Acme.sh: Issue Wildcard certificates
Hello!
How are you?
I face this error:
The supported validation types are: dns-01 , but you specified: http-01
Is that becasue for wildcard you can only use dns issue or renew?
Steps to reproduce
/etc/ssl/acme/acme.sh --log /var/log/p3x/acme/acme.sh.log --home /etc/ssl/acme --force --issue -d patrikx3.com -d *.patrikx3.com -w /var/www/acme-challenge --debug 2
Of course this code:
HE_Username=user HE_Password=password /etc/ssl/acme/acme.sh --log /var/log/p3x/acme/acme.sh.log --home /etc/ssl/acme --force --issue -d patrikx3.com -d *.patrikx3.com --dns dns_he
But for example, at work, we have our own DNS server, so is it going to work if there is username and password and what would be the `--dns flags option?
But, before I didn't need a username/password and a domain TXT record, is it possible to issue and renew without the username/pass and domain TXT records (2), just like the multiple issue and renew via http?
So the wildcard is only for with DNS TXT records?
Debug log
[Sat Mar 17 02:13:21 CET 2018] Multi domain='DNS:patrikx3.com,DNS:*.patrikx3.com'
[Sat Mar 17 02:13:21 CET 2018] Getting domain auth token for each domain
[Sat Mar 17 02:13:23 CET 2018] Getting webroot for domain='patrikx3.com'
[Sat Mar 17 02:13:23 CET 2018] Getting webroot for domain='*.patrikx3.com'
[Sat Mar 17 02:13:23 CET 2018] Error, can not get domain token entry *.patrikx3.com
[Sat Mar 17 02:13:23 CET 2018] The supported validation types are: dns-01 , but you specified: http-01
[Sat Mar 17 02:13:23 CET 2018] Please check log file for more details: /var/log/p3x/acme/acme.sh.log
root@server:~/server-scripts# /etc/ssl/acme/acme.sh --log /var/log/p3x/acme/acme.sh.log --home /etc/ssl/acme --force --issue -d patrikx3.com -d *.patrikx3.com -w /var/www/acme-challenge --debug 2
[Sat Mar 17 02:14:20 CET 2018] Lets find script dir.
[Sat Mar 17 02:14:20 CET 2018] _SCRIPT_='/etc/ssl/acme/acme.sh'
[Sat Mar 17 02:14:20 CET 2018] _script='/etc/ssl/acme/acme.sh'
[Sat Mar 17 02:14:20 CET 2018] _script_home='/etc/ssl/acme'
[Sat Mar 17 02:14:20 CET 2018] Using config home:/etc/ssl/acme
[Sat Mar 17 02:14:20 CET 2018] LE_WORKING_DIR='/etc/ssl/acme'
https://github.com/Neilpang/acme.sh
v2.7.8
[Sat Mar 17 02:14:20 CET 2018] _main_domain='patrikx3.com'
[Sat Mar 17 02:14:20 CET 2018] _alt_domains='*.patrikx3.com'
[Sat Mar 17 02:14:20 CET 2018] Using config home:/etc/ssl/acme
[Sat Mar 17 02:14:20 CET 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat Mar 17 02:14:20 CET 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sat Mar 17 02:14:20 CET 2018] DOMAIN_PATH='/etc/ssl/acme/patrikx3.com'
[Sat Mar 17 02:14:20 CET 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sat Mar 17 02:14:20 CET 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sat Mar 17 02:14:20 CET 2018] GET
[Sat Mar 17 02:14:20 CET 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Sat Mar 17 02:14:20 CET 2018] timeout=
[Sat Mar 17 02:14:20 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NsFgJmUm4M -g '
[Sat Mar 17 02:14:21 CET 2018] ret='0'
[Sat Mar 17 02:14:21 CET 2018] response='{
"2kJO8BXwSHc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Mar 17 02:14:21 CET 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sat Mar 17 02:14:21 CET 2018] ACME_NEW_AUTHZ
[Sat Mar 17 02:14:21 CET 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 17 02:14:21 CET 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sat Mar 17 02:14:21 CET 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Mar 17 02:14:21 CET 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Mar 17 02:14:21 CET 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 17 02:14:21 CET 2018] ACME_VERSION='2'
[Sat Mar 17 02:14:21 CET 2018] Le_NextRenewTime='1526344420'
[Sat Mar 17 02:14:21 CET 2018] _on_before_issue
[Sat Mar 17 02:14:21 CET 2018] _chk_main_domain='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _chk_alt_domains='*.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] '/var/www/acme-challenge' does not contain 'no'
[Sat Mar 17 02:14:21 CET 2018] Le_LocalAddress
[Sat Mar 17 02:14:21 CET 2018] d='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] Check for domain='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _currentRoot='/var/www/acme-challenge'
[Sat Mar 17 02:14:21 CET 2018] d='*.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] Check for domain='*.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _currentRoot='/var/www/acme-challenge'
[Sat Mar 17 02:14:21 CET 2018] d
[Sat Mar 17 02:14:21 CET 2018] '/var/www/acme-challenge' does not contain 'apache'
[Sat Mar 17 02:14:21 CET 2018] _saved_account_key_hash='Yha/r6T3wnSUnJ/V5N/e6YyKrtOO/D+G21BOVOaKadk='
[Sat Mar 17 02:14:21 CET 2018] _saved_account_key_hash is not changed, skip register account.
[Sat Mar 17 02:14:21 CET 2018] Read key length:
[Sat Mar 17 02:14:21 CET 2018] _createcsr
[Sat Mar 17 02:14:21 CET 2018] domain='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] domainlist='*.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] csrkey='/etc/ssl/acme/patrikx3.com/patrikx3.com.key'
[Sat Mar 17 02:14:21 CET 2018] csr='/etc/ssl/acme/patrikx3.com/patrikx3.com.csr'
[Sat Mar 17 02:14:21 CET 2018] csrconf='/etc/ssl/acme/patrikx3.com/patrikx3.com.csr.conf'
[Sat Mar 17 02:14:21 CET 2018] _is_idn_d='*.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _idn_temp
[Sat Mar 17 02:14:21 CET 2018] domainlist='*.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] Multi domain='DNS:patrikx3.com,DNS:*.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _is_idn_d='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _idn_temp
[Sat Mar 17 02:14:21 CET 2018] _csr_cn='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] Getting domain auth token for each domain
[Sat Mar 17 02:14:21 CET 2018] d='*.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] d
[Sat Mar 17 02:14:21 CET 2018] _identifiers='{"type":"dns","value":"patrikx3.com"},{"type":"dns","value":"*.patrikx3.com"}'
[Sat Mar 17 02:14:21 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 17 02:14:21 CET 2018] payload='{"identifiers": [{"type":"dns","value":"patrikx3.com"},{"type":"dns","value":"*.patrikx3.com"}]}'
[Sat Mar 17 02:14:21 CET 2018] RSA key
[Sat Mar 17 02:14:21 CET 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 17 02:14:21 CET 2018] HEAD
[Sat Mar 17 02:14:21 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 17 02:14:21 CET 2018] body
[Sat Mar 17 02:14:21 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NMNqVhuRBz -g -H "Content-Type: application/jose+json" '
[Sat Mar 17 02:14:21 CET 2018] _ret='0'
[Sat Mar 17 02:14:21 CET 2018] _headers='HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: S-6ep82s4lNBmKraW5OF8gifxPCrxykCBKixoRXTqYI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 17 Mar 2018 01:14:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Mar 2018 01:14:21 GMT
Connection: keep-alive
'
[Sat Mar 17 02:14:21 CET 2018] _CACHED_NONCE='S-6ep82s4lNBmKraW5OF8gifxPCrxykCBKixoRXTqYI'
[Sat Mar 17 02:14:21 CET 2018] nonce='S-6ep82s4lNBmKraW5OF8gifxPCrxykCBKixoRXTqYI'
[Sat Mar 17 02:14:21 CET 2018] POST
[Sat Mar 17 02:14:21 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 17 02:14:21 CET 2018] body='{"protected": "eyJub25jZSI6ICJTLTZlcDgyczRsTkJtS3JhVzVPRjhnaWZ4UENyeHlrQ0JLaXhvUlhUcVlJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzMxMjkwNzkwIn0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InBhdHJpa3gzLmNvbSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5wYXRyaWt4My5jb20ifV19", "signature": "GAgLikYZfnD7lVCUjC_z13YiGSgD3yEB-i9WGtIlK0ZI3Y_njhlmPgFjLIQysYBAv__p9lE5UQNYE-jqeA9aTleB2Nz1gAKRvMupUvtEQxmQeT3Pd5LQ8u6meKoA4wnuIVi8izJJGbkiFBlXigiNc__rnL3z6ZDuHgvtmWPeNT0V4ycKwLvQUMRF7I0M_pV4UBNVZI7sogeG4E2fnsAoZz7S8FrIs9wKgv4mJjo71t3lEZJMEe6AUE0zDeUPU-YtaQZG9LzXDPgxqmHpf4CUE4HREaQ2TcTla3asAVUebDEifMLyYozQOl8ud2s-TDW3rYfcd6mPUY_5gV3Rq58lVw"}'
[Sat Mar 17 02:14:21 CET 2018] Http already initialized.
[Sat Mar 17 02:14:21 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NMNqVhuRBz -g -H "Content-Type: application/jose+json" '
[Sat Mar 17 02:14:22 CET 2018] _ret='0'
[Sat Mar 17 02:14:22 CET 2018] original='{
"status": "pending",
"expires": "2018-03-24T01:14:21.998699773Z",
"identifiers": [
{
"type": "dns",
"value": "*.patrikx3.com"
},
{
"type": "dns",
"value": "patrikx3.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk",
"https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/31290790/49042"
}'
[Sat Mar 17 02:14:22 CET 2018] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 532
Boulder-Requester: 31290790
Location: https://acme-v02.api.letsencrypt.org/acme/order/31290790/49042
Replay-Nonce: -WNtl9cFnH31L00OSsqr_5RtYTyt_TN7OUg0HGuSbBs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 17 Mar 2018 01:14:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Mar 2018 01:14:22 GMT
Connection: keep-alive
'
[Sat Mar 17 02:14:22 CET 2018] response='{"status":"pending","expires":"2018-03-24T01:14:21.998699773Z","identifiers":[{"type":"dns","value":"*.patrikx3.com"},{"type":"dns","value":"patrikx3.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk","https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/31290790/49042"}'
[Sat Mar 17 02:14:22 CET 2018] code='201'
[Sat Mar 17 02:14:22 CET 2018] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/31290790/49042'
[Sat Mar 17 02:14:22 CET 2018] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk,https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE'
[Sat Mar 17 02:14:22 CET 2018] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk'
[Sat Mar 17 02:14:22 CET 2018] GET
[Sat Mar 17 02:14:22 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk'
[Sat Mar 17 02:14:22 CET 2018] timeout=
[Sat Mar 17 02:14:22 CET 2018] Http already initialized.
[Sat Mar 17 02:14:22 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NMNqVhuRBz -g '
[Sat Mar 17 02:14:22 CET 2018] ret='0'
[Sat Mar 17 02:14:22 CET 2018] response='{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:18:00Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk/3845370350","token":"fcOS0ttEU4R33tUYzZfLYTZX-5T_CzFER0l4Bto9eZk","validationRecord":[{"hostname":"patrikx3.com"}]}],"wildcard": true}'
[Sat Mar 17 02:14:22 CET 2018] _d='*.patrikx3.com'
[Sat Mar 17 02:14:22 CET 2018] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE'
[Sat Mar 17 02:14:22 CET 2018] GET
[Sat Mar 17 02:14:22 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE'
[Sat Mar 17 02:14:22 CET 2018] timeout=
[Sat Mar 17 02:14:22 CET 2018] Http already initialized.
[Sat Mar 17 02:14:22 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NMNqVhuRBz -g '
[Sat Mar 17 02:14:23 CET 2018] ret='0'
[Sat Mar 17 02:14:23 CET 2018] response='{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:17:59Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354","token":"ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE"},{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370355","token":"SmfaE8lB95vfxTdUh6TQ3bWGUWOMxRmMel-fTY076mk","validationRecord":[{"hostname":"patrikx3.com"}]}]}'
[Sat Mar 17 02:14:23 CET 2018] _d='patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] _authorizations_map='patrikx3.com,{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:17:59Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354","token":"ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE"},{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370355","token":"SmfaE8lB95vfxTdUh6TQ3bWGUWOMxRmMel-fTY076mk","validationRecord":[{"hostname":"patrikx3.com"}]}]}
*.patrikx3.com,{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:18:00Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk/3845370350","token":"fcOS0ttEU4R33tUYzZfLYTZX-5T_CzFER0l4Bto9eZk","validationRecord":[{"hostname":"patrikx3.com"}]}],"wildcard": true}
'
[Sat Mar 17 02:14:23 CET 2018] d='patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] Getting webroot for domain='patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] _w='/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] _currentRoot='/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] response='{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:17:59Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354","token":"ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE"},{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370355","token":"SmfaE8lB95vfxTdUh6TQ3bWGUWOMxRmMel-fTY076mk","validationRecord":[{"hostname":"patrikx3.com"}]}]}'
[Sat Mar 17 02:14:23 CET 2018] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354","token":"ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE"'
[Sat Mar 17 02:14:23 CET 2018] token='ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE'
[Sat Mar 17 02:14:23 CET 2018] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354'
[Sat Mar 17 02:14:23 CET 2018] keyauthorization='ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE.iuxV6TA_C7gZFPIf6nBBTpQc0pa9LFitNfUAWhzu0DA'
[Sat Mar 17 02:14:23 CET 2018] patrikx3.com is already verified.
[Sat Mar 17 02:14:23 CET 2018] keyauthorization='verified_ok'
[Sat Mar 17 02:14:23 CET 2018] dvlist='patrikx3.com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354#http-01#/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] d='*.patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] Getting webroot for domain='*.patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] _w='/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] _currentRoot='/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] response='{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:18:00Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk/3845370350","token":"fcOS0ttEU4R33tUYzZfLYTZX-5T_CzFER0l4Bto9eZk","validationRecord":[{"hostname":"patrikx3.com"}]}],"wildcard": true}'
[Sat Mar 17 02:14:23 CET 2018] entry
[Sat Mar 17 02:14:23 CET 2018] Error, can not get domain token entry *.patrikx3.com
[Sat Mar 17 02:14:23 CET 2018] The supported validation types are: dns-01 , but you specified: http-01
[Sat Mar 17 02:14:23 CET 2018] pid
[Sat Mar 17 02:14:23 CET 2018] No need to restore nginx, skip.
[Sat Mar 17 02:14:23 CET 2018] _clearupdns
[Sat Mar 17 02:14:23 CET 2018] skip dns.
[Sat Mar 17 02:14:23 CET 2018] _on_issue_err
[Sat Mar 17 02:14:23 CET 2018] Please check log file for more details: /var/log/p3x/acme/acme.sh.log
[Sat Mar 17 02:14:23 CET 2018] _chk_vlist
[Sat Mar 17 02:14:23 CET 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0g 2 Nov 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.13.9
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-V7UjSg/nginx-1.13.9=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-ndk --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-echo --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/nchan --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-lua --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/rtmp --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-subs-filter
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
root@server:~/server-scripts#
Sincerely,
Patrik
p3x-robot
All 5 comments
Only Support DNS!
khs1994
on 17 Mar 2018
You can only use dns01 validation method for wildcard certificates
--
Fernando Miguel
On 17 Mar 2018 01:38, "patrikx3" notifications@github.com wrote:
Hello!
How are you?
I face this error:
The supported validation types are: dns-01 , but you specified: http-01
Is that becasue for wildcard you can only use dns issue or renew?
Steps to reproduce/etc/ssl/acme/acme.sh --log /var/log/p3x/acme/acme.sh.log --home /etc/ssl/acme --force --issue -d patrikx3.com -d *.patrikx3.com -w /var/www/acme-challenge --debug 2
Of course this code:
HE_Username=user HE_Password=password /etc/ssl/acme/acme.sh --log /var/log/p3x/acme/acme.sh.log --home /etc/ssl/acme --force --issue -d patrikx3.com -d *.patrikx3.com --dns dns_he
But, before I didn't need a username/password and a domain TXT record, is
it possible to issue and renew without the username/pass and domain TXT
records (2), just like the multiple issue and renew via http?So the wildcard is only for with DNS TXT records?
Debug log[Sat Mar 17 02:13:21 CET 2018] Multi domain='DNS:patrikx3.com,DNS:.patrikx3.com'
[Sat Mar 17 02:13:21 CET 2018] Getting domain auth token for each domain
[Sat Mar 17 02:13:23 CET 2018] Getting webroot for domain='patrikx3.com'
[Sat Mar 17 02:13:23 CET 2018] Getting webroot for domain='.patrikx3.com'
[Sat Mar 17 02:13:23 CET 2018] Error, can not get domain token entry .patrikx3.com
[Sat Mar 17 02:13:23 CET 2018] The supported validation types are: dns-01 , but you specified: http-01
[Sat Mar 17 02:13:23 CET 2018] Please check log file for more details: /var/log/p3x/acme/acme.sh.log
root@server:~/server-scripts# /etc/ssl/acme/acme.sh --log /var/log/p3x/acme/acme.sh.log --home /etc/ssl/acme --force --issue -d patrikx3.com -d *.patrikx3.com -w /var/www/acme-challenge --debug 2
[Sat Mar 17 02:14:20 CET 2018] Lets find script dir.
[Sat Mar 17 02:14:20 CET 2018] _SCRIPT_='/etc/ssl/acme/acme.sh'
[Sat Mar 17 02:14:20 CET 2018] _script='/etc/ssl/acme/acme.sh'
[Sat Mar 17 02:14:20 CET 2018] _script_home='/etc/ssl/acme'
[Sat Mar 17 02:14:20 CET 2018] Using config home:/etc/ssl/acme
[Sat Mar 17 02:14:20 CET 2018] LE_WORKING_DIR='/etc/ssl/acme'https://github.com/Neilpang/acme.sh
v2.7.8
[Sat Mar 17 02:14:20 CET 2018] _main_domain='patrikx3.com'
[Sat Mar 17 02:14:20 CET 2018] _alt_domains='.patrikx3.com'
[Sat Mar 17 02:14:20 CET 2018] Using config home:/etc/ssl/acme
[Sat Mar 17 02:14:20 CET 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat Mar 17 02:14:20 CET 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sat Mar 17 02:14:20 CET 2018] DOMAIN_PATH='/etc/ssl/acme/patrikx3.com'
[Sat Mar 17 02:14:20 CET 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sat Mar 17 02:14:20 CET 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sat Mar 17 02:14:20 CET 2018] GET
[Sat Mar 17 02:14:20 CET 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Sat Mar 17 02:14:20 CET 2018] timeout=
[Sat Mar 17 02:14:20 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NsFgJmUm4M -g '
[Sat Mar 17 02:14:21 CET 2018] ret='0'
[Sat Mar 17 02:14:21 CET 2018] response='{
"2kJO8BXwSHc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Mar 17 02:14:21 CET 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sat Mar 17 02:14:21 CET 2018] ACME_NEW_AUTHZ
[Sat Mar 17 02:14:21 CET 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 17 02:14:21 CET 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sat Mar 17 02:14:21 CET 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Mar 17 02:14:21 CET 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Mar 17 02:14:21 CET 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 17 02:14:21 CET 2018] ACME_VERSION='2'
[Sat Mar 17 02:14:21 CET 2018] Le_NextRenewTime='1526344420'
[Sat Mar 17 02:14:21 CET 2018] _on_before_issue
[Sat Mar 17 02:14:21 CET 2018] _chk_main_domain='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _chk_alt_domains='.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] '/var/www/acme-challenge' does not contain 'no'
[Sat Mar 17 02:14:21 CET 2018] Le_LocalAddress
[Sat Mar 17 02:14:21 CET 2018] d='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] Check for domain='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _currentRoot='/var/www/acme-challenge'
[Sat Mar 17 02:14:21 CET 2018] d='.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] Check for domain='.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _currentRoot='/var/www/acme-challenge'
[Sat Mar 17 02:14:21 CET 2018] d
[Sat Mar 17 02:14:21 CET 2018] '/var/www/acme-challenge' does not contain 'apache'
[Sat Mar 17 02:14:21 CET 2018] _saved_account_key_hash='Yha/r6T3wnSUnJ/V5N/e6YyKrtOO/D+G21BOVOaKadk='
[Sat Mar 17 02:14:21 CET 2018] _saved_account_key_hash is not changed, skip register account.
[Sat Mar 17 02:14:21 CET 2018] Read key length:
[Sat Mar 17 02:14:21 CET 2018] _createcsr
[Sat Mar 17 02:14:21 CET 2018] domain='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] domainlist='.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] csrkey='/etc/ssl/acme/patrikx3.com/patrikx3.com.key'
[Sat Mar 17 02:14:21 CET 2018] csr='/etc/ssl/acme/patrikx3.com/patrikx3.com.csr'
[Sat Mar 17 02:14:21 CET 2018] csrconf='/etc/ssl/acme/patrikx3.com/patrikx3.com.csr.conf'
[Sat Mar 17 02:14:21 CET 2018] _is_idn_d='.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _idn_temp
[Sat Mar 17 02:14:21 CET 2018] domainlist='.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] Multi domain='DNS:patrikx3.com,DNS:.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _is_idn_d='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] _idn_temp
[Sat Mar 17 02:14:21 CET 2018] _csr_cn='patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] Getting domain auth token for each domain
[Sat Mar 17 02:14:21 CET 2018] d='.patrikx3.com'
[Sat Mar 17 02:14:21 CET 2018] d
[Sat Mar 17 02:14:21 CET 2018] _identifiers='{"type":"dns","value":"patrikx3.com"},{"type":"dns","value":".patrikx3.com"}'
[Sat Mar 17 02:14:21 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 17 02:14:21 CET 2018] payload='{"identifiers": [{"type":"dns","value":"patrikx3.com"},{"type":"dns","value":".patrikx3.com"}]}'
[Sat Mar 17 02:14:21 CET 2018] RSA key
[Sat Mar 17 02:14:21 CET 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 17 02:14:21 CET 2018] HEAD
[Sat Mar 17 02:14:21 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Mar 17 02:14:21 CET 2018] body
[Sat Mar 17 02:14:21 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NMNqVhuRBz -g -H "Content-Type: application/jose+json" '
[Sat Mar 17 02:14:21 CET 2018] _ret='0'
[Sat Mar 17 02:14:21 CET 2018] _headers='HTTP/1.1 204 No Content
Server: nginx
Replay-Nonce: S-6ep82s4lNBmKraW5OF8gifxPCrxykCBKixoRXTqYI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 17 Mar 2018 01:14:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Mar 2018 01:14:21 GMT
Connection: keep-alive
'
[Sat Mar 17 02:14:21 CET 2018] _CACHED_NONCE='S-6ep82s4lNBmKraW5OF8gifxPCrxykCBKixoRXTqYI'
[Sat Mar 17 02:14:21 CET 2018] nonce='S-6ep82s4lNBmKraW5OF8gifxPCrxykCBKixoRXTqYI'
[Sat Mar 17 02:14:21 CET 2018] POST
[Sat Mar 17 02:14:21 CET 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Mar 17 02:14:21 CET 2018] body='{"protected": "eyJub25jZSI6ICJTLTZlcDgyczRsTkJtS3JhVzVPRjhnaWZ4UENyeHlrQ0JLaXhvUlhUcVlJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzMxMjkwNzkwIn0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InBhdHJpa3gzLmNvbSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5wYXRyaWt4My5jb20ifV19", "signature": "GAgLikYZfnD7lVCUjC_z13YiGSgD3yEB-i9WGtIlK0ZI3Y_njhlmPgFjLIQysYBAv__p9lE5UQNYE-jqeA9aTleB2Nz1gAKRvMupUvtEQxmQeT3Pd5LQ8u6meKoA4wnuIVi8izJJGbkiFBlXigiNc__rnL3z6ZDuHgvtmWPeNT0V4ycKwLvQUMRF7I0M_pV4UBNVZI7sogeG4E2fnsAoZz7S8FrIs9wKgv4mJjo71t3lEZJMEe6AUE0zDeUPU-YtaQZG9LzXDPgxqmHpf4CUE4HREaQ2TcTla3asAVUebDEifMLyYozQOl8ud2s-TDW3rYfcd6mPUY_5gV3Rq58lVw"}'
[Sat Mar 17 02:14:21 CET 2018] Http already initialized.
[Sat Mar 17 02:14:21 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NMNqVhuRBz -g -H "Content-Type: application/jose+json" '
[Sat Mar 17 02:14:22 CET 2018] _ret='0'
[Sat Mar 17 02:14:22 CET 2018] original='{
"status": "pending",
"expires": "2018-03-24T01:14:21.998699773Z",
"identifiers": [
{
"type": "dns",
"value": ".patrikx3.com"
},
{
"type": "dns",
"value": "patrikx3.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk",
"https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/31290790/49042"
}'
[Sat Mar 17 02:14:22 CET 2018] responseHeaders='HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 532
Boulder-Requester: 31290790
Location: https://acme-v02.api.letsencrypt.org/acme/order/31290790/49042
Replay-Nonce https://acme-v02.api.letsencrypt.org/acme/order/31290790/49042Replay-Nonce: -WNtl9cFnH31L00OSsqr_5RtYTyt_TN7OUg0HGuSbBs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 17 Mar 2018 01:14:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 17 Mar 2018 01:14:22 GMT
Connection: keep-alive
'
[Sat Mar 17 02:14:22 CET 2018] response='{"status":"pending","expires":"2018-03-24T01:14:21.998699773Z","identifiers":[{"type":"dns","value":".patrikx3.com"},{"type":"dns","value":"patrikx3.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk","https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/31290790/49042"}'
[Sat Mar 17 02:14:22 CET 2018] code='201'
[Sat Mar 17 02:14:22 CET 2018] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/31290790/49042'
[Sat Mar 17 02:14:22 CET 2018] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk,https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE'
[Sat Mar 17 02:14:22 CET 2018] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk'
[Sat Mar 17 02:14:22 CET 2018] GET
[Sat Mar 17 02:14:22 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/authz/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk'
[Sat Mar 17 02:14:22 CET 2018] timeout=
[Sat Mar 17 02:14:22 CET 2018] Http already initialized.
[Sat Mar 17 02:14:22 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NMNqVhuRBz -g '
[Sat Mar 17 02:14:22 CET 2018] ret='0'
[Sat Mar 17 02:14:22 CET 2018] response='{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:18:00Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk/3845370350","token":"fcOS0ttEU4R33tUYzZfLYTZX-5T_CzFER0l4Bto9eZk","validationRecord":[{"hostname":"patrikx3.com"}]}],"wildcard": true}'
[Sat Mar 17 02:14:22 CET 2018] _d='.patrikx3.com'
[Sat Mar 17 02:14:22 CET 2018] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE'
[Sat Mar 17 02:14:22 CET 2018] GET
[Sat Mar 17 02:14:22 CET 2018] url='https://acme-v02.api.letsencrypt.org/acme/authz/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE'
[Sat Mar 17 02:14:22 CET 2018] timeout=
[Sat Mar 17 02:14:22 CET 2018] Http already initialized.
[Sat Mar 17 02:14:22 CET 2018] _CURL='curl -L --silent --dump-header /etc/ssl/acme/http.header --trace-ascii /tmp/tmp.NMNqVhuRBz -g '
[Sat Mar 17 02:14:23 CET 2018] ret='0'
[Sat Mar 17 02:14:23 CET 2018] response='{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:17:59Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354","token":"ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE"},{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370355","token":"SmfaE8lB95vfxTdUh6TQ3bWGUWOMxRmMel-fTY076mk","validationRecord":[{"hostname":"patrikx3.com"}]}]}'
[Sat Mar 17 02:14:23 CET 2018] _d='patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] _authorizations_map='patrikx3.com,{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:17:59Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354","token":"ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE"},{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370355","token":"SmfaE8lB95vfxTdUh6TQ3bWGUWOMxRmMel-fTY076mk","validationRecord":[{"hostname":"patrikx3.com"}]}]}
*.patrikx3.com,{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:18:00Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk/3845370350","token":"fcOS0ttEU4R33tUYzZfLYTZX-5T_CzFER0l4Bto9eZk","validationRecord":[{"hostname":"patrikx3.com"}]}],"wildcard": true}
'
[Sat Mar 17 02:14:23 CET 2018] d='patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] Getting webroot for domain='patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] _w='/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] _currentRoot='/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] response='{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:17:59Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354","token":"ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE"},{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370355","token":"SmfaE8lB95vfxTdUh6TQ3bWGUWOMxRmMel-fTY076mk","validationRecord":[{"hostname":"patrikx3.com"}]}]}'
[Sat Mar 17 02:14:23 CET 2018] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354","token":"ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE"'
[Sat Mar 17 02:14:23 CET 2018] token='ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE'
[Sat Mar 17 02:14:23 CET 2018] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354'
[Sat Mar 17 02:14:23 CET 2018] keyauthorization='ASw_hSdRa4n7WlhGLzxXTRPABCW54jP4IghEbzEbfcE.iuxV6TA_C7gZFPIf6nBBTpQc0pa9LFitNfUAWhzu0DA'
[Sat Mar 17 02:14:23 CET 2018] patrikx3.com is already verified.
[Sat Mar 17 02:14:23 CET 2018] keyauthorization='verified_ok'
[Sat Mar 17 02:14:23 CET 2018] dvlist='patrikx3.com#verified_ok#https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354#http-01#/var/www/acme-challenge http://patrikx3.com#verified_ok%23https://acme-v02.api.letsencrypt.org/acme/challenge/1RoAoaL4VKcKz_IUTIJu-zDArl3kE3x3zNzlamA07HE/3845370354%23http-01%23/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] d='.patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] Getting webroot for domain='*.patrikx3.com'
[Sat Mar 17 02:14:23 CET 2018] _w='/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] _currentRoot='/var/www/acme-challenge'
[Sat Mar 17 02:14:23 CET 2018] response='{"identifier":{"type":"dns","value":"patrikx3.com"},"status":"valid","expires":"2018-04-16T00:18:00Z","challenges":[{"type":"dns-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/fiuFW6srvi3AhvhNc6NJ69XmIG9ZMLta_ZOIOYh-zvk/3845370350","token":"fcOS0ttEU4R33tUYzZfLYTZX-5T_CzFER0l4Bto9eZk","validationRecord":[{"hostname":"patrikx3.com"}]}],"wildcard": true}'
[Sat Mar 17 02:14:23 CET 2018] entry
[Sat Mar 17 02:14:23 CET 2018] Error, can not get domain token entry *.patrikx3.com
[Sat Mar 17 02:14:23 CET 2018] The supported validation types are: dns-01 , but you specified: http-01
[Sat Mar 17 02:14:23 CET 2018] pid
[Sat Mar 17 02:14:23 CET 2018] No need to restore nginx, skip.
[Sat Mar 17 02:14:23 CET 2018] _clearupdns
[Sat Mar 17 02:14:23 CET 2018] skip dns.
[Sat Mar 17 02:14:23 CET 2018] _on_issue_err
[Sat Mar 17 02:14:23 CET 2018] Please check log file for more details: /var/log/p3x/acme/acme.sh.log
[Sat Mar 17 02:14:23 CET 2018] _chk_vlist
[Sat Mar 17 02:14:23 CET 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0g 2 Nov 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.13.9
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-V7UjSg/nginx-1.13.9=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-ndk --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-echo --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/nchan --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-lua --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/rtmp --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-V7UjSg/nginx-1.13.9/debian/modules/http-subs-filter
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options]
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lflog to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lpset the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-bset data buffer size (8192)
-s sloppy (continue on error)
-twait seconds before closing second channel
-Ttotal inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-Ltry to obtain lock, or fail
-Wtry to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,] groups=FD,FIFO
!!
single-address:
[, ]
address-head:
abstract-client:groups=FD,SOCKET,RETRY,UNIX
abstract-connect:groups=FD,SOCKET,RETRY,UNIX
abstract-listen:groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:groups=FD,SOCKET,RETRY,UNIX
create:groups=FD,REG,NAMED
exec:groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:groups=FD,SOCKET
ip-datagram:: groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:: groups=FD,SOCKET,IP4,IP6
ip4-datagram:: groups=FD,SOCKET,RANGE,IP4
ip4-recv:groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:: groups=FD,SOCKET,IP4
ip6-datagram:: groups=FD,SOCKET,RANGE,IP6
ip6-recv:groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:: groups=FD,SOCKET,IP6
open:groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:groups=FD,FIFO,NAMED,OPEN
proxy:: : groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:: groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:: : groups=FD,SOCKET,CHILD,RETRY
socket-datagram:: : : groups=FD,SOCKET,RANGE
socket-listen:: : groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:: : : groups=FD,SOCKET,RANGE
socket-recvfrom:: : : groups=FD,SOCKET,CHILD,RANGE
socket-sendto:: : : groups=FD,SOCKET
socks4:: : groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:: : groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:: groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:: groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:/ ] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:: groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:: groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:: groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:: groups=FD,SOCKET,IP4,UDP
udp4-datagram:: groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:: groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:: groups=FD,SOCKET,IP4,UDP
udp6-connect:: groups=FD,SOCKET,IP6,UDP
udp6-datagram:: groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:: groups=FD,SOCKET,IP6,UDP
unix-client:groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:groups=FD,SOCKET,NAMED,RETRY,UNIX
root@server:~/server-scripts#Sincerely,
Patrik—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/Neilpang/acme.sh/issues/1399, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAKRrgorshBsRUhJa3ew9mJxKAU6sZN6ks5tfGj7gaJpZM4SunqW
.
FernandoMiguel
on 17 Mar 2018
ok got it, so if i have my own dns , then i have to create a like a dns hook for it and name it.
understood, thanks!
p3x-robot
on 17 Mar 2018
@FernandoMiguel ,I tried apply wildcard cert via DNS API,but got Domain is not valid.
Then can I use --install-cert with DNS API for wildcard cert?
gitbobo
on 30 Oct 2018
@gitbobo what do mean domain not valid?
do you mean not supported by lets encrypt or that your DNS provider doesnt have an API?
FernandoMiguel
on 31 Oct 2018
Related issues
caruccio
·
5Comments
simkimsia
·
5Comments
extensionsapp
·
3Comments
MarcusWolschon
·
3Comments
Neilpang
·
5Comments
Most helpful comment
You can only use dns01 validation method for wildcard certificates
--
Fernando Miguel
On 17 Mar 2018 01:38, "patrikx3" notifications@github.com wrote: