQDAgXgMAkGByqGSM49BAEDSQAwRgIhAL0SLFnnVjPpTsst3hJKntnT5Z6LX5vNdojmKLZtl8c9AiEAw2FG0y8jSR-h30pZo-qpDGyJL01TxZzVpYRdQnetNR8"}'
[Fri Nov 4 16:25:39 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Fri Nov 4 16:25:39 GMT 2016] Use _CACHED_NONCE='x75OpbTkWsDrzFjYgDiecnEEn0NK5mSsmS8VQ1IpbHk'
[Fri Nov 4 16:25:39 GMT 2016] nonce='x75OpbTkWsDrzFjYgDiecnEEn0NK5mSsmS8VQ1IpbHk'
[Fri Nov 4 16:25:39 GMT 2016] POST
[Fri Nov 4 16:25:39 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Fri Nov 4 16:25:39 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJ4NzVPcGJUa1dzRHJ6RmpZZ0RpZWNuRUVuME5LNW1Tc21TOFZRMUlwYkhrIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlIN01JR2lBZ0VBTUNJeElEQWVCZ05WQkFNVEYyNWhjelF1Wm1WeWJtRnVaRzl0YVdkMVpXd3VibVYwTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFSkQzM3daNEFiZGg1ZXpkc1p4RmdqV1JQN2NCdWcxZWRCSWMwRHk3bkVtaDFXci1uQ0pFMjdKeDRKcmdKRHRSMXotcktnTTlfMjE3Q19KQVhiTzlJd0tBZU1Cd0dDU3FHU0liM0RRRUpEakVQTUEwd0N3WURWUjBQQkFRREFnWGdNQWtHQnlxR1NNNDlCQUVEU1FBd1JnSWhBTDBTTEZublZqUHBUc3N0M2hKS250blQ1WjZMWDV2TmRvam1LTFp0bDhjOUFpRUF3MkZHMHk4alNSLWgzMHBaby1xcERHeUpMMDFUeFp6VnBZUmRRbmV0TlI4In0", "signature": "kSEaiknUUH8uYD0D30Odok_1feTEABHZkIx3it9OdUlVtqYqJBsYzpbwVu5FNh6nKjlyzS2KMGg1ENipnMCQbMtwbmohhPd1h_vIIcPI0AorU-LnpTTwd5tg7QhZbidf34EDPaxUM68dSFnOsWE7R14351D9bN225jhofNUIT42qS3Kux9yjTbv5oFQDRGaSwKjJUC2-jRppA1nW5R1j7JhZ9S-xSYM4KPW5GQz-33ovWMCARZ3Dzp3zWnNCKpiRbBX70my-GfHwS7kUhn9K1ZvZoanfZj2WjZPJ6DXukAGP0Mm0Buiz1gNKcocOufFugoIvAoIjjoSYZNL2_gu5sg"}'
[Fri Nov 4 16:25:39 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.6Nl2TCMaBy '
[Fri Nov 4 16:25:40 GMT 2016] _ret='0'
[Fri Nov 4 16:25:40 GMT 2016] original='ewogICJ0eXBlIjogInVybjphY21lOmVycm9yOm1hbGZvcm1lZCIsCiAgImRldGFpbCI6ICJFcnJvciBjcmVhdGluZyBuZXcgY2VydCA6OiBzaWduYXR1cmUgYWxnb3JpdGhtIG5vdCBzdXBwb3J0ZWQiLAogICJzdGF0dXMiOiA0MDAKfQ=='
[Fri Nov 4 16:25:40 GMT 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 04 Nov 2016 16:25:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 133
Boulder-Request-Id: 8QGYc8FHlfVxAaMuoal9P2WuJPHLAfRbL7AhBtVMWUY
Boulder-Requester: 471991
Replay-Nonce: lCCv7ucQydKaQqHt8wD2HCKxsBw26eh4HMFK15txX9E
Expires: Fri, 04 Nov 2016 16:25:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Nov 2016 16:25:40 GMT
Connection: close
'
[Fri Nov 4 16:25:40 GMT 2016] response='ewogICJ0eXBlIjogInVybjphY21lOmVycm9yOm1hbGZvcm1lZCIsCiAgImRldGFpbCI6ICJFcnJvciBjcmVhdGluZyBuZXcgY2VydCA6OiBzaWduYXR1cmUgYWxnb3JpdGhtIG5vdCBzdXBwb3J0ZWQiLAogICJzdGF0dXMiOiA0MDAKfQ=='
[Fri Nov 4 16:25:40 GMT 2016] code='400'
[Fri Nov 4 16:25:41 GMT 2016] 10:Le_LinkCert=''
[Fri Nov 4 16:25:41 GMT 2016] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
[Fri Nov 4 16:25:41 GMT 2016] _on_issue_err
[Fri Nov 4 16:25:41 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Fri Nov 4 16:25:41 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Nov 4 16:25:41 GMT 2016] nc doesn't exists.
[Fri Nov 4 16:25:41 GMT 2016] Diagnosis versions:
openssl:
OpenSSL 0.9.8v 19 Apr 2012
apache:
apache doesn't exists.
nc:
Yes, it's almost there. but I have to sleep now.
I will check more tomorrow.
Thanks for your time.
Neilpang
on 4 Nov 2016
(let me know where's your donation link. i own you a couple of beers :D )
FernandoMiguel
on 4 Nov 2016
https://github.com/Neilpang/acme.sh#donate
Are you sure the RSA cert can work on this router ?
Neilpang
on 5 Nov 2016
@FernandoMiguel
Please with --debug 3 level .
Neilpang
on 5 Nov 2016
It's not a router, it's a NAS.
it runs an atom like CPU, a 32 bit arm or something.
RSA does work, as it is live right now.
It's weekend, so I won't be spending time on my laptop.
Enjoy yours too
FernandoMiguel
on 5 Nov 2016
@FernandoMiguel
Please upgrade to the latest code and try with --debug 3 level when you have time .
Neilpang
on 6 Nov 2016
# ./acme.sh upgrade
[Mon Nov 7 09:44:04 GMT 2016] Installing from online archive.
[Mon Nov 7 09:44:04 GMT 2016] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Mon Nov 7 09:44:06 GMT 2016] Extracting master.tar.gz
[Mon Nov 7 09:44:06 GMT 2016] It is recommended to install nc first, try to install 'nc' or 'netcat'.
[Mon Nov 7 09:44:06 GMT 2016] We use nc for standalone server if you use standalone mode.
[Mon Nov 7 09:44:06 GMT 2016] If you don't use standalone mode, just ignore this warning.
[Mon Nov 7 09:44:06 GMT 2016] Installing to /volume1/@appstore/.acme.sh
[Mon Nov 7 09:44:06 GMT 2016] Installed to /volume1/@appstore/.acme.sh/acme.sh
[Mon Nov 7 09:44:06 GMT 2016] Installing alias to '/root/.profile'
[Mon Nov 7 09:44:06 GMT 2016] OK, Close and reopen your terminal to start using acme.sh
./acme.sh: line 3618: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:06 GMT 2016] Good, bash is found, so change the shebang to use bash as prefered.
[Mon Nov 7 09:44:07 GMT 2016] OK
[Mon Nov 7 09:44:07 GMT 2016] Install success!
[Mon Nov 7 09:44:07 GMT 2016] Upgrade success!
root@DS214play:/volume1/@appstore/.acme.sh# ./acme.sh --issue -d nas11.fernandomiguel.net --dns dns_cf --dnssleep 10 --test -k ec-256 --debug 3
[Mon Nov 7 09:44:22 GMT 2016] readlink exists=0
[Mon Nov 7 09:44:22 GMT 2016] dirname exists=0
[Mon Nov 7 09:44:22 GMT 2016] Lets find script dir.
[Mon Nov 7 09:44:22 GMT 2016] _SCRIPT_='./acme.sh'
[Mon Nov 7 09:44:22 GMT 2016] _script='/volume1/@appstore/.acme.sh/acme.sh'
[Mon Nov 7 09:44:22 GMT 2016] _script_home='/volume1/@appstore/.acme.sh'
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:22 GMT 2016] APP
./acme.sh: line 1299: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:22 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:22 GMT 2016] APP
./acme.sh: line 1299: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:22 GMT 2016]
[Mon Nov 7 09:44:22 GMT 2016] LE_WORKING_DIR='/volume1/@appstore/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.4
[Mon Nov 7 09:44:22 GMT 2016] Using api:
[Mon Nov 7 09:44:22 GMT 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Mon Nov 7 09:44:22 GMT 2016] DOMAIN_PATH='/volume1/@appstore/.acme.sh/nas11.fernandomiguel.net_ecc'
[Mon Nov 7 09:44:22 GMT 2016] APP
[Mon Nov 7 09:44:22 GMT 2016] 1:Le_Domain='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:22 GMT 2016] APP
[Mon Nov 7 09:44:22 GMT 2016] 2:Le_Alt='no'
[Mon Nov 7 09:44:22 GMT 2016] APP
[Mon Nov 7 09:44:22 GMT 2016] 3:Le_Webroot='dns_cf'
[Mon Nov 7 09:44:22 GMT 2016] APP
[Mon Nov 7 09:44:22 GMT 2016] 4:Le_PreHook=''
[Mon Nov 7 09:44:22 GMT 2016] APP
[Mon Nov 7 09:44:22 GMT 2016] 5:Le_PostHook=''
[Mon Nov 7 09:44:22 GMT 2016] APP
[Mon Nov 7 09:44:22 GMT 2016] 6:Le_RenewHook=''
[Mon Nov 7 09:44:22 GMT 2016] options='s/^Le_LocalAddress.*$//'
[Mon Nov 7 09:44:22 GMT 2016] Using sed -i
[Mon Nov 7 09:44:22 GMT 2016] APP
[Mon Nov 7 09:44:22 GMT 2016] 7:Le_API='https://acme-staging.api.letsencrypt.org'
[Mon Nov 7 09:44:22 GMT 2016] _on_before_issue
[Mon Nov 7 09:44:22 GMT 2016] 'dns_cf' does not contain 'no'
[Mon Nov 7 09:44:22 GMT 2016] Le_LocalAddress
[Mon Nov 7 09:44:22 GMT 2016] Check for domain='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:22 GMT 2016] _currentRoot='dns_cf'
[Mon Nov 7 09:44:22 GMT 2016] 'dns_cf' does not contain 'apache'
[Mon Nov 7 09:44:22 GMT 2016] _saved_account_key_hash='GkkbJihJzpCsgUeWZNpdWA+aWhy7bWjyEAon43uBgew='
[Mon Nov 7 09:44:22 GMT 2016] _saved_account_key_hash is not changed, skip register account.
[Mon Nov 7 09:44:22 GMT 2016] Read key length:ec-256
[Mon Nov 7 09:44:22 GMT 2016] Creating domain key
[Mon Nov 7 09:44:22 GMT 2016] Use length 256
[Mon Nov 7 09:44:22 GMT 2016] Using ec name: prime256v1
[Mon Nov 7 09:44:22 GMT 2016] _createcsr
[Mon Nov 7 09:44:22 GMT 2016] domain='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:22 GMT 2016] domainlist
[Mon Nov 7 09:44:22 GMT 2016] csrkey='/volume1/@appstore/.acme.sh/nas11.fernandomiguel.net_ecc/nas11.fernandomiguel.net.key'
[Mon Nov 7 09:44:22 GMT 2016] csr='/volume1/@appstore/.acme.sh/nas11.fernandomiguel.net_ecc/nas11.fernandomiguel.net.csr'
[Mon Nov 7 09:44:22 GMT 2016] csrconf='/volume1/@appstore/.acme.sh/nas11.fernandomiguel.net_ecc/nas11.fernandomiguel.net.csr.conf'
[Mon Nov 7 09:44:22 GMT 2016] Single domain='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:22 GMT 2016] _is_idn_d='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:22 GMT 2016] _idn_temp
[Mon Nov 7 09:44:22 GMT 2016] _csr_cn='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:23 GMT 2016] APP
[Mon Nov 7 09:44:23 GMT 2016] 8:Le_Keylength='ec-256'
[Mon Nov 7 09:44:23 GMT 2016] Getting domain auth token for each domain
[Mon Nov 7 09:44:23 GMT 2016] Getting webroot for domain='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:23 GMT 2016] _w='dns_cf'
[Mon Nov 7 09:44:23 GMT 2016] _currentRoot='dns_cf'
[Mon Nov 7 09:44:23 GMT 2016] Getting new-authz for domain='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:23 GMT 2016] Try new-authz for the 0 time.
[Mon Nov 7 09:44:23 GMT 2016] _is_idn_d='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:23 GMT 2016] _idn_temp
[Mon Nov 7 09:44:23 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Mon Nov 7 09:44:23 GMT 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "nas11.fernandomiguel.net"}}'
[Mon Nov 7 09:44:23 GMT 2016] RSA key
[Mon Nov 7 09:44:23 GMT 2016] pub_exp='010001'
[Mon Nov 7 09:44:23 GMT 2016] let exists=0
[Mon Nov 7 09:44:23 GMT 2016] uselet='1'
[Mon Nov 7 09:44:23 GMT 2016] _URGLY_PRINTF
[Mon Nov 7 09:44:23 GMT 2016] e='AQAB'
[Mon Nov 7 09:44:23 GMT 2016] modulus='D8BBBA26F33D29C248EB560AACC42A51F7532E6C4EF7D1F9F73F68652BC93B34BB6636C6F7EBDF912C05EF064B2ECFAB05888E988BF96026E9F5CCDFBF456403C93B3E218A6D9A57B471CB978493769BC3D9A0BE9140EE9DAF2D18903E8A31C99ECDC3A0FAEB0D21CBCB4CDDD14178E8D6A025FDF0D5788003A1F5E1626A9AD48AEE3DEAC4786A9F57DB716CD30BE231F9B86E81A2A78FDE3FE7C22A9DCFF3076B45665FAAF7DC4764F2CFE9140637B8A49E79007FC0B2E74F7F5C869ECB386D579E70C2455B037CD0DC8103FF349C27D220C821D6248316606734F31A987407E43BE1C937928EE050D5154CC80003125A36D5EEE0FA54289A9BFC2273BED5BB'
[Mon Nov 7 09:44:23 GMT 2016] let exists=0
[Mon Nov 7 09:44:23 GMT 2016] uselet='1'
[Mon Nov 7 09:44:23 GMT 2016] _URGLY_PRINTF
[Mon Nov 7 09:44:24 GMT 2016] jwk='{"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}'
[Mon Nov 7 09:44:24 GMT 2016] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}'
[Mon Nov 7 09:44:24 GMT 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAibmFzMTEuZmVybmFuZG9taWd1ZWwubmV0In19'
[Mon Nov 7 09:44:24 GMT 2016] Get nonce.
[Mon Nov 7 09:44:24 GMT 2016] GET
[Mon Nov 7 09:44:24 GMT 2016] url='https://acme-staging.api.letsencrypt.org/directory'
[Mon Nov 7 09:44:24 GMT 2016] timeout
[Mon Nov 7 09:44:24 GMT 2016] curl exists=0
[Mon Nov 7 09:44:24 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:24 GMT 2016] wget exists=0
[Mon Nov 7 09:44:24 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.2K0bHOhepB '
[Mon Nov 7 09:44:25 GMT 2016] ret='0'
[Mon Nov 7 09:44:25 GMT 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 296
Boulder-Request-Id: 5DUa192VOX4ZM5A0zevd4ukYR6Zxk7GyjmxrO0iODZE
Replay-Nonce: E1LMV_qlkYkqwecKSipf01NBJGnh0pAwF2pwwpomCxo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 07 Nov 2016 09:44:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 07 Nov 2016 09:44:25 GMT
Connection: keep-alive
'
[Mon Nov 7 09:44:26 GMT 2016] _CACHED_NONCE='E1LMV_qlkYkqwecKSipf01NBJGnh0pAwF2pwwpomCxo'
[Mon Nov 7 09:44:26 GMT 2016] nonce='E1LMV_qlkYkqwecKSipf01NBJGnh0pAwF2pwwpomCxo'
[Mon Nov 7 09:44:26 GMT 2016] protected='{"nonce": "E1LMV_qlkYkqwecKSipf01NBJGnh0pAwF2pwwpomCxo", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}'
[Mon Nov 7 09:44:26 GMT 2016] protected64='eyJub25jZSI6ICJFMUxNVl9xbGtZa3F3ZWNLU2lwZjAxTkJKR25oMHBBd0YycHd3cG9tQ3hvIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19'
[Mon Nov 7 09:44:26 GMT 2016] _sig_t='OaU0ih9tpFLnKQxAE7Nbm/ZOqKPxJoi4yxer7AabFafv3INbyijLWDpo15sUGR0L1eliWERan+W2R53uxg3VxyAUBtCaf7bpoEA2dcilc6IGAmZT+G0FO0cvexsLXdq2dMddRkUWc/8eLaIq2NILY0qDTnQYC2fNtXY2WjXamkcGulxG9HWJiYSsDHYszhAR9e95p3vZrxpJMrNR6pi3X4aTOTxozMyR2grnCfhAmdXV5D2v7Cq/fSVkPMQkA/E8S92c7Nu/5cjxQA1Pu06UK5lg/hsVZdicYjLiRVD471pV7evzvdHvJfLogznYnU5KUnSvmLRA2eEfn0hWVWZ6dw=='
[Mon Nov 7 09:44:26 GMT 2016] sig='OaU0ih9tpFLnKQxAE7Nbm_ZOqKPxJoi4yxer7AabFafv3INbyijLWDpo15sUGR0L1eliWERan-W2R53uxg3VxyAUBtCaf7bpoEA2dcilc6IGAmZT-G0FO0cvexsLXdq2dMddRkUWc_8eLaIq2NILY0qDTnQYC2fNtXY2WjXamkcGulxG9HWJiYSsDHYszhAR9e95p3vZrxpJMrNR6pi3X4aTOTxozMyR2grnCfhAmdXV5D2v7Cq_fSVkPMQkA_E8S92c7Nu_5cjxQA1Pu06UK5lg_hsVZdicYjLiRVD471pV7evzvdHvJfLogznYnU5KUnSvmLRA2eEfn0hWVWZ6dw'
[Mon Nov 7 09:44:26 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJFMUxNVl9xbGtZa3F3ZWNLU2lwZjAxTkJKR25oMHBBd0YycHd3cG9tQ3hvIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAibmFzMTEuZmVybmFuZG9taWd1ZWwubmV0In19", "signature": "OaU0ih9tpFLnKQxAE7Nbm_ZOqKPxJoi4yxer7AabFafv3INbyijLWDpo15sUGR0L1eliWERan-W2R53uxg3VxyAUBtCaf7bpoEA2dcilc6IGAmZT-G0FO0cvexsLXdq2dMddRkUWc_8eLaIq2NILY0qDTnQYC2fNtXY2WjXamkcGulxG9HWJiYSsDHYszhAR9e95p3vZrxpJMrNR6pi3X4aTOTxozMyR2grnCfhAmdXV5D2v7Cq_fSVkPMQkA_E8S92c7Nu_5cjxQA1Pu06UK5lg_hsVZdicYjLiRVD471pV7evzvdHvJfLogznYnU5KUnSvmLRA2eEfn0hWVWZ6dw"}'
[Mon Nov 7 09:44:26 GMT 2016] POST
[Mon Nov 7 09:44:26 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Mon Nov 7 09:44:26 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJFMUxNVl9xbGtZa3F3ZWNLU2lwZjAxTkJKR25oMHBBd0YycHd3cG9tQ3hvIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAibmFzMTEuZmVybmFuZG9taWd1ZWwubmV0In19", "signature": "OaU0ih9tpFLnKQxAE7Nbm_ZOqKPxJoi4yxer7AabFafv3INbyijLWDpo15sUGR0L1eliWERan-W2R53uxg3VxyAUBtCaf7bpoEA2dcilc6IGAmZT-G0FO0cvexsLXdq2dMddRkUWc_8eLaIq2NILY0qDTnQYC2fNtXY2WjXamkcGulxG9HWJiYSsDHYszhAR9e95p3vZrxpJMrNR6pi3X4aTOTxozMyR2grnCfhAmdXV5D2v7Cq_fSVkPMQkA_E8S92c7Nu_5cjxQA1Pu06UK5lg_hsVZdicYjLiRVD471pV7evzvdHvJfLogznYnU5KUnSvmLRA2eEfn0hWVWZ6dw"}'
[Mon Nov 7 09:44:26 GMT 2016] curl exists=0
[Mon Nov 7 09:44:26 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:26 GMT 2016] wget exists=0
[Mon Nov 7 09:44:26 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.5XTQLvJfB6 '
[Mon Nov 7 09:44:27 GMT 2016] _ret='0'
[Mon Nov 7 09:44:27 GMT 2016] original='{
"identifier": {
"type": "dns",
"value": "nas11.fernandomiguel.net"
},
"status": "pending",
"expires": "2016-11-14T09:47:00.684006831Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970",
"token": "NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564971",
"token": "r9FA4WQ-SqZgHvw3-UaISQoI82MROkXzYZ_q8hD0hCI"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564972",
"token": "XTiRusGzUSDmZwkJVWSlf--R42oJH5sdOM5Q0bIKfgQ"
}
],
"combinations": [
[
1
],
[
0
],
[
2
]
]
}'
[Mon Nov 7 09:44:27 GMT 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Mon, 07 Nov 2016 09:44:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1018
Boulder-Request-Id: aBcoLsDpKELx0rthMVDFTUTIbsCR7iT-Sh11oSy9wxA
Boulder-Requester: 471991
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188
Replay-Nonce: P5cTWbx30CJ_ClYeapQVqeKsVrOE-lJZvJyQdEWxww8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 07 Nov 2016 09:44:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 07 Nov 2016 09:44:27 GMT
Connection: keep-alive
'
[Mon Nov 7 09:44:27 GMT 2016] response='{"identifier":{"type":"dns","value":"nas11.fernandomiguel.net"},"status":"pending","expires":"2016-11-14T09:47:00.684006831Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970","token":"NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564971","token":"r9FA4WQ-SqZgHvw3-UaISQoI82MROkXzYZ_q8hD0hCI"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564972","token":"XTiRusGzUSDmZwkJVWSlf--R42oJH5sdOM5Q0bIKfgQ"}],"combinations":[[1],[0],[2]]}'
[Mon Nov 7 09:44:27 GMT 2016] code='201'
[Mon Nov 7 09:44:27 GMT 2016] The new-authz request is ok.
[Mon Nov 7 09:44:27 GMT 2016] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970","token":"NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8"'
[Mon Nov 7 09:44:27 GMT 2016] token='NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8'
[Mon Nov 7 09:44:27 GMT 2016] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970'
[Mon Nov 7 09:44:27 GMT 2016] keyauthorization='NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU'
[Mon Nov 7 09:44:27 GMT 2016] dvlist='nas11.fernandomiguel.net#NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU#https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970#dns-01#dns_cf'
[Mon Nov 7 09:44:27 GMT 2016] txtdomain='_acme-challenge.nas11.fernandomiguel.net'
[Mon Nov 7 09:44:27 GMT 2016] txt='rpuR_XTFM2qYP2ymAmuJ6zqy7kwJmRqGQqxEfHyqy_8'
[Mon Nov 7 09:44:27 GMT 2016] d_api='/volume1/@appstore/.acme.sh/dnsapi/dns_cf.sh'
[Mon Nov 7 09:44:27 GMT 2016] Found domain api file: /volume1/@appstore/.acme.sh/dnsapi/dns_cf.sh
[Mon Nov 7 09:44:27 GMT 2016] dns_cf_add exists=0
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:27 GMT 2016] APP
./acme.sh: line 1299: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:28 GMT 2016]
grep: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:28 GMT 2016] APP
./acme.sh: line 1299: /volume1/@appstore/.acme.sh/: Is a directory
grep: /volume1/@appstore/.acme.sh/: Is a directory
[Mon Nov 7 09:44:28 GMT 2016]
[Mon Nov 7 09:44:28 GMT 2016] First detect the root zone
[Mon Nov 7 09:44:28 GMT 2016] zones?name=nas11.fernandomiguel.net
[Mon Nov 7 09:44:28 GMT 2016] GET
[Mon Nov 7 09:44:28 GMT 2016] url='https://api.cloudflare.com/client/v4/zones?name=nas11.fernandomiguel.net'
[Mon Nov 7 09:44:28 GMT 2016] timeout
[Mon Nov 7 09:44:28 GMT 2016] curl exists=0
[Mon Nov 7 09:44:28 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:28 GMT 2016] wget exists=0
[Mon Nov 7 09:44:28 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.cmKmOtoDty '
[Mon Nov 7 09:44:29 GMT 2016] ret='0'
[Mon Nov 7 09:44:29 GMT 2016] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Mon Nov 7 09:44:29 GMT 2016] zones?name=fernandomiguel.net
[Mon Nov 7 09:44:29 GMT 2016] GET
[Mon Nov 7 09:44:29 GMT 2016] url='https://api.cloudflare.com/client/v4/zones?name=fernandomiguel.net'
[Mon Nov 7 09:44:29 GMT 2016] timeout
[Mon Nov 7 09:44:29 GMT 2016] curl exists=0
[Mon Nov 7 09:44:29 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:29 GMT 2016] wget exists=0
[Mon Nov 7 09:44:29 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.Ye4FChe5S7 '
[Mon Nov 7 09:44:29 GMT 2016] ret='0'
[Mon Nov 7 09:44:29 GMT 2016] response='{"result":[{"id":"e24a1feb803d97610e3f96aa9438a573","name":"fernandomiguel.net","status":"active","paused":false,"type":"full","development_mode":-78799078,"name_servers":["eva.ns.cloudflare.com","jay.ns.cloudflare.com"],"original_name_servers":["DNS1.POINTHQ.COM","DNS2.POINTHQ.COM","DNS3.POINTHQ.COM","DNS4.POINTHQ.COM"],"original_registrar":"DreamHost","original_dnshost":null,"modified_on":"2016-11-07T09:42:40.654389Z","created_on":"2011-05-01T11:01:37.071341Z","vanity_name_servers":["name01.fernandomiguel.net","name02.fernandomiguel.net"],"meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":1,"page_rule_quota":50,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"1e1b16b5f7898b97f141918db6184852","email":"[email protected]"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"1ac039f6c29b691475c3d74fe588d1ae","name":"Business Website","price":0,"currency":"USD","frequency":"monthly","is_subscribed":true,"can_subscribe":true,"legacy_id":"business","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Mon Nov 7 09:44:29 GMT 2016] _domain_id='e24a1feb803d97610e3f96aa9438a573'
[Mon Nov 7 09:44:29 GMT 2016] _sub_domain='_acme-challenge.nas11'
[Mon Nov 7 09:44:29 GMT 2016] _domain='fernandomiguel.net'
[Mon Nov 7 09:44:29 GMT 2016] Getting txt records
[Mon Nov 7 09:44:29 GMT 2016] zones/e24a1feb803d97610e3f96aa9438a573/dns_records?type=TXT&name=_acme-challenge.nas11.fernandomiguel.net
[Mon Nov 7 09:44:29 GMT 2016] GET
[Mon Nov 7 09:44:29 GMT 2016] url='https://api.cloudflare.com/client/v4/zones/e24a1feb803d97610e3f96aa9438a573/dns_records?type=TXT&name=_acme-challenge.nas11.fernandomiguel.net'
[Mon Nov 7 09:44:29 GMT 2016] timeout
[Mon Nov 7 09:44:29 GMT 2016] curl exists=0
[Mon Nov 7 09:44:29 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:29 GMT 2016] wget exists=0
[Mon Nov 7 09:44:29 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.Pxv7DGuVqN '
[Mon Nov 7 09:44:30 GMT 2016] ret='0'
[Mon Nov 7 09:44:30 GMT 2016] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Mon Nov 7 09:44:30 GMT 2016] count='0'
[Mon Nov 7 09:44:30 GMT 2016] Adding record
[Mon Nov 7 09:44:30 GMT 2016] zones/e24a1feb803d97610e3f96aa9438a573/dns_records
[Mon Nov 7 09:44:30 GMT 2016] data='{"type":"TXT","name":"_acme-challenge.nas11.fernandomiguel.net","content":"rpuR_XTFM2qYP2ymAmuJ6zqy7kwJmRqGQqxEfHyqy_8","ttl":120}'
[Mon Nov 7 09:44:30 GMT 2016] POST
[Mon Nov 7 09:44:30 GMT 2016] url='https://api.cloudflare.com/client/v4/zones/e24a1feb803d97610e3f96aa9438a573/dns_records'
[Mon Nov 7 09:44:30 GMT 2016] body='{"type":"TXT","name":"_acme-challenge.nas11.fernandomiguel.net","content":"rpuR_XTFM2qYP2ymAmuJ6zqy7kwJmRqGQqxEfHyqy_8","ttl":120}'
[Mon Nov 7 09:44:30 GMT 2016] curl exists=0
[Mon Nov 7 09:44:30 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:30 GMT 2016] wget exists=0
[Mon Nov 7 09:44:30 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.qFUbjs3ene '
[Mon Nov 7 09:44:31 GMT 2016] _ret='0'
[Mon Nov 7 09:44:31 GMT 2016] response='{"result":{"id":"2cd344b38b31b8baaef04ddfc9655d2e","type":"TXT","name":"_acme-challenge.nas11.fernandomiguel.net","content":"rpuR_XTFM2qYP2ymAmuJ6zqy7kwJmRqGQqxEfHyqy_8","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"e24a1feb803d97610e3f96aa9438a573","zone_name":"fernandomiguel.net","modified_on":"2016-11-07T09:44:31.286712Z","created_on":"2016-11-07T09:44:31.286712Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Mon Nov 7 09:44:31 GMT 2016] Added, sleeping 10 seconds
[Mon Nov 7 09:44:41 GMT 2016] APP
[Mon Nov 7 09:44:41 GMT 2016] 9:Le_DNSSleep='10'
[Mon Nov 7 09:44:41 GMT 2016] Sleep 10 seconds for the txt records to take effect
[Mon Nov 7 09:44:52 GMT 2016] ok, let's start to verify
[Mon Nov 7 09:44:52 GMT 2016] Verifying:nas11.fernandomiguel.net
[Mon Nov 7 09:44:52 GMT 2016] d='nas11.fernandomiguel.net'
[Mon Nov 7 09:44:52 GMT 2016] keyauthorization='NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU'
[Mon Nov 7 09:44:52 GMT 2016] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970'
[Mon Nov 7 09:44:52 GMT 2016] _currentRoot='dns_cf'
[Mon Nov 7 09:44:52 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970'
[Mon Nov 7 09:44:52 GMT 2016] payload='{"resource": "challenge", "keyAuthorization": "NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU"}'
[Mon Nov 7 09:44:52 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Mon Nov 7 09:44:52 GMT 2016] payload64='eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJOdHlpUzkzVU12elpCcGNxa0pFY19FRG9IZ1hhbDRGV1JhZUtnMjN3Y0o4LjFEbDlFM1BvU2MtemFGd1gzc3lWbW5jeS1NbWFrZEItUmZDZllwYlBFdlUifQ'
[Mon Nov 7 09:44:52 GMT 2016] Use _CACHED_NONCE='P5cTWbx30CJ_ClYeapQVqeKsVrOE-lJZvJyQdEWxww8'
[Mon Nov 7 09:44:52 GMT 2016] nonce='P5cTWbx30CJ_ClYeapQVqeKsVrOE-lJZvJyQdEWxww8'
[Mon Nov 7 09:44:52 GMT 2016] protected='{"nonce": "P5cTWbx30CJ_ClYeapQVqeKsVrOE-lJZvJyQdEWxww8", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}'
[Mon Nov 7 09:44:52 GMT 2016] protected64='eyJub25jZSI6ICJQNWNUV2J4MzBDSl9DbFllYXBRVnFlS3NWck9FLWxKWnZKeVFkRVd4d3c4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19'
[Mon Nov 7 09:44:52 GMT 2016] _sig_t='GlkNN0snDWrE5xeKO9jZLXlKZ3u5eyg8vKCdZm2/seC3LPnls5A4KGdWd0reDEFG54cccQ3frVfW0n91y0rABprroAigMpRA5CsY24cotmlOB9I7kJOpqF6/CW4RZ8lwrb6Kqx5gQpP8G722A3KjSJjzArAG5017T/0fFkUwjoFjeg0wZkn3P5iiPH4/SHMbgCJaYivvJ5jU1HtsbD7nxHPnK+bOzf+INHehJRd7geD8DmHRrIYPjycX6uT5dsLO8aL7jTreG7LCbobyL4sJYkJIqCz4PzOa6Ucbexhct2aqOH70zQO4+J9/t8mwxjhfG+7P6jorPgHDlq0kjdU1aw=='
[Mon Nov 7 09:44:52 GMT 2016] sig='GlkNN0snDWrE5xeKO9jZLXlKZ3u5eyg8vKCdZm2_seC3LPnls5A4KGdWd0reDEFG54cccQ3frVfW0n91y0rABprroAigMpRA5CsY24cotmlOB9I7kJOpqF6_CW4RZ8lwrb6Kqx5gQpP8G722A3KjSJjzArAG5017T_0fFkUwjoFjeg0wZkn3P5iiPH4_SHMbgCJaYivvJ5jU1HtsbD7nxHPnK-bOzf-INHehJRd7geD8DmHRrIYPjycX6uT5dsLO8aL7jTreG7LCbobyL4sJYkJIqCz4PzOa6Ucbexhct2aqOH70zQO4-J9_t8mwxjhfG-7P6jorPgHDlq0kjdU1aw'
[Mon Nov 7 09:44:52 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJQNWNUV2J4MzBDSl9DbFllYXBRVnFlS3NWck9FLWxKWnZKeVFkRVd4d3c4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJOdHlpUzkzVU12elpCcGNxa0pFY19FRG9IZ1hhbDRGV1JhZUtnMjN3Y0o4LjFEbDlFM1BvU2MtemFGd1gzc3lWbW5jeS1NbWFrZEItUmZDZllwYlBFdlUifQ", "signature": "GlkNN0snDWrE5xeKO9jZLXlKZ3u5eyg8vKCdZm2_seC3LPnls5A4KGdWd0reDEFG54cccQ3frVfW0n91y0rABprroAigMpRA5CsY24cotmlOB9I7kJOpqF6_CW4RZ8lwrb6Kqx5gQpP8G722A3KjSJjzArAG5017T_0fFkUwjoFjeg0wZkn3P5iiPH4_SHMbgCJaYivvJ5jU1HtsbD7nxHPnK-bOzf-INHehJRd7geD8DmHRrIYPjycX6uT5dsLO8aL7jTreG7LCbobyL4sJYkJIqCz4PzOa6Ucbexhct2aqOH70zQO4-J9_t8mwxjhfG-7P6jorPgHDlq0kjdU1aw"}'
[Mon Nov 7 09:44:52 GMT 2016] POST
[Mon Nov 7 09:44:52 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970'
[Mon Nov 7 09:44:53 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICJQNWNUV2J4MzBDSl9DbFllYXBRVnFlS3NWck9FLWxKWnZKeVFkRVd4d3c4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJOdHlpUzkzVU12elpCcGNxa0pFY19FRG9IZ1hhbDRGV1JhZUtnMjN3Y0o4LjFEbDlFM1BvU2MtemFGd1gzc3lWbW5jeS1NbWFrZEItUmZDZllwYlBFdlUifQ", "signature": "GlkNN0snDWrE5xeKO9jZLXlKZ3u5eyg8vKCdZm2_seC3LPnls5A4KGdWd0reDEFG54cccQ3frVfW0n91y0rABprroAigMpRA5CsY24cotmlOB9I7kJOpqF6_CW4RZ8lwrb6Kqx5gQpP8G722A3KjSJjzArAG5017T_0fFkUwjoFjeg0wZkn3P5iiPH4_SHMbgCJaYivvJ5jU1HtsbD7nxHPnK-bOzf-INHehJRd7geD8DmHRrIYPjycX6uT5dsLO8aL7jTreG7LCbobyL4sJYkJIqCz4PzOa6Ucbexhct2aqOH70zQO4-J9_t8mwxjhfG-7P6jorPgHDlq0kjdU1aw"}'
[Mon Nov 7 09:44:53 GMT 2016] curl exists=0
[Mon Nov 7 09:44:53 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:53 GMT 2016] wget exists=0
[Mon Nov 7 09:44:53 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.ZuiOpUHiEZ '
[Mon Nov 7 09:44:54 GMT 2016] _ret='0'
[Mon Nov 7 09:44:54 GMT 2016] original='{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970",
"token": "NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8",
"keyAuthorization": "NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU"
}'
[Mon Nov 7 09:44:54 GMT 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Mon, 07 Nov 2016 09:44:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Boulder-Request-Id: _kbb20nBJgfMJDF6EACHpVmBm8gbQexPLc4lqq8YBws
Boulder-Requester: 471991
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970
Replay-Nonce: 4rukeofIXt7ont4LyawKTUhH__fUnl_UdVgfNhQ37qs
Expires: Mon, 07 Nov 2016 09:44:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 07 Nov 2016 09:44:54 GMT
Connection: keep-alive
'
[Mon Nov 7 09:44:54 GMT 2016] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970","token":"NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8","keyAuthorization":"NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU"}'
[Mon Nov 7 09:44:54 GMT 2016] code='202'
[Mon Nov 7 09:44:54 GMT 2016] sleep 2 secs to verify
[Mon Nov 7 09:44:56 GMT 2016] checking
[Mon Nov 7 09:44:56 GMT 2016] GET
[Mon Nov 7 09:44:56 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970'
[Mon Nov 7 09:44:56 GMT 2016] timeout
[Mon Nov 7 09:44:56 GMT 2016] curl exists=0
[Mon Nov 7 09:44:56 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:56 GMT 2016] wget exists=0
[Mon Nov 7 09:44:56 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.0UUPBLcZXp '
[Mon Nov 7 09:44:57 GMT 2016] ret='0'
[Mon Nov 7 09:44:57 GMT 2016] original='{
"type": "dns-01",
"status": "valid",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970",
"token": "NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8",
"keyAuthorization": "NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU",
"validationRecord": [
{
"hostname": "nas11.fernandomiguel.net",
"port": "",
"addressesResolved": null,
"addressUsed": ""
}
]
}'
[Mon Nov 7 09:44:57 GMT 2016] response='{"type":"dns-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/j0_Cz-zqQAUMhT4H6hsltgCVDcXB3csgaPReEU95188/16564970","token":"NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8","keyAuthorization":"NtyiS93UMvzZBpcqkJEc_EDoHgXal4FWRaeKg23wcJ8.1Dl9E3PoSc-zaFwX3syVmncy-MmakdB-RfCfYpbPEvU","validationRecord":[{"hostname":"nas11.fernandomiguel.net","port":"","addressesResolved": null,"addressUsed":""}]}'
[Mon Nov 7 09:44:57 GMT 2016] Success
[Mon Nov 7 09:44:57 GMT 2016] pid
[Mon Nov 7 09:44:57 GMT 2016] Skip for removelevel:
[Mon Nov 7 09:44:57 GMT 2016] pid
[Mon Nov 7 09:44:57 GMT 2016] _clearupdns
[Mon Nov 7 09:44:57 GMT 2016] d_api='/volume1/@appstore/.acme.sh/dnsapi/dns_cf.sh'
[Mon Nov 7 09:44:57 GMT 2016] dns_cf_rm exists=0
[Mon Nov 7 09:44:57 GMT 2016] Verify finished, start to sign.
[Mon Nov 7 09:44:57 GMT 2016] i='2'
[Mon Nov 7 09:44:57 GMT 2016] j='7'
[Mon Nov 7 09:44:57 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Mon Nov 7 09:44:57 GMT 2016] payload='{"resource": "new-cert", "csr": "MIH8MIGjAgEAMCMxITAfBgNVBAMTGG5hczExLmZlcm5hbmRvbWlndWVsLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHXALqINn06FEGn8yM6D256mc9c8YqNNWrMeR-tefj8zmichGLDM1P8jmoxaBbpAii8Oq07wZgXCa6gwG1a8qAigHjAcBgkqhkiG9w0BCQ4xDzANMAsGA1UdDwQEAwIF4DAJBgcqhkjOPQQBA0kAMEYCIQCoCAxFAuMDQvqLCHZvxBBXSS9mgJyjdngmwv1fR7ZLvwIhANM2AP5Nl67C3vKtRhyiL8G3e9mb0BGW0G3KXjh_AKcY"}'
[Mon Nov 7 09:44:57 GMT 2016] Use cached jwk for file: /volume1/@appstore/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
[Mon Nov 7 09:44:57 GMT 2016] payload64='eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlIOE1JR2pBZ0VBTUNNeElUQWZCZ05WQkFNVEdHNWhjekV4TG1abGNtNWhibVJ2YldsbmRXVnNMbTVsZERCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkhYQUxxSU5uMDZGRUduOHlNNkQyNTZtYzljOFlxTk5Xck1lUi10ZWZqOHptaWNoR0xETTFQOGptb3hhQmJwQWlpOE9xMDd3WmdYQ2E2Z3dHMWE4cUFpZ0hqQWNCZ2txaGtpRzl3MEJDUTR4RHpBTk1Bc0dBMVVkRHdRRUF3SUY0REFKQmdjcWhrak9QUVFCQTBrQU1FWUNJUUNvQ0F4RkF1TURRdnFMQ0hadnhCQlhTUzltZ0p5amRuZ213djFmUjdaTHZ3SWhBTk0yQVA1Tmw2N0Mzdkt0Umh5aUw4RzNlOW1iMEJHVzBHM0tYamhfQUtjWSJ9'
[Mon Nov 7 09:44:57 GMT 2016] Use _CACHED_NONCE='4rukeofIXt7ont4LyawKTUhH__fUnl_UdVgfNhQ37qs'
[Mon Nov 7 09:44:57 GMT 2016] nonce='4rukeofIXt7ont4LyawKTUhH__fUnl_UdVgfNhQ37qs'
[Mon Nov 7 09:44:57 GMT 2016] protected='{"nonce": "4rukeofIXt7ont4LyawKTUhH__fUnl_UdVgfNhQ37qs", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}'
[Mon Nov 7 09:44:57 GMT 2016] protected64='eyJub25jZSI6ICI0cnVrZW9mSVh0N29udDRMeWF3S1RVaEhfX2ZVbmxfVWRWZ2ZOaFEzN3FzIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19'
[Mon Nov 7 09:44:57 GMT 2016] _sig_t='OkA+uwCF9Nl5ahL+FgirWpWQoqw7KB9NXxQ914aY35YL0WbVEZrrT8w2Ypr/joN7kXvKGp90TZOhJrxLxRMBS+5vQm1NmtVOHDxUCbmEyvurcSraY9QR12hYAj6VoxglBYGf7UV5MmRv1VrZOXL0f3fmnxXwfPMRixXxTYi4m2wMdh1v2YM2V9oSxooT1LHfXR60g0oqd4ehXhSvug/Mpz9BcENC+u6JrYtDKv0W64vc9ymdAyIfGLecPO/uGaNfjSx2lHqGZxkzDSFiuttoNLv4tOf/QTE1pV5+Qn/kjOiBr5VLPFz08sVlv6d6pA9EZxfYt0OQ/XMM2jcU3ahXiw=='
[Mon Nov 7 09:44:57 GMT 2016] sig='OkA-uwCF9Nl5ahL-FgirWpWQoqw7KB9NXxQ914aY35YL0WbVEZrrT8w2Ypr_joN7kXvKGp90TZOhJrxLxRMBS-5vQm1NmtVOHDxUCbmEyvurcSraY9QR12hYAj6VoxglBYGf7UV5MmRv1VrZOXL0f3fmnxXwfPMRixXxTYi4m2wMdh1v2YM2V9oSxooT1LHfXR60g0oqd4ehXhSvug_Mpz9BcENC-u6JrYtDKv0W64vc9ymdAyIfGLecPO_uGaNfjSx2lHqGZxkzDSFiuttoNLv4tOf_QTE1pV5-Qn_kjOiBr5VLPFz08sVlv6d6pA9EZxfYt0OQ_XMM2jcU3ahXiw'
[Mon Nov 7 09:44:57 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICI0cnVrZW9mSVh0N29udDRMeWF3S1RVaEhfX2ZVbmxfVWRWZ2ZOaFEzN3FzIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlIOE1JR2pBZ0VBTUNNeElUQWZCZ05WQkFNVEdHNWhjekV4TG1abGNtNWhibVJ2YldsbmRXVnNMbTVsZERCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkhYQUxxSU5uMDZGRUduOHlNNkQyNTZtYzljOFlxTk5Xck1lUi10ZWZqOHptaWNoR0xETTFQOGptb3hhQmJwQWlpOE9xMDd3WmdYQ2E2Z3dHMWE4cUFpZ0hqQWNCZ2txaGtpRzl3MEJDUTR4RHpBTk1Bc0dBMVVkRHdRRUF3SUY0REFKQmdjcWhrak9QUVFCQTBrQU1FWUNJUUNvQ0F4RkF1TURRdnFMQ0hadnhCQlhTUzltZ0p5amRuZ213djFmUjdaTHZ3SWhBTk0yQVA1Tmw2N0Mzdkt0Umh5aUw4RzNlOW1iMEJHVzBHM0tYamhfQUtjWSJ9", "signature": "OkA-uwCF9Nl5ahL-FgirWpWQoqw7KB9NXxQ914aY35YL0WbVEZrrT8w2Ypr_joN7kXvKGp90TZOhJrxLxRMBS-5vQm1NmtVOHDxUCbmEyvurcSraY9QR12hYAj6VoxglBYGf7UV5MmRv1VrZOXL0f3fmnxXwfPMRixXxTYi4m2wMdh1v2YM2V9oSxooT1LHfXR60g0oqd4ehXhSvug_Mpz9BcENC-u6JrYtDKv0W64vc9ymdAyIfGLecPO_uGaNfjSx2lHqGZxkzDSFiuttoNLv4tOf_QTE1pV5-Qn_kjOiBr5VLPFz08sVlv6d6pA9EZxfYt0OQ_XMM2jcU3ahXiw"}'
[Mon Nov 7 09:44:57 GMT 2016] POST
[Mon Nov 7 09:44:57 GMT 2016] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Mon Nov 7 09:44:57 GMT 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "2Lu6JvM9KcJI61YKrMQqUfdTLmxO99H59z9oZSvJOzS7ZjbG9-vfkSwF7wZLLs-rBYiOmIv5YCbp9czfv0VkA8k7PiGKbZpXtHHLl4STdpvD2aC-kUDuna8tGJA-ijHJns3DoPrrDSHLy0zd0UF46NagJf3w1XiAA6H14WJqmtSK7j3qxHhqn1fbcWzTC-Ix-bhugaKnj94_58Iqnc_zB2tFZl-q99xHZPLP6RQGN7iknnkAf8Cy509_XIaeyzhtV55wwkVbA3zQ3IED_zScJ9IgyCHWJIMWYGc08xqYdAfkO-HJN5KO4FDVFUzIAAMSWjbV7uD6VCiam_wic77Vuw"}}, "protected": "eyJub25jZSI6ICI0cnVrZW9mSVh0N29udDRMeWF3S1RVaEhfX2ZVbmxfVWRWZ2ZOaFEzN3FzIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMkx1Nkp2TTlLY0pJNjFZS3JNUXFVZmRUTG14Tzk5SDU5ejlvWlN2Sk96UzdaamJHOS12ZmtTd0Y3d1pMTHMtckJZaU9tSXY1WUNicDljemZ2MFZrQThrN1BpR0tiWnBYdEhITGw0U1RkcHZEMmFDLWtVRHVuYTh0R0pBLWlqSEpuczNEb1ByckRTSEx5MHpkMFVGNDZOYWdKZjN3MVhpQUE2SDE0V0pxbXRTSzdqM3F4SGhxbjFmYmNXelRDLUl4LWJodWdhS25qOTRfNThJcW5jX3pCMnRGWmwtcTk5eEhaUExQNlJRR043aWtubmtBZjhDeTUwOV9YSWFleXpodFY1NXd3a1ZiQTN6UTNJRURfelNjSjlJZ3lDSFdKSU1XWUdjMDh4cVlkQWZrTy1ISk41S080RkRWRlV6SUFBTVNXamJWN3VENlZDaWFtX3dpYzc3VnV3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlIOE1JR2pBZ0VBTUNNeElUQWZCZ05WQkFNVEdHNWhjekV4TG1abGNtNWhibVJ2YldsbmRXVnNMbTVsZERCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkhYQUxxSU5uMDZGRUduOHlNNkQyNTZtYzljOFlxTk5Xck1lUi10ZWZqOHptaWNoR0xETTFQOGptb3hhQmJwQWlpOE9xMDd3WmdYQ2E2Z3dHMWE4cUFpZ0hqQWNCZ2txaGtpRzl3MEJDUTR4RHpBTk1Bc0dBMVVkRHdRRUF3SUY0REFKQmdjcWhrak9QUVFCQTBrQU1FWUNJUUNvQ0F4RkF1TURRdnFMQ0hadnhCQlhTUzltZ0p5amRuZ213djFmUjdaTHZ3SWhBTk0yQVA1Tmw2N0Mzdkt0Umh5aUw4RzNlOW1iMEJHVzBHM0tYamhfQUtjWSJ9", "signature": "OkA-uwCF9Nl5ahL-FgirWpWQoqw7KB9NXxQ914aY35YL0WbVEZrrT8w2Ypr_joN7kXvKGp90TZOhJrxLxRMBS-5vQm1NmtVOHDxUCbmEyvurcSraY9QR12hYAj6VoxglBYGf7UV5MmRv1VrZOXL0f3fmnxXwfPMRixXxTYi4m2wMdh1v2YM2V9oSxooT1LHfXR60g0oqd4ehXhSvug_Mpz9BcENC-u6JrYtDKv0W64vc9ymdAyIfGLecPO_uGaNfjSx2lHqGZxkzDSFiuttoNLv4tOf_QTE1pV5-Qn_kjOiBr5VLPFz08sVlv6d6pA9EZxfYt0OQ_XMM2jcU3ahXiw"}'
[Mon Nov 7 09:44:57 GMT 2016] curl exists=0
[Mon Nov 7 09:44:57 GMT 2016] mktemp exists=0
[Mon Nov 7 09:44:57 GMT 2016] wget exists=0
[Mon Nov 7 09:44:57 GMT 2016] _CURL='curl -L --silent --dump-header /volume1/@appstore/.acme.sh/http.header --trace-ascii /tmp/tmp.nBdgJuLrui '
[Mon Nov 7 09:44:58 GMT 2016] _ret='0'
[Mon Nov 7 09:44:58 GMT 2016] original='ewogICJ0eXBlIjogInVybjphY21lOmVycm9yOm1hbGZvcm1lZCIsCiAgImRldGFpbCI6ICJFcnJvciBjcmVhdGluZyBuZXcgY2VydCA6OiBzaWduYXR1cmUgYWxnb3JpdGhtIG5vdCBzdXBwb3J0ZWQiLAogICJzdGF0dXMiOiA0MDAKfQ=='
[Mon Nov 7 09:44:58 GMT 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Mon, 07 Nov 2016 09:44:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 133
Boulder-Request-Id: N2OR9Bs02r_v3-njXqYwptAaso1irBLhYiBs4ocOFW8
Boulder-Requester: 471991
Replay-Nonce: BkghQzMWGVHmZ7Ooawv8vnHUoXkosps3tmf-VQ4p7dI
Expires: Mon, 07 Nov 2016 09:44:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 07 Nov 2016 09:44:58 GMT
Connection: close
'
[Mon Nov 7 09:44:58 GMT 2016] response='ewogICJ0eXBlIjogInVybjphY21lOmVycm9yOm1hbGZvcm1lZCIsCiAgImRldGFpbCI6ICJFcnJvciBjcmVhdGluZyBuZXcgY2VydCA6OiBzaWduYXR1cmUgYWxnb3JpdGhtIG5vdCBzdXBwb3J0ZWQiLAogICJzdGF0dXMiOiA0MDAKfQ=='
[Mon Nov 7 09:44:58 GMT 2016] code='400'
[Mon Nov 7 09:44:58 GMT 2016] APP
[Mon Nov 7 09:44:59 GMT 2016] 10:Le_LinkCert=''
[Mon Nov 7 09:44:59 GMT 2016] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
[Mon Nov 7 09:44:59 GMT 2016] _on_issue_err
[Mon Nov 7 09:44:59 GMT 2016] Please use add '--debug' or '--log' to check more details.
[Mon Nov 7 09:44:59 GMT 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Mon Nov 7 09:44:59 GMT 2016] openssl exists=0
[Mon Nov 7 09:44:59 GMT 2016] nc exists=1
[Mon Nov 7 09:44:59 GMT 2016] nc doesn't exists.
[Mon Nov 7 09:44:59 GMT 2016] Diagnosis versions:
openssl:
OpenSSL 0.9.8v 19 Apr 2012
apache:
apache doesn't exists.
nc:
@FernandoMiguel
I know the reason.
The signature algorithm in the CSR is ECDSAWithSHA1, which is rejected by the CA:
https://github.com/letsencrypt/boulder/blob/404e9682b1f78f9750c7ad4582c0f6daac26cadf/csr/csr.go#L30
which means, all the other steps are passed, just the CSR is rejected by CA.
When we generate the CSR, we specify to use sha256, not sha1 :
https://github.com/Neilpang/acme.sh/blob/master/acme.sh#L611
openssl req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
but for whatever reason, you openssl generates the csr with sha1.
Can you please debug your openssl with the command above ?
Neilpang
on 8 Nov 2016
Here is the command to check the csr content:
openssl req -in golang.csr -noout -text
https://stackoverflow.com/questions/26043321/create-a-certificate-signing-request-csr-with-go
Neilpang
on 8 Nov 2016
i'm having a bit of trouble running that.
i dont have a valid config for it
FernandoMiguel
on 9 Nov 2016
I've got this issue as well. And the DNS verification method I've used is CloudFlare, acme.sh got stuck at the 3rd subdomain. (I have 6 or more subdomains which required to get the certs to be issued)
Now I thought it might be the bug of acme.sh to verify subdomains (when it comes to several subdomains) through the API of CloudFlare, and this question FernandoMiguel got is really similar to the issue I met. And I also hope this issue will get to be solved.
MitsuhaMiyamizu
on 26 Nov 2016
@chizuruAmamiya
Please give debug log
Neilpang
on 26 Nov 2016
@ChizuruAmamiya
I tried 4 subdomains, it's working.
Please give me the debug log.
Neilpang
on 26 Nov 2016
@Neilpang I cannot provide you with the debug log of reproducible situation at this time. Because I've changed the certs to AlphaSSL, and thank you for your time.
You can try to issue a certificate using the following command, it may reproduce the error I've already encountered.
acme.sh --issue --dns dns_cf -d a1.example.com -d a2.example.com -d a1.example.com
-k ec-256 -w /home/wwwroot/example.com
MitsuhaMiyamizu
on 26 Nov 2016
@ChizuruAmamiya
I know your problem. Why is there a -w /home/wwwroot/example.com in the end ?
Neilpang
on 26 Nov 2016
@ChizuruAmamiya
See https://github.com/Neilpang/acme.sh/issues/399
Neilpang
on 26 Nov 2016
Related issues
mskian
路
3Comments
feiyu0
路
4Comments
simkimsia
路
5Comments
haiopaii
路
3Comments
hxx-fetch
路
4Comments