New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Challenge error on acme.sh and own boulder server #1106

Closed
zden2k opened this Issue Nov 10, 2017 · 8 comments

Comments

Projects
None yet
3 participants
@zden2k

zden2k commented Nov 10, 2017

Hello,
Following https://stackoverflow.com/questions/47203233/challenge-error-on-acme-sh-and-own-boulder-server

Proxy should be sets fine:

curl http://suitecrm.office.nic.cz/.well-known/acme-challenge/index.html
acme

First time I run:
letsencrypt@boulderacme:~$ .acme.sh/acme.sh --issue -d suitecrm.office.mojeip.cz --home /home/letsencrypt/.acme.sh -w /home/letsencrypt/webroot --server http://boulder.office.mojeip.cz:4000/directory --renew --force --log --debug 2

I also tried the manual --dns mode with same problem:

letsencrypt@boulderacme:~$ .acme.sh/acme.sh --issue -d suitecrm.office.nic.cz --server http://boulder.office.nic.cz:4000/directory  --dns --debug 2 --renew
[Fri Nov 10 09:26:46 UTC 2017] Lets find script dir.
[Fri Nov 10 09:26:46 UTC 2017] _SCRIPT_='.acme.sh/acme.sh'
[Fri Nov 10 09:26:46 UTC 2017] _script='/home/letsencrypt/.acme.sh/acme.sh'
[Fri Nov 10 09:26:46 UTC 2017] _script_home='/home/letsencrypt/.acme.sh'
[Fri Nov 10 09:26:46 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Fri Nov 10 09:26:46 UTC 2017] LE_WORKING_DIR='/home/letsencrypt/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.4
[Fri Nov 10 09:26:46 UTC 2017] Using server: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 09:26:46 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Fri Nov 10 09:26:46 UTC 2017] ACME_DIRECTORY='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 09:26:46 UTC 2017] _ACME_SERVER_HOST='boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] DOMAIN_PATH='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] Renew: 'suitecrm.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Fri Nov 10 09:26:46 UTC 2017] ACME_DIRECTORY='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 09:26:46 UTC 2017] _ACME_SERVER_HOST='boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] Using ACME_DIRECTORY: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 09:26:46 UTC 2017] _init api for server: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 09:26:46 UTC 2017] GET
[Fri Nov 10 09:26:46 UTC 2017] url='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 09:26:46 UTC 2017] timeout
[Fri Nov 10 09:26:46 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.i4IK2E2ijC '
[Fri Nov 10 09:26:46 UTC 2017] ret='0'
[Fri Nov 10 09:26:46 UTC 2017] response='{
  "fsnxZS3-GSw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "http://boulder.office.nic.cz:4000/acme/key-change",
  "meta": {
    "terms-of-service": "http://boulder:4000/terms/v1"
  },
  "new-authz": "http://boulder.office.nic.cz:4000/acme/new-authz",
  "new-cert": "http://boulder.office.nic.cz:4000/acme/new-cert",
  "new-reg": "http://boulder.office.nic.cz:4000/acme/new-reg",
  "revoke-cert": "http://boulder.office.nic.cz:4000/acme/revoke-cert"
}'
[Fri Nov 10 09:26:46 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.nic.cz:4000/acme/key-change'
[Fri Nov 10 09:26:46 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 09:26:46 UTC 2017] ACME_NEW_ORDER='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 09:26:46 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.nic.cz:4000/acme/new-reg'
[Fri Nov 10 09:26:46 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.nic.cz:4000/acme/revoke-cert'
[Fri Nov 10 09:26:46 UTC 2017] Le_NextRenewTime
[Fri Nov 10 09:26:46 UTC 2017] _on_before_issue
[Fri Nov 10 09:26:46 UTC 2017] 'dns' does not contain 'no'
[Fri Nov 10 09:26:46 UTC 2017] Le_LocalAddress
[Fri Nov 10 09:26:46 UTC 2017] Check for domain='suitecrm.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] _currentRoot='dns'
[Fri Nov 10 09:26:46 UTC 2017] 'dns' does not contain 'apache'
[Fri Nov 10 09:26:46 UTC 2017] _saved_account_key_hash='6sRegKo+srPDgaOnCejKyf7wkccpEtngrddGwl0xyho='
[Fri Nov 10 09:26:46 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Fri Nov 10 09:26:46 UTC 2017] Read key length:
[Fri Nov 10 09:26:46 UTC 2017] _createcsr
[Fri Nov 10 09:26:46 UTC 2017] domain='suitecrm.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] domainlist
[Fri Nov 10 09:26:46 UTC 2017] csrkey='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.key'
[Fri Nov 10 09:26:46 UTC 2017] csr='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.csr'
[Fri Nov 10 09:26:46 UTC 2017] csrconf='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.csr.conf'
[Fri Nov 10 09:26:46 UTC 2017] Single domain='suitecrm.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] _is_idn_d='suitecrm.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] _idn_temp
[Fri Nov 10 09:26:46 UTC 2017] _csr_cn='suitecrm.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] Getting domain auth token for each domain
[Fri Nov 10 09:26:46 UTC 2017] ok, let's start to verify
[Fri Nov 10 09:26:46 UTC 2017] Verifying:suitecrm.office.nic.cz
[Fri Nov 10 09:26:46 UTC 2017] d='suitecrm.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] keyauthorization='Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 09:26:46 UTC 2017] uri='http://boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] _currentRoot='dns'
[Fri Nov 10 09:26:46 UTC 2017] tigger domain validation.
[Fri Nov 10 09:26:46 UTC 2017] _t_url='http://boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] _t_key_authz='Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 09:26:46 UTC 2017] url='http://boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Fri Nov 10 09:26:46 UTC 2017] RSA key
[Fri Nov 10 09:26:46 UTC 2017] Get nonce. ACME_DIRECTORY='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 09:26:46 UTC 2017] GET
[Fri Nov 10 09:26:46 UTC 2017] url='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 09:26:46 UTC 2017] timeout
[Fri Nov 10 09:26:46 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.h5f0wDNtST '
[Fri Nov 10 09:26:46 UTC 2017] ret='0'
[Fri Nov 10 09:26:46 UTC 2017] _headers='HTTP/1.1 200 OK
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Replay-Nonce: yRbJTPFWKNTuAq1mwyhXj6ybek2xg8avtzD49mD6PhU
Date: Fri, 10 Nov 2017 09:26:46 GMT
Content-Length: 510
'
[Fri Nov 10 09:26:46 UTC 2017] _CACHED_NONCE='yRbJTPFWKNTuAq1mwyhXj6ybek2xg8avtzD49mD6PhU'
[Fri Nov 10 09:26:46 UTC 2017] nonce='yRbJTPFWKNTuAq1mwyhXj6ybek2xg8avtzD49mD6PhU'
[Fri Nov 10 09:26:46 UTC 2017] POST
[Fri Nov 10 09:26:46 UTC 2017] url='http://boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJ5UmJKVFBGV0tOVHVBcTFtd3loWGo2eWJlazJ4ZzhhdnR6RDQ5bUQ2UGhVIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidUtWNUJsQ2VNZVhhNjlyM2xlV0prTzMtX1hzYm5rSzg3RFJoX3FQRmpKT200allYVE9iZ010NEZ0Q3F3UWw4Y2djWW9ZbVhtN3pETGFLLXpQMnRneWtWVl81Q3J6VnBnYnBaeFZvOWxtRV9EWHVqZGZOYjI0eUlQUWkzNE5FelRVUUlydGdoUEl4SUhQdzlUZHEwZmFXTmpRenROMGM2OWFzMlhvbFRPMVR5UTk0OVNPbDhHVDRlVTZ3Yld5ZzE0dlFHTDJsaW51N2JFOUdubXdzN2tYTDZBQmVLNEJ3eHpIVTRscmpaN1pvRFBWUnpXSXBhemNvSGxCTWNPRWo4QzdkaG1JdmR1UF9zbEIyR3pZaS1od2h0VnZhbzhGREptUU5HaE15b2huWWtfdjdQakpneE5NS3oxSDctS2dEcHZFQnB3S0M5OE90MzRCODNtSzV3dnh3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJBY182emlOeXV2c2tUWm5fa3FOQzZocFlXX0tCRTM0YWRIdDJRbUdReVlvLnB1WW9saW5FOGhZenItRThZM2Rwckg5ZWVJUEE1SnkwMFB0dTBkRUdQck0ifQ", "signature": "gepnRz_H8XWLTZpoGcn30wmYABxOqqI7ldIU9bDO3PYU3n705vER7Amr5TkixVlrxAYuNLgClrx6hWxjfjlJcVHNxJ5Ny2vkG59XVZa80B7hUr3PGhobi1qYRjd8YrxhQ-yhgytyB0OXI_7J6yspy-2CLgb8JMaQERCKcSHvgKedF5dyxyP2tTcDVETcu-RzgxlDpTMaZ3K9f853vwFhCtUOLZ4k6P2G0cfQH1OcZ37NsuLdkn6peD-hReVt9kLwgwSW3yDMu7Khb-P5TF1E7sCACGl7FwIxKbB4vB8yWGrd4WGoLrFbqzIcYBK4V9zrrMBBypmYpOxfvEDjjxYSAQ"}'
[Fri Nov 10 09:26:46 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.8EQjvxrxXw '
[Fri Nov 10 09:26:46 UTC 2017] _ret='0'
[Fri Nov 10 09:26:46 UTC 2017] original='<h1>This is server: boulder.office.nic.cz </h1>'
[Fri Nov 10 09:26:46 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 10 Nov 2017 09:26:46 GMT
Content-Type: text/html
Content-Length: 48
Last-Modified: Thu, 09 Nov 2017 09:28:34 GMT
Connection: keep-alive
ETag: "5a041fc2-30"
Accept-Ranges: bytes
'
[Fri Nov 10 09:26:46 UTC 2017] response='<h1>This is server: boulder.office.nic.cz </h1>'
[Fri Nov 10 09:26:46 UTC 2017] code='200'
[Fri Nov 10 09:26:46 UTC 2017] suitecrm.office.nic.cz:Challenge error: <h1>This is server: boulder.office.nic.cz </h1>
[Fri Nov 10 09:26:46 UTC 2017] Skip for removelevel:
[Fri Nov 10 09:26:46 UTC 2017] pid
[Fri Nov 10 09:26:46 UTC 2017] No need to restore nginx, skip.
[Fri Nov 10 09:26:46 UTC 2017] _clearupdns
[Fri Nov 10 09:26:46 UTC 2017] skip dns.
[Fri Nov 10 09:26:46 UTC 2017] _on_issue_err
[Fri Nov 10 09:26:46 UTC 2017] Please check log file for more details: /home/letsencrypt/.acme.sh/acme.sh.log
[Fri Nov 10 09:26:46 UTC 2017] _chk_vlist='suitecrm.office.nic.cz#Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.nic.cz#dns-01#dns,'
[Fri Nov 10 09:26:46 UTC 2017] start to deactivate authz
[Fri Nov 10 09:26:46 UTC 2017] tigger domain validation.
[Fri Nov 10 09:26:46 UTC 2017] _t_url='http://boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] _t_key_authz='Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 09:26:46 UTC 2017] url='http://boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Fri Nov 10 09:26:46 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.nic.cz/account.key
[Fri Nov 10 09:26:46 UTC 2017] Get nonce. ACME_DIRECTORY='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 09:26:46 UTC 2017] GET
[Fri Nov 10 09:26:46 UTC 2017] url='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 09:26:46 UTC 2017] timeout
[Fri Nov 10 09:26:46 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.CqyFh5n5Jm '
[Fri Nov 10 09:26:46 UTC 2017] ret='0'
[Fri Nov 10 09:26:46 UTC 2017] _headers='HTTP/1.1 200 OK
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Replay-Nonce: OFO3gYhSEznDg2am6KMBLJS7yAYRDuneiFVzTCbv0LQ
Date: Fri, 10 Nov 2017 09:26:46 GMT
Content-Length: 510
'
[Fri Nov 10 09:26:46 UTC 2017] _CACHED_NONCE='OFO3gYhSEznDg2am6KMBLJS7yAYRDuneiFVzTCbv0LQ'
[Fri Nov 10 09:26:46 UTC 2017] nonce='OFO3gYhSEznDg2am6KMBLJS7yAYRDuneiFVzTCbv0LQ'
[Fri Nov 10 09:26:46 UTC 2017] POST
[Fri Nov 10 09:26:46 UTC 2017] url='http://boulder.office.nic.cz'
[Fri Nov 10 09:26:46 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJPRk8zZ1loU0V6bkRnMmFtNktNQkxKUzd5QVlSRHVuZWlGVnpUQ2J2MExRIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidUtWNUJsQ2VNZVhhNjlyM2xlV0prTzMtX1hzYm5rSzg3RFJoX3FQRmpKT200allYVE9iZ010NEZ0Q3F3UWw4Y2djWW9ZbVhtN3pETGFLLXpQMnRneWtWVl81Q3J6VnBnYnBaeFZvOWxtRV9EWHVqZGZOYjI0eUlQUWkzNE5FelRVUUlydGdoUEl4SUhQdzlUZHEwZmFXTmpRenROMGM2OWFzMlhvbFRPMVR5UTk0OVNPbDhHVDRlVTZ3Yld5ZzE0dlFHTDJsaW51N2JFOUdubXdzN2tYTDZBQmVLNEJ3eHpIVTRscmpaN1pvRFBWUnpXSXBhemNvSGxCTWNPRWo4QzdkaG1JdmR1UF9zbEIyR3pZaS1od2h0VnZhbzhGREptUU5HaE15b2huWWtfdjdQakpneE5NS3oxSDctS2dEcHZFQnB3S0M5OE90MzRCODNtSzV3dnh3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJBY182emlOeXV2c2tUWm5fa3FOQzZocFlXX0tCRTM0YWRIdDJRbUdReVlvLnB1WW9saW5FOGhZenItRThZM2Rwckg5ZWVJUEE1SnkwMFB0dTBkRUdQck0ifQ", "signature": "bXQUhja_FIZkYz4rVOLdzUaGm4J10e-fbyS0am6R7ieWvf3rZv3k41Jsxclu079KSlroFcnnDPrDwBPXxROgpE48EJZiRElnsVzFEwtG5Q6f9qA2xp4h8XOihYMdMFknjX8UsVxujiLgfTJ2WMTBoNhzSjy_-MX3LDp2EyMy-INF0O6D7eH87OQqQ5Pvulq-lTDBGX0TJBbIlvBcg79UQ-cJY5UuBIJe3a61pt8i2Es7plqvx6jco7c_wtqsIBmaqkjC4zC_CglEafqbIUMt9rkJGwiy86qZKAXMgFIEZl4Cpoy_Szsx4ODYhCse7ealnz-JBCl4DkoMHL2HQNMl_g"}'
[Fri Nov 10 09:26:46 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.mXLr7A2iYX '
[Fri Nov 10 09:26:46 UTC 2017] _ret='0'
[Fri Nov 10 09:26:46 UTC 2017] original='<h1>This is server: boulder.office.nic.cz </h1>'
[Fri Nov 10 09:26:46 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Fri, 10 Nov 2017 09:26:46 GMT
Content-Type: text/html
Content-Length: 48
Last-Modified: Thu, 09 Nov 2017 09:28:34 GMT
Connection: keep-alive
ETag: "5a041fc2-30"
Accept-Ranges: bytes
'
[Fri Nov 10 09:26:46 UTC 2017] response='<h1>This is server: boulder.office.nic.cz </h1>'
[Fri Nov 10 09:26:46 UTC 2017] code='200'
[Fri Nov 10 09:26:46 UTC 2017] 'dns' contains 'dns'
[Fri Nov 10 09:26:46 UTC 2017] The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.
[Fri Nov 10 09:26:46 UTC 2017] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.0f  25 May 2017
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified

Steps to reproduce

install boulder https://github.com/letsencrypt/boulder/ in docker in our office domain(firewalled), and try to issue the certificate with acme.sh.


Thanks.
Z.

@zden2k

This comment has been minimized.

Show comment
Hide comment
@zden2k

zden2k Nov 10, 2017

Hello again,
i just also run for test acmetiny, and I got these error:

./acme_tiny.py --account-key /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.key --csr /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.csr --acme-dir /home/letsencrypt/webroot/.well-known/acme-challenge/ --ca http://boulder.office.nic.cz:4000
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying suitecrm.office.nic.cz...
Traceback (most recent call last):
  File "./acme_tiny.py", line 199, in <module>
    main(sys.argv[1:])
  File "./acme_tiny.py", line 195, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "./acme_tiny.py", line 150, in get_crt
    domain, challenge_status))
ValueError: suitecrm.office.nic.cz challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'172.17.0.1'], u'url': u'http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'hostname': u'suitecrm.office.nic.cz', u'addressesTried': [], u'addressUsed': u'172.17.0.1', u'port': u'5002'}], u'keyAuthorization': u'F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM.zuwKtqMhCyrE0K9UDAVN1xiHewv-ztzFgwUpUdttZtY', u'uri': u'http://boulder.office.nic.cz:4000/acme/challenge/Bnk3Lc9o44ZmYeqBBHBTRgm8q3vEaDthFmFq0ck1vfw/27', u'token': u'F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Fetching http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM: Connection refused'}, u'type': u'http-01'}

So maybe is some problem on boulder side. Thanks for any help, and sorry if problem isn't in acme.sh.

zden2k commented Nov 10, 2017

Hello again,
i just also run for test acmetiny, and I got these error:

./acme_tiny.py --account-key /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.key --csr /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.csr --acme-dir /home/letsencrypt/webroot/.well-known/acme-challenge/ --ca http://boulder.office.nic.cz:4000
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying suitecrm.office.nic.cz...
Traceback (most recent call last):
  File "./acme_tiny.py", line 199, in <module>
    main(sys.argv[1:])
  File "./acme_tiny.py", line 195, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "./acme_tiny.py", line 150, in get_crt
    domain, challenge_status))
ValueError: suitecrm.office.nic.cz challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'172.17.0.1'], u'url': u'http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'hostname': u'suitecrm.office.nic.cz', u'addressesTried': [], u'addressUsed': u'172.17.0.1', u'port': u'5002'}], u'keyAuthorization': u'F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM.zuwKtqMhCyrE0K9UDAVN1xiHewv-ztzFgwUpUdttZtY', u'uri': u'http://boulder.office.nic.cz:4000/acme/challenge/Bnk3Lc9o44ZmYeqBBHBTRgm8q3vEaDthFmFq0ck1vfw/27', u'token': u'F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Fetching http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM: Connection refused'}, u'type': u'http-01'}

So maybe is some problem on boulder side. Thanks for any help, and sorry if problem isn't in acme.sh.

@cpu

This comment has been minimized.

Show comment
Hide comment
@cpu

cpu Nov 10, 2017

Hi @zden2k,

I agree this seems like a problem with your Boulder instance and its configuration. I can offer some pointers here but you're also welcome to open an issue on the Boulder repository.

{u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'172.17.0.1'], u'url': u'http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'hostname': u'suitecrm.office.nic.cz', u'addressesTried': [], u'addressUsed': u'172.17.0.1', u'port': u'5002'}]

Have you configured the clients you are testing to place the HTTP-01 challenge response on port 5002? By default the Boulder VA config uses port 5002 for HTTP-01 challenges and port 5001 for TLS-SNI-01 challenges. Most clients are probably going to provision challenge responses on port 80 and 443 by default and will need to be configured differently.

If that isn't the cause of your problem my next guess would be a host firewall on the machine you're running the ACME client on. I've been bitten by this in the past running Certbot on my host against the docker container and finding that ufw is blocking the incoming challenge request from the docker instance.

Hope that helps,

cpu commented Nov 10, 2017

Hi @zden2k,

I agree this seems like a problem with your Boulder instance and its configuration. I can offer some pointers here but you're also welcome to open an issue on the Boulder repository.

{u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'172.17.0.1'], u'url': u'http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'hostname': u'suitecrm.office.nic.cz', u'addressesTried': [], u'addressUsed': u'172.17.0.1', u'port': u'5002'}]

Have you configured the clients you are testing to place the HTTP-01 challenge response on port 5002? By default the Boulder VA config uses port 5002 for HTTP-01 challenges and port 5001 for TLS-SNI-01 challenges. Most clients are probably going to provision challenge responses on port 80 and 443 by default and will need to be configured differently.

If that isn't the cause of your problem my next guess would be a host firewall on the machine you're running the ACME client on. I've been bitten by this in the past running Certbot on my host against the docker container and finding that ufw is blocking the incoming challenge request from the docker instance.

Hope that helps,

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Nov 10, 2017

Owner

It seems like a bug in acme.sh:

[Thu Nov  9 13:07:42 UTC 2017] response='{"identifier":{"type":"dns","value":"suitecrm.office.mojeip.cz"},"status":"pending","expires":"2017-11-16T09:38:04Z","challenges":[{"type":"dns-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7","token":"Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"},{"type":"http-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"},{"type":"tls-sni-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9","token":"ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"}],"combinations":[[1],[0],[2]]}'
[Thu Nov  9 13:07:42 UTC 2017] code='201'
[Thu Nov  9 13:07:42 UTC 2017] The new-authz request is ok.
[Thu Nov  9 13:07:42 UTC 2017] entry='"type":"http-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"'
[Thu Nov  9 13:07:42 UTC 2017] token='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk'
[Thu Nov  9 13:07:42 UTC 2017] uri='http://boulder.office.mojeip.cz'

acme.sh was not able to get the correct validation uri.

it should be http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8

but was http://boulder.office.mojeip.cz

Owner

Neilpang commented Nov 10, 2017

It seems like a bug in acme.sh:

[Thu Nov  9 13:07:42 UTC 2017] response='{"identifier":{"type":"dns","value":"suitecrm.office.mojeip.cz"},"status":"pending","expires":"2017-11-16T09:38:04Z","challenges":[{"type":"dns-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7","token":"Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"},{"type":"http-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"},{"type":"tls-sni-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9","token":"ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"}],"combinations":[[1],[0],[2]]}'
[Thu Nov  9 13:07:42 UTC 2017] code='201'
[Thu Nov  9 13:07:42 UTC 2017] The new-authz request is ok.
[Thu Nov  9 13:07:42 UTC 2017] entry='"type":"http-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"'
[Thu Nov  9 13:07:42 UTC 2017] token='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk'
[Thu Nov  9 13:07:42 UTC 2017] uri='http://boulder.office.mojeip.cz'

acme.sh was not able to get the correct validation uri.

it should be http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8

but was http://boulder.office.mojeip.cz

@cpu

This comment has been minimized.

Show comment
Hide comment
@cpu

cpu Nov 10, 2017

@Neilpang Aha! I apologize, you're right about that acme.sh output seeming off. I was looking at the acme_tiny.py invocation and output when suggesting the Boulder config changes.

cpu commented Nov 10, 2017

@Neilpang Aha! I apologize, you're right about that acme.sh output seeming off. I was looking at the acme_tiny.py invocation and output when suggesting the Boulder config changes.

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Nov 10, 2017

Owner

@cpu
you are very welcome.
Appreciate your answer here.

Owner

Neilpang commented Nov 10, 2017

@cpu
you are very welcome.
Appreciate your answer here.

@Neilpang Neilpang closed this in 6e93ff8 Nov 10, 2017

Neilpang added a commit that referenced this issue Nov 10, 2017

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Nov 10, 2017

Owner

@zden2k
please upgrade to the latest version and try again.

acme.sh  --upgrade
Owner

Neilpang commented Nov 10, 2017

@zden2k
please upgrade to the latest version and try again.

acme.sh  --upgrade
@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Nov 10, 2017

Owner

@zden2k

BTW, from your log, you should not use --issue and --renew commands at the same time.

just use one of them.

--issue is to issue/generate a cert for the first time. all the parameters are saved for the first time.

The cert will be renewed automatically, you don't need to call --renew manually.

However, if you really want to renew your cert manually, you can use --renew, but you don't need to specify the parameters that were used for --issue command. acme.sh remembers the parameters when it was first used.

just use --renew and the domain name.

acme.sh  --renew  -d example.com
Owner

Neilpang commented Nov 10, 2017

@zden2k

BTW, from your log, you should not use --issue and --renew commands at the same time.

just use one of them.

--issue is to issue/generate a cert for the first time. all the parameters are saved for the first time.

The cert will be renewed automatically, you don't need to call --renew manually.

However, if you really want to renew your cert manually, you can use --renew, but you don't need to specify the parameters that were used for --issue command. acme.sh remembers the parameters when it was first used.

just use --renew and the domain name.

acme.sh  --renew  -d example.com
@zden2k

This comment has been minimized.

Show comment
Hide comment
@zden2k

zden2k Nov 10, 2017

Hello, fixed, Thanks both of you.

letsencrypt@boulderacme:~$ .acme.sh/acme.sh --issue -d suitecrm.office.nic.cz --home /home/letsencrypt/.acme.sh -w /home/letsencrypt/webroot --server http://boulder.office.nic.cz:4000/directory  --force --log --debug 2
[Fri Nov 10 15:22:44 UTC 2017] Lets find script dir.
[Fri Nov 10 15:22:44 UTC 2017] _SCRIPT_='.acme.sh/acme.sh'
[Fri Nov 10 15:22:44 UTC 2017] _script='/home/letsencrypt/.acme.sh/acme.sh'
[Fri Nov 10 15:22:44 UTC 2017] _script_home='/home/letsencrypt/.acme.sh'
[Fri Nov 10 15:22:44 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Fri Nov 10 15:22:44 UTC 2017] LE_WORKING_DIR='/home/letsencrypt/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.5
[Fri Nov 10 15:22:44 UTC 2017] Using server: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 15:22:44 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Fri Nov 10 15:22:44 UTC 2017] ACME_DIRECTORY='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 15:22:44 UTC 2017] _ACME_SERVER_HOST='boulder.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] DOMAIN_PATH='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] Using ACME_DIRECTORY: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 15:22:44 UTC 2017] _init api for server: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 15:22:44 UTC 2017] GET
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 15:22:44 UTC 2017] timeout
[Fri Nov 10 15:22:44 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.Q11sQUKlQh '
[Fri Nov 10 15:22:44 UTC 2017] ret='0'
[Fri Nov 10 15:22:44 UTC 2017] response='{
  "9wgoJTwd8ME": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "http://boulder.office.nic.cz:4000/acme/key-change",
  "meta": {
    "terms-of-service": "http://boulder:4000/terms/v1"
  },
  "new-authz": "http://boulder.office.nic.cz:4000/acme/new-authz",
  "new-cert": "http://boulder.office.nic.cz:4000/acme/new-cert",
  "new-reg": "http://boulder.office.nic.cz:4000/acme/new-reg",
  "revoke-cert": "http://boulder.office.nic.cz:4000/acme/revoke-cert"
}'
[Fri Nov 10 15:22:44 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.nic.cz:4000/acme/key-change'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_ORDER='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.nic.cz:4000/acme/new-reg'
[Fri Nov 10 15:22:44 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.nic.cz:4000/acme/revoke-cert'
[Fri Nov 10 15:22:44 UTC 2017] Le_NextRenewTime
[Fri Nov 10 15:22:44 UTC 2017] _on_before_issue
[Fri Nov 10 15:22:44 UTC 2017] '/home/letsencrypt/webroot' does not contain 'no'
[Fri Nov 10 15:22:44 UTC 2017] Le_LocalAddress
[Fri Nov 10 15:22:44 UTC 2017] Check for domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] '/home/letsencrypt/webroot' does not contain 'apache'
[Fri Nov 10 15:22:44 UTC 2017] _saved_account_key_hash='6sRegKo+srPDgaOnCejKyf7wkccpEtngrddGwl0xyho='
[Fri Nov 10 15:22:44 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Fri Nov 10 15:22:44 UTC 2017] Read key length:
[Fri Nov 10 15:22:44 UTC 2017] _createcsr
[Fri Nov 10 15:22:44 UTC 2017] domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] domainlist
[Fri Nov 10 15:22:44 UTC 2017] csrkey='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.key'
[Fri Nov 10 15:22:44 UTC 2017] csr='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.csr'
[Fri Nov 10 15:22:44 UTC 2017] csrconf='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.csr.conf'
[Fri Nov 10 15:22:44 UTC 2017] Single domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _is_idn_d='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _idn_temp
[Fri Nov 10 15:22:44 UTC 2017] _csr_cn='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] Getting domain auth token for each domain
[Fri Nov 10 15:22:44 UTC 2017] Getting webroot for domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _w='/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] Getting new-authz for domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _init api for server: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 15:22:44 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.nic.cz:4000/acme/key-change'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_ORDER='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.nic.cz:4000/acme/new-reg'
[Fri Nov 10 15:22:44 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.nic.cz:4000/acme/revoke-cert'
[Fri Nov 10 15:22:44 UTC 2017] Try new-authz for the 0 time.
[Fri Nov 10 15:22:44 UTC 2017] _is_idn_d='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _idn_temp
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 15:22:44 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "suitecrm.office.nic.cz"}}'
[Fri Nov 10 15:22:44 UTC 2017] RSA key
[Fri Nov 10 15:22:44 UTC 2017] Get nonce. ACME_DIRECTORY='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 15:22:44 UTC 2017] GET
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 15:22:44 UTC 2017] timeout
[Fri Nov 10 15:22:44 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.mcDDPT3mwE '
[Fri Nov 10 15:22:44 UTC 2017] ret='0'
[Fri Nov 10 15:22:44 UTC 2017] _headers='HTTP/1.1 200 OK
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Replay-Nonce: IwtSFLqFoC5owSlLAVTirYTuyPCvDgXpUHgrHlzHOCg
Date: Fri, 10 Nov 2017 15:22:44 GMT
Content-Length: 510
'
[Fri Nov 10 15:22:44 UTC 2017] _CACHED_NONCE='IwtSFLqFoC5owSlLAVTirYTuyPCvDgXpUHgrHlzHOCg'
[Fri Nov 10 15:22:44 UTC 2017] nonce='IwtSFLqFoC5owSlLAVTirYTuyPCvDgXpUHgrHlzHOCg'
[Fri Nov 10 15:22:44 UTC 2017] POST
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 15:22:44 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJJd3RTRkxxRm9DNW93U2xMQVZUaXJZVHV5UEN2RGdYcFVIZ3JIbHpIT0NnIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6OjQwMDAvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ1S1Y1QmxDZU1lWGE2OXIzbGVXSmtPMy1fWHNibmtLODdEUmhfcVBGakpPbTRqWVhUT2JnTXQ0RnRDcXdRbDhjZ2NZb1ltWG03ekRMYUstelAydGd5a1ZWXzVDcnpWcGdicFp4Vm85bG1FX0RYdWpkZk5iMjR5SVBRaTM0TkV6VFVRSXJ0Z2hQSXhJSFB3OVRkcTBmYVdOalF6dE4wYzY5YXMyWG9sVE8xVHlROTQ5U09sOEdUNGVVNndiV3lnMTR2UUdMMmxpbnU3YkU5R25td3M3a1hMNkFCZUs0Qnd4ekhVNGxyalo3Wm9EUFZSeldJcGF6Y29IbEJNY09FajhDN2RobUl2ZHVQX3NsQjJHellpLWh3aHRWdmFvOEZESm1RTkdoTXlvaG5Za192N1BqSmd4Tk1LejFINy1LZ0RwdkVCcHdLQzk4T3QzNEI4M21LNXd2eHcifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAic3VpdGVjcm0ub2ZmaWNlLm5pYy5jeiJ9fQ", "signature": "aDqSEhfRrgRBr4sFLduPTBIJAlBSOxhbSAqcz9EEirrzBBE0ymBvEwYH2wkDRpUklP91dSFskcxssV8IBGgngSW76vS53BINSWaxHla-O3CGyfy1TB6ZRcY6I_k8C-On-Yee8cKJO-3R0jypWZ7VqO4JafLsAJVAZayAvPtWjQDY6MyzfmblYaOFruqXxun5miYwWN9nFeed6ncabKj97cJzZ7kqh4Dl2wstchRmmaFs57xHuuKDxmTt_oDtea9y6SVp8E1agW6xAhc9CvenDK1JnoJkVnE8KGPN5BhcW60h4rh3HHAQhTKAyP5l0Ojot5qxp1_R-bZcaNZWuGHX5g"}'
[Fri Nov 10 15:22:44 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.vzyhIQljzt '
[Fri Nov 10 15:22:44 UTC 2017] _ret='0'
[Fri Nov 10 15:22:44 UTC 2017] original='{
  "identifier": {
    "type": "dns",
    "value": "suitecrm.office.nic.cz"
  },
  "status": "pending",
  "expires": "2017-11-16T09:38:04Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7",
      "token": "Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8",
      "token": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9",
      "token": "ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      0
    ],
    [
      2
    ]
  ]
}'
[Fri Nov 10 15:22:44 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 201 Created
Boulder-Requester: 2
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Link: <http://boulder.office.nic.cz:4000/acme/new-cert>;rel="next"
Location: http://boulder.office.nic.cz:4000/acme/authz/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs
Replay-Nonce: k2dXWaYFrKCc0D36ChDAA6ngsDqIcKjxR4s9A-qPBfA
Date: Fri, 10 Nov 2017 15:22:44 GMT
Content-Length: 964
'
[Fri Nov 10 15:22:44 UTC 2017] response='{"identifier":{"type":"dns","value":"suitecrm.office.nic.cz"},"status":"pending","expires":"2017-11-16T09:38:04Z","challenges":[{"type":"dns-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7","token":"Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"},{"type":"http-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"},{"type":"tls-sni-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9","token":"ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"}],"combinations":[[1],[0],[2]]}'
[Fri Nov 10 15:22:44 UTC 2017] code='201'
[Fri Nov 10 15:22:44 UTC 2017] The new-authz request is ok.
[Fri Nov 10 15:22:44 UTC 2017] entry='"type":"http-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"'
[Fri Nov 10 15:22:44 UTC 2017] token='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk'
[Fri Nov 10 15:22:44 UTC 2017] uri='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] keyauthorization='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 15:22:44 UTC 2017] dvlist='suitecrm.office.nic.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8#http-01#/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] vlist='suitecrm.office.nic.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8#http-01#/home/letsencrypt/webroot,'
[Fri Nov 10 15:22:44 UTC 2017] ok, let's start to verify
[Fri Nov 10 15:22:44 UTC 2017] Verifying:suitecrm.office.nic.cz
[Fri Nov 10 15:22:44 UTC 2017] d='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] keyauthorization='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 15:22:44 UTC 2017] uri='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] wellknown_path='/home/letsencrypt/webroot/.well-known/acme-challenge'
[Fri Nov 10 15:22:44 UTC 2017] writing token:lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk to /home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk
[Fri Nov 10 15:22:44 UTC 2017] Changing owner/group of .well-known to letsencrypt:www-data
[Fri Nov 10 15:22:44 UTC 2017] chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/dZ-OSUU3jijYKB-S6t7h_p3aN0bEE54xfDgF8Y-Vbzc': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/TfYvoOuERGMd7i2eI-3SZsRNtp8ciXiMzef6ECbm2Fs': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/PdXqMTVxaI2kIOb_E5orVx-pqJb14SD-Ev9kc7xveJ0': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/vY2ULo19XW81o-PtxWS5TG0UufdFAJMZjmV00L4G2R8': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/uacjrm048QQUpZ2iDpMc22OaZm2GFWKH04PvFvqFHeo': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/P7EXz0vGeoMHb1JfIWTDvlIkSC15-GDQUPRw5xdf3HU': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM': Operation not permitted
[Fri Nov 10 15:22:44 UTC 2017] tigger domain validation.
[Fri Nov 10 15:22:44 UTC 2017] _t_url='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] _t_key_authz='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Fri Nov 10 15:22:44 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.nic.cz/account.key
[Fri Nov 10 15:22:44 UTC 2017] Use _CACHED_NONCE='k2dXWaYFrKCc0D36ChDAA6ngsDqIcKjxR4s9A-qPBfA'
[Fri Nov 10 15:22:44 UTC 2017] nonce='k2dXWaYFrKCc0D36ChDAA6ngsDqIcKjxR4s9A-qPBfA'
[Fri Nov 10 15:22:44 UTC 2017] POST
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJrMmRYV2FZRnJLQ2MwRDM2Q2hEQUE2bmdzRHFJY0tqeFI0czlBLXFQQmZBIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6OjQwMDAvYWNtZS9jaGFsbGVuZ2UvZ19wNTJ0RnpUbEpkdXJfanhLdThIM3owblpGRnhsWEREWERucElTWU9Xcy84IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidUtWNUJsQ2VNZVhhNjlyM2xlV0prTzMtX1hzYm5rSzg3RFJoX3FQRmpKT200allYVE9iZ010NEZ0Q3F3UWw4Y2djWW9ZbVhtN3pETGFLLXpQMnRneWtWVl81Q3J6VnBnYnBaeFZvOWxtRV9EWHVqZGZOYjI0eUlQUWkzNE5FelRVUUlydGdoUEl4SUhQdzlUZHEwZmFXTmpRenROMGM2OWFzMlhvbFRPMVR5UTk0OVNPbDhHVDRlVTZ3Yld5ZzE0dlFHTDJsaW51N2JFOUdubXdzN2tYTDZBQmVLNEJ3eHpIVTRscmpaN1pvRFBWUnpXSXBhemNvSGxCTWNPRWo4QzdkaG1JdmR1UF9zbEIyR3pZaS1od2h0VnZhbzhGREptUU5HaE15b2huWWtfdjdQakpneE5NS3oxSDctS2dEcHZFQnB3S0M5OE90MzRCODNtSzV3dnh3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJsVmhfRmFVcEJEbC01T2pySmFFMnNtOE1MNUJvWmZlSmJOeTdfMWlhQ0ZrLnB1WW9saW5FOGhZenItRThZM2Rwckg5ZWVJUEE1SnkwMFB0dTBkRUdQck0ifQ", "signature": "Tjt0iWA1L8gZcEWHWUNxxvdqjWEpf0CYikQyLmU1-ubJt6nW8szKycEhgomwDG7fB97FiAAli5aHVUHm_mGCZWZR-9BKg_ln4n2leMMaHOz8cHJGwJKKAjrnT-HlwTM0_RegXbJlFixmKGjIW-PWXslHT5XqPJGnWOEzrfcpxvMolc9QcCtALqE8YXQi7XnnBbqU6vqRxhPWEFJcVzMkIqxsvGFNvuyaY_hY9qOpxW96C9Ot6MQ9xg22TBsBYkcEK7FdLlAtUKlv9bXSQidbjlQUjepgknnrQC2mVSQyOA5HmMW0byP0k4DmJDRmmsmzZ4UHoHdgTlfzE843uiKTAA"}'
[Fri Nov 10 15:22:44 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.FWICSWkzhq '
[Fri Nov 10 15:22:44 UTC 2017] _ret='0'
[Fri Nov 10 15:22:44 UTC 2017] original='{
  "type": "http-01",
  "status": "pending",
  "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8",
  "token": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk",
  "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"
}'
[Fri Nov 10 15:22:44 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 202 Accepted
Boulder-Requester: 2
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Link: <http://boulder.office.nic.cz:4000/acme/authz/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs>;rel="up"
Location: http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8
Replay-Nonce: n84vy5RpVNasdl6-kwdTJ9ojGC9zlxAs0cNS-EQkkmg
Date: Fri, 10 Nov 2017 15:22:44 GMT
Content-Length: 324
'
[Fri Nov 10 15:22:44 UTC 2017] response='{"type":"http-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk","keyAuthorization":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Fri Nov 10 15:22:44 UTC 2017] code='202'
[Fri Nov 10 15:22:44 UTC 2017] sleep 2 secs to verify
[Fri Nov 10 15:22:46 UTC 2017] checking
[Fri Nov 10 15:22:46 UTC 2017] GET
[Fri Nov 10 15:22:46 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:46 UTC 2017] timeout
[Fri Nov 10 15:22:46 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.DGS5Zs5uhV '
[Fri Nov 10 15:22:46 UTC 2017] ret='0'
[Fri Nov 10 15:22:46 UTC 2017] original='{
  "type": "http-01",
  "status": "valid",
  "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8",
  "token": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk",
  "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM",
  "validationRecord": [
    {
      "url": "http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk",
      "hostname": "suitecrm.office.nic.cz",
      "port": "5002",
      "addressesResolved": [
        "172.17.0.1"
      ],
      "addressUsed": "172.17.0.1",
      "addressesTried": []
    }
  ]
}'
[Fri Nov 10 15:22:46 UTC 2017] response='{"type":"http-01","status":"valid","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk","keyAuthorization":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM","validationRecord":[{"url":"http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk","hostname":"suitecrm.office.nic.cz","port":"5002","addressesResolved":["172.17.0.1"],"addressUsed":"172.17.0.1","addressesTried":[]}]}'
[Fri Nov 10 15:22:46 UTC 2017] Success
[Fri Nov 10 15:22:47 UTC 2017] pid
[Fri Nov 10 15:22:47 UTC 2017] Debugging, skip removing: /home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk
[Fri Nov 10 15:22:47 UTC 2017] pid
[Fri Nov 10 15:22:47 UTC 2017] No need to restore nginx, skip.
[Fri Nov 10 15:22:47 UTC 2017] _clearupdns
[Fri Nov 10 15:22:47 UTC 2017] skip dns.
[Fri Nov 10 15:22:47 UTC 2017] Verify finished, start to sign.
[Fri Nov 10 15:22:47 UTC 2017] i='2'
[Fri Nov 10 15:22:47 UTC 2017] j='15'
[Fri Nov 10 15:22:47 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 15:22:47 UTC 2017] payload='{"resource": "new-cert", "csr": "MIIChDCCAWwCAQAwITEfMB0GA1UEAwwWc3VpdGVjcm0ub2ZmaWNlLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtGFyrFlcxWrmuKBpNz4Q7UztwlOCGpkKLDTSkAVCvxAvuywudk4SJVjWYfQrB0XOaElXy-qjAmZ8WwB1zj2icMoBhi8LMQ3Fbu6Yd-dGrVrFVVRBOjiA6Pwm9AxsXniCfD4SSdlt9OierWapLNRcmtEDfaz7iUHs-G87B5Dv80jTQIJ26rkpXx6HR9KB9KXE8nXUKMiT0C6jhQ1DD4sz2GihVpXt9WbwDbaSZhU-28TUBmmiR6VCYlwR_SfpdGVqqNz2XBFy-P0_0a4V1bWmBo57OClNab4DPdE2mdr907nW0chjErhIZn_lUtyqaB3VxxQsbH8y123hzB_r7sNfcCAwEAAaAeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBAQCPcs8iFtboJe0jsUn_KfWF2UTRsq7xM4E_tpa-3q2qx81ny09w7dzH20tHvJutfLi3cyROeR9dkvwlSgRD5xO-KKVp622_i0kTM_ooe4HCUFzc9JFkRt7pdnlVoO-FoX0qnlJu2qeSoaJdw3M2HLAMhAv982_7RtaC8lJTM0aA-3nV9UwxFMNy5Rdmf9teNXSp_e10b-qqbHJcbJ9ONKIh8Sflws__kWrGEozMeHSfBsP_e_2jUUu-Mdy_DfbkoIY5NHiKGCLhIOauwefhlqRIRRR9DJz4zQNsx6tm5IL78Nmw-t9cUA3wfKuMbPoxtQuDtvlH7T9IZyjF8rqPs4BE"}'
[Fri Nov 10 15:22:47 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.nic.cz/account.key
[Fri Nov 10 15:22:47 UTC 2017] Use _CACHED_NONCE='n84vy5RpVNasdl6-kwdTJ9ojGC9zlxAs0cNS-EQkkmg'
[Fri Nov 10 15:22:47 UTC 2017] nonce='n84vy5RpVNasdl6-kwdTJ9ojGC9zlxAs0cNS-EQkkmg'
[Fri Nov 10 15:22:47 UTC 2017] POST
[Fri Nov 10 15:22:47 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 15:22:47 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJuODR2eTVScFZOYXNkbDYta3dkVEo5b2pHQzl6bHhBczBjTlMtRVFra21nIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6OjQwMDAvYWNtZS9uZXctY2VydCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInVLVjVCbENlTWVYYTY5cjNsZVdKa08zLV9Yc2Jua0s4N0RSaF9xUEZqSk9tNGpZWFRPYmdNdDRGdENxd1FsOGNnY1lvWW1YbTd6RExhSy16UDJ0Z3lrVlZfNUNyelZwZ2JwWnhWbzlsbUVfRFh1amRmTmIyNHlJUFFpMzRORXpUVVFJcnRnaFBJeElIUHc5VGRxMGZhV05qUXp0TjBjNjlhczJYb2xUTzFUeVE5NDlTT2w4R1Q0ZVU2d2JXeWcxNHZRR0wybGludTdiRTlHbm13czdrWEw2QUJlSzRCd3h6SFU0bHJqWjdab0RQVlJ6V0lwYXpjb0hsQk1jT0VqOEM3ZGhtSXZkdVBfc2xCMkd6WWktaHdodFZ2YW84RkRKbVFOR2hNeW9obllrX3Y3UGpKZ3hOTUt6MUg3LUtnRHB2RUJwd0tDOThPdDM0QjgzbUs1d3Z4dyJ9fQ", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJQ2hEQ0NBV3dDQVFBd0lURWZNQjBHQTFVRUF3d1djM1ZwZEdWamNtMHViMlptYVdObExtNXBZeTVqZWpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXRHRnlyRmxjeFdybXVLQnBOejRRN1V6dHdsT0NHcGtLTERUU2tBVkN2eEF2dXl3dWRrNFNKVmpXWWZRckIwWE9hRWxYeS1xakFtWjhXd0IxemoyaWNNb0JoaThMTVEzRmJ1NllkLWRHclZyRlZWUkJPamlBNlB3bTlBeHNYbmlDZkQ0U1NkbHQ5T2llcldhcExOUmNtdEVEZmF6N2lVSHMtRzg3QjVEdjgwalRRSUoyNnJrcFh4NkhSOUtCOUtYRThuWFVLTWlUMEM2amhRMURENHN6MkdpaFZwWHQ5V2J3RGJhU1poVS0yOFRVQm1taVI2VkNZbHdSX1NmcGRHVnFxTnoyWEJGeS1QMF8wYTRWMWJXbUJvNTdPQ2xOYWI0RFBkRTJtZHI5MDduVzBjaGpFcmhJWm5fbFV0eXFhQjNWeHhRc2JIOHkxMjNoekJfcjdzTmZjQ0F3RUFBYUFlTUJ3R0NTcUdTSWIzRFFFSkRqRVBNQTB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1BjczhpRnRib0plMGpzVW5fS2ZXRjJVVFJzcTd4TTRFX3RwYS0zcTJxeDgxbnkwOXc3ZHpIMjB0SHZKdXRmTGkzY3lST2VSOWRrdndsU2dSRDV4Ty1LS1ZwNjIyX2kwa1RNX29vZTRIQ1VGemM5SkZrUnQ3cGRubFZvTy1Gb1gwcW5sSnUycWVTb2FKZHczTTJITEFNaEF2OTgyXzdSdGFDOGxKVE0wYUEtM25WOVV3eEZNTnk1UmRtZjl0ZU5YU3BfZTEwYi1xcWJISmNiSjlPTktJaDhTZmx3c19fa1dyR0Vvek1lSFNmQnNQX2VfMmpVVXUtTWR5X0RmYmtvSVk1TkhpS0dDTGhJT2F1d2VmaGxxUklSUlI5REp6NHpRTnN4NnRtNUlMNzhObXctdDljVUEzd2ZLdU1iUG94dFF1RHR2bEg3VDlJWnlqRjhycVBzNEJFIn0", "signature": "rKFbGGYkEAal-AFKcXdb39Lk0gD6ijAIuUQ3aRWWIEYZnARThCkBl9QEEqG4dO0jfZcNKKbbUvXJhi1K928XImZX4GjAG77nDxbS0wngoRac_i-IVlqNDIi9uHJ9a7_-4HPx8Hq4fJ5Ausm4SsWKRt8RWNcJrY3D9Pajb5I2-T_bYjxWZfFJjRpSiH5xmxyNpIIuV7LMjMW3piIDbHnv-akkdU4YYRpB4i2P0xmOic0Y_fdNaQnYfX2-g6PO98b5dtSSyFP_h1XWiQE8KTUC8cdeVquMU6g2AtDSfcp9mEvJ5JzYMiIuozzzZCNYXltONztmcyNw9GrtHb_ZJ_-y-Q"}'
[Fri Nov 10 15:22:47 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.3iq9PXFv6T '
[Fri Nov 10 15:22:47 UTC 2017] _ret='0'
[Fri Nov 10 15:22:47 UTC 2017] original='MIIElDCCA3ygAwIBAgITAP8V1DoVmkTTUojmx8RvrwzdwzANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNzExMTAxNDIyNDdaFw0xODAyMDgxNDIyNDdaMFAxHzAdBgNVBAMTFnN1aXRlY3JtLm9mZmljZS5uaWMuY3oxLTArBgNVBAUTJGZmMTVkNDNhMTU5YTQ0ZDM1Mjg4ZTZjN2M0NmZhZjBjZGRjMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtGFyrFlcxWrmuKBpNz4Q7UztwlOCGpkKLDTSkAVCvxAvuywudk4SJVjWYfQrB0XOaElXy+qjAmZ8WwB1zj2icMoBhi8LMQ3Fbu6Yd+dGrVrFVVRBOjiA6Pwm9AxsXniCfD4SSdlt9OierWapLNRcmtEDfaz7iUHs+G87B5Dv80jTQIJ26rkpXx6HR9KB9KXE8nXUKMiT0C6jhQ1DD4sz2GihVpXt9WbwDbaSZhU+28TUBmmiR6VCYlwR/SfpdGVqqNz2XBFy+P0/0a4V1bWmBo57OClNab4DPdE2mdr907nW0chjErhIZn/lUtyqaB3VxxQsbH8y123hzB/r7sNfcCAwEAAaOCAZYwggGSMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgkogatL306DoEOAq8tyqjhUMPo0wHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkwZAYIKwYBBQUHAQEEWDBWMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjQwMDIvMDAGCCsGAQUFBzAChiRodHRwOi8vYm91bGRlcjo0NDMwL2FjbWUvaXNzdWVyLWNlcnQwIQYDVR0RBBowGIIWc3VpdGVjcm0ub2ZmaWNlLm5pYy5jejAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYGZ4EMAQIBMEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8GCCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IBAQCB/Q969pUYg7PetAP1YjTtVPH5iuRjq/G37GyOkX4+OJ9dhGTYPHlU2wrbJVSChkr9TAjs1T4mL6QwWW+YkbtGqwl29duN7aLiTdBQetM8QA/iAyGIFeLjX9QG4MiaXQQ9dX/J/opwcqBFL9GcjW5VtVX0C6Buynxl2PlmAMHjlfrHfuv1hopLqWWbMPUv09mEvOXFpLzLuUraot+YCzwdZqG0JLZiOIksp0KWIXz9VzPt6BO+RnNPHLTUsH038YQ+Sew91xxAEdXGfnk0n56NDAK8R+Uy6bgiDwx9kpI0AdPLq1kdlcvJk7hcgyrcUScemVnhfQrHUKfw1T8cIPVv'
[Fri Nov 10 15:22:47 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 201 Created
Boulder-Requester: 2
Cache-Control: public, max-age=0, no-cache
Content-Type: application/pkix-cert
Link: <http://boulder.office.nic.cz:4000/acme/issuer-cert>;rel="up"
Location: http://boulder.office.nic.cz:4000/acme/cert/ff15d43a159a44d35288e6c7c46faf0cddc3
Replay-Nonce: 1X8HlYvsxEomowisbWXKSrXsV22jCySQ5r2jnRgJQo8
Date: Fri, 10 Nov 2017 15:22:47 GMT
Content-Length: 1176
'
[Fri Nov 10 15:22:47 UTC 2017] response='MIIElDCCA3ygAwIBAgITAP8V1DoVmkTTUojmx8RvrwzdwzANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNzExMTAxNDIyNDdaFw0xODAyMDgxNDIyNDdaMFAxHzAdBgNVBAMTFnN1aXRlY3JtLm9mZmljZS5uaWMuY3oxLTArBgNVBAUTJGZmMTVkNDNhMTU5YTQ0ZDM1Mjg4ZTZjN2M0NmZhZjBjZGRjMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtGFyrFlcxWrmuKBpNz4Q7UztwlOCGpkKLDTSkAVCvxAvuywudk4SJVjWYfQrB0XOaElXy+qjAmZ8WwB1zj2icMoBhi8LMQ3Fbu6Yd+dGrVrFVVRBOjiA6Pwm9AxsXniCfD4SSdlt9OierWapLNRcmtEDfaz7iUHs+G87B5Dv80jTQIJ26rkpXx6HR9KB9KXE8nXUKMiT0C6jhQ1DD4sz2GihVpXt9WbwDbaSZhU+28TUBmmiR6VCYlwR/SfpdGVqqNz2XBFy+P0/0a4V1bWmBo57OClNab4DPdE2mdr907nW0chjErhIZn/lUtyqaB3VxxQsbH8y123hzB/r7sNfcCAwEAAaOCAZYwggGSMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgkogatL306DoEOAq8tyqjhUMPo0wHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkwZAYIKwYBBQUHAQEEWDBWMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjQwMDIvMDAGCCsGAQUFBzAChiRodHRwOi8vYm91bGRlcjo0NDMwL2FjbWUvaXNzdWVyLWNlcnQwIQYDVR0RBBowGIIWc3VpdGVjcm0ub2ZmaWNlLm5pYy5jejAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYGZ4EMAQIBMEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8GCCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IBAQCB/Q969pUYg7PetAP1YjTtVPH5iuRjq/G37GyOkX4+OJ9dhGTYPHlU2wrbJVSChkr9TAjs1T4mL6QwWW+YkbtGqwl29duN7aLiTdBQetM8QA/iAyGIFeLjX9QG4MiaXQQ9dX/J/opwcqBFL9GcjW5VtVX0C6Buynxl2PlmAMHjlfrHfuv1hopLqWWbMPUv09mEvOXFpLzLuUraot+YCzwdZqG0JLZiOIksp0KWIXz9VzPt6BO+RnNPHLTUsH038YQ+Sew91xxAEdXGfnk0n56NDAK8R+Uy6bgiDwx9kpI0AdPLq1kdlcvJk7hcgyrcUScemVnhfQrHUKfw1T8cIPVv'
[Fri Nov 10 15:22:47 UTC 2017] code='201'
.acme.sh/acme.sh: line 1819: warning: command substitution: ignored null byte in input
[Fri Nov 10 15:22:47 UTC 2017] _body=' 0�0�������http://example.com/crl0a��U� �Z0X��g�
                                                                                      ���0L��*��0E0"+������http://example.com/cps0�+����0�
��      *�H�                                                                                                                              �Do What Thou Wilt0
  �����z�����޴��b4�T����c����l~>8�]�d�<yT
�%T��J���>&/�0Yo���F�	v�ۍ���M�Pz�<@��!����_���Ț]�=u����pr�E/ќ�nU�U�
                                                                     �n�|e��f�����~����K�e�0�/�ل��Ť�˹Jڢߘ
                                                                                                        <�f��$�b8�,�B�!|�W3����FsO��԰}7��>I�=��@���~y4���
                                                                                                                                                         ��G�2��"
                                                                                                                                                                 }��4��˫Y���ɓ�\�*�Q'��Y�}
�P���?� �o'
[Fri Nov 10 15:22:47 UTC 2017] Le_LinkCert='http://boulder.office.nic.cz:4000/acme/cert/ff15d43a159a44d35288e6c7c46faf0cddc3'
[Fri Nov 10 15:22:47 UTC 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIElDCCA3ygAwIBAgITAP8V1DoVmkTTUojmx8RvrwzdwzANBgkqhkiG9w0BAQsF
ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNzExMTAxNDIy
NDdaFw0xODAyMDgxNDIyNDdaMFAxHzAdBgNVBAMTFnN1aXRlY3JtLm9mZmljZS5u
aWMuY3oxLTArBgNVBAUTJGZmMTVkNDNhMTU5YTQ0ZDM1Mjg4ZTZjN2M0NmZhZjBj
ZGRjMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtGFyrFlcxWrmuK
BpNz4Q7UztwlOCGpkKLDTSkAVCvxAvuywudk4SJVjWYfQrB0XOaElXy+qjAmZ8Ww
B1zj2icMoBhi8LMQ3Fbu6Yd+dGrVrFVVRBOjiA6Pwm9AxsXniCfD4SSdlt9OierW
apLNRcmtEDfaz7iUHs+G87B5Dv80jTQIJ26rkpXx6HR9KB9KXE8nXUKMiT0C6jhQ
1DD4sz2GihVpXt9WbwDbaSZhU+28TUBmmiR6VCYlwR/SfpdGVqqNz2XBFy+P0/0a
4V1bWmBo57OClNab4DPdE2mdr907nW0chjErhIZn/lUtyqaB3VxxQsbH8y123hzB
/r7sNfcCAwEAAaOCAZYwggGSMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgkogatL3
06DoEOAq8tyqjhUMPo0wHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkw
ZAYIKwYBBQUHAQEEWDBWMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjQw
MDIvMDAGCCsGAQUFBzAChiRodHRwOi8vYm91bGRlcjo0NDMwL2FjbWUvaXNzdWVy
LWNlcnQwIQYDVR0RBBowGIIWc3VpdGVjcm0ub2ZmaWNlLm5pYy5jejAnBgNVHR8E
IDAeMBygGqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYG
Z4EMAQIBMEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20v
Y3BzMB8GCCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEB
CwUAA4IBAQCB/Q969pUYg7PetAP1YjTtVPH5iuRjq/G37GyOkX4+OJ9dhGTYPHlU
2wrbJVSChkr9TAjs1T4mL6QwWW+YkbtGqwl29duN7aLiTdBQetM8QA/iAyGIFeLj
X9QG4MiaXQQ9dX/J/opwcqBFL9GcjW5VtVX0C6Buynxl2PlmAMHjlfrHfuv1hopL
qWWbMPUv09mEvOXFpLzLuUraot+YCzwdZqG0JLZiOIksp0KWIXz9VzPt6BO+RnNP
HLTUsH038YQ+Sew91xxAEdXGfnk0n56NDAK8R+Uy6bgiDwx9kpI0AdPLq1kdlcvJ
k7hcgyrcUScemVnhfQrHUKfw1T8cIPVv
-----END CERTIFICATE-----
[Fri Nov 10 15:22:47 UTC 2017] Your cert is in  /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.cer 
[Fri Nov 10 15:22:47 UTC 2017] Your cert key is in  /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.key 
[Fri Nov 10 15:22:47 UTC 2017] Le_LinkIssuer='http://boulder.office.nic.cz:4000/acme/issuer-cert'
[Fri Nov 10 15:22:47 UTC 2017] _link_issuer_retry='0'
[Fri Nov 10 15:22:47 UTC 2017] GET
[Fri Nov 10 15:22:47 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/issuer-cert'
[Fri Nov 10 15:22:47 UTC 2017] timeout
[Fri Nov 10 15:22:47 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.6EGCH7hybJ '
[Fri Nov 10 15:22:47 UTC 2017] ret='0'
[Fri Nov 10 15:22:47 UTC 2017] The intermediate CA cert is in  /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/ca.cer 
[Fri Nov 10 15:22:47 UTC 2017] And the full chain certs is there:  /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/fullchain.cer 
[Fri Nov 10 15:22:47 UTC 2017] _on_issue_success
[Fri Nov 10 15:22:47 UTC 2017] '' does not contain 'dns'

zden2k commented Nov 10, 2017

Hello, fixed, Thanks both of you.

letsencrypt@boulderacme:~$ .acme.sh/acme.sh --issue -d suitecrm.office.nic.cz --home /home/letsencrypt/.acme.sh -w /home/letsencrypt/webroot --server http://boulder.office.nic.cz:4000/directory  --force --log --debug 2
[Fri Nov 10 15:22:44 UTC 2017] Lets find script dir.
[Fri Nov 10 15:22:44 UTC 2017] _SCRIPT_='.acme.sh/acme.sh'
[Fri Nov 10 15:22:44 UTC 2017] _script='/home/letsencrypt/.acme.sh/acme.sh'
[Fri Nov 10 15:22:44 UTC 2017] _script_home='/home/letsencrypt/.acme.sh'
[Fri Nov 10 15:22:44 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Fri Nov 10 15:22:44 UTC 2017] LE_WORKING_DIR='/home/letsencrypt/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.5
[Fri Nov 10 15:22:44 UTC 2017] Using server: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 15:22:44 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Fri Nov 10 15:22:44 UTC 2017] ACME_DIRECTORY='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 15:22:44 UTC 2017] _ACME_SERVER_HOST='boulder.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] DOMAIN_PATH='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] Using ACME_DIRECTORY: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 15:22:44 UTC 2017] _init api for server: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 15:22:44 UTC 2017] GET
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 15:22:44 UTC 2017] timeout
[Fri Nov 10 15:22:44 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.Q11sQUKlQh '
[Fri Nov 10 15:22:44 UTC 2017] ret='0'
[Fri Nov 10 15:22:44 UTC 2017] response='{
  "9wgoJTwd8ME": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "http://boulder.office.nic.cz:4000/acme/key-change",
  "meta": {
    "terms-of-service": "http://boulder:4000/terms/v1"
  },
  "new-authz": "http://boulder.office.nic.cz:4000/acme/new-authz",
  "new-cert": "http://boulder.office.nic.cz:4000/acme/new-cert",
  "new-reg": "http://boulder.office.nic.cz:4000/acme/new-reg",
  "revoke-cert": "http://boulder.office.nic.cz:4000/acme/revoke-cert"
}'
[Fri Nov 10 15:22:44 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.nic.cz:4000/acme/key-change'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_ORDER='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.nic.cz:4000/acme/new-reg'
[Fri Nov 10 15:22:44 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.nic.cz:4000/acme/revoke-cert'
[Fri Nov 10 15:22:44 UTC 2017] Le_NextRenewTime
[Fri Nov 10 15:22:44 UTC 2017] _on_before_issue
[Fri Nov 10 15:22:44 UTC 2017] '/home/letsencrypt/webroot' does not contain 'no'
[Fri Nov 10 15:22:44 UTC 2017] Le_LocalAddress
[Fri Nov 10 15:22:44 UTC 2017] Check for domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] '/home/letsencrypt/webroot' does not contain 'apache'
[Fri Nov 10 15:22:44 UTC 2017] _saved_account_key_hash='6sRegKo+srPDgaOnCejKyf7wkccpEtngrddGwl0xyho='
[Fri Nov 10 15:22:44 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Fri Nov 10 15:22:44 UTC 2017] Read key length:
[Fri Nov 10 15:22:44 UTC 2017] _createcsr
[Fri Nov 10 15:22:44 UTC 2017] domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] domainlist
[Fri Nov 10 15:22:44 UTC 2017] csrkey='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.key'
[Fri Nov 10 15:22:44 UTC 2017] csr='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.csr'
[Fri Nov 10 15:22:44 UTC 2017] csrconf='/home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.csr.conf'
[Fri Nov 10 15:22:44 UTC 2017] Single domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _is_idn_d='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _idn_temp
[Fri Nov 10 15:22:44 UTC 2017] _csr_cn='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] Getting domain auth token for each domain
[Fri Nov 10 15:22:44 UTC 2017] Getting webroot for domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _w='/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] Getting new-authz for domain='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _init api for server: http://boulder.office.nic.cz:4000/directory
[Fri Nov 10 15:22:44 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.nic.cz:4000/acme/key-change'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_ORDER='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 15:22:44 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.nic.cz:4000/acme/new-reg'
[Fri Nov 10 15:22:44 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.nic.cz:4000/acme/revoke-cert'
[Fri Nov 10 15:22:44 UTC 2017] Try new-authz for the 0 time.
[Fri Nov 10 15:22:44 UTC 2017] _is_idn_d='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] _idn_temp
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 15:22:44 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "suitecrm.office.nic.cz"}}'
[Fri Nov 10 15:22:44 UTC 2017] RSA key
[Fri Nov 10 15:22:44 UTC 2017] Get nonce. ACME_DIRECTORY='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 15:22:44 UTC 2017] GET
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/directory'
[Fri Nov 10 15:22:44 UTC 2017] timeout
[Fri Nov 10 15:22:44 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.mcDDPT3mwE '
[Fri Nov 10 15:22:44 UTC 2017] ret='0'
[Fri Nov 10 15:22:44 UTC 2017] _headers='HTTP/1.1 200 OK
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Replay-Nonce: IwtSFLqFoC5owSlLAVTirYTuyPCvDgXpUHgrHlzHOCg
Date: Fri, 10 Nov 2017 15:22:44 GMT
Content-Length: 510
'
[Fri Nov 10 15:22:44 UTC 2017] _CACHED_NONCE='IwtSFLqFoC5owSlLAVTirYTuyPCvDgXpUHgrHlzHOCg'
[Fri Nov 10 15:22:44 UTC 2017] nonce='IwtSFLqFoC5owSlLAVTirYTuyPCvDgXpUHgrHlzHOCg'
[Fri Nov 10 15:22:44 UTC 2017] POST
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/new-authz'
[Fri Nov 10 15:22:44 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJJd3RTRkxxRm9DNW93U2xMQVZUaXJZVHV5UEN2RGdYcFVIZ3JIbHpIT0NnIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6OjQwMDAvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ1S1Y1QmxDZU1lWGE2OXIzbGVXSmtPMy1fWHNibmtLODdEUmhfcVBGakpPbTRqWVhUT2JnTXQ0RnRDcXdRbDhjZ2NZb1ltWG03ekRMYUstelAydGd5a1ZWXzVDcnpWcGdicFp4Vm85bG1FX0RYdWpkZk5iMjR5SVBRaTM0TkV6VFVRSXJ0Z2hQSXhJSFB3OVRkcTBmYVdOalF6dE4wYzY5YXMyWG9sVE8xVHlROTQ5U09sOEdUNGVVNndiV3lnMTR2UUdMMmxpbnU3YkU5R25td3M3a1hMNkFCZUs0Qnd4ekhVNGxyalo3Wm9EUFZSeldJcGF6Y29IbEJNY09FajhDN2RobUl2ZHVQX3NsQjJHellpLWh3aHRWdmFvOEZESm1RTkdoTXlvaG5Za192N1BqSmd4Tk1LejFINy1LZ0RwdkVCcHdLQzk4T3QzNEI4M21LNXd2eHcifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAic3VpdGVjcm0ub2ZmaWNlLm5pYy5jeiJ9fQ", "signature": "aDqSEhfRrgRBr4sFLduPTBIJAlBSOxhbSAqcz9EEirrzBBE0ymBvEwYH2wkDRpUklP91dSFskcxssV8IBGgngSW76vS53BINSWaxHla-O3CGyfy1TB6ZRcY6I_k8C-On-Yee8cKJO-3R0jypWZ7VqO4JafLsAJVAZayAvPtWjQDY6MyzfmblYaOFruqXxun5miYwWN9nFeed6ncabKj97cJzZ7kqh4Dl2wstchRmmaFs57xHuuKDxmTt_oDtea9y6SVp8E1agW6xAhc9CvenDK1JnoJkVnE8KGPN5BhcW60h4rh3HHAQhTKAyP5l0Ojot5qxp1_R-bZcaNZWuGHX5g"}'
[Fri Nov 10 15:22:44 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.vzyhIQljzt '
[Fri Nov 10 15:22:44 UTC 2017] _ret='0'
[Fri Nov 10 15:22:44 UTC 2017] original='{
  "identifier": {
    "type": "dns",
    "value": "suitecrm.office.nic.cz"
  },
  "status": "pending",
  "expires": "2017-11-16T09:38:04Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7",
      "token": "Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8",
      "token": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9",
      "token": "ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      0
    ],
    [
      2
    ]
  ]
}'
[Fri Nov 10 15:22:44 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 201 Created
Boulder-Requester: 2
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Link: <http://boulder.office.nic.cz:4000/acme/new-cert>;rel="next"
Location: http://boulder.office.nic.cz:4000/acme/authz/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs
Replay-Nonce: k2dXWaYFrKCc0D36ChDAA6ngsDqIcKjxR4s9A-qPBfA
Date: Fri, 10 Nov 2017 15:22:44 GMT
Content-Length: 964
'
[Fri Nov 10 15:22:44 UTC 2017] response='{"identifier":{"type":"dns","value":"suitecrm.office.nic.cz"},"status":"pending","expires":"2017-11-16T09:38:04Z","challenges":[{"type":"dns-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7","token":"Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"},{"type":"http-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"},{"type":"tls-sni-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9","token":"ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"}],"combinations":[[1],[0],[2]]}'
[Fri Nov 10 15:22:44 UTC 2017] code='201'
[Fri Nov 10 15:22:44 UTC 2017] The new-authz request is ok.
[Fri Nov 10 15:22:44 UTC 2017] entry='"type":"http-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"'
[Fri Nov 10 15:22:44 UTC 2017] token='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk'
[Fri Nov 10 15:22:44 UTC 2017] uri='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] keyauthorization='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 15:22:44 UTC 2017] dvlist='suitecrm.office.nic.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8#http-01#/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] vlist='suitecrm.office.nic.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8#http-01#/home/letsencrypt/webroot,'
[Fri Nov 10 15:22:44 UTC 2017] ok, let's start to verify
[Fri Nov 10 15:22:44 UTC 2017] Verifying:suitecrm.office.nic.cz
[Fri Nov 10 15:22:44 UTC 2017] d='suitecrm.office.nic.cz'
[Fri Nov 10 15:22:44 UTC 2017] keyauthorization='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 15:22:44 UTC 2017] uri='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Fri Nov 10 15:22:44 UTC 2017] wellknown_path='/home/letsencrypt/webroot/.well-known/acme-challenge'
[Fri Nov 10 15:22:44 UTC 2017] writing token:lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk to /home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk
[Fri Nov 10 15:22:44 UTC 2017] Changing owner/group of .well-known to letsencrypt:www-data
[Fri Nov 10 15:22:44 UTC 2017] chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/dZ-OSUU3jijYKB-S6t7h_p3aN0bEE54xfDgF8Y-Vbzc': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/TfYvoOuERGMd7i2eI-3SZsRNtp8ciXiMzef6ECbm2Fs': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/PdXqMTVxaI2kIOb_E5orVx-pqJb14SD-Ev9kc7xveJ0': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/vY2ULo19XW81o-PtxWS5TG0UufdFAJMZjmV00L4G2R8': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/uacjrm048QQUpZ2iDpMc22OaZm2GFWKH04PvFvqFHeo': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/P7EXz0vGeoMHb1JfIWTDvlIkSC15-GDQUPRw5xdf3HU': Operation not permitted
chown: changing ownership of '/home/letsencrypt/webroot/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM': Operation not permitted
[Fri Nov 10 15:22:44 UTC 2017] tigger domain validation.
[Fri Nov 10 15:22:44 UTC 2017] _t_url='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] _t_key_authz='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Fri Nov 10 15:22:44 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.nic.cz/account.key
[Fri Nov 10 15:22:44 UTC 2017] Use _CACHED_NONCE='k2dXWaYFrKCc0D36ChDAA6ngsDqIcKjxR4s9A-qPBfA'
[Fri Nov 10 15:22:44 UTC 2017] nonce='k2dXWaYFrKCc0D36ChDAA6ngsDqIcKjxR4s9A-qPBfA'
[Fri Nov 10 15:22:44 UTC 2017] POST
[Fri Nov 10 15:22:44 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:44 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJrMmRYV2FZRnJLQ2MwRDM2Q2hEQUE2bmdzRHFJY0tqeFI0czlBLXFQQmZBIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6OjQwMDAvYWNtZS9jaGFsbGVuZ2UvZ19wNTJ0RnpUbEpkdXJfanhLdThIM3owblpGRnhsWEREWERucElTWU9Xcy84IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidUtWNUJsQ2VNZVhhNjlyM2xlV0prTzMtX1hzYm5rSzg3RFJoX3FQRmpKT200allYVE9iZ010NEZ0Q3F3UWw4Y2djWW9ZbVhtN3pETGFLLXpQMnRneWtWVl81Q3J6VnBnYnBaeFZvOWxtRV9EWHVqZGZOYjI0eUlQUWkzNE5FelRVUUlydGdoUEl4SUhQdzlUZHEwZmFXTmpRenROMGM2OWFzMlhvbFRPMVR5UTk0OVNPbDhHVDRlVTZ3Yld5ZzE0dlFHTDJsaW51N2JFOUdubXdzN2tYTDZBQmVLNEJ3eHpIVTRscmpaN1pvRFBWUnpXSXBhemNvSGxCTWNPRWo4QzdkaG1JdmR1UF9zbEIyR3pZaS1od2h0VnZhbzhGREptUU5HaE15b2huWWtfdjdQakpneE5NS3oxSDctS2dEcHZFQnB3S0M5OE90MzRCODNtSzV3dnh3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJsVmhfRmFVcEJEbC01T2pySmFFMnNtOE1MNUJvWmZlSmJOeTdfMWlhQ0ZrLnB1WW9saW5FOGhZenItRThZM2Rwckg5ZWVJUEE1SnkwMFB0dTBkRUdQck0ifQ", "signature": "Tjt0iWA1L8gZcEWHWUNxxvdqjWEpf0CYikQyLmU1-ubJt6nW8szKycEhgomwDG7fB97FiAAli5aHVUHm_mGCZWZR-9BKg_ln4n2leMMaHOz8cHJGwJKKAjrnT-HlwTM0_RegXbJlFixmKGjIW-PWXslHT5XqPJGnWOEzrfcpxvMolc9QcCtALqE8YXQi7XnnBbqU6vqRxhPWEFJcVzMkIqxsvGFNvuyaY_hY9qOpxW96C9Ot6MQ9xg22TBsBYkcEK7FdLlAtUKlv9bXSQidbjlQUjepgknnrQC2mVSQyOA5HmMW0byP0k4DmJDRmmsmzZ4UHoHdgTlfzE843uiKTAA"}'
[Fri Nov 10 15:22:44 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.FWICSWkzhq '
[Fri Nov 10 15:22:44 UTC 2017] _ret='0'
[Fri Nov 10 15:22:44 UTC 2017] original='{
  "type": "http-01",
  "status": "pending",
  "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8",
  "token": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk",
  "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"
}'
[Fri Nov 10 15:22:44 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 202 Accepted
Boulder-Requester: 2
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Link: <http://boulder.office.nic.cz:4000/acme/authz/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs>;rel="up"
Location: http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8
Replay-Nonce: n84vy5RpVNasdl6-kwdTJ9ojGC9zlxAs0cNS-EQkkmg
Date: Fri, 10 Nov 2017 15:22:44 GMT
Content-Length: 324
'
[Fri Nov 10 15:22:44 UTC 2017] response='{"type":"http-01","status":"pending","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk","keyAuthorization":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Fri Nov 10 15:22:44 UTC 2017] code='202'
[Fri Nov 10 15:22:44 UTC 2017] sleep 2 secs to verify
[Fri Nov 10 15:22:46 UTC 2017] checking
[Fri Nov 10 15:22:46 UTC 2017] GET
[Fri Nov 10 15:22:46 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8'
[Fri Nov 10 15:22:46 UTC 2017] timeout
[Fri Nov 10 15:22:46 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.DGS5Zs5uhV '
[Fri Nov 10 15:22:46 UTC 2017] ret='0'
[Fri Nov 10 15:22:46 UTC 2017] original='{
  "type": "http-01",
  "status": "valid",
  "uri": "http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8",
  "token": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk",
  "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM",
  "validationRecord": [
    {
      "url": "http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk",
      "hostname": "suitecrm.office.nic.cz",
      "port": "5002",
      "addressesResolved": [
        "172.17.0.1"
      ],
      "addressUsed": "172.17.0.1",
      "addressesTried": []
    }
  ]
}'
[Fri Nov 10 15:22:46 UTC 2017] response='{"type":"http-01","status":"valid","uri":"http://boulder.office.nic.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk","keyAuthorization":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM","validationRecord":[{"url":"http://suitecrm.office.nic.cz:5002/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk","hostname":"suitecrm.office.nic.cz","port":"5002","addressesResolved":["172.17.0.1"],"addressUsed":"172.17.0.1","addressesTried":[]}]}'
[Fri Nov 10 15:22:46 UTC 2017] Success
[Fri Nov 10 15:22:47 UTC 2017] pid
[Fri Nov 10 15:22:47 UTC 2017] Debugging, skip removing: /home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk
[Fri Nov 10 15:22:47 UTC 2017] pid
[Fri Nov 10 15:22:47 UTC 2017] No need to restore nginx, skip.
[Fri Nov 10 15:22:47 UTC 2017] _clearupdns
[Fri Nov 10 15:22:47 UTC 2017] skip dns.
[Fri Nov 10 15:22:47 UTC 2017] Verify finished, start to sign.
[Fri Nov 10 15:22:47 UTC 2017] i='2'
[Fri Nov 10 15:22:47 UTC 2017] j='15'
[Fri Nov 10 15:22:47 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 15:22:47 UTC 2017] payload='{"resource": "new-cert", "csr": "MIIChDCCAWwCAQAwITEfMB0GA1UEAwwWc3VpdGVjcm0ub2ZmaWNlLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtGFyrFlcxWrmuKBpNz4Q7UztwlOCGpkKLDTSkAVCvxAvuywudk4SJVjWYfQrB0XOaElXy-qjAmZ8WwB1zj2icMoBhi8LMQ3Fbu6Yd-dGrVrFVVRBOjiA6Pwm9AxsXniCfD4SSdlt9OierWapLNRcmtEDfaz7iUHs-G87B5Dv80jTQIJ26rkpXx6HR9KB9KXE8nXUKMiT0C6jhQ1DD4sz2GihVpXt9WbwDbaSZhU-28TUBmmiR6VCYlwR_SfpdGVqqNz2XBFy-P0_0a4V1bWmBo57OClNab4DPdE2mdr907nW0chjErhIZn_lUtyqaB3VxxQsbH8y123hzB_r7sNfcCAwEAAaAeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBAQCPcs8iFtboJe0jsUn_KfWF2UTRsq7xM4E_tpa-3q2qx81ny09w7dzH20tHvJutfLi3cyROeR9dkvwlSgRD5xO-KKVp622_i0kTM_ooe4HCUFzc9JFkRt7pdnlVoO-FoX0qnlJu2qeSoaJdw3M2HLAMhAv982_7RtaC8lJTM0aA-3nV9UwxFMNy5Rdmf9teNXSp_e10b-qqbHJcbJ9ONKIh8Sflws__kWrGEozMeHSfBsP_e_2jUUu-Mdy_DfbkoIY5NHiKGCLhIOauwefhlqRIRRR9DJz4zQNsx6tm5IL78Nmw-t9cUA3wfKuMbPoxtQuDtvlH7T9IZyjF8rqPs4BE"}'
[Fri Nov 10 15:22:47 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.nic.cz/account.key
[Fri Nov 10 15:22:47 UTC 2017] Use _CACHED_NONCE='n84vy5RpVNasdl6-kwdTJ9ojGC9zlxAs0cNS-EQkkmg'
[Fri Nov 10 15:22:47 UTC 2017] nonce='n84vy5RpVNasdl6-kwdTJ9ojGC9zlxAs0cNS-EQkkmg'
[Fri Nov 10 15:22:47 UTC 2017] POST
[Fri Nov 10 15:22:47 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/new-cert'
[Fri Nov 10 15:22:47 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJuODR2eTVScFZOYXNkbDYta3dkVEo5b2pHQzl6bHhBczBjTlMtRVFra21nIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6OjQwMDAvYWNtZS9uZXctY2VydCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInVLVjVCbENlTWVYYTY5cjNsZVdKa08zLV9Yc2Jua0s4N0RSaF9xUEZqSk9tNGpZWFRPYmdNdDRGdENxd1FsOGNnY1lvWW1YbTd6RExhSy16UDJ0Z3lrVlZfNUNyelZwZ2JwWnhWbzlsbUVfRFh1amRmTmIyNHlJUFFpMzRORXpUVVFJcnRnaFBJeElIUHc5VGRxMGZhV05qUXp0TjBjNjlhczJYb2xUTzFUeVE5NDlTT2w4R1Q0ZVU2d2JXeWcxNHZRR0wybGludTdiRTlHbm13czdrWEw2QUJlSzRCd3h6SFU0bHJqWjdab0RQVlJ6V0lwYXpjb0hsQk1jT0VqOEM3ZGhtSXZkdVBfc2xCMkd6WWktaHdodFZ2YW84RkRKbVFOR2hNeW9obllrX3Y3UGpKZ3hOTUt6MUg3LUtnRHB2RUJwd0tDOThPdDM0QjgzbUs1d3Z4dyJ9fQ", "payload": "eyJyZXNvdXJjZSI6ICJuZXctY2VydCIsICJjc3IiOiAiTUlJQ2hEQ0NBV3dDQVFBd0lURWZNQjBHQTFVRUF3d1djM1ZwZEdWamNtMHViMlptYVdObExtNXBZeTVqZWpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXRHRnlyRmxjeFdybXVLQnBOejRRN1V6dHdsT0NHcGtLTERUU2tBVkN2eEF2dXl3dWRrNFNKVmpXWWZRckIwWE9hRWxYeS1xakFtWjhXd0IxemoyaWNNb0JoaThMTVEzRmJ1NllkLWRHclZyRlZWUkJPamlBNlB3bTlBeHNYbmlDZkQ0U1NkbHQ5T2llcldhcExOUmNtdEVEZmF6N2lVSHMtRzg3QjVEdjgwalRRSUoyNnJrcFh4NkhSOUtCOUtYRThuWFVLTWlUMEM2amhRMURENHN6MkdpaFZwWHQ5V2J3RGJhU1poVS0yOFRVQm1taVI2VkNZbHdSX1NmcGRHVnFxTnoyWEJGeS1QMF8wYTRWMWJXbUJvNTdPQ2xOYWI0RFBkRTJtZHI5MDduVzBjaGpFcmhJWm5fbFV0eXFhQjNWeHhRc2JIOHkxMjNoekJfcjdzTmZjQ0F3RUFBYUFlTUJ3R0NTcUdTSWIzRFFFSkRqRVBNQTB3Q3dZRFZSMFBCQVFEQWdYZ01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ1BjczhpRnRib0plMGpzVW5fS2ZXRjJVVFJzcTd4TTRFX3RwYS0zcTJxeDgxbnkwOXc3ZHpIMjB0SHZKdXRmTGkzY3lST2VSOWRrdndsU2dSRDV4Ty1LS1ZwNjIyX2kwa1RNX29vZTRIQ1VGemM5SkZrUnQ3cGRubFZvTy1Gb1gwcW5sSnUycWVTb2FKZHczTTJITEFNaEF2OTgyXzdSdGFDOGxKVE0wYUEtM25WOVV3eEZNTnk1UmRtZjl0ZU5YU3BfZTEwYi1xcWJISmNiSjlPTktJaDhTZmx3c19fa1dyR0Vvek1lSFNmQnNQX2VfMmpVVXUtTWR5X0RmYmtvSVk1TkhpS0dDTGhJT2F1d2VmaGxxUklSUlI5REp6NHpRTnN4NnRtNUlMNzhObXctdDljVUEzd2ZLdU1iUG94dFF1RHR2bEg3VDlJWnlqRjhycVBzNEJFIn0", "signature": "rKFbGGYkEAal-AFKcXdb39Lk0gD6ijAIuUQ3aRWWIEYZnARThCkBl9QEEqG4dO0jfZcNKKbbUvXJhi1K928XImZX4GjAG77nDxbS0wngoRac_i-IVlqNDIi9uHJ9a7_-4HPx8Hq4fJ5Ausm4SsWKRt8RWNcJrY3D9Pajb5I2-T_bYjxWZfFJjRpSiH5xmxyNpIIuV7LMjMW3piIDbHnv-akkdU4YYRpB4i2P0xmOic0Y_fdNaQnYfX2-g6PO98b5dtSSyFP_h1XWiQE8KTUC8cdeVquMU6g2AtDSfcp9mEvJ5JzYMiIuozzzZCNYXltONztmcyNw9GrtHb_ZJ_-y-Q"}'
[Fri Nov 10 15:22:47 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.3iq9PXFv6T '
[Fri Nov 10 15:22:47 UTC 2017] _ret='0'
[Fri Nov 10 15:22:47 UTC 2017] original='MIIElDCCA3ygAwIBAgITAP8V1DoVmkTTUojmx8RvrwzdwzANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNzExMTAxNDIyNDdaFw0xODAyMDgxNDIyNDdaMFAxHzAdBgNVBAMTFnN1aXRlY3JtLm9mZmljZS5uaWMuY3oxLTArBgNVBAUTJGZmMTVkNDNhMTU5YTQ0ZDM1Mjg4ZTZjN2M0NmZhZjBjZGRjMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtGFyrFlcxWrmuKBpNz4Q7UztwlOCGpkKLDTSkAVCvxAvuywudk4SJVjWYfQrB0XOaElXy+qjAmZ8WwB1zj2icMoBhi8LMQ3Fbu6Yd+dGrVrFVVRBOjiA6Pwm9AxsXniCfD4SSdlt9OierWapLNRcmtEDfaz7iUHs+G87B5Dv80jTQIJ26rkpXx6HR9KB9KXE8nXUKMiT0C6jhQ1DD4sz2GihVpXt9WbwDbaSZhU+28TUBmmiR6VCYlwR/SfpdGVqqNz2XBFy+P0/0a4V1bWmBo57OClNab4DPdE2mdr907nW0chjErhIZn/lUtyqaB3VxxQsbH8y123hzB/r7sNfcCAwEAAaOCAZYwggGSMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgkogatL306DoEOAq8tyqjhUMPo0wHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkwZAYIKwYBBQUHAQEEWDBWMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjQwMDIvMDAGCCsGAQUFBzAChiRodHRwOi8vYm91bGRlcjo0NDMwL2FjbWUvaXNzdWVyLWNlcnQwIQYDVR0RBBowGIIWc3VpdGVjcm0ub2ZmaWNlLm5pYy5jejAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYGZ4EMAQIBMEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8GCCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IBAQCB/Q969pUYg7PetAP1YjTtVPH5iuRjq/G37GyOkX4+OJ9dhGTYPHlU2wrbJVSChkr9TAjs1T4mL6QwWW+YkbtGqwl29duN7aLiTdBQetM8QA/iAyGIFeLjX9QG4MiaXQQ9dX/J/opwcqBFL9GcjW5VtVX0C6Buynxl2PlmAMHjlfrHfuv1hopLqWWbMPUv09mEvOXFpLzLuUraot+YCzwdZqG0JLZiOIksp0KWIXz9VzPt6BO+RnNPHLTUsH038YQ+Sew91xxAEdXGfnk0n56NDAK8R+Uy6bgiDwx9kpI0AdPLq1kdlcvJk7hcgyrcUScemVnhfQrHUKfw1T8cIPVv'
[Fri Nov 10 15:22:47 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 201 Created
Boulder-Requester: 2
Cache-Control: public, max-age=0, no-cache
Content-Type: application/pkix-cert
Link: <http://boulder.office.nic.cz:4000/acme/issuer-cert>;rel="up"
Location: http://boulder.office.nic.cz:4000/acme/cert/ff15d43a159a44d35288e6c7c46faf0cddc3
Replay-Nonce: 1X8HlYvsxEomowisbWXKSrXsV22jCySQ5r2jnRgJQo8
Date: Fri, 10 Nov 2017 15:22:47 GMT
Content-Length: 1176
'
[Fri Nov 10 15:22:47 UTC 2017] response='MIIElDCCA3ygAwIBAgITAP8V1DoVmkTTUojmx8RvrwzdwzANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNzExMTAxNDIyNDdaFw0xODAyMDgxNDIyNDdaMFAxHzAdBgNVBAMTFnN1aXRlY3JtLm9mZmljZS5uaWMuY3oxLTArBgNVBAUTJGZmMTVkNDNhMTU5YTQ0ZDM1Mjg4ZTZjN2M0NmZhZjBjZGRjMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtGFyrFlcxWrmuKBpNz4Q7UztwlOCGpkKLDTSkAVCvxAvuywudk4SJVjWYfQrB0XOaElXy+qjAmZ8WwB1zj2icMoBhi8LMQ3Fbu6Yd+dGrVrFVVRBOjiA6Pwm9AxsXniCfD4SSdlt9OierWapLNRcmtEDfaz7iUHs+G87B5Dv80jTQIJ26rkpXx6HR9KB9KXE8nXUKMiT0C6jhQ1DD4sz2GihVpXt9WbwDbaSZhU+28TUBmmiR6VCYlwR/SfpdGVqqNz2XBFy+P0/0a4V1bWmBo57OClNab4DPdE2mdr907nW0chjErhIZn/lUtyqaB3VxxQsbH8y123hzB/r7sNfcCAwEAAaOCAZYwggGSMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgkogatL306DoEOAq8tyqjhUMPo0wHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkwZAYIKwYBBQUHAQEEWDBWMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjQwMDIvMDAGCCsGAQUFBzAChiRodHRwOi8vYm91bGRlcjo0NDMwL2FjbWUvaXNzdWVyLWNlcnQwIQYDVR0RBBowGIIWc3VpdGVjcm0ub2ZmaWNlLm5pYy5jejAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYGZ4EMAQIBMEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8GCCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IBAQCB/Q969pUYg7PetAP1YjTtVPH5iuRjq/G37GyOkX4+OJ9dhGTYPHlU2wrbJVSChkr9TAjs1T4mL6QwWW+YkbtGqwl29duN7aLiTdBQetM8QA/iAyGIFeLjX9QG4MiaXQQ9dX/J/opwcqBFL9GcjW5VtVX0C6Buynxl2PlmAMHjlfrHfuv1hopLqWWbMPUv09mEvOXFpLzLuUraot+YCzwdZqG0JLZiOIksp0KWIXz9VzPt6BO+RnNPHLTUsH038YQ+Sew91xxAEdXGfnk0n56NDAK8R+Uy6bgiDwx9kpI0AdPLq1kdlcvJk7hcgyrcUScemVnhfQrHUKfw1T8cIPVv'
[Fri Nov 10 15:22:47 UTC 2017] code='201'
.acme.sh/acme.sh: line 1819: warning: command substitution: ignored null byte in input
[Fri Nov 10 15:22:47 UTC 2017] _body=' 0�0�������http://example.com/crl0a��U� �Z0X��g�
                                                                                      ���0L��*��0E0"+������http://example.com/cps0�+����0�
��      *�H�                                                                                                                              �Do What Thou Wilt0
  �����z�����޴��b4�T����c����l~>8�]�d�<yT
�%T��J���>&/�0Yo���F�	v�ۍ���M�Pz�<@��!����_���Ț]�=u����pr�E/ќ�nU�U�
                                                                     �n�|e��f�����~����K�e�0�/�ل��Ť�˹Jڢߘ
                                                                                                        <�f��$�b8�,�B�!|�W3����FsO��԰}7��>I�=��@���~y4���
                                                                                                                                                         ��G�2��"
                                                                                                                                                                 }��4��˫Y���ɓ�\�*�Q'��Y�}
�P���?� �o'
[Fri Nov 10 15:22:47 UTC 2017] Le_LinkCert='http://boulder.office.nic.cz:4000/acme/cert/ff15d43a159a44d35288e6c7c46faf0cddc3'
[Fri Nov 10 15:22:47 UTC 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIElDCCA3ygAwIBAgITAP8V1DoVmkTTUojmx8RvrwzdwzANBgkqhkiG9w0BAQsF
ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNzExMTAxNDIy
NDdaFw0xODAyMDgxNDIyNDdaMFAxHzAdBgNVBAMTFnN1aXRlY3JtLm9mZmljZS5u
aWMuY3oxLTArBgNVBAUTJGZmMTVkNDNhMTU5YTQ0ZDM1Mjg4ZTZjN2M0NmZhZjBj
ZGRjMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMtGFyrFlcxWrmuK
BpNz4Q7UztwlOCGpkKLDTSkAVCvxAvuywudk4SJVjWYfQrB0XOaElXy+qjAmZ8Ww
B1zj2icMoBhi8LMQ3Fbu6Yd+dGrVrFVVRBOjiA6Pwm9AxsXniCfD4SSdlt9OierW
apLNRcmtEDfaz7iUHs+G87B5Dv80jTQIJ26rkpXx6HR9KB9KXE8nXUKMiT0C6jhQ
1DD4sz2GihVpXt9WbwDbaSZhU+28TUBmmiR6VCYlwR/SfpdGVqqNz2XBFy+P0/0a
4V1bWmBo57OClNab4DPdE2mdr907nW0chjErhIZn/lUtyqaB3VxxQsbH8y123hzB
/r7sNfcCAwEAAaOCAZYwggGSMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgkogatL3
06DoEOAq8tyqjhUMPo0wHwYDVR0jBBgwFoAU+3hPEvlgFYMsnxd/NBmzLjbqQYkw
ZAYIKwYBBQUHAQEEWDBWMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjQw
MDIvMDAGCCsGAQUFBzAChiRodHRwOi8vYm91bGRlcjo0NDMwL2FjbWUvaXNzdWVy
LWNlcnQwIQYDVR0RBBowGIIWc3VpdGVjcm0ub2ZmaWNlLm5pYy5jejAnBgNVHR8E
IDAeMBygGqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYG
Z4EMAQIBMEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20v
Y3BzMB8GCCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEB
CwUAA4IBAQCB/Q969pUYg7PetAP1YjTtVPH5iuRjq/G37GyOkX4+OJ9dhGTYPHlU
2wrbJVSChkr9TAjs1T4mL6QwWW+YkbtGqwl29duN7aLiTdBQetM8QA/iAyGIFeLj
X9QG4MiaXQQ9dX/J/opwcqBFL9GcjW5VtVX0C6Buynxl2PlmAMHjlfrHfuv1hopL
qWWbMPUv09mEvOXFpLzLuUraot+YCzwdZqG0JLZiOIksp0KWIXz9VzPt6BO+RnNP
HLTUsH038YQ+Sew91xxAEdXGfnk0n56NDAK8R+Uy6bgiDwx9kpI0AdPLq1kdlcvJ
k7hcgyrcUScemVnhfQrHUKfw1T8cIPVv
-----END CERTIFICATE-----
[Fri Nov 10 15:22:47 UTC 2017] Your cert is in  /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.cer 
[Fri Nov 10 15:22:47 UTC 2017] Your cert key is in  /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/suitecrm.office.nic.cz.key 
[Fri Nov 10 15:22:47 UTC 2017] Le_LinkIssuer='http://boulder.office.nic.cz:4000/acme/issuer-cert'
[Fri Nov 10 15:22:47 UTC 2017] _link_issuer_retry='0'
[Fri Nov 10 15:22:47 UTC 2017] GET
[Fri Nov 10 15:22:47 UTC 2017] url='http://boulder.office.nic.cz:4000/acme/issuer-cert'
[Fri Nov 10 15:22:47 UTC 2017] timeout
[Fri Nov 10 15:22:47 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.6EGCH7hybJ '
[Fri Nov 10 15:22:47 UTC 2017] ret='0'
[Fri Nov 10 15:22:47 UTC 2017] The intermediate CA cert is in  /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/ca.cer 
[Fri Nov 10 15:22:47 UTC 2017] And the full chain certs is there:  /home/letsencrypt/.acme.sh/suitecrm.office.nic.cz/fullchain.cer 
[Fri Nov 10 15:22:47 UTC 2017] _on_issue_success
[Fri Nov 10 15:22:47 UTC 2017] '' does not contain 'dns'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment