Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECDSA account key support #76

Closed
Remonli opened this issue Feb 21, 2016 · 19 comments
Closed

ECDSA account key support #76

Remonli opened this issue Feb 21, 2016 · 19 comments
Labels
enhancement

Comments

@Remonli
Copy link

Remonli commented Feb 21, 2016

According to letsencrypt/boulder#1357, LE support ECDSA account key now, will you change to ECDSA ?
@Neilpang
Copy link
Member

yes, adding it

@FernandoMiguel
Copy link

$ ./acme.sh --staging --issue -d acmesh.imperialus.house --dns dns_cf --keylength ec-256
$ ./acme.sh --staging --issue -d acmesh.imperialus.house --dns dns_cf --keylength ec-256 --ecc
Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"

@Neilpang
Copy link
Member

@FernandoMiguel

Show me your version:

acme.sh  -v

@Neilpang
Copy link
Member

@FernandoMiguel
Did you manually change the account.key to a ECC key ?

@FernandoMiguel
Copy link

Didn't charge anything, was just trying to generate an elliptic curve key instead of rsa.
Couldn't find exact documentation for it, except those two commands in -h

Please advise

@Neilpang
Copy link
Member

@FernandoMiguel

Paste the debug log here:

https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

@FernandoMiguel
Copy link

$ ./acme.sh --staging --issue -d acmeshEC256.imperialus.house --dns dns_cf --keylength ec-256 --debug
[Thu 22 Sep 2016 11:01:47 BST] Lets guess script dir.
[Thu 22 Sep 2016 11:01:47 BST] SCRIPT='./acme.sh'
[Thu 22 Sep 2016 11:01:47 BST] _script
[Thu 22 Sep 2016 11:01:47 BST] _script_home='.'
[Thu 22 Sep 2016 11:01:47 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 11:01:47 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 11:01:47 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmeshEC256.imperialus.house_ecc'
[Thu 22 Sep 2016 11:01:47 BST] RSA key
[Thu 22 Sep 2016 11:01:48 BST] Skip register account key
[Thu 22 Sep 2016 11:01:48 BST] Read key length:ec-256
[Thu 22 Sep 2016 11:01:48 BST] Creating domain key
[Thu 22 Sep 2016 11:01:49 BST] Use length 256
[Thu 22 Sep 2016 11:01:49 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 11:01:49 BST] _createcsr
[Thu 22 Sep 2016 11:01:49 BST] Single domain='acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:49 BST] Verify each domain
[Thu 22 Sep 2016 11:01:49 BST] Getting webroot for domain='acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:49 BST] _w='dns_cf'
[Thu 22 Sep 2016 11:01:49 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 11:01:49 BST] Getting token for domain='acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:49 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:01:49 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmeshEC256.imperialus.house"}}'
[Thu 22 Sep 2016 11:01:49 BST] RSA key
[Thu 22 Sep 2016 11:01:50 BST] GET
[Thu 22 Sep 2016 11:01:50 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 11:01:50 BST] timeout
[Thu 22 Sep 2016 11:01:50 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:51 BST] ret='0'
[Thu 22 Sep 2016 11:01:51 BST] POST
[Thu 22 Sep 2016 11:01:51 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:01:51 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:52 BST] _ret='0'
[Thu 22 Sep 2016 11:01:52 BST] code='201'
[Thu 22 Sep 2016 11:01:52 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22gx5ZXXX"'
[Thu 22 Sep 2016 11:01:52 BST] token='-MtU9K4YXXX'
[Thu 22 Sep 2016 11:01:52 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22gxXXX'
[Thu 22 Sep 2016 11:01:52 BST] keyauthorization='-MtU9K4YEyXXX'
[Thu 22 Sep 2016 11:01:52 BST] dvlist='acmeshEC256.imperialus.house#-MtU9K4YEyMhhwvXXXX#https://acme-staging.api.letsencrypt.org/acme/challenge/SPPM22XXXX/14975275#dns-01#dns_cf'
[Thu 22 Sep 2016 11:01:52 BST] txtdomain='_acme-challenge.acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:52 BST] txt='KA_oYXXX'
[Thu 22 Sep 2016 11:01:52 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 11:01:52 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 11:01:52 BST] First detect the root zone
[Thu 22 Sep 2016 11:01:52 BST] zones?name=acmeshEC256.imperialus.house
[Thu 22 Sep 2016 11:01:52 BST] GET
[Thu 22 Sep 2016 11:01:52 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:52 BST] timeout
[Thu 22 Sep 2016 11:01:52 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:53 BST] ret='0'
[Thu 22 Sep 2016 11:01:53 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 11:01:53 BST] GET
[Thu 22 Sep 2016 11:01:53 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 11:01:53 BST] timeout
[Thu 22 Sep 2016 11:01:53 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:54 BST] ret='0'
[Thu 22 Sep 2016 11:01:54 BST] _domain_id='XXX'
[Thu 22 Sep 2016 11:01:54 BST] _sub_domain='_acme-challenge.acmeshEC256'
[Thu 22 Sep 2016 11:01:54 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 11:01:54 BST] Getting txt records
[Thu 22 Sep 2016 11:01:54 BST] zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC256.imperialus.house
[Thu 22 Sep 2016 11:01:54 BST] GET
[Thu 22 Sep 2016 11:01:54 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC256.imperialus.house'
[Thu 22 Sep 2016 11:01:54 BST] timeout
[Thu 22 Sep 2016 11:01:54 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:55 BST] ret='0'
[Thu 22 Sep 2016 11:01:55 BST] count='0'
[Thu 22 Sep 2016 11:01:55 BST] Adding record
[Thu 22 Sep 2016 11:01:55 BST] zones/XXX/dns_records
[Thu 22 Sep 2016 11:01:55 BST] data='{"type":"TXT","name":"_acme-challenge.acmeshEC256.imperialus.house","content":"XXX-XXX","ttl":120}'
[Thu 22 Sep 2016 11:01:55 BST] POST
[Thu 22 Sep 2016 11:01:55 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records'
[Thu 22 Sep 2016 11:01:55 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header '
[Thu 22 Sep 2016 11:01:56 BST] _ret='0'
[Thu 22 Sep 2016 11:01:56 BST] Add txt record error.
[Thu 22 Sep 2016 11:01:56 BST] Error add txt for domain:_acme-challenge.acmeshEC256.imperialus.house
[Thu 22 Sep 2016 11:01:56 BST] pid

FYI, this subdomain didnt exist prior to run this command , not sure if an A record is required

@Neilpang
Copy link
Member

add --debug 2

@FernandoMiguel
Copy link

FernandoMiguel commented Sep 22, 2016
edited by Neilpang
Loading

I hope i've removed all API keys, but let me know if i'm exposing something that needs to be revoked.

$ ./acme.sh --staging --issue -d acmeshEC2562.imperialus.house --dns dns_cf --keylength ec-256 --debug 2
[Thu 22 Sep 2016 11:31:33 BST] Lets guess script dir.
[Thu 22 Sep 2016 11:31:33 BST] _SCRIPT_='./acme.sh'
[Thu 22 Sep 2016 11:31:33 BST] _script
[Thu 22 Sep 2016 11:31:33 BST] _script_home='.'
[Thu 22 Sep 2016 11:31:33 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 11:31:33 BST] 20:USER_AGENT=""
[Thu 22 Sep 2016 11:31:33 BST] 6:ACCOUNT_EMAIL=""
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 11:31:33 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 11:31:33 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc'
[Thu 22 Sep 2016 11:31:33 BST] 1:Le_Domain="acmeshEC2562.imperialus.house"
[Thu 22 Sep 2016 11:31:33 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 11:31:33 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 11:31:33 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 11:31:33 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 11:31:33 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 11:31:33 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 11:31:33 BST] RSA key
[Thu 22 Sep 2016 11:31:35 BST] Registering account
[Thu 22 Sep 2016 11:31:35 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 11:31:35 BST] payload='{"resource": "new-reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Thu 22 Sep 2016 11:31:35 BST] RSA key
[Thu 22 Sep 2016 11:31:36 BST] GET
[Thu 22 Sep 2016 11:31:36 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 11:31:36 BST] timeout
[Thu 22 Sep 2016 11:31:36 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.kiSFJLeV '
[Thu 22 Sep 2016 11:31:37 BST] ret='0'
[Thu 22 Sep 2016 11:31:37 BST] POST
[Thu 22 Sep 2016 11:31:37 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 11:31:37 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXX"}'
[Thu 22 Sep 2016 11:31:37 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.OCjDMxuf '
[Thu 22 Sep 2016 11:31:38 BST] _ret='0'
[Thu 22 Sep 2016 11:31:38 BST] original='{
  "type": "urn:acme:error:malformed",
  "detail": "Registration key is already in use",
  "status": 409
}'
[Thu 22 Sep 2016 11:31:38 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 10:31:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Location: https://acme-staging.api.letsencrypt.org/acme/reg/340385
Replay-Nonce: XXX
Expires: Thu, 22 Sep 2016 10:31:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 10:31:38 GMT
Connection: close
'
[Thu 22 Sep 2016 11:31:38 BST] response='{"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status": 409}'
[Thu 22 Sep 2016 11:31:38 BST] code='409'
[Thu 22 Sep 2016 11:31:38 BST] Already registered
[Thu 22 Sep 2016 11:31:38 BST] 18:ACCOUNT_KEY_HASH="H/XX="
[Thu 22 Sep 2016 11:31:38 BST] Read key length:ec-256
[Thu 22 Sep 2016 11:31:38 BST] Creating domain key
[Thu 22 Sep 2016 11:31:38 BST] Use length 256
[Thu 22 Sep 2016 11:31:38 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 11:31:38 BST] _createcsr
[Thu 22 Sep 2016 11:31:38 BST] domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] domainlist
[Thu 22 Sep 2016 11:31:38 BST] csrkey='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.key'
[Thu 22 Sep 2016 11:31:38 BST] csr='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.csr'
[Thu 22 Sep 2016 11:31:38 BST] csrconf='/Users/Fernando/.acme.sh/acmeshEC2562.imperialus.house_ecc/acmeshEC2562.imperialus.house.csr.conf'
[Thu 22 Sep 2016 11:31:38 BST] Single domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 11:31:38 BST] Verify each domain
[Thu 22 Sep 2016 11:31:38 BST] Getting webroot for domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] _w='dns_cf'
[Thu 22 Sep 2016 11:31:38 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 11:31:38 BST] Getting token for domain='acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:38 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:31:38 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmeshEC2562.imperialus.house"}}'
[Thu 22 Sep 2016 11:31:38 BST] RSA key
[Thu 22 Sep 2016 11:31:40 BST] GET
[Thu 22 Sep 2016 11:31:40 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 11:31:40 BST] timeout
[Thu 22 Sep 2016 11:31:40 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.laRSV7dp '
[Thu 22 Sep 2016 11:31:40 BST] ret='0'
[Thu 22 Sep 2016 11:31:40 BST] POST
[Thu 22 Sep 2016 11:31:40 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 11:31:40 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "XXX"}'
[Thu 22 Sep 2016 11:31:40 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.ls8WBqsS '
[Thu 22 Sep 2016 11:31:41 BST] _ret='0'
[Thu 22 Sep 2016 11:31:41 BST] original='{
  "identifier": {
    "type": "dns",
    "value": "acmeshec2562.imperialus.house"
  },
  "status": "pending",
  "expires": "2016-09-29T10:31:41.844001602Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XX",
      "token": "SII4LwmkELXXX"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX",
      "token": "iODhfz6bEVmtXXXX"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XX",
      "token": "qlTeMeXXX"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ],
    [
      2
    ]
  ]
}'
[Thu 22 Sep 2016 11:31:41 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 10:31:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1023
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/XXX
Replay-Nonce: XXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 10:31:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 10:31:41 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 11:31:42 BST] response='{"identifier":{"type":"dns","value":"acmeshec2562.imperialus.house"},"status":"pending","expires":"2016-09-29T10:31:41.844001602Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/XXXX}],"combinations":[[0],[1],[2]]}'
[Thu 22 Sep 2016 11:31:42 BST] code='201'
[Thu 22 Sep 2016 11:31:42 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX","token":"XXX"'
[Thu 22 Sep 2016 11:31:42 BST] token='XXX'
[Thu 22 Sep 2016 11:31:42 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XX/XXX'
[Thu 22 Sep 2016 11:31:42 BST] keyauthorization='XXX.XXX'
[Thu 22 Sep 2016 11:31:42 BST] dvlist='acmeshEC2562.imperialus.house#XXX.XX#https://acme-staging.api.letsencrypt.org/acme/challenge/XX/XXX#dns-01#dns_cf'
[Thu 22 Sep 2016 11:31:42 BST] txtdomain='_acme-challenge.acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:42 BST] txt='XXX-XXX'
[Thu 22 Sep 2016 11:31:42 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 11:31:42 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 11:31:42 BST] 28:CF_Key="XX"
[Thu 22 Sep 2016 11:31:42 BST] 30:CF_Email="XXX"
[Thu 22 Sep 2016 11:31:42 BST] First detect the root zone
[Thu 22 Sep 2016 11:31:42 BST] zones?name=acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:42 BST] GET
[Thu 22 Sep 2016 11:31:42 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:42 BST] timeout
[Thu 22 Sep 2016 11:31:42 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.HymEP1uA '
[Thu 22 Sep 2016 11:31:43 BST] ret='0'
[Thu 22 Sep 2016 11:31:43 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:43 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 11:31:43 BST] GET
[Thu 22 Sep 2016 11:31:43 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 11:31:43 BST] timeout
[Thu 22 Sep 2016 11:31:43 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.pKhvJjr1 '
[Thu 22 Sep 2016 11:31:44 BST] ret='0'
[Thu 22 Sep 2016 11:31:44 BST] response='{"result":[{"id":"XXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T10:24:57.680746Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXXX","email":"XXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"0feeeeeeeeeeeeeeeeeeeeeeeeeeeeee","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:44 BST] _domain_id='XXX'
[Thu 22 Sep 2016 11:31:44 BST] _sub_domain='_acme-challenge.acmeshEC2562'
[Thu 22 Sep 2016 11:31:44 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 11:31:44 BST] Getting txt records
[Thu 22 Sep 2016 11:31:44 BST] zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:44 BST] GET
[Thu 22 Sep 2016 11:31:44 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records?type=TXT&name=_acme-challenge.acmeshEC2562.imperialus.house'
[Thu 22 Sep 2016 11:31:44 BST] timeout
[Thu 22 Sep 2016 11:31:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.2zCoSfTi '
[Thu 22 Sep 2016 11:31:44 BST] ret='0'
[Thu 22 Sep 2016 11:31:44 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:44 BST] count='0'
[Thu 22 Sep 2016 11:31:44 BST] Adding record
[Thu 22 Sep 2016 11:31:44 BST] zones/XXX/dns_records
[Thu 22 Sep 2016 11:31:44 BST] data='{"type":"TXT","name":"_acme-challenge.acmeshEC2562.imperialus.house","content":"XXX-XX","ttl":120}'
[Thu 22 Sep 2016 11:31:44 BST] POST
[Thu 22 Sep 2016 11:31:44 BST] url='https://api.cloudflare.com/client/v4/zones/XXX/dns_records'
[Thu 22 Sep 2016 11:31:44 BST] body='{"type":"TXT","name":"_acme-challenge.acmeshEC2562.imperialus.house","content":"XXX-XX","ttl":120}'
[Thu 22 Sep 2016 11:31:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXX/T/tmp.sUM6UiC7 '
[Thu 22 Sep 2016 11:31:45 BST] _ret='0'
[Thu 22 Sep 2016 11:31:45 BST] response='{"result":{"id":"XXX","type":"TXT","name":"_acme-challenge.acmeshec2562.imperialus.house","content":"XXX-XXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"XXX","zone_name":"imperialus.house","modified_on":"2016-09-22T10:31:45.632349Z","created_on":"2016-09-22T10:31:45.632349Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 11:31:45 BST] Add txt record error.
[Thu 22 Sep 2016 11:31:45 BST] Error add txt for domain:_acme-challenge.acmeshEC2562.imperialus.house
[Thu 22 Sep 2016 11:31:45 BST] pid

@Neilpang
Copy link
Member

@FernandoMiguel
I made a fix: cfdaff5

Please upgrade to latest code and try again:

acme.sh  --upgrade

@FernandoMiguel
Copy link

FernandoMiguel commented Sep 22, 2016
edited by Neilpang
Loading 

$ ./acme.sh --staging --issue -d acmesh2565.imperialus.house --dns dns_cf --keylength ec-256  --debug 2
[Thu 22 Sep 2016 13:52:39 BST] Lets guess script dir.
[Thu 22 Sep 2016 13:52:39 BST] _SCRIPT_='./acme.sh'
[Thu 22 Sep 2016 13:52:39 BST] _script
[Thu 22 Sep 2016 13:52:39 BST] _script_home='.'
[Thu 22 Sep 2016 13:52:39 BST] It seems tha acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 13:52:39 BST] 20:USER_AGENT=""
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 13:52:39 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 13:52:39 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc'
[Thu 22 Sep 2016 13:52:39 BST] 1:Le_Domain="acmesh2565.imperialus.house"
[Thu 22 Sep 2016 13:52:39 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 13:52:39 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 13:52:39 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 13:52:39 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 13:52:39 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 13:52:39 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 13:52:39 BST] RSA key
[Thu 22 Sep 2016 13:52:41 BST] Registering account
[Thu 22 Sep 2016 13:52:41 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 13:52:41 BST] payload='{"resource": "new-reg", "contact": ["mailto: SSL@FernandoMiguel.net"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Thu 22 Sep 2016 13:52:41 BST] RSA key
[Thu 22 Sep 2016 13:52:42 BST] GET
[Thu 22 Sep 2016 13:52:42 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:52:42 BST] timeout
[Thu 22 Sep 2016 13:52:42 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.tUBFIFoD '
[Thu 22 Sep 2016 13:52:43 BST] ret='0'
[Thu 22 Sep 2016 13:52:43 BST] POST
[Thu 22 Sep 2016 13:52:43 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu 22 Sep 2016 13:52:43 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXXX"}'
[Thu 22 Sep 2016 13:52:43 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.8fADt6I1 '
[Thu 22 Sep 2016 13:52:44 BST] _ret='0'
[Thu 22 Sep 2016 13:52:44 BST] original='{
  "type": "urn:acme:error:malformed",
  "detail": "Registration key is already in use",
  "status": 409
}'
[Thu 22 Sep 2016 13:52:44 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:52:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 409 Conflict
Server: nginx
Content-Type: application/problem+json
Content-Length: 107
Boulder-Request-Id: Mle4VXXX
Boulder-Requester: 340385
Location: https://acme-staging.api.letsencrypt.org/acme/reg/340385
Replay-Nonce: XXXX
Expires: Thu, 22 Sep 2016 12:52:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:52:44 GMT
Connection: close
'
[Thu 22 Sep 2016 13:52:44 BST] response='{"type":"urn:acme:error:malformed","detail":"Registration key is already in use","status": 409}'
[Thu 22 Sep 2016 13:52:44 BST] code='409'
[Thu 22 Sep 2016 13:52:44 BST] Already registered
[Thu 22 Sep 2016 13:52:44 BST] 18:ACCOUNT_KEY_HASH="XXXX="
[Thu 22 Sep 2016 13:52:44 BST] Read key length:ec-256
[Thu 22 Sep 2016 13:52:44 BST] Creating domain key
[Thu 22 Sep 2016 13:52:44 BST] Use length 256
[Thu 22 Sep 2016 13:52:44 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 13:52:44 BST] _createcsr
[Thu 22 Sep 2016 13:52:44 BST] domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] domainlist
[Thu 22 Sep 2016 13:52:44 BST] csrkey='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.key'
[Thu 22 Sep 2016 13:52:44 BST] csr='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.csr'
[Thu 22 Sep 2016 13:52:44 BST] csrconf='/Users/Fernando/.acme.sh/acmesh2565.imperialus.house_ecc/acmesh2565.imperialus.house.csr.conf'
[Thu 22 Sep 2016 13:52:44 BST] Single domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 13:52:44 BST] Verify each domain
[Thu 22 Sep 2016 13:52:44 BST] Getting webroot for domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] _w='dns_cf'
[Thu 22 Sep 2016 13:52:44 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 13:52:44 BST] Getting token for domain='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:44 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 13:52:44 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmesh2565.imperialus.house"}}'
[Thu 22 Sep 2016 13:52:44 BST] RSA key
[Thu 22 Sep 2016 13:52:46 BST] GET
[Thu 22 Sep 2016 13:52:46 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:52:46 BST] timeout
[Thu 22 Sep 2016 13:52:46 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.UBCpiWgT '
[Thu 22 Sep 2016 13:52:47 BST] ret='0'
[Thu 22 Sep 2016 13:52:47 BST] POST
[Thu 22 Sep 2016 13:52:47 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 13:52:47 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "XXX"}'
[Thu 22 Sep 2016 13:52:47 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.HxhW0X3Y '
[Thu 22 Sep 2016 13:52:48 BST] _ret='0'
[Thu 22 Sep 2016 13:52:48 BST] original='{
  "identifier": {
    "type": "dns",
    "value": "acmesh2565.imperialus.house"
  },
  "status": "pending",
  "expires": "2016-09-29T12:52:47.934326806Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX",
      "token": "XXXX"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX",
      "token": "XXX"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/IK_e3RGFc7XXX",
      "token": "tJn4RXXX"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      2
    ],
    [
      1
    ]
  ]
}'
[Thu 22 Sep 2016 13:52:48 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:52:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1021
Boulder-Request-Id: XXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/XXXX
Replay-Nonce: _FM5YZXXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 12:52:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:52:48 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 13:52:48 BST] response='{"identifier":{"type":"dns","value":"acmesh2565.imperialus.house"},"status":"pending","expires":"2016-09-29T12:52:47.934326806Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX","token":"XXXX"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993884","token":"tJn4RmXXX"}],"combinations":[[0],[2],[1]]}'
[Thu 22 Sep 2016 13:52:48 BST] code='201'
[Thu 22 Sep 2016 13:52:48 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX"'
[Thu 22 Sep 2016 13:52:48 BST] token='-MLCOWF6kXXX'
[Thu 22 Sep 2016 13:52:48 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:52:48 BST] keyauthorization='-MLCXXX'
[Thu 22 Sep 2016 13:52:48 BST] dvlist='acmesh2565.imperialus.house#-MLCOWXXXX#https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883#dns-01#dns_cf'
[Thu 22 Sep 2016 13:52:48 BST] txtdomain='_acme-challenge.acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:48 BST] txt='XXXX'
[Thu 22 Sep 2016 13:52:48 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 13:52:48 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 13:52:48 BST] 28:CF_Key="XXXX"
[Thu 22 Sep 2016 13:52:48 BST] 30:CF_Email="XXXX"
[Thu 22 Sep 2016 13:52:48 BST] First detect the root zone
[Thu 22 Sep 2016 13:52:48 BST] zones?name=acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:52:48 BST] GET
[Thu 22 Sep 2016 13:52:48 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:48 BST] timeout
[Thu 22 Sep 2016 13:52:48 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.vBbJkPvN '
[Thu 22 Sep 2016 13:52:48 BST] ret='0'
[Thu 22 Sep 2016 13:52:48 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:48 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 13:52:49 BST] GET
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] timeout
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.erxtJZKg '
[Thu 22 Sep 2016 13:52:49 BST] ret='0'
[Thu 22 Sep 2016 13:52:49 BST] response='{"result":[{"id":"XXXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T12:50:45.268289Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXX","email":"XXXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"XXX","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:49 BST] _domain_id='XXXX'
[Thu 22 Sep 2016 13:52:49 BST] _sub_domain='_acme-challenge.acmesh2565'
[Thu 22 Sep 2016 13:52:49 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] Getting txt records
[Thu 22 Sep 2016 13:52:49 BST] zones/XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:52:49 BST] GET
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones/XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:52:49 BST] timeout
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.tilQpVoO '
[Thu 22 Sep 2016 13:52:49 BST] ret='0'
[Thu 22 Sep 2016 13:52:49 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:49 BST] count='0'
[Thu 22 Sep 2016 13:52:49 BST] Adding record
[Thu 22 Sep 2016 13:52:49 BST] zones/XXXX/dns_records
[Thu 22 Sep 2016 13:52:49 BST] data='{"type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","ttl":120}'
[Thu 22 Sep 2016 13:52:49 BST] POST
[Thu 22 Sep 2016 13:52:49 BST] url='https://api.cloudflare.com/client/v4/zones/XXXX/dns_records'
[Thu 22 Sep 2016 13:52:49 BST] body='{"type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","ttl":120}'
[Thu 22 Sep 2016 13:52:49 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.vbJsjUvv '
[Thu 22 Sep 2016 13:52:50 BST] _ret='0'
[Thu 22 Sep 2016 13:52:50 BST] response='{"result":{"id":"XXXX","type":"TXT","name":"_acme-challenge.acmesh2565.imperialus.house","content":"XXXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"XXXX","zone_name":"imperialus.house","modified_on":"2016-09-22T12:52:50.187501Z","created_on":"2016-09-22T12:52:50.187501Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 13:52:50 BST] Added, sleeping 10 seconds
[Thu 22 Sep 2016 13:53:00 BST] Sleep 10 seconds for the txt records to take effect
[Thu 22 Sep 2016 13:53:10 BST] ok, let's start to verify
[Thu 22 Sep 2016 13:53:10 BST] Verifying:acmesh2565.imperialus.house
[Thu 22 Sep 2016 13:53:10 BST] d='acmesh2565.imperialus.house'
[Thu 22 Sep 2016 13:53:10 BST] keyauthorization='-MLCOWXXXX'
[Thu 22 Sep 2016 13:53:10 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:10 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 13:53:10 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:10 BST] payload='{"resource": "challenge", "keyAuthorization": "-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:10 BST] RSA key
[Thu 22 Sep 2016 13:53:12 BST] GET
[Thu 22 Sep 2016 13:53:12 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 13:53:12 BST] timeout
[Thu 22 Sep 2016 13:53:12 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.nmsSlYiH '
[Thu 22 Sep 2016 13:53:12 BST] ret='0'
[Thu 22 Sep 2016 13:53:12 BST] POST
[Thu 22 Sep 2016 13:53:12 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:12 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-XXXX"}}, "protected": "XXX", "payload": "XXX", "signature": "XXX-ZC"}'
[Thu 22 Sep 2016 13:53:12 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.v04YMPvs '
[Thu 22 Sep 2016 13:53:13 BST] _ret='0'
[Thu 22 Sep 2016 13:53:13 BST] original='{
  "type": "dns-01",
  "status": "pending",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883",
  "token": "-XXXX",
  "keyAuthorization": "-MLCOWXXXX"
}'
[Thu 22 Sep 2016 13:53:13 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 12:53:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Boulder-Request-Id: XXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/XXXX>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883
Replay-Nonce: XXXX
Expires: Thu, 22 Sep 2016 12:53:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 12:53:13 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 13:53:13 BST] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX","keyAuthorization":"-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:13 BST] code='202'
[Thu 22 Sep 2016 13:53:13 BST] sleep 5 secs to verify
[Thu 22 Sep 2016 13:53:18 BST] checking
[Thu 22 Sep 2016 13:53:18 BST] GET
[Thu 22 Sep 2016 13:53:18 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883'
[Thu 22 Sep 2016 13:53:18 BST] timeout
[Thu 22 Sep 2016 13:53:18 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/XXXX/T/tmp.PnYcF233 '
[Thu 22 Sep 2016 13:53:19 BST] ret='0'
[Thu 22 Sep 2016 13:53:19 BST] original='{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Correct value not found for DNS challenge",
    "status": 403
  },
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883",
  "token": "-XXXX",
  "keyAuthorization": "-MLCOWXXXX"
}'
[Thu 22 Sep 2016 13:53:19 BST] response='{"type":"dns-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Correct value not found for DNS challenge","status": 403},"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/XXXX/14993883","token":"-XXXX","keyAuthorization":"-MLCOWXXXX"}'
[Thu 22 Sep 2016 13:53:19 BST] error='"error":{"type":"urn:acme:error:unauthorized","detail":"Correct value not found for DNS challenge","status": 403}'
[Thu 22 Sep 2016 13:53:19 BST] errordetail='Correct value not found for DNS challenge'
[Thu 22 Sep 2016 13:53:19 BST] acmesh2565.imperialus.house:Verify error:Correct value not found for DNS challenge
[Thu 22 Sep 2016 13:53:19 BST] Skip for removelevel:
[Thu 22 Sep 2016 13:53:19 BST] pid

@Neilpang
Copy link
Member

Neilpang commented Sep 22, 2016
edited
Loading

@FernandoMiguel
Can you please log in to your cloudflare account to see if the txt record is added successfully?

_acme-challenge.acmesh2565.imperialus.house

@FernandoMiguel
Copy link

$ alias acme.sh="/Users/Fernando/.acme.sh/acme.sh"
$ acme.sh --staging --issue -d acmesh2566.imperialus.house --dns dns_cf --keylength ec-256
[Thu 22 Sep 2016 14:27:30 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 14:27:31 BST] Skip register account key
[Thu 22 Sep 2016 14:27:31 BST] Creating domain key
[Thu 22 Sep 2016 14:27:31 BST] Single domain='acmesh2566.imperialus.house'
[Thu 22 Sep 2016 14:27:31 BST] Verify each domain
[Thu 22 Sep 2016 14:27:31 BST] Getting webroot for domain='acmesh2566.imperialus.house'
[Thu 22 Sep 2016 14:27:31 BST] Getting token for domain='acmesh2566.imperialus.house'
[Thu 22 Sep 2016 14:27:34 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 14:27:37 BST] Adding record
[Thu 22 Sep 2016 14:27:38 BST] Added, sleeping 10 seconds
[Thu 22 Sep 2016 14:27:48 BST] Sleep 10 seconds for the txt records to take effect
[Thu 22 Sep 2016 14:27:58 BST] Verifying:acmesh2566.imperialus.house
[Thu 22 Sep 2016 14:28:07 BST] Success
[Thu 22 Sep 2016 14:28:07 BST] Verify finished, start to sign.
[Thu 22 Sep 2016 14:28:10 BST] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"

screenshot 2016-09-22 14 27 55

@Neilpang
Copy link
Member

@FernandoMiguel

--debug 2

@FernandoMiguel
Copy link

FernandoMiguel commented Sep 22, 2016
edited by Neilpang
Loading 

$ dig TXT _acme-challenge.acmesh2567.imperialus.house +short
"zpBADYWquyZfXXXX"

$ acme.sh --staging --issue -d acmesh2567.imperialus.house --dns dns_cf --keylength ec-256  --debug 2
[Thu 22 Sep 2016 19:30:22 BST] Lets guess script dir.
[Thu 22 Sep 2016 19:30:22 BST] _SCRIPT_='/Users/Fernando/.acme.sh/acme.sh'
[Thu 22 Sep 2016 19:30:22 BST] _script
[Thu 22 Sep 2016 19:30:22 BST] _script_home='.'
[Thu 22 Sep 2016 19:30:22 BST] It seems that acme.sh is already installed in /Users/Fernando/.acme.sh
[Thu 22 Sep 2016 19:30:22 BST] 20:USER_AGENT=""
[Thu 22 Sep 2016 19:30:22 BST] 6:ACCOUNT_EMAIL="XXXX"
https://github.com/Neilpang/acme.sh
v2.5.5
[Thu 22 Sep 2016 19:30:22 BST] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu 22 Sep 2016 19:30:22 BST] DOMAIN_PATH='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc'
[Thu 22 Sep 2016 19:30:22 BST] 1:Le_Domain="acmesh2567.imperialus.house"
[Thu 22 Sep 2016 19:30:22 BST] 2:Le_Alt="no"
[Thu 22 Sep 2016 19:30:22 BST] 3:Le_Webroot="dns_cf"
[Thu 22 Sep 2016 19:30:22 BST] 4:Le_PreHook=""
[Thu 22 Sep 2016 19:30:22 BST] 5:Le_PostHook=""
[Thu 22 Sep 2016 19:30:22 BST] 6:Le_RenewHook=""
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'no'
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'tls'
[Thu 22 Sep 2016 19:30:22 BST] 'dns_cf' does not contain 'apache'
[Thu 22 Sep 2016 19:30:22 BST] RSA key
[Thu 22 Sep 2016 19:30:24 BST] Skip register account key
[Thu 22 Sep 2016 19:30:24 BST] Read key length:ec-256
[Thu 22 Sep 2016 19:30:24 BST] Creating domain key
[Thu 22 Sep 2016 19:30:24 BST] Use length 256
[Thu 22 Sep 2016 19:30:24 BST] Using ec name: prime256v1
[Thu 22 Sep 2016 19:30:24 BST] _createcsr
[Thu 22 Sep 2016 19:30:24 BST] domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] domainlist
[Thu 22 Sep 2016 19:30:24 BST] csrkey='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.key'
[Thu 22 Sep 2016 19:30:24 BST] csr='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.csr'
[Thu 22 Sep 2016 19:30:24 BST] csrconf='/Users/Fernando/.acme.sh/acmesh2567.imperialus.house_ecc/acmesh2567.imperialus.house.csr.conf'
[Thu 22 Sep 2016 19:30:24 BST] Single domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] 7:Le_Keylength="ec-256"
[Thu 22 Sep 2016 19:30:24 BST] Verify each domain
[Thu 22 Sep 2016 19:30:24 BST] Getting webroot for domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] _w='dns_cf'
[Thu 22 Sep 2016 19:30:24 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 19:30:24 BST] Getting new-authz for domain='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:24 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 19:30:24 BST] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "acmesh2567.imperialus.house"}}'
[Thu 22 Sep 2016 19:30:24 BST] RSA key
[Thu 22 Sep 2016 19:30:26 BST] GET
[Thu 22 Sep 2016 19:30:26 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:30:26 BST] timeout
[Thu 22 Sep 2016 19:30:26 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.KJQAdPZv '
[Thu 22 Sep 2016 19:30:27 BST] ret='0'
[Thu 22 Sep 2016 19:30:27 BST] POST
[Thu 22 Sep 2016 19:30:27 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu 22 Sep 2016 19:30:27 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB--S---XXXX"}}, "protected": "eyJuXXXX", "payload": "eyJyXXXX", "signature": "FypNZ_XXX"}'
[Thu 22 Sep 2016 19:30:27 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.KNtxJfNd '
[Thu 22 Sep 2016 19:30:28 BST] _ret='0'
[Thu 22 Sep 2016 19:30:28 BST] original='{
  "identifier": {
    "type": "dns",
    "value": "acmesh2567.imperialus.house"
  },
  "status": "pending",
  "expires": "2016-09-29T18:30:28.046026987Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX/15029723",
      "token": "ifzlkDXXXX"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029724",
      "token": "Ym_jLwV_PXXXXX"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029725",
      "token": "ffCxV_jJMpXXXX"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      2
    ],
    [
      1
    ]
  ]
}'
[Thu 22 Sep 2016 19:30:28 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:30:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 1021
Boulder-Request-Id: 8RofDXXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/EblzXXXX
Replay-Nonce: RNK_DEXXXX
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Thu, 22 Sep 2016 18:30:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:30:28 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 19:30:28 BST] response='{"identifier":{"type":"dns","value":"acmesh2567.imperialus.house"},"status":"pending","expires":"2016-09-29T18:30:28.046026987Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029724","token":"Ym_jLwV_PXXXXX"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX15029725","token":"ffCxV_jJMpXXXX"}],"combinations":[[0],[2],[1]]}'
[Thu 22 Sep 2016 19:30:28 BST] code='201'
[Thu 22 Sep 2016 19:30:28 BST] entry='"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX"'
[Thu 22 Sep 2016 19:30:28 BST] token='ifzlkDXXXX'
[Thu 22 Sep 2016 19:30:28 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:30:28 BST] keyauthorization='ifzlkDXXXX.XXXX'
[Thu 22 Sep 2016 19:30:28 BST] dvlist='acmesh2567.imperialus.house#ifzlkDXXXX.XXXXo#https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX#dns-01#dns_cf'
[Thu 22 Sep 2016 19:30:28 BST] txtdomain='_acme-challenge.acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:28 BST] txt='zpBAXXXX'
[Thu 22 Sep 2016 19:30:28 BST] d_api='/Users/Fernando/.acme.sh/dnsapi/dns_cf.sh'
[Thu 22 Sep 2016 19:30:28 BST] Found domain api file: /Users/Fernando/.acme.sh/dnsapi/dns_cf.sh
[Thu 22 Sep 2016 19:30:28 BST] 28:CF_Key="XXX"
[Thu 22 Sep 2016 19:30:28 BST] 30:CF_Email="XXXX"
[Thu 22 Sep 2016 19:30:28 BST] First detect the root zone
[Thu 22 Sep 2016 19:30:28 BST] zones?name=acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:30:28 BST] GET
[Thu 22 Sep 2016 19:30:28 BST] url='https://api.cloudflare.com/client/v4/zones?name=acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:28 BST] timeout
[Thu 22 Sep 2016 19:30:28 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.Ch48xyIP '
[Thu 22 Sep 2016 19:30:30 BST] ret='0'
[Thu 22 Sep 2016 19:30:30 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:30 BST] zones?name=imperialus.house
[Thu 22 Sep 2016 19:30:30 BST] GET
[Thu 22 Sep 2016 19:30:30 BST] url='https://api.cloudflare.com/client/v4/zones?name=imperialus.house'
[Thu 22 Sep 2016 19:30:30 BST] timeout
[Thu 22 Sep 2016 19:30:30 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.BX3sRG0G '
[Thu 22 Sep 2016 19:30:30 BST] ret='0'
[Thu 22 Sep 2016 19:30:30 BST] response='{"result":[{"id":"027XXXX","name":"imperialus.house","status":"active","paused":false,"type":"full","development_mode":0,"name_servers":["dina.ns.cloudflare.com","theo.ns.cloudflare.com"],"original_name_servers":["ns1.dreamhost.com","ns2.dreamhost.com","ns3.dreamhost.com"],"original_registrar":null,"original_dnshost":"dreamhost","modified_on":"2016-09-22T13:29:31.210521Z","created_on":"2016-02-15T21:20:15.215047Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"XXX","email":"XXXX"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:edit","#waf:read","#zone:edit","#zone:read","#zone_settings:edit","#zone_settings:read"],"plan":{"id":"XXXX","name":"Free Website","price":0,"currency":"USD","frequency":"","is_subscribed":true,"can_subscribe":false,"legacy_id":"free","legacy_discount":false,"externally_managed":false}}],"result_info":{"page":1,"per_page":20,"total_pages":1,"count":1,"total_count":1},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:30 BST] _domain_id='027XXXX'
[Thu 22 Sep 2016 19:30:30 BST] _sub_domain='_acme-challenge.acmesh2567'
[Thu 22 Sep 2016 19:30:31 BST] _domain='imperialus.house'
[Thu 22 Sep 2016 19:30:31 BST] Getting txt records
[Thu 22 Sep 2016 19:30:31 BST] zones/027XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:30:31 BST] GET
[Thu 22 Sep 2016 19:30:31 BST] url='https://api.cloudflare.com/client/v4/zones/027XXXX/dns_records?type=TXT&name=_acme-challenge.acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:30:31 BST] timeout
[Thu 22 Sep 2016 19:30:31 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.2urfdcpt '
[Thu 22 Sep 2016 19:30:31 BST] ret='0'
[Thu 22 Sep 2016 19:30:31 BST] response='{"result":[],"result_info":{"page":1,"per_page":20,"total_pages":0,"count":0,"total_count":0},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:31 BST] count='0'
[Thu 22 Sep 2016 19:30:31 BST] Adding record
[Thu 22 Sep 2016 19:30:31 BST] zones/027XXXX/dns_records
[Thu 22 Sep 2016 19:30:31 BST] data='{"type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","ttl":120}'
[Thu 22 Sep 2016 19:30:31 BST] POST
[Thu 22 Sep 2016 19:30:31 BST] url='https://api.cloudflare.com/client/v4/zones/027XXXX/dns_records'
[Thu 22 Sep 2016 19:30:31 BST] body='{"type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","ttl":120}'
[Thu 22 Sep 2016 19:30:31 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.4JT9n0F4 '
[Thu 22 Sep 2016 19:30:32 BST] _ret='0'
[Thu 22 Sep 2016 19:30:32 BST] response='{"result":{"id":"97caXXXX","type":"TXT","name":"_acme-challenge.acmesh2567.imperialus.house","content":"zpBAXXXX","proxiable":false,"proxied":false,"ttl":120,"locked":false,"zone_id":"027XXXX","zone_name":"imperialus.house","modified_on":"2016-09-22T18:30:32.506831Z","created_on":"2016-09-22T18:30:32.506831Z","meta":{"auto_added":false}},"success":true,"errors":[],"messages":[]}'
[Thu 22 Sep 2016 19:30:32 BST] Added, sleeping 10 seconds
[Thu 22 Sep 2016 19:30:42 BST] Sleep 120 seconds for the txt records to take effect
[Thu 22 Sep 2016 19:32:42 BST] ok, let's start to verify
[Thu 22 Sep 2016 19:32:42 BST] Verifying:acmesh2567.imperialus.house
[Thu 22 Sep 2016 19:32:42 BST] d='acmesh2567.imperialus.house'
[Thu 22 Sep 2016 19:32:42 BST] keyauthorization='ifzlkDXXXX.XXXX'
[Thu 22 Sep 2016 19:32:42 BST] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:42 BST] _currentRoot='dns_cf'
[Thu 22 Sep 2016 19:32:42 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:42 BST] payload='{"resource": "challenge", "keyAuthorization": "ifzlkDXXXX.XXXX"}'
[Thu 22 Sep 2016 19:32:42 BST] RSA key
[Thu 22 Sep 2016 19:32:44 BST] GET
[Thu 22 Sep 2016 19:32:44 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:32:44 BST] timeout
[Thu 22 Sep 2016 19:32:44 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.DFxbNy94 '
[Thu 22 Sep 2016 19:32:45 BST] ret='0'
[Thu 22 Sep 2016 19:32:45 BST] POST
[Thu 22 Sep 2016 19:32:45 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX'
[Thu 22 Sep 2016 19:32:45 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-fguXXXX"}}, "protected": "eyJXXXX", "payload": "eyJyXXXX", "signature": "E0SbVXXXXX"}'
[Thu 22 Sep 2016 19:32:45 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.92B4ZoYY '
[Thu 22 Sep 2016 19:32:46 BST] _ret='0'
[Thu 22 Sep 2016 19:32:46 BST] original='{
  "type": "dns-01",
  "status": "pending",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX",
  "token": "ifzlkDXXXX",
  "keyAuthorization": "ifzlkDXXXX.XXXX"
}'
[Thu 22 Sep 2016 19:32:46 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:32:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 337
Boulder-Request-Id: 1LAmYXXXX
Boulder-Requester: 340385
Link: <https://acme-staging.api.letsencrypt.org/acme/authz/EblzXXXX>;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXX
Replay-Nonce: yhXwPXXXX
Expires: Thu, 22 Sep 2016 18:32:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:32:46 GMT
Connection: keep-alive
'
[Thu 22 Sep 2016 19:32:46 BST] response='{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXX","token":"ifzlkDXXXX","keyAuthorization":"XXX.XXXX"}'
[Thu 22 Sep 2016 19:32:46 BST] code='202'
[Thu 22 Sep 2016 19:32:46 BST] sleep 5 secs to verify
[Thu 22 Sep 2016 19:32:51 BST] checking
[Thu 22 Sep 2016 19:32:51 BST] GET
[Thu 22 Sep 2016 19:32:52 BST] url='https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXX'
[Thu 22 Sep 2016 19:32:52 BST] timeout
[Thu 22 Sep 2016 19:32:52 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.ad8Y3WwU '
[Thu 22 Sep 2016 19:32:52 BST] ret='0'
[Thu 22 Sep 2016 19:32:52 BST] original='{
  "type": "dns-01",
  "status": "valid",
  "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX",
  "token": "ifzlkDXXXX",
  "keyAuthorization": "ifzlkDXXXX.XXXX",
  "validationRecord": [
    {
      "hostname": "acmesh2567.imperialus.house",
      "port": "",
      "addressesResolved": null,
      "addressUsed": ""
    }
  ]
}'
[Thu 22 Sep 2016 19:32:52 BST] response='{"type":"dns-01","status":"valid","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/EblzxXXXX","token":"ifzlkDXXXX","keyAuthorization":"ifzlkDXXXX.XXXX","validationRecord":[{"hostname":"acmesh2567.imperialus.house","port":"","addressesResolved": null,"addressUsed":""}]}'
[Thu 22 Sep 2016 19:32:52 BST] Success
[Thu 22 Sep 2016 19:32:52 BST] pid
[Thu 22 Sep 2016 19:32:52 BST] Skip for removelevel:
[Thu 22 Sep 2016 19:32:52 BST] pid
[Thu 22 Sep 2016 19:32:52 BST] Verify finished, start to sign.
[Thu 22 Sep 2016 19:32:52 BST] i='2'
[Thu 22 Sep 2016 19:32:52 BST] j='7'
[Thu 22 Sep 2016 19:32:52 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Thu 22 Sep 2016 19:32:52 BST] payload='{"resource": "new-cert", "csr": "MIH-XXXX"}'
[Thu 22 Sep 2016 19:32:52 BST] RSA key
[Thu 22 Sep 2016 19:32:54 BST] GET
[Thu 22 Sep 2016 19:32:54 BST] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu 22 Sep 2016 19:32:54 BST] timeout
[Thu 22 Sep 2016 19:32:54 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.rV81srQ9 '
[Thu 22 Sep 2016 19:32:55 BST] ret='0'
[Thu 22 Sep 2016 19:32:55 BST] POST
[Thu 22 Sep 2016 19:32:55 BST] url='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Thu 22 Sep 2016 19:32:55 BST] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wB-fguXXXX"}}, "protected": "eyJub25jXXXX", "payload": "eyJyXXXX", "signature": "TkfXXXX"}'
[Thu 22 Sep 2016 19:32:55 BST] _CURL='curl -L --silent --dump-header /Users/Fernando/.acme.sh/http.header  --trace-ascii /var/folders/m9/h_k1XXXX/T/tmp.SXFPfFKr '
[Thu 22 Sep 2016 19:32:56 BST] _ret='0'
[Thu 22 Sep 2016 19:32:56 BST] original='ewogXXXX'
[Thu 22 Sep 2016 19:32:56 BST] responseHeaders='HTTP/1.1 100 Continue
Expires: Thu, 22 Sep 2016 18:32:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 133
Boulder-Request-Id: 8CXXXX
Boulder-Requester: 340385
Replay-Nonce: R5pXXXX
Expires: Thu, 22 Sep 2016 18:32:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 22 Sep 2016 18:32:55 GMT
Connection: close
'
[Thu 22 Sep 2016 19:32:56 BST] response='ewogXXXX'
[Thu 22 Sep 2016 19:32:56 BST] code='400'
[Thu 22 Sep 2016 19:32:56 BST] 8:Le_LinkCert=""
[Thu 22 Sep 2016 19:32:56 BST] Sign failed: "detail":"Error creating new cert :: signature algorithm not supported"
/Users/Fernando/.acme.sh/acme.sh: line 3721: syntax error near unexpected token `fi'
/Users/Fernando/.acme.sh/acme.sh: line 3721: `"$@";fi'

these two lines at the end are new

@Remonli
Copy link
Author

Remonli commented Sep 24, 2016

然而 account key 还是只支持RSA嘛。

@FernandoMiguel
Copy link

@Rememberli i noticed the same.... no idea what's going on

@Neilpang
Copy link
Member

@Rememberli @Rememberli
Yes, because my ECC account signature was not same with boulder.
That's why this issue is still open.

RSA account key seems working good. It's just the account key, not the domain key.

I will fix this later when I have time.

@Neilpang
Copy link
Member

https://tools.ietf.org/html/rfc3278#section-8.2
http://bitcoin.stackexchange.com/questions/2376/ecdsa-r-s-encoding-as-a-signature
http://davidederosa.com/basic-blockchain-programming/elliptic-curve-digital-signatures/

This was referenced Apr 17, 2023
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FernandoMiguel @Neilpang @Remonli