New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign failed with HTTP/1.1 400 Bad Request #111

Closed
backbohne opened this Issue Mar 29, 2016 · 18 comments

Comments

Projects
None yet
2 participants
@backbohne

backbohne commented Mar 29, 2016

Hi,

I'm using your script without any issue under Debian, but it fails under Cloudlinux (CentOS).
Not sure what is the problem here?

> le issue dns-deep web01.mydomain.ch
...
Verify finished, start to sign.
url=https://acme-v01.api.letsencrypt.org/acme/new-cert
payload={"resource": "new-cert", "csr": "..."}
RSA key
pub_exp=010001
e=AQAB
jwk={"e": "AQAB", "kty": "RSA", "n": "..."}
HEADER={"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
payload64=...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   263    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
nonce=...
protected={"nonce": "...", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
protected64=...
sig=...
body={"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}, "protected": "...", "payload": "...", "signature": "..."}
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
102  2652    0    98  102  2554    125   3269 --:--:-- --:--:-- --:--:--  3607
responseHeaders=HTTP/1.1 100 Continue
Expires: Tue, 29 Mar 2016 14:34:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 98
Replay-Nonce: 3XnsQBBg4Oc32DV4F7GejkWFwM45Ty0PheLOw965uUA
Expires: Tue, 29 Mar 2016 14:34:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Mar 2016 14:34:52 GMT
Connection: close

response=curl exists=0
eyJ0eXBlIjoidXJuOmFjbWU6ZXJyb3I6bWFsZm9ybWVkIiwiZGV0YWlsIjoiRXJyb3IgdW5tYXJzaGFsaW5nIGNlcnRpZmljYXRlIHJlcXVlc3QiLCJzdGF0dXMiOjQwMH0=
code=400
OK
/opt/deep-le/web01.mydomain.ch/web01.mydomain.ch.conf:9:Le_LinkCert=
Sign failed: 
> cat http.header                                                                                                           
HTTP/1.1 100 Continue
Expires: Tue, 29 Mar 2016 14:34:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 98
Replay-Nonce: 3XnsQBBg4Oc32DV4F7GejkWFwM45Ty0PheLOw965uUA
Expires: Tue, 29 Mar 2016 14:34:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 29 Mar 2016 14:34:52 GMT
Connection: close
> curl -V                                                                                         
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp 
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz 

Regrads
Frank

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 30, 2016

Owner

It seems that you are not using the latest version. Please uninstall and re-install the latest version.
Paste the logs here if you still have the issue.

Owner

Neilpang commented Mar 30, 2016

It seems that you are not using the latest version. Please uninstall and re-install the latest version.
Paste the logs here if you still have the issue.

@backbohne

This comment has been minimized.

Show comment
Hide comment
@backbohne

backbohne Mar 30, 2016

OK, I've installed the latest repo under my user, but it will still fails:

le issue dns-deep web01.mydomain.ch

OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:1:Le_Domain=web01.mydomain.ch
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:2:Le_Alt=
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:3:Le_Webroot=dns-deep
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:4:Le_Keylength=
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:5:Le_RealCertPath=""
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:6:Le_RealCACertPath=""
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:7:Le_RealKeyPath=""
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:8:Le_ReloadCmd=""
Creating account key
Use default length 2048
Account key exists, skip
RSA key
pub_exp='010001'
e='AQAB'
jwk='{"e": "AQAB", "kty": "RSA", "n": "..."}'
HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}'
Skip register account key
Creating domain key
Use length 2048
Creating csr
Single domain=web01.mydomain.ch
Verify each domain
Getting token for domain=web01.mydomain.ch
url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "web01.mydomain.ch"}}'
RSA key
pub_exp='010001'
e='AQAB'
jwk='{"e": "AQAB", "kty": "RSA", "n": "..."}'
HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}'
payload64='...'
url='https://acme-v01.api.letsencrypt.org/directory'
curl exists=0
nonce='...'
protected='{"nonce": "...", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}'
protected64='...'
sig='...'
body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}, "protected": "...", "payload": "...", "signature": "..."}'
curl exists=0
responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 30 Mar 2016 08:18:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 776
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs
Replay-Nonce: _smdTRy6Huvno-w5pp9rKNzGwjjXPA0TyefLGyOjIBE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 30 Mar 2016 08:18:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 30 Mar 2016 08:18:48 GMT
Connection: keep-alive
'
response='{"identifier":{"type":"dns","value":"web01.mydomain.ch"},"status":"pending","expires":"2016-04-06T08:18:47.745578166Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555821","token":"hgp74PcPYzhGS7LVLmXgmg0u2mWcQE84CvpBmMb7kxM"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555822","token":"nPUl05gRe9It2bVCeX7HrEce747ygV968ONWvKzuNEY"},{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823","token":"Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ"}],"combinations":[[2],[1],[0]]}'
code='201'
entry='{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823","token":"Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ"'
token='Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ'
uri='https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823'
keyauthorization='Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo'
dvlist='web01.mydomain.ch#Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo#https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823'
txtdomain='_acme-challenge.web01.mydomain.ch'
txt='RhpGVJUgV6516V24uhCC1auBbjZ-cKKEytFseXyNpro'
d_api='/home/fbo/.le/dnsapi/dns-deep.sh'
Found domain api file: /home/fbo/.le/dnsapi/dns-deep.sh
dns-deep-add
OK
/home/fbo/.le/account.conf:16:DEEP_Key=rek548ujFar23d7u3hVFF3
OK
/home/fbo/.le/account.conf:15:DEEP_Api=https://backend.ida.mydomain.ch/special-dns-acme-challenge
calling API: /usr/bin/curl -s -k -X POST --data 'key=*****&domain=_acme-challenge.web01.mydomain.ch&value=RhpGVJUgV6516V24uhCC1auBbjZ-cKKEytFseXyNpro' https://backend.ida.mydomain.ch/special-dns-acme-challenge
Sleep 60 seconds for the txt records to take effect
ok, let's start to verify
Verifying:web01.mydomain.ch
d=web01.mydomain.ch
keyauthorization=Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo
uri=https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823
url=https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823
payload={"resource": "challenge", "keyAuthorization": "Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo"}
RSA key
pub_exp=010001
e=AQAB
jwk={"e": "AQAB", "kty": "RSA", "n": "..."}
HEADER={"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
payload64=eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJZNlFzaFhoQmNHWUUtUURaNmdUdmFNeHVyWnNveFl3MmFSWXIwaVJybXhRLnZ5ZnBtYzBFY1JBS1EtemlYUU05X0pESmF5cmFGcnJ4VlhXbzg1MzlVTm8ifQ
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   263    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
nonce=_C7RiHR1Ng10KLHclZCWBeG8HTqwZXQxW-Z4IfEBzmU
protected={"nonce": "_C7RiHR1Ng10KLHclZCWBeG8HTqwZXQxW-Z4IfEBzmU", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
protected64=...
sig=...
body={"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}, "protected": "...", "payload": "...", "signature": "..."}
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1912  104   312  100  1600    360   1846 --:--:-- --:--:-- --:--:--  2185
responseHeaders=HTTP/1.1 100 Continue
Expires: Wed, 30 Mar 2016 08:20:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 312
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823
Replay-Nonce: jZjVtYln6MSFsjWea1diMd0NmHHHrCPGMCOcg4VIMSs
Expires: Wed, 30 Mar 2016 08:20:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 30 Mar 2016 08:20:05 GMT
Connection: keep-alive

response=curl exists=0
{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823","token":"Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ","keyAuthorization":"Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo"}
code=202
sleep 5 secs to verify
checking
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
103   412  103   412    0     0   1384      0 --:--:-- --:--:-- --:--:--  2203
Success
Skip for removelevel:
Verify finished, start to sign.
url=https://acme-v01.api.letsencrypt.org/acme/new-cert
payload={"resource": "new-cert", "csr": "..."}
RSA key
pub_exp=010001
e=AQAB
jwk={"e": "AQAB", "kty": "RSA", "n": "..."}
HEADER={"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
payload64=...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   263    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
nonce=xl9p5bRiQeuIwxL75DNhrHWKvllxvTCK7V61-ijEx7k
protected={"nonce": "xl9p5bRiQeuIwxL75DNhrHWKvllxvTCK7V61-ijEx7k", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
protected64=...
sig=...
body={"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}, "protected": "...", "payload": "...", "signature": "..."}
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
102  2652    0    98  102  2554    122   3205 --:--:-- --:--:-- --:--:--  3627
responseHeaders=HTTP/1.1 100 Continue
Expires: Wed, 30 Mar 2016 08:20:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 98
Replay-Nonce: J6w670D4E0nNzYr-bX7YXzAJHillzXYvvTKihzshHcY
Expires: Wed, 30 Mar 2016 08:20:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 30 Mar 2016 08:20:12 GMT
Connection: close

response=curl exists=0
eyJ0eXBlIjoidXJuOmFjbWU6ZXJyb3I6bWFsZm9ybWVkIiwiZGV0YWlsIjoiRXJyb3IgdW5tYXJzaGFsaW5nIGNlcnRpZmljYXRlIHJlcXVlc3QiLCJzdGF0dXMiOjQwMH0=
code=400
OK
/home/fbo/.le/web01.mydomain.ch/web01.deep.ch.conf:9:Le_LinkCert=
Sign failed: 

backbohne commented Mar 30, 2016

OK, I've installed the latest repo under my user, but it will still fails:

le issue dns-deep web01.mydomain.ch

OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:1:Le_Domain=web01.mydomain.ch
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:2:Le_Alt=
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:3:Le_Webroot=dns-deep
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:4:Le_Keylength=
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:5:Le_RealCertPath=""
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:6:Le_RealCACertPath=""
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:7:Le_RealKeyPath=""
OK
/home/fbo/.le/web01.mydomain.ch/web01.mydomain.ch.conf:8:Le_ReloadCmd=""
Creating account key
Use default length 2048
Account key exists, skip
RSA key
pub_exp='010001'
e='AQAB'
jwk='{"e": "AQAB", "kty": "RSA", "n": "..."}'
HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}'
Skip register account key
Creating domain key
Use length 2048
Creating csr
Single domain=web01.mydomain.ch
Verify each domain
Getting token for domain=web01.mydomain.ch
url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "web01.mydomain.ch"}}'
RSA key
pub_exp='010001'
e='AQAB'
jwk='{"e": "AQAB", "kty": "RSA", "n": "..."}'
HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}'
payload64='...'
url='https://acme-v01.api.letsencrypt.org/directory'
curl exists=0
nonce='...'
protected='{"nonce": "...", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}'
protected64='...'
sig='...'
body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}, "protected": "...", "payload": "...", "signature": "..."}'
curl exists=0
responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 30 Mar 2016 08:18:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 776
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs
Replay-Nonce: _smdTRy6Huvno-w5pp9rKNzGwjjXPA0TyefLGyOjIBE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 30 Mar 2016 08:18:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 30 Mar 2016 08:18:48 GMT
Connection: keep-alive
'
response='{"identifier":{"type":"dns","value":"web01.mydomain.ch"},"status":"pending","expires":"2016-04-06T08:18:47.745578166Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555821","token":"hgp74PcPYzhGS7LVLmXgmg0u2mWcQE84CvpBmMb7kxM"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555822","token":"nPUl05gRe9It2bVCeX7HrEce747ygV968ONWvKzuNEY"},{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823","token":"Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ"}],"combinations":[[2],[1],[0]]}'
code='201'
entry='{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823","token":"Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ"'
token='Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ'
uri='https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823'
keyauthorization='Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo'
dvlist='web01.mydomain.ch#Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo#https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823'
txtdomain='_acme-challenge.web01.mydomain.ch'
txt='RhpGVJUgV6516V24uhCC1auBbjZ-cKKEytFseXyNpro'
d_api='/home/fbo/.le/dnsapi/dns-deep.sh'
Found domain api file: /home/fbo/.le/dnsapi/dns-deep.sh
dns-deep-add
OK
/home/fbo/.le/account.conf:16:DEEP_Key=rek548ujFar23d7u3hVFF3
OK
/home/fbo/.le/account.conf:15:DEEP_Api=https://backend.ida.mydomain.ch/special-dns-acme-challenge
calling API: /usr/bin/curl -s -k -X POST --data 'key=*****&domain=_acme-challenge.web01.mydomain.ch&value=RhpGVJUgV6516V24uhCC1auBbjZ-cKKEytFseXyNpro' https://backend.ida.mydomain.ch/special-dns-acme-challenge
Sleep 60 seconds for the txt records to take effect
ok, let's start to verify
Verifying:web01.mydomain.ch
d=web01.mydomain.ch
keyauthorization=Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo
uri=https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823
url=https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823
payload={"resource": "challenge", "keyAuthorization": "Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo"}
RSA key
pub_exp=010001
e=AQAB
jwk={"e": "AQAB", "kty": "RSA", "n": "..."}
HEADER={"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
payload64=eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJZNlFzaFhoQmNHWUUtUURaNmdUdmFNeHVyWnNveFl3MmFSWXIwaVJybXhRLnZ5ZnBtYzBFY1JBS1EtemlYUU05X0pESmF5cmFGcnJ4VlhXbzg1MzlVTm8ifQ
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   263    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
nonce=_C7RiHR1Ng10KLHclZCWBeG8HTqwZXQxW-Z4IfEBzmU
protected={"nonce": "_C7RiHR1Ng10KLHclZCWBeG8HTqwZXQxW-Z4IfEBzmU", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
protected64=...
sig=...
body={"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}, "protected": "...", "payload": "...", "signature": "..."}
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1912  104   312  100  1600    360   1846 --:--:-- --:--:-- --:--:--  2185
responseHeaders=HTTP/1.1 100 Continue
Expires: Wed, 30 Mar 2016 08:20:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 312
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823
Replay-Nonce: jZjVtYln6MSFsjWea1diMd0NmHHHrCPGMCOcg4VIMSs
Expires: Wed, 30 Mar 2016 08:20:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 30 Mar 2016 08:20:05 GMT
Connection: keep-alive

response=curl exists=0
{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/Aynk4952q5T7iNZhY-UKmutk7XAVtj5Sguk8DfKXUCs/37555823","token":"Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ","keyAuthorization":"Y6QshXhBcGYE-QDZ6gTvaMxurZsoxYw2aRYr0iRrmxQ.vyfpmc0EcRAKQ-ziXQM9_JDJayraFrrxVXWo8539UNo"}
code=202
sleep 5 secs to verify
checking
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
103   412  103   412    0     0   1384      0 --:--:-- --:--:-- --:--:--  2203
Success
Skip for removelevel:
Verify finished, start to sign.
url=https://acme-v01.api.letsencrypt.org/acme/new-cert
payload={"resource": "new-cert", "csr": "..."}
RSA key
pub_exp=010001
e=AQAB
jwk={"e": "AQAB", "kty": "RSA", "n": "..."}
HEADER={"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
payload64=...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   263    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
nonce=xl9p5bRiQeuIwxL75DNhrHWKvllxvTCK7V61-ijEx7k
protected={"nonce": "xl9p5bRiQeuIwxL75DNhrHWKvllxvTCK7V61-ijEx7k", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}
protected64=...
sig=...
body={"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "..."}}, "protected": "...", "payload": "...", "signature": "..."}
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
102  2652    0    98  102  2554    122   3205 --:--:-- --:--:-- --:--:--  3627
responseHeaders=HTTP/1.1 100 Continue
Expires: Wed, 30 Mar 2016 08:20:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 98
Replay-Nonce: J6w670D4E0nNzYr-bX7YXzAJHillzXYvvTKihzshHcY
Expires: Wed, 30 Mar 2016 08:20:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 30 Mar 2016 08:20:12 GMT
Connection: close

response=curl exists=0
eyJ0eXBlIjoidXJuOmFjbWU6ZXJyb3I6bWFsZm9ybWVkIiwiZGV0YWlsIjoiRXJyb3IgdW5tYXJzaGFsaW5nIGNlcnRpZmljYXRlIHJlcXVlc3QiLCJzdGF0dXMiOjQwMH0=
code=400
OK
/home/fbo/.le/web01.mydomain.ch/web01.deep.ch.conf:9:Le_LinkCert=
Sign failed: 
@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 30, 2016

Owner

I believe the log is not generated by our latest code.

  1. Install the latest version online :
curl https://raw.githubusercontent.com/Neilpang/le/master/le.sh | INSTALLONLINE=1  bash

And then try again.

  1. If it still doesn't work, please check the generated CSR with online decoder:

https://certlogik.com/decoder/

The csr is located : ~/.le/yourdomain.ch/yourdomain.ch.csr

Owner

Neilpang commented Mar 30, 2016

I believe the log is not generated by our latest code.

  1. Install the latest version online :
curl https://raw.githubusercontent.com/Neilpang/le/master/le.sh | INSTALLONLINE=1  bash

And then try again.

  1. If it still doesn't work, please check the generated CSR with online decoder:

https://certlogik.com/decoder/

The csr is located : ~/.le/yourdomain.ch/yourdomain.ch.csr

@backbohne

This comment has been minimized.

Show comment
Hide comment
@backbohne

backbohne Mar 30, 2016

Have reinstalled as you mentioned above, but it still fails (lease note that I've removed clear-text keys/certs from the logs).

Your generated CSR ist valid (status "green" at all).

backbohne commented Mar 30, 2016

Have reinstalled as you mentioned above, but it still fails (lease note that I've removed clear-text keys/certs from the logs).

Your generated CSR ist valid (status "green" at all).

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 30, 2016

Owner

Yes, I knew that you removed some keys/certs. but the output doesn't look like from our latest code.

I just checked in a new version number 1.2.1.

Please re-install, and see if the version number is correct.

Owner

Neilpang commented Mar 30, 2016

Yes, I knew that you removed some keys/certs. but the output doesn't look like from our latest code.

I just checked in a new version number 1.2.1.

Please re-install, and see if the version number is correct.

@backbohne

This comment has been minimized.

Show comment
Hide comment
@backbohne

backbohne Mar 30, 2016

> curl https://raw.githubusercontent.com/Neilpang/le/master/le.sh | INSTALLONLINE=1  bash                                                                                                                [1062]
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 41599  100 41599    0     0   118k      0 --:--:-- --:--:-- --:--:--  286k
Installing from online archive.
Downloading https://github.com/Neilpang/le/archive/master.tar.gz
url='https://github.com/Neilpang/le/archive/master.tar.gz'
curl exists=0
Extracting master.tar.gz
curl exists=0
crontab exists=0
openssl exists=0
nc exists=0
Installing to /home/fbo/.le
Installed to /home/fbo/.le/le.sh
Found profile: /home/fbo/.zshrc
OK
/home/fbo/.zshrc:5:source "/home/fbo/.le/le.env"
OK, Close and reopen your terminal to start using le
crontab exists=0
Installing cron job
0 0 * * * LE_WORKING_DIR="/home/fbo/.le" "/home/fbo/.le"/le.sh cron > /dev/null
OK
Install success!
> /home/fbo/.le/le.sh                                                                                                                                                                                   
https://github.com/Neilpang/le
v1.2.1
Usage: le.sh  [command] ...[args]....
Avalible commands:

install:
  Install le.sh to your system.
issue:
  Issue a cert.
installcert:
  Install the issued cert to apache/nginx or any other server.
renew:
  Renew a cert.
renewAll:
  Renew all the certs.
uninstall:
  Uninstall le.sh, and uninstall the cron job.
version:
  Show version info.
installcronjob:
  Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
uninstallcronjob:
  Uninstall the cron job. The 'uninstall' command can do this automatically.
createAccountKey:
  Create an account private key, professional use.
createDomainKey:
  Create an domain private key, professional use.
createCSR:
  Create CSR , professional use.

...but same error :-(

backbohne commented Mar 30, 2016

> curl https://raw.githubusercontent.com/Neilpang/le/master/le.sh | INSTALLONLINE=1  bash                                                                                                                [1062]
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 41599  100 41599    0     0   118k      0 --:--:-- --:--:-- --:--:--  286k
Installing from online archive.
Downloading https://github.com/Neilpang/le/archive/master.tar.gz
url='https://github.com/Neilpang/le/archive/master.tar.gz'
curl exists=0
Extracting master.tar.gz
curl exists=0
crontab exists=0
openssl exists=0
nc exists=0
Installing to /home/fbo/.le
Installed to /home/fbo/.le/le.sh
Found profile: /home/fbo/.zshrc
OK
/home/fbo/.zshrc:5:source "/home/fbo/.le/le.env"
OK, Close and reopen your terminal to start using le
crontab exists=0
Installing cron job
0 0 * * * LE_WORKING_DIR="/home/fbo/.le" "/home/fbo/.le"/le.sh cron > /dev/null
OK
Install success!
> /home/fbo/.le/le.sh                                                                                                                                                                                   
https://github.com/Neilpang/le
v1.2.1
Usage: le.sh  [command] ...[args]....
Avalible commands:

install:
  Install le.sh to your system.
issue:
  Issue a cert.
installcert:
  Install the issued cert to apache/nginx or any other server.
renew:
  Renew a cert.
renewAll:
  Renew all the certs.
uninstall:
  Uninstall le.sh, and uninstall the cron job.
version:
  Show version info.
installcronjob:
  Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
uninstallcronjob:
  Uninstall the cron job. The 'uninstall' command can do this automatically.
createAccountKey:
  Create an account private key, professional use.
createDomainKey:
  Create an domain private key, professional use.
createCSR:
  Create CSR , professional use.

...but same error :-(

@backbohne

This comment has been minimized.

Show comment
Hide comment
@backbohne

backbohne Mar 31, 2016

The only difference I see between my running Debian setup is the curl version.

Cloudlinux (6): 7.19.7 (x86_64-redhat-linux-gnu)
Debian (jessie): 7.38.0 (x86_64-pc-linux-gnu)

backbohne commented Mar 31, 2016

The only difference I see between my running Debian setup is the curl version.

Cloudlinux (6): 7.19.7 (x86_64-redhat-linux-gnu)
Debian (jessie): 7.38.0 (x86_64-pc-linux-gnu)

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 31, 2016

Owner

Then can you please upgrade your curl version and try again?

Or, you can uninstall curl, and install wget. we can support wget too.

Owner

Neilpang commented Mar 31, 2016

Then can you please upgrade your curl version and try again?

Or, you can uninstall curl, and install wget. we can support wget too.

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 31, 2016

Owner

I just tried with my CentOS 6 VM, it uses curl 7.19.7, which is same as yours:

[root@centos .le]# curl -V
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp 
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz 

But it works for me, no issue is there.

And, I just made a minor fix for you. Please update and try again.

Owner

Neilpang commented Mar 31, 2016

I just tried with my CentOS 6 VM, it uses curl 7.19.7, which is same as yours:

[root@centos .le]# curl -V
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp 
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz 

But it works for me, no issue is there.

And, I just made a minor fix for you. Please update and try again.

@backbohne

This comment has been minimized.

Show comment
Hide comment
@backbohne

backbohne Mar 31, 2016

same issue :-(

account.conf

ACCOUNT_EMAIL=ops@mydomain.ch
ACCOUNT_KEY_PATH="/home/fbo/.le/account.key"
ACCOUNT_KEY_HASH=123456789=

LE_WORKING_DIR="/home/fbo/.le"
ACME_DIR=/var/www
APACHE_CONF_BACKUP_DIR="/home/fbo/.le/backup"
USER_AGENT="le.sh client: https://github.com/Neilpang/le"

# STAGE=1 
FORCE=1
DEBUG=1

# deep DNS ACME API URL and key 
DEEP_Api=https://backend.ida.mydomain.ch/special-dns-acme-challenge
DEEP_Key=*******

dnsapi/dns-deep.sh

#!/bin/bash
#
# see https://github.com/Neilpang/le/tree/master/dnsapi for details

CURL=/usr/bin/curl

dns-deep-add() {
  domain=$1
  txtvalue=$2

  if [ -z "$DEEP_Key" ] || [ -z "$DEEP_Api" ] ; then
    _err "You don't specify DEEP_Key and/or DEEP_Api yet."
    _err "Please create you key and try again."
    return 1
  fi

  # save the key and url to account conf file.
  _saveaccountconf DEEP_Key "$DEEP_Key"
  _saveaccountconf DEEP_Api "$DEEP_Api"

  data="key=${DEEP_Key}&domain=${domain}&value=${txtvalue}"
  _debug "calling API: $CURL -s -k -X POST --data '$data' $DEEP_Api"
  result="`$CURL -s -k -X POST --data \"$data\" $DEEP_Api`"

  if [ "$result" == '"OK"' ] ; then
    return 0
  fi

  _err "DNS update fails with: $result"

  return 1
}

_debug() {
  if [ -z "$DEBUG" ] ; then
    return
  fi

  if [ -z "$2" ] ; then
    echo $1
  else
    echo "$1"="$2"
  fi
}

_info() {
  if [ -z "$2" ] ; then
    echo "$1"
  else
    echo "$1"="$2"
  fi
}

_err() {
  if [ -z "$2" ] ; then
    echo "$1" >&2
  else
    echo "$1"="$2" >&2
  fi
}

curl.dump

...
=> Send data, 1528 bytes (0x5f8)
0000: {"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "
0040: n": "..."}
<= Recv header, 22 bytes (0x16)
0000: HTTP/1.1 201 Created
<= Recv header, 15 bytes (0xf)
0000: Server: nginx
<= Recv header, 32 bytes (0x20)
0000: Content-Type: application/json
<= Recv header, 21 bytes (0x15)
0000: Content-Length: 776
<= Recv header, 71 bytes (0x47)
0000: Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="
0040: next"
<= Recv header, 103 bytes (0x67)
0000: Location: https://acme-v01.api.letsencrypt.org/acme/authz/_OG69A
0040: xMvFtxeGhxPEnCHhUe7-4Lla5a1qcUUeiAKaM
<= Recv header, 59 bytes (0x3b)
0000: Replay-Nonce: 8LoOb34NNOfj5sfwAP46Cf1j98398aAcsbht53lLt5A
<= Recv header, 23 bytes (0x17)
0000: X-Frame-Options: DENY
<= Recv header, 43 bytes (0x2b)
0000: Strict-Transport-Security: max-age=604800
<= Recv header, 40 bytes (0x28)
0000: Expires: Thu, 31 Mar 2016 12:46:20 GMT
<= Recv header, 46 bytes (0x2e)
0000: Cache-Control: max-age=0, no-cache, no-store
<= Recv header, 18 bytes (0x12)
0000: Pragma: no-cache
<= Recv header, 37 bytes (0x25)
0000: Date: Thu, 31 Mar 2016 12:46:20 GMT
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 776 bytes (0x308)
0000: {"identifier":{"type":"dns","value":"web01.deep.ch"},"status":"p
0040: ending","expires":"2016-04-07T12:46:20.295042491Z","challenges":
0080: [{"type":"http-01","status":"pending","uri":"https://acme-v01.ap
00c0: i.letsencrypt.org/acme/challenge/_OG69AxMvFtxeGhxPEnCHhUe7-4Lla5
0100: a1qcUUeiAKaM/38430144","token":"khnf-R2lD2OapztlvZ3eFVN_p9XwukbB
0140: iOYzEqXRshM"},{"type":"dns-01","status":"pending","uri":"https:/
0180: /acme-v01.api.letsencrypt.org/acme/challenge/_OG69AxMvFtxeGhxPEn
01c0: CHhUe7-4Lla5a1qcUUeiAKaM/38430145","token":"Eg9hLRC4iJlxbDXU7slF
0200: LMrT-pwYKScih6BeWcolIvk"},{"type":"tls-sni-01","status":"pending
0240: ","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/_OG
0280: 69AxMvFtxeGhxPEnCHhUe7-4Lla5a1qcUUeiAKaM/38430146","token":"LuJy
02c0: feb98moVzYC7frA5jc_I7ssXGJkPtmuSeFr2qig"}],"combinations":[[1],[
0300: 2],[0]]}
== Info: Connection #0 to host acme-v01.api.letsencrypt.org left intact
== Info: Closing connection #0

le.env

LE_WORKING_DIR=/home/fbo/.le
alias le="/home/fbo/.le/le.sh"
alias le.sh="/home/fbo/.le/le.sh"

backbohne commented Mar 31, 2016

same issue :-(

account.conf

ACCOUNT_EMAIL=ops@mydomain.ch
ACCOUNT_KEY_PATH="/home/fbo/.le/account.key"
ACCOUNT_KEY_HASH=123456789=

LE_WORKING_DIR="/home/fbo/.le"
ACME_DIR=/var/www
APACHE_CONF_BACKUP_DIR="/home/fbo/.le/backup"
USER_AGENT="le.sh client: https://github.com/Neilpang/le"

# STAGE=1 
FORCE=1
DEBUG=1

# deep DNS ACME API URL and key 
DEEP_Api=https://backend.ida.mydomain.ch/special-dns-acme-challenge
DEEP_Key=*******

dnsapi/dns-deep.sh

#!/bin/bash
#
# see https://github.com/Neilpang/le/tree/master/dnsapi for details

CURL=/usr/bin/curl

dns-deep-add() {
  domain=$1
  txtvalue=$2

  if [ -z "$DEEP_Key" ] || [ -z "$DEEP_Api" ] ; then
    _err "You don't specify DEEP_Key and/or DEEP_Api yet."
    _err "Please create you key and try again."
    return 1
  fi

  # save the key and url to account conf file.
  _saveaccountconf DEEP_Key "$DEEP_Key"
  _saveaccountconf DEEP_Api "$DEEP_Api"

  data="key=${DEEP_Key}&domain=${domain}&value=${txtvalue}"
  _debug "calling API: $CURL -s -k -X POST --data '$data' $DEEP_Api"
  result="`$CURL -s -k -X POST --data \"$data\" $DEEP_Api`"

  if [ "$result" == '"OK"' ] ; then
    return 0
  fi

  _err "DNS update fails with: $result"

  return 1
}

_debug() {
  if [ -z "$DEBUG" ] ; then
    return
  fi

  if [ -z "$2" ] ; then
    echo $1
  else
    echo "$1"="$2"
  fi
}

_info() {
  if [ -z "$2" ] ; then
    echo "$1"
  else
    echo "$1"="$2"
  fi
}

_err() {
  if [ -z "$2" ] ; then
    echo "$1" >&2
  else
    echo "$1"="$2" >&2
  fi
}

curl.dump

...
=> Send data, 1528 bytes (0x5f8)
0000: {"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "
0040: n": "..."}
<= Recv header, 22 bytes (0x16)
0000: HTTP/1.1 201 Created
<= Recv header, 15 bytes (0xf)
0000: Server: nginx
<= Recv header, 32 bytes (0x20)
0000: Content-Type: application/json
<= Recv header, 21 bytes (0x15)
0000: Content-Length: 776
<= Recv header, 71 bytes (0x47)
0000: Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="
0040: next"
<= Recv header, 103 bytes (0x67)
0000: Location: https://acme-v01.api.letsencrypt.org/acme/authz/_OG69A
0040: xMvFtxeGhxPEnCHhUe7-4Lla5a1qcUUeiAKaM
<= Recv header, 59 bytes (0x3b)
0000: Replay-Nonce: 8LoOb34NNOfj5sfwAP46Cf1j98398aAcsbht53lLt5A
<= Recv header, 23 bytes (0x17)
0000: X-Frame-Options: DENY
<= Recv header, 43 bytes (0x2b)
0000: Strict-Transport-Security: max-age=604800
<= Recv header, 40 bytes (0x28)
0000: Expires: Thu, 31 Mar 2016 12:46:20 GMT
<= Recv header, 46 bytes (0x2e)
0000: Cache-Control: max-age=0, no-cache, no-store
<= Recv header, 18 bytes (0x12)
0000: Pragma: no-cache
<= Recv header, 37 bytes (0x25)
0000: Date: Thu, 31 Mar 2016 12:46:20 GMT
<= Recv header, 24 bytes (0x18)
0000: Connection: keep-alive
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 776 bytes (0x308)
0000: {"identifier":{"type":"dns","value":"web01.deep.ch"},"status":"p
0040: ending","expires":"2016-04-07T12:46:20.295042491Z","challenges":
0080: [{"type":"http-01","status":"pending","uri":"https://acme-v01.ap
00c0: i.letsencrypt.org/acme/challenge/_OG69AxMvFtxeGhxPEnCHhUe7-4Lla5
0100: a1qcUUeiAKaM/38430144","token":"khnf-R2lD2OapztlvZ3eFVN_p9XwukbB
0140: iOYzEqXRshM"},{"type":"dns-01","status":"pending","uri":"https:/
0180: /acme-v01.api.letsencrypt.org/acme/challenge/_OG69AxMvFtxeGhxPEn
01c0: CHhUe7-4Lla5a1qcUUeiAKaM/38430145","token":"Eg9hLRC4iJlxbDXU7slF
0200: LMrT-pwYKScih6BeWcolIvk"},{"type":"tls-sni-01","status":"pending
0240: ","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/_OG
0280: 69AxMvFtxeGhxPEnCHhUe7-4Lla5a1qcUUeiAKaM/38430146","token":"LuJy
02c0: feb98moVzYC7frA5jc_I7ssXGJkPtmuSeFr2qig"}],"combinations":[[1],[
0300: 2],[0]]}
== Info: Connection #0 to host acme-v01.api.letsencrypt.org left intact
== Info: Closing connection #0

le.env

LE_WORKING_DIR=/home/fbo/.le
alias le="/home/fbo/.le/le.sh"
alias le.sh="/home/fbo/.le/le.sh"
@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 31, 2016

Owner

please remove the line in your script:

CURL=/usr/bin/curl
Owner

Neilpang commented Mar 31, 2016

please remove the line in your script:

CURL=/usr/bin/curl
@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 31, 2016

Owner

I just fix the code. the domain api will be run in a subshell.

please try again.

Owner

Neilpang commented Mar 31, 2016

I just fix the code. the domain api will be run in a subshell.

please try again.

@backbohne

This comment has been minimized.

Show comment
Hide comment
@backbohne

backbohne Mar 31, 2016

removed, but still same error :-(

backbohne commented Mar 31, 2016

removed, but still same error :-(

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 31, 2016

Owner

please update and try again

Owner

Neilpang commented Mar 31, 2016

please update and try again

@backbohne

This comment has been minimized.

Show comment
Hide comment
@backbohne

backbohne Mar 31, 2016

IT WORKS!!!!

backbohne commented Mar 31, 2016

IT WORKS!!!!

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 31, 2016

Owner

yes, It seems that your CURL broken our internal CRUL

Owner

Neilpang commented Mar 31, 2016

yes, It seems that your CURL broken our internal CRUL

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Mar 31, 2016

Owner

Thanks for your patience.

Owner

Neilpang commented Mar 31, 2016

Thanks for your patience.

@backbohne

This comment has been minimized.

Show comment
Hide comment
@backbohne

backbohne Mar 31, 2016

Many many thanks for your great support!

Frank

backbohne commented Mar 31, 2016

Many many thanks for your great support!

Frank

@Neilpang Neilpang closed this Mar 31, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment