Letsencrypt, IDN and Cloudflare #2195

Silver-Golden · 2019-03-26T19:48:42Z

So I got access to my shiny new IDN today and I of course I want ssl on it so I boot up acme.sh.
So I first try to get the cert using the IDN, it fails.
Then I try the punycode, it fails.

This is just me reading the logs and I am no expert.
By the looks of it it seems that letsencrypt does not like IDN's but it will accept the punycode easily enough.
On the other-hand Cloudflare seems to be able to handle the punycode, I suspect it can handle the IDN but it does not get down that far in the script.

Steps to reproduce

apt-get install idn
export BRANCH=master
acme.sh --upgrade
acme.sh --debug 2 --issue --dns dns_cf -d examplé.com -d '*.examplé.com'
acme.sh --issue --dns dns_cf -d 'xn--exampl-gva.com' -d '*.xn--exampl-gva.com'

Debug log using IDN

[Tue Mar 26 19:25:39 CET 2019] _alt_domains='*.examplé.com'
[Tue Mar 26 19:25:39 CET 2019] Using config home:/root/.acme.sh
[Tue Mar 26 19:25:39 CET 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Mar 26 19:25:39 CET 2019] DOMAIN_PATH='/root/.acme.sh/examplé.com'
[Tue Mar 26 19:25:39 CET 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 26 19:25:39 CET 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 26 19:25:39 CET 2019] GET
[Tue Mar 26 19:25:39 CET 2019] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Mar 26 19:25:39 CET 2019] timeout=
[Tue Mar 26 19:25:39 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.E1BYYS1Gfl  -g '
[Tue Mar 26 19:25:39 CET 2019] ret='0'
[Tue Mar 26 19:25:39 CET 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Mar 26 19:25:39 CET 2019] ACME_NEW_AUTHZ
[Tue Mar 26 19:25:39 CET 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 26 19:25:39 CET 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Mar 26 19:25:39 CET 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Mar 26 19:25:39 CET 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Mar 26 19:25:39 CET 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Mar 26 19:25:39 CET 2019] ACME_VERSION='2'
[Tue Mar 26 19:25:39 CET 2019] Le_NextRenewTime
[Tue Mar 26 19:25:40 CET 2019] _on_before_issue
[Tue Mar 26 19:25:40 CET 2019] _chk_main_domain='examplé.com'
[Tue Mar 26 19:25:40 CET 2019] _chk_alt_domains='*.examplé.com'
[Tue Mar 26 19:25:40 CET 2019] Le_LocalAddress
[Tue Mar 26 19:25:40 CET 2019] d='examplé.com'
[Tue Mar 26 19:25:40 CET 2019] Check for domain='examplé.com'
[Tue Mar 26 19:25:40 CET 2019] _currentRoot='dns_cf'
[Tue Mar 26 19:25:40 CET 2019] d='*.examplé.com'
[Tue Mar 26 19:25:40 CET 2019] Check for domain='*.examplé.com'
[Tue Mar 26 19:25:40 CET 2019] _currentRoot='dns_cf'
[Tue Mar 26 19:25:40 CET 2019] d
[Tue Mar 26 19:25:40 CET 2019] _saved_account_key_hash is not changed, skip register account.
[Tue Mar 26 19:25:40 CET 2019] Read key length:
[Tue Mar 26 19:25:40 CET 2019] _createcsr
[Tue Mar 26 19:25:40 CET 2019] Multi domain='DNS:examplé.com,DNS:*.xn--exampl-gva.com'
[Tue Mar 26 19:25:40 CET 2019] Getting domain auth token for each domain
[Tue Mar 26 19:25:40 CET 2019] d='*.examplé.com'
[Tue Mar 26 19:25:40 CET 2019] d
[Tue Mar 26 19:25:40 CET 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 26 19:25:40 CET 2019] payload='{"identifiers": [{"type":"dns","value":"examplé.com"},{"type":"dns","value":"*.examplé.com"}]}'
[Tue Mar 26 19:25:40 CET 2019] RSA key
[Tue Mar 26 19:25:40 CET 2019] HEAD
[Tue Mar 26 19:25:40 CET 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Mar 26 19:25:40 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.8Kvji13AJM  -g '
[Tue Mar 26 19:25:40 CET 2019] _ret='0'
[Tue Mar 26 19:25:40 CET 2019] POST
[Tue Mar 26 19:25:40 CET 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 26 19:25:40 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.8Kvji13AJM  -g '
[Tue Mar 26 19:25:40 CET 2019] _ret='0'
[Tue Mar 26 19:25:41 CET 2019] code='400'
[Tue Mar 26 19:25:41 CET 2019] Le_LinkOrder
[Tue Mar 26 19:25:41 CET 2019] Le_OrderFinalize
[Tue Mar 26 19:25:41 CET 2019] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Error creating new order :: Invalid character in DNS name",
  "status": 400
}
[Tue Mar 26 19:25:41 CET 2019] pid
[Tue Mar 26 19:25:41 CET 2019] No need to restore nginx, skip.
[Tue Mar 26 19:25:41 CET 2019] _clearupdns
[Tue Mar 26 19:25:41 CET 2019] dns_entries
[Tue Mar 26 19:25:41 CET 2019] skip dns.
[Tue Mar 26 19:25:41 CET 2019] _on_issue_err
[Tue Mar 26 19:25:41 CET 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Tue Mar 26 19:25:41 CET 2019] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.0f  25 May 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3
built with OpenSSL 1.1.0f  25 May 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-2tpxfc/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]	groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>	groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>	groups=FD,SOCKET,RETRY,UNIX
      create:<filename>	groups=FD,REG,NAMED
      exec:<command-line>	groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>	groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>	groups=FD,SOCKET
      ip-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>	groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>	groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>	groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>	groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>	groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>	groups=FD,SOCKET,IP6
      open:<filename>	groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>	groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty	groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>	groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>	groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>	groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>	groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address>	groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>	groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]	groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port>	groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>	groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>	groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>	groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>	groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>	groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>	groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>	groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>	groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port>	groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>	groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>	groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>	groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>	groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port>	groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>	groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>	groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX```

Debug log using Punycode
-----------------

```[Tue Mar 26 20:29:15 CET 2019] _main_domain='xn--exampl-gva.com'
[Tue Mar 26 20:29:15 CET 2019] _alt_domains='*.xn--exampl-gva.com'
[Tue Mar 26 20:29:15 CET 2019] Using config home:/root/.acme.sh
[Tue Mar 26 20:29:15 CET 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Mar 26 20:29:15 CET 2019] DOMAIN_PATH='/root/.acme.sh/xn--exampl-gva.com'
[Tue Mar 26 20:29:15 CET 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 26 20:29:15 CET 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Mar 26 20:29:15 CET 2019] GET
[Tue Mar 26 20:29:15 CET 2019] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Mar 26 20:29:15 CET 2019] timeout=
[Tue Mar 26 20:29:16 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.IInzjV2fzX  -g '
[Tue Mar 26 20:29:16 CET 2019] ret='0'
[Tue Mar 26 20:29:16 CET 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Mar 26 20:29:16 CET 2019] ACME_NEW_AUTHZ
[Tue Mar 26 20:29:16 CET 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 26 20:29:16 CET 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Mar 26 20:29:16 CET 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Mar 26 20:29:16 CET 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Mar 26 20:29:16 CET 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Mar 26 20:29:16 CET 2019] ACME_VERSION='2'
[Tue Mar 26 20:29:16 CET 2019] Le_NextRenewTime
[Tue Mar 26 20:29:16 CET 2019] _on_before_issue
[Tue Mar 26 20:29:16 CET 2019] _chk_main_domain='xn--exampl-gva.com'
[Tue Mar 26 20:29:16 CET 2019] _chk_alt_domains='*.xn--exampl-gva.com'
[Tue Mar 26 20:29:16 CET 2019] Le_LocalAddress
[Tue Mar 26 20:29:16 CET 2019] d='xn--exampl-gva.com'
[Tue Mar 26 20:29:16 CET 2019] Check for domain='xn--exampl-gva.com'
[Tue Mar 26 20:29:16 CET 2019] _currentRoot='dns_cf'
[Tue Mar 26 20:29:16 CET 2019] d='*.xn--exampl-gva.com'
[Tue Mar 26 20:29:16 CET 2019] Check for domain='*.xn--exampl-gva.com'
[Tue Mar 26 20:29:16 CET 2019] _currentRoot='dns_cf'
[Tue Mar 26 20:29:16 CET 2019] d
[Tue Mar 26 20:29:16 CET 2019] _saved_account_key_hash is not changed, skip register account.
[Tue Mar 26 20:29:16 CET 2019] Read key length:
[Tue Mar 26 20:29:16 CET 2019] _createcsr
[Tue Mar 26 20:29:16 CET 2019] Multi domain='DNS:xn--exampl-gva.com,DNS:*.xn--exampl-gva.com'
[Tue Mar 26 20:29:16 CET 2019] Getting domain auth token for each domain
[Tue Mar 26 20:29:16 CET 2019] d='*.xn--exampl-gva.com'
[Tue Mar 26 20:29:16 CET 2019] d
[Tue Mar 26 20:29:16 CET 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 26 20:29:16 CET 2019] payload='{"identifiers": [{"type":"dns","value":"xn--exampl-gva.com"},{"type":"dns","value":"*.xn--exampl-gva.com"}]}'
[Tue Mar 26 20:29:16 CET 2019] RSA key
[Tue Mar 26 20:29:16 CET 2019] HEAD
[Tue Mar 26 20:29:16 CET 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Mar 26 20:29:16 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.i6Z7ARicPE  -g '
[Tue Mar 26 20:29:17 CET 2019] _ret='0'
[Tue Mar 26 20:29:17 CET 2019] POST
[Tue Mar 26 20:29:17 CET 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Mar 26 20:29:17 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.i6Z7ARicPE  -g '
[Tue Mar 26 20:29:17 CET 2019] _ret='0'
[Tue Mar 26 20:29:17 CET 2019] code='201'
[Tue Mar 26 20:29:17 CET 2019] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/37475884/372344003'
[Tue Mar 26 20:29:17 CET 2019] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/37475884/372344003'
[Tue Mar 26 20:29:17 CET 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz/VzqKWss2QmzHVIc8A8DIeBqYyV5bhYEnv8TIrwloRNw'
[Tue Mar 26 20:29:17 CET 2019] payload
[Tue Mar 26 20:29:17 CET 2019] POST
[Tue Mar 26 20:29:17 CET 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/VzqKWss2QmzHVIc8A8DIeBqYyV5bhYEnv8TIrwloRNw'
[Tue Mar 26 20:29:17 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.i6Z7ARicPE  -g '
[Tue Mar 26 20:29:18 CET 2019] _ret='0'
[Tue Mar 26 20:29:18 CET 2019] code='200'
[Tue Mar 26 20:29:18 CET 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz/vWfI3w4RwteznriCu4iq2Ej2ywAppHwvBKxGvU5-EGA'
[Tue Mar 26 20:29:18 CET 2019] payload
[Tue Mar 26 20:29:18 CET 2019] POST
[Tue Mar 26 20:29:18 CET 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/vWfI3w4RwteznriCu4iq2Ej2ywAppHwvBKxGvU5-EGA'
[Tue Mar 26 20:29:18 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.i6Z7ARicPE  -g '
[Tue Mar 26 20:29:18 CET 2019] _ret='0'
[Tue Mar 26 20:29:18 CET 2019] code='200'
[Tue Mar 26 20:29:18 CET 2019] d='xn--exampl-gva.com'
[Tue Mar 26 20:29:18 CET 2019] Getting webroot for domain='xn--exampl-gva.com'
[Tue Mar 26 20:29:18 CET 2019] _w='dns_cf'
[Tue Mar 26 20:29:18 CET 2019] _currentRoot='dns_cf'
[Tue Mar 26 20:29:18 CET 2019] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/vWfI3w4RwteznriCu4iq2Ej2ywAppHwvBKxGvU5-EGA/14065894233","token":"ql6X_cMhDliSdpfcpFOTYu_IDe5JBDqeUVA8O5BUfu0"'
[Tue Mar 26 20:29:18 CET 2019] token='ql6X_cMhDliSdpfcpFOTYu_IDe5JBDqeUVA8O5BUfu0'
[Tue Mar 26 20:29:18 CET 2019] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/vWfI3w4RwteznriCu4iq2Ej2ywAppHwvBKxGvU5-EGA/14065894233'
[Tue Mar 26 20:29:18 CET 2019] keyauthorization='ql6X_cMhDliSdpfcpFOTYu_IDe5JBDqeUVA8O5BUfu0.2laxPVaD5VbFyR9poWgalOjdnFVAk1wgQEgbEvQ59gk'
[Tue Mar 26 20:29:18 CET 2019] dvlist='xn--exampl-gva.com#ql6X_cMhDliSdpfcpFOTYu_IDe5JBDqeUVA8O5BUfu0.2laxPVaD5VbFyR9poWgalOjdnFVAk1wgQEgbEvQ59gk#https://acme-v02.api.letsencrypt.org/acme/challenge/vWfI3w4RwteznriCu4iq2Ej2ywAppHwvBKxGvU5-EGA/14065894233#dns-01#dns_cf'
[Tue Mar 26 20:29:18 CET 2019] d='*.xn--exampl-gva.com'
[Tue Mar 26 20:29:18 CET 2019] Getting webroot for domain='*.xn--exampl-gva.com'
[Tue Mar 26 20:29:18 CET 2019] _w='dns_cf'
[Tue Mar 26 20:29:18 CET 2019] _currentRoot='dns_cf'
[Tue Mar 26 20:29:18 CET 2019] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/VzqKWss2QmzHVIc8A8DIeBqYyV5bhYEnv8TIrwloRNw/14065894229","token":"n3CAt0ViEUzAPWr0xOs6snqOA--CwPEull-wSvBxqsc"'
[Tue Mar 26 20:29:18 CET 2019] token='n3CAt0ViEUzAPWr0xOs6snqOA--CwPEull-wSvBxqsc'
[Tue Mar 26 20:29:18 CET 2019] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/VzqKWss2QmzHVIc8A8DIeBqYyV5bhYEnv8TIrwloRNw/14065894229'
[Tue Mar 26 20:29:18 CET 2019] keyauthorization='n3CAt0ViEUzAPWr0xOs6snqOA--CwPEull-wSvBxqsc.2laxPVaD5VbFyR9poWgalOjdnFVAk1wgQEgbEvQ59gk'
[Tue Mar 26 20:29:18 CET 2019] dvlist='*.xn--exampl-gva.com#n3CAt0ViEUzAPWr0xOs6snqOA--CwPEull-wSvBxqsc.2laxPVaD5VbFyR9poWgalOjdnFVAk1wgQEgbEvQ59gk#https://acme-v02.api.letsencrypt.org/acme/challenge/VzqKWss2QmzHVIc8A8DIeBqYyV5bhYEnv8TIrwloRNw/14065894229#dns-01#dns_cf'
[Tue Mar 26 20:29:18 CET 2019] d
[Tue Mar 26 20:29:18 CET 2019] vlist='xn--exampl-gva.com#ql6X_cMhDliSdpfcpFOTYu_IDe5JBDqeUVA8O5BUfu0.2laxPVaD5VbFyR9poWgalOjdnFVAk1wgQEgbEvQ59gk#https://acme-v02.api.letsencrypt.org/acme/challenge/vWfI3w4RwteznriCu4iq2Ej2ywAppHwvBKxGvU5-EGA/14065894233#dns-01#dns_cf,*.xn--exampl-gva.com#n3CAt0ViEUzAPWr0xOs6snqOA--CwPEull-wSvBxqsc.2laxPVaD5VbFyR9poWgalOjdnFVAk1wgQEgbEvQ59gk#https://acme-v02.api.letsencrypt.org/acme/challenge/VzqKWss2QmzHVIc8A8DIeBqYyV5bhYEnv8TIrwloRNw/14065894229#dns-01#dns_cf,'
[Tue Mar 26 20:29:18 CET 2019] d='xn--exampl-gva.com'
[Tue Mar 26 20:29:18 CET 2019] _d_alias
[Tue Mar 26 20:29:18 CET 2019] txtdomain='_acme-challenge.xn--exampl-gva.com'
[Tue Mar 26 20:29:18 CET 2019] txt='pg2meUIhWrf7IYpF1va5JIWBJzj-D8CopD7o5uIGiVs'
[Tue Mar 26 20:29:18 CET 2019] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Tue Mar 26 20:29:18 CET 2019] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Tue Mar 26 20:29:18 CET 2019] First detect the root zone
[Tue Mar 26 20:29:18 CET 2019] h='xn--exampl-gva.com'
[Tue Mar 26 20:29:18 CET 2019] zones?name=xn--exampl-gva.com
[Tue Mar 26 20:29:18 CET 2019] GET
[Tue Mar 26 20:29:18 CET 2019] url='https://api.cloudflare.com/client/v4/zones?name=xn--exampl-gva.com'
[Tue Mar 26 20:29:18 CET 2019] timeout=
[Tue Mar 26 20:29:18 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.i6Z7ARicPE  -g '
[Tue Mar 26 20:29:19 CET 2019] ret='0'
[Tue Mar 26 20:29:19 CET 2019] h='ie'
[Tue Mar 26 20:29:19 CET 2019] zones?name=ie
[Tue Mar 26 20:29:19 CET 2019] GET
[Tue Mar 26 20:29:19 CET 2019] url='https://api.cloudflare.com/client/v4/zones?name=ie'
[Tue Mar 26 20:29:19 CET 2019] timeout=
[Tue Mar 26 20:29:19 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.i6Z7ARicPE  -g '
[Tue Mar 26 20:29:19 CET 2019] ret='0'
[Tue Mar 26 20:29:19 CET 2019] h
[Tue Mar 26 20:29:19 CET 2019] invalid domain
[Tue Mar 26 20:29:19 CET 2019] Error add txt for domain:_acme-challenge.xn--exampl-gva.com
[Tue Mar 26 20:29:19 CET 2019] _on_issue_err
[Tue Mar 26 20:29:19 CET 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Tue Mar 26 20:29:19 CET 2019] url='https://acme-v02.api.letsencrypt.org/acme/challenge/vWfI3w4RwteznriCu4iq2Ej2ywAppHwvBKxGvU5-EGA/14065894233'
[Tue Mar 26 20:29:19 CET 2019] payload='{}'
[Tue Mar 26 20:29:19 CET 2019] POST
[Tue Mar 26 20:29:19 CET 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/vWfI3w4RwteznriCu4iq2Ej2ywAppHwvBKxGvU5-EGA/14065894233'
[Tue Mar 26 20:29:19 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.i6Z7ARicPE  -g '
[Tue Mar 26 20:29:19 CET 2019] _ret='0'
[Tue Mar 26 20:29:19 CET 2019] code='200'
[Tue Mar 26 20:29:19 CET 2019] url='https://acme-v02.api.letsencrypt.org/acme/challenge/VzqKWss2QmzHVIc8A8DIeBqYyV5bhYEnv8TIrwloRNw/14065894229'
[Tue Mar 26 20:29:19 CET 2019] payload='{}'
[Tue Mar 26 20:29:20 CET 2019] POST
[Tue Mar 26 20:29:20 CET 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/VzqKWss2QmzHVIc8A8DIeBqYyV5bhYEnv8TIrwloRNw/14065894229'
[Tue Mar 26 20:29:20 CET 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.i6Z7ARicPE  -g '
[Tue Mar 26 20:29:20 CET 2019] _ret='0'
[Tue Mar 26 20:29:20 CET 2019] code='200'
[Tue Mar 26 20:29:20 CET 2019] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.0f  25 May 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3
built with OpenSSL 1.1.0f  25 May 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-2tpxfc/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]	groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>	groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>	groups=FD,SOCKET,RETRY,UNIX
      create:<filename>	groups=FD,REG,NAMED
      exec:<command-line>	groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>	groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>	groups=FD,SOCKET
      ip-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>	groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>	groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>	groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>	groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>	groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>	groups=FD,SOCKET,IP6
      open:<filename>	groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>	groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty	groups=FD,NAMED,TERMIOS,PTY
      sctp-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>	groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>	groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>	groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>	groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address>	groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>	groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]	groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port>	groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>	groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>	groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>	groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>	groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>	groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>	groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>	groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>	groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port>	groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>	groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>	groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>	groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>	groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port>	groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>	groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>	groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
[Tue Mar 26 20:29:20 CET 2019] pid
[Tue Mar 26 20:29:20 CET 2019] No need to restore nginx, skip.
[Tue Mar 26 20:29:20 CET 2019] _clearupdns
[Tue Mar 26 20:29:20 CET 2019] dns_entries
[Tue Mar 26 20:29:20 CET 2019] skip dns.```

The text was updated successfully, but these errors were encountered:

railsfans · 2019-04-26T13:58:22Z

i meet similar problems，log below
[Fri Apr 26 18:41:57 CST 2019] The new-authz request is ok. [Fri Apr 26 18:41:57 CST 2019] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: Invalid character in DNS name","status": 400}
are you find way to fix this problems

Neilpang · 2019-04-26T15:58:47Z

fixed, please try again

fix #2195

railsfans · 2019-04-28T09:23:57Z

i fix my problems because my url is include underline that is wrong

Neilpang mentioned this issue Apr 26, 2019

sync #2232

Merged

Neilpang closed this as completed in #2232 Apr 26, 2019

Neilpang pushed a commit that referenced this issue Apr 26, 2019

fix #2195

47ff768

Neilpang mentioned this issue Apr 26, 2019

fix https://github.com/Neilpang/acme.sh/issues/2195 #2233

Merged

Neilpang pushed a commit that referenced this issue Apr 26, 2019

Merge pull request #2233 from Neilpang/dev

4dcd1f3

fix #2195

HQJaTu pushed a commit to HQJaTu/acme.sh that referenced this issue Jun 13, 2019

fix acmesh-official#2195

bc5a368

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Letsencrypt, IDN and Cloudflare #2195

Letsencrypt, IDN and Cloudflare #2195

Silver-Golden commented Mar 26, 2019

railsfans commented Apr 26, 2019

Neilpang commented Apr 26, 2019

railsfans commented Apr 28, 2019

Letsencrypt, IDN and Cloudflare #2195

Letsencrypt, IDN and Cloudflare #2195

Comments

Silver-Golden commented Mar 26, 2019

Steps to reproduce

Debug log using IDN

railsfans commented Apr 26, 2019

Neilpang commented Apr 26, 2019

railsfans commented Apr 28, 2019