" The supported validation types are: http-01 , but you specified: dns-01"

[iscodingeasyornot]

Steps to reproduce

Based on the wiki of docker, I make a docker compose yaml

name: acmesh
services:
  acme.sh:
    image: neilpang/acme.sh:latest
    container_name: acme.sh
    network_mode: host
    volumes:
      - ~/acme.sh:/acme.sh
      - ~/certs:/certs
    command: daemon
    tty: true
    stdin_open: true
    restart: unless-stopped

and with docker compose up -d it runs,
but when I do docker exec acme.sh acme.sh --issue --dns dns_cf -d example.com, it outputs this(already done acme.sh --register-account)

[Sun Dec 24 14:10:04 UTC 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Dec 24 14:10:04 UTC 2023] Single domain='example.com'
[Sun Dec 24 14:10:04 UTC 2023] Getting domain auth token for each domain
[Sun Dec 24 14:10:06 UTC 2023] Getting webroot for domain=''example.com'
[Sun Dec 24 14:10:06 UTC 2023] Error, can not get domain token entry example.com for dns-01
[Sun Dec 24 14:10:06 UTC 2023] The supported validation types are: http-01 , but you specified: dns-01
[Sun Dec 24 14:10:06 UTC 2023] Please check log file for more details: /acme.sh/acme.sh.log

The expected output (install to host directly and exec same cmd) should be

[Sun Dec 24 10:25:28 AM EST 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Dec 24 10:25:28 AM EST 2023] Single domain='example.com'
[Sun Dec 24 10:25:29 AM EST 2023] Getting domain auth token for each domain
[Sun Dec 24 10:25:52 AM EST 2023] Getting webroot for domain='example.com'
[Sun Dec 24 10:25:52 AM EST 2023] Error, can not get domain token "type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/5uJNkxRp1k3vx3eQ4SE7Sg","status":"invalid","error":{
[Sun Dec 24 10:25:53 AM EST 2023] Please add '--debug' or '--log' to check more details.
[Sun Dec 24 10:25:53 AM EST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

Debug log

acme.sh  --issue .....   --debug 2
[Sun Dec 24 14:14:04 UTC 2023] Lets find script dir.
[Sun Dec 24 14:14:04 UTC 2023] _SCRIPT_='/usr/local/bin/acme.sh'
[Sun Dec 24 14:14:04 UTC 2023] _script='/root/.acme.sh/acme.sh'
[Sun Dec 24 14:14:04 UTC 2023] _script_home='/root/.acme.sh'
[Sun Dec 24 14:14:04 UTC 2023] Using default home:/root/.acme.sh
[Sun Dec 24 14:14:04 UTC 2023] Using config home:/acme.sh
[Sun Dec 24 14:14:04 UTC 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Sun Dec 24 14:14:04 UTC 2023] Running cmd: issue
[Sun Dec 24 14:14:04 UTC 2023] _main_domain='example.com'
[Sun Dec 24 14:14:04 UTC 2023] _alt_domains='no'
[Sun Dec 24 14:14:04 UTC 2023] Using config home:/acme.sh
[Sun Dec 24 14:14:04 UTC 2023] default_acme_server
[Sun Dec 24 14:14:04 UTC 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sun Dec 24 14:14:04 UTC 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Sun Dec 24 14:14:04 UTC 2023] _ACME_SERVER_PATH='v2/DV90'
[Sun Dec 24 14:14:04 UTC 2023] DOMAIN_PATH='/acme.sh/example.com_ecc'
[Sun Dec 24 14:14:04 UTC 2023] 'dns_cf' does not contain 'dns'
[Sun Dec 24 14:14:04 UTC 2023] Le_NextRenewTime
[Sun Dec 24 14:14:04 UTC 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Sun Dec 24 14:14:04 UTC 2023] _init api for server: https://acme.zerossl.com/v2/DV90
[Sun Dec 24 14:14:04 UTC 2023] GET
[Sun Dec 24 14:14:04 UTC 2023] url='https://acme.zerossl.com/v2/DV90'
[Sun Dec 24 14:14:04 UTC 2023] timeout=
[Sun Dec 24 14:14:04 UTC 2023] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.1y5lDLKPwE  -g '
[Sun Dec 24 14:14:04 UTC 2023] ret='0'
[Sun Dec 24 14:14:04 UTC 2023] response='{
  "newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
  "newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
  "newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
  "revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
  "keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
  "meta": {
    "termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf",
    "website": "https://zerossl.com",
    "caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
    "externalAccountRequired": true
  }
}'
[Sun Dec 24 14:14:04 UTC 2023] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Sun Dec 24 14:14:04 UTC 2023] ACME_NEW_AUTHZ
[Sun Dec 24 14:14:04 UTC 2023] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 24 14:14:04 UTC 2023] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Sun Dec 24 14:14:04 UTC 2023] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Sun Dec 24 14:14:04 UTC 2023] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf'
[Sun Dec 24 14:14:04 UTC 2023] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 24 14:14:04 UTC 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Dec 24 14:14:04 UTC 2023] _on_before_issue
[Sun Dec 24 14:14:04 UTC 2023] _chk_main_domain='example.com'
[Sun Dec 24 14:14:04 UTC 2023] _chk_alt_domains
[Sun Dec 24 14:14:04 UTC 2023] 'dns_cf' does not contain 'no'
[Sun Dec 24 14:14:04 UTC 2023] Le_LocalAddress
[Sun Dec 24 14:14:04 UTC 2023] d='example.com'
[Sun Dec 24 14:14:04 UTC 2023] Check for domain='example.com'
[Sun Dec 24 14:14:04 UTC 2023] _currentRoot='dns_cf'
[Sun Dec 24 14:14:04 UTC 2023] d
[Sun Dec 24 14:14:04 UTC 2023] 'dns_cf' does not contain 'apache'
[Sun Dec 24 14:14:04 UTC 2023] _saved_account_key_hash='oAkzzyKhIpD07QJtFNvwZfTRITbdqOjRT0736NTJeUc='
[Sun Dec 24 14:14:04 UTC 2023] _saved_account_key_hash is not changed, skip register account.
[Sun Dec 24 14:14:04 UTC 2023] Read key length:ec-256
[Sun Dec 24 14:14:04 UTC 2023] _createcsr
[Sun Dec 24 14:14:04 UTC 2023] domain='example.com'
[Sun Dec 24 14:14:04 UTC 2023] domainlist
[Sun Dec 24 14:14:04 UTC 2023] csrkey='/acme.sh/example.com_ecc/example.com.key'
[Sun Dec 24 14:14:04 UTC 2023] csr='/acme.sh/example.com_ecc/example.com.csr'
[Sun Dec 24 14:14:04 UTC 2023] csrconf='/acme.sh/example.com_ecc/example.com.csr.conf'
[Sun Dec 24 14:14:04 UTC 2023] Single domain='example.com'
[Sun Dec 24 14:14:04 UTC 2023] seg='d'
[Sun Dec 24 14:14:04 UTC 2023] _is_idn_d='example.com'
[Sun Dec 24 14:14:04 UTC 2023] _idn_temp
[Sun Dec 24 14:14:04 UTC 2023] _is_idn_d='example.com'
[Sun Dec 24 14:14:04 UTC 2023] _idn_temp
[Sun Dec 24 14:14:04 UTC 2023] _csr_cn='example.com'
[Sun Dec 24 14:14:04 UTC 2023] seg='d'
[Sun Dec 24 14:14:04 UTC 2023] Getting domain auth token for each domain
[Sun Dec 24 14:14:04 UTC 2023] seg='d'
[Sun Dec 24 14:14:04 UTC 2023] _is_idn_d='example.com'
[Sun Dec 24 14:14:04 UTC 2023] _idn_temp
[Sun Dec 24 14:14:04 UTC 2023] d
[Sun Dec 24 14:14:04 UTC 2023] _identifiers='{"type":"dns","value":"example.com"}'
[Sun Dec 24 14:14:04 UTC 2023] _notBefore
[Sun Dec 24 14:14:04 UTC 2023] _notAfter
[Sun Dec 24 14:14:04 UTC 2023] =======Begin Send Signed Request=======
[Sun Dec 24 14:14:04 UTC 2023] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 24 14:14:04 UTC 2023] payload='{"identifiers": [{"type":"dns","value":"example.com"}]}'
[Sun Dec 24 14:14:04 UTC 2023] EC key
[Sun Dec 24 14:14:04 UTC 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 24 14:14:04 UTC 2023] HEAD
[Sun Dec 24 14:14:04 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 24 14:14:05 UTC 2023] body
[Sun Dec 24 14:14:05 UTC 2023] _postContentType='application/jose+json'
[Sun Dec 24 14:14:05 UTC 2023] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.Kz5GFSUOse  -g  -I  '
[Sun Dec 24 14:14:05 UTC 2023] _ret='0'
[Sun Dec 24 14:14:05 UTC 2023] _headers='HTTP/2 200 
server: nginx
date: Sun, 24 Dec 2023 14:14:05 GMT
content-type: application/octet-stream
replay-nonce: _5L0BfhPt-05xQXRyAD32Y5tw9gCEVQ87qcnFnpQjvk
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 24 14:14:05 UTC 2023] _CACHED_NONCE='_5L0BfhPt-05xQXRyAD32Y5tw9gCEVQ87qcnFnpQjvk'
[Sun Dec 24 14:14:05 UTC 2023] nonce='_5L0BfhPt-05xQXRyAD32Y5tw9gCEVQ87qcnFnpQjvk'
[Sun Dec 24 14:14:05 UTC 2023] POST
[Sun Dec 24 14:14:05 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 24 14:14:05 UTC 2023] body='{"protected": "eyJub25jZSI6ICJfNUwwQmZoUHQtMDV4UVhSeUFEMzJZNXR3OWdDRVZRODdxY25GbnBRanZrIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9uZXdPcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS56ZXJvc3NsLmNvbS92Mi9EVjkwL2FjY291bnQvak1UeTNxaTA5T21VdWxWSGxXUm81QSJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImQucnQuZGdlci54eXoifV19", "signature": "krOucvM-HDbVktS0oxFWZidSIP0TKm7wsHfib5Qa4f-v1wGYd0eKf0PR7cGi4tcgagIBEg9CbqCnZ9fLZ_1N8A"}'
[Sun Dec 24 14:14:05 UTC 2023] _postContentType='application/jose+json'
[Sun Dec 24 14:14:05 UTC 2023] Http already initialized.
[Sun Dec 24 14:14:05 UTC 2023] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.Kz5GFSUOse  -g '
[Sun Dec 24 14:14:06 UTC 2023] _ret='0'
[Sun Dec 24 14:14:06 UTC 2023] responseHeaders='HTTP/2 201 
server: nginx
date: Sun, 24 Dec 2023 14:14:06 GMT
content-type: application/json
content-length: 275
replay-nonce: o73KEjfFKGWn6um8gwQ-A3Rd-WkjVRAB-uBPCv_qdzo
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
location: https://acme.zerossl.com/v2/DV90/order/zCYTr7NVVQ4edyH0NkrHVw
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 24 14:14:06 UTC 2023] code='201'
[Sun Dec 24 14:14:06 UTC 2023] original='{"status":"pending","expires":"2024-03-23T09:14:39Z","identifiers":[{"type":"dns","value":"example.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w"],"finalize":"https://acme.zerossl.com/v2/DV90/order/zCYTr7NVVQ4edyH0NkrHVw/finalize"}'
[Sun Dec 24 14:14:06 UTC 2023] response='{"status":"pending","expires":"2024-03-23T09:14:39Z","identifiers":[{"type":"dns","value":"example.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w"],"finalize":"https://acme.zerossl.com/v2/DV90/order/zCYTr7NVVQ4edyH0NkrHVw/finalize"}'
[Sun Dec 24 14:14:06 UTC 2023] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/zCYTr7NVVQ4edyH0NkrHVw'
[Sun Dec 24 14:14:06 UTC 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/zCYTr7NVVQ4edyH0NkrHVw/finalize'
[Sun Dec 24 14:14:06 UTC 2023] _authorizations_seg='https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w'
[Sun Dec 24 14:14:06 UTC 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w'
[Sun Dec 24 14:14:06 UTC 2023] =======Begin Send Signed Request=======
[Sun Dec 24 14:14:06 UTC 2023] url='https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w'
[Sun Dec 24 14:14:06 UTC 2023] payload
[Sun Dec 24 14:14:06 UTC 2023] Use cached jwk for file: /acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sun Dec 24 14:14:06 UTC 2023] Use _CACHED_NONCE='o73KEjfFKGWn6um8gwQ-A3Rd-WkjVRAB-uBPCv_qdzo'
[Sun Dec 24 14:14:06 UTC 2023] nonce='o73KEjfFKGWn6um8gwQ-A3Rd-WkjVRAB-uBPCv_qdzo'
[Sun Dec 24 14:14:06 UTC 2023] POST
[Sun Dec 24 14:14:06 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w'
[Sun Dec 24 14:14:06 UTC 2023] body='{"protected": "eyJub25jZSI6ICJvNzNLRWpmRktHV242dW04Z3dRLUEzUmQtV2tqVlJBQi11QlBDdl9xZHpvIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9sYTNyUDRaOVNLMjhRN0hkcDV2MzF3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9qTVR5M3FpMDlPbVV1bFZIbFdSbzVBIn0", "payload": "", "signature": "YhP-YDsrmlJ7RjqluCIqNnHqezvqKwUcBCeJMEyppWoKYT8bHsNIRkktQrRFoxzlv09IwZe5pi6JJN-qCVvljg"}'
[Sun Dec 24 14:14:06 UTC 2023] _postContentType='application/jose+json'
[Sun Dec 24 14:14:06 UTC 2023] Http already initialized.
[Sun Dec 24 14:14:06 UTC 2023] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.Kz5GFSUOse  -g '
[Sun Dec 24 14:14:07 UTC 2023] _ret='0'
[Sun Dec 24 14:14:07 UTC 2023] responseHeaders='HTTP/2 200 
server: nginx
date: Sun, 24 Dec 2023 14:14:07 GMT
content-type: application/json
content-length: 293
replay-nonce: 5TLchioRdAhrHUVK-q-IIXfkUB-8GBZxDa6r-nkFBwo
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 24 14:14:07 UTC 2023] code='200'
[Sun Dec 24 14:14:07 UTC 2023] original='{"identifier":{"type":"dns","value":"example.com"},"status":"invalid","expires":"2024-01-23T09:14:38Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/uJKgFi7RB2pdAalPkjpBBQ","status":"invalid","error":{},"token":"Ix6USYloK_WAr1MS507q39Z7gFUU7haBX-n04-P0KcY"}]}'
[Sun Dec 24 14:14:07 UTC 2023] response='{"identifier":{"type":"dns","value":"example.com"},"status":"invalid","expires":"2024-01-23T09:14:38Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/uJKgFi7RB2pdAalPkjpBBQ","status":"invalid","error":{},"token":"Ix6USYloK_WAr1MS507q39Z7gFUU7haBX-n04-P0KcY"}]}'
[Sun Dec 24 14:14:07 UTC 2023] response='{"identifier":{"type":"dns","value":"example.com"},"status":"invalid","expires":"2024-01-23T09:14:38Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/uJKgFi7RB2pdAalPkjpBBQ","status":"invalid","error":{},"token":"Ix6USYloK_WAr1MS507q39Z7gFUU7haBX-n04-P0KcY"}]}'
[Sun Dec 24 14:14:07 UTC 2023] _d='example.com'
[Sun Dec 24 14:14:07 UTC 2023] _authorizations_map='example.com,{"identifier":{"type":"dns","value":"example.com"},"status":"invalid","expires":"2024-01-23T09:14:38Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/uJKgFi7RB2pdAalPkjpBBQ","status":"invalid","error":{},"token":"Ix6USYloK_WAr1MS507q39Z7gFUU7haBX-n04-P0KcY"}]}#https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w
'
[Sun Dec 24 14:14:07 UTC 2023] d='example.com'
[Sun Dec 24 14:14:07 UTC 2023] Getting webroot for domain='example.com'
[Sun Dec 24 14:14:07 UTC 2023] _w='dns_cf'
[Sun Dec 24 14:14:07 UTC 2023] _currentRoot='dns_cf'
[Sun Dec 24 14:14:07 UTC 2023] _is_idn_d='example.com'
[Sun Dec 24 14:14:07 UTC 2023] _idn_temp
[Sun Dec 24 14:14:07 UTC 2023] _candidates='example.com,{"identifier":{"type":"dns","value":"example.com"},"status":"invalid","expires":"2024-01-23T09:14:38Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/uJKgFi7RB2pdAalPkjpBBQ","status":"invalid","error":{},"token":"Ix6USYloK_WAr1MS507q39Z7gFUU7haBX-n04-P0KcY"}]}#https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w'
[Sun Dec 24 14:14:07 UTC 2023] response='{"identifier":{"type":"dns","value":"example.com"},"status":"invalid","expires":"2024-01-23T09:14:38Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/uJKgFi7RB2pdAalPkjpBBQ","status":"invalid","error":{},"token":"Ix6USYloK_WAr1MS507q39Z7gFUU7haBX-n04-P0KcY"}]}#https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w'
[Sun Dec 24 14:14:07 UTC 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/la3rP4Z9SK28Q7Hdp5v31w'
[Sun Dec 24 14:14:07 UTC 2023] entry
[Sun Dec 24 14:14:07 UTC 2023] Error, can not get domain token entry example.com for dns-01
[Sun Dec 24 14:14:07 UTC 2023] The supported validation types are: http-01 , but you specified: dns-01
[Sun Dec 24 14:14:07 UTC 2023] pid
[Sun Dec 24 14:14:07 UTC 2023] No need to restore nginx, skip.
[Sun Dec 24 14:14:07 UTC 2023] _clearupdns
[Sun Dec 24 14:14:07 UTC 2023] dns_entries
[Sun Dec 24 14:14:07 UTC 2023] skip dns.
[Sun Dec 24 14:14:07 UTC 2023] _on_issue_err
[Sun Dec 24 14:14:07 UTC 2023] Please check log file for more details: /acme.sh/acme.sh.log
[Sun Dec 24 14:14:07 UTC 2023] _chk_vlist
[Sun Dec 24 14:14:07 UTC 2023] Diagnosis versions: 
openssl:openssl
OpenSSL 3.0.12 24 Oct 2023 (Library: OpenSSL 3.0.12 24 Oct 2023)
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.4 on 31 Oct 2022 04:42:14
   running on Linux version #1 SMP PREEMPT_DYNAMIC Debian 6.1.67-1 (2023-12-12), release 6.1.0-16-amd64, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_VSOCK 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #define WITH_READLINE 1
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #undef WITH_LIBWRAP
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/

[iscodingeasyornot]

already done acme.sh --upgrade
Change CA to letsencrypt solves this, i don't know if it's zerossl's problem.

[heyangfan]

I encountered the same issue and resolved it by switching to LetsEncrypt.

[track0x1]

Came here to say the same. Changed to letsencrypt solved the issue. Something's up with Zerossl

[Leon406]

change server to letsencrypt

https://github.com/acmesh-official/acme.sh/wiki/Server

[leeing]

https://github.com/acmesh-official/acme.sh/wiki/Server

me too.

[picklefan]

Same with me, but my subdomain was doing ok with ZoreSSL while main domain wasn't.
LetsEncrypt can issue both subdomain and main domain as well as my other main domains but not this certain one, so I was thinking my main domain get blocked by ZSSL somehow.
To be specific, my *.bbb.com and *ppp.com were issued success with ZeroSSL, but only LetsEncrypt can issue bbb.com.

log

> acme.sh --issue -d icansleepall.day --dns dns_cf --debug
[Sun 31 Dec 2023 01:32:22 AM EST] Using CA: https://acme.zerossl.com/v2/DV90
[Sun 31 Dec 2023 01:32:22 AM EST] Single domain='icansleepall.day'
[Sun 31 Dec 2023 01:32:22 AM EST] Getting domain auth token for each domain
[Sun 31 Dec 2023 01:32:25 AM EST] Getting webroot for domain='icansleepall.day'
[Sun 31 Dec 2023 01:32:25 AM EST] Error, can not get domain token "type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/a6UJNK58_h5IJK7bLBK5KQ","status":"invalid","error":{
[Sun 31 Dec 2023 01:32:25 AM EST] Please add '--debug' or '--log' to check more details.
[Sun 31 Dec 2023 01:32:25 AM EST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun 31 Dec 2023 01:32:25 AM EST] The domain 'icansleepall.day' seems to have a ECC cert already, lets use ecc cert.
[Sun 31 Dec 2023 01:32:25 AM EST] Installing key to: /web/cert/icansleepall.day/key.pem
[Sun 31 Dec 2023 01:32:25 AM EST] Installing full chain to: /web/cert/icansleepall.day/cert.pem
[Sun 31 Dec 2023 01:32:25 AM EST] Run reload cmd: sudo service nginx force-reload
[Sun 31 Dec 2023 01:32:25 AM EST] Reload success

[shooding]

Problem solved
acme.sh --set-default-ca --server letsencrypt

[Kyrluckechuck]

Just to chime in to folks who are looking to not completely delete and issue the certs anew, you appear to be able to modify the existing cert to reissue in-place.

I followed these steps:

• Navigate to the cert config file, in my case it was (close) to /root/.acme.sh/some-domain.com/some-domain.com.conf
• Within the file, change Le_API from https://acme.zerossl.com/v2/DV90 to https://acme-v02.api.letsencrypt.org/directory
• Also delete Le_OrderFinalize, Le_LinkOrder, and Le_LinkCert (completely remove the rows)
• Save any changes and re-run your renewal command (in my case "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh")
• Copy your certs to their target locations, if necessary (if you're not reading them directly from where they are output), and reload any servers relying on them such as nginx
• Validate the cert being utilized by your proxy (or other software) was issued by LetsEncrypt instead of the previously issued ZeroSSL, and you should be set!

Take this with a grain of salt, but I had it work on two separate certs which were both combo primary & wildcard domain certs (.uk & .com). Theoretically this should also work the other way or to another provider, but I was doing this to mitigate ZeroSSL not issuing renewals.

[zhangbinhui]

Problem solved acme.sh --set-default-ca --server letsencrypt

thks，it work

[tschumann]

I had a similar issue with two .net domains, but a .com domain did not.
I was able to renew the certificates for the .net domains by running acme.sh --set-default-ca --server letsencrypt first.

[saz-dmuk]

Is there a fix for this? I need to use ZeroSSL

[Neilpang]

@saz-dmuk It's a temp error from zerossl server end. you can just try again later.

[jellyqwq]

Problem solved acme.sh --set-default-ca --server letsencrypt

Thanks, it is available.

[Jarvan-via]

HTTP challenge doesn't support wildcards ，too bad