Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Le_OrderFinalize not found - DNS identifier is disallowed #5156

Open
vkrysanov opened this issue May 26, 2024 · 2 comments
Open

Le_OrderFinalize not found - DNS identifier is disallowed #5156

vkrysanov opened this issue May 26, 2024 · 2 comments

Comments

@vkrysanov
Copy link

Successfully upgraded to latest version, still receiving the following error:
Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:rejectedIdentifier","status":400,"detail":"DNS identifier is disallowed

Steps to reproduce

acme.sh --issue --nginx -d img.bookingcar.su -w /var/www/bc --debug 2

Debug log

[Sun May 26 23:34:44 UTC 2024] Lets find script dir.
[Sun May 26 23:34:44 UTC 2024] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun May 26 23:34:44 UTC 2024] _script='/root/.acme.sh/acme.sh'
[Sun May 26 23:34:44 UTC 2024] _script_home='/root/.acme.sh'
[Sun May 26 23:34:44 UTC 2024] Using config home:/root/.acme.sh
[Sun May 26 23:34:44 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Sun May 26 23:34:44 UTC 2024] Running cmd: issue
[Sun May 26 23:34:44 UTC 2024] _main_domain='img.bookingcar.su'
[Sun May 26 23:34:44 UTC 2024] _alt_domains='no'
[Sun May 26 23:34:44 UTC 2024] Using config home:/root/.acme.sh
[Sun May 26 23:34:44 UTC 2024] default_acme_server
[Sun May 26 23:34:44 UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sun May 26 23:34:44 UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Sun May 26 23:34:44 UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Sun May 26 23:34:44 UTC 2024] DOMAIN_PATH='/root/.acme.sh/img.bookingcar.su_ecc'
[Sun May 26 23:34:44 UTC 2024] 'nginx:,/var/www/bc' does not contain 'dns'
[Sun May 26 23:34:44 UTC 2024] Le_NextRenewTime
[Sun May 26 23:34:44 UTC 2024] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Sun May 26 23:34:44 UTC 2024] _init api for server: https://acme.zerossl.com/v2/DV90
[Sun May 26 23:34:44 UTC 2024] GET
[Sun May 26 23:34:44 UTC 2024] url='https://acme.zerossl.com/v2/DV90'
[Sun May 26 23:34:44 UTC 2024] timeout=
[Sun May 26 23:34:44 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.UprlTaBQnK  -g '
[Sun May 26 23:34:45 UTC 2024] ret='0'
[Sun May 26 23:34:45 UTC 2024] response='{
  "newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
  "newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
  "newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
  "revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
  "keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
  "meta": {
    "termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf",
    "website": "https://zerossl.com",
    "caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
    "externalAccountRequired": true
  }
}'
[Sun May 26 23:34:45 UTC 2024] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Sun May 26 23:34:45 UTC 2024] ACME_NEW_AUTHZ
[Sun May 26 23:34:45 UTC 2024] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun May 26 23:34:45 UTC 2024] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Sun May 26 23:34:45 UTC 2024] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Sun May 26 23:34:45 UTC 2024] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf'
[Sun May 26 23:34:45 UTC 2024] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun May 26 23:34:45 UTC 2024] Using CA: https://acme.zerossl.com/v2/DV90
[Sun May 26 23:34:45 UTC 2024] _on_before_issue
[Sun May 26 23:34:45 UTC 2024] _chk_main_domain='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] _chk_alt_domains
[Sun May 26 23:34:45 UTC 2024] 'nginx:,/var/www/bc' does not contain 'no'
[Sun May 26 23:34:45 UTC 2024] Le_LocalAddress
[Sun May 26 23:34:45 UTC 2024] d='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] Check for domain='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] _currentRoot='nginx:'
[Sun May 26 23:34:45 UTC 2024] d
[Sun May 26 23:34:45 UTC 2024] 'nginx:,/var/www/bc' does not contain 'apache'
[Sun May 26 23:34:45 UTC 2024] _saved_account_key_hash='y/dHpCljh7KMWNwtMwKp/Qdz+SEy7yPLGH71/6jSMn8='
[Sun May 26 23:34:45 UTC 2024] _saved_account_key_hash is not changed, skip register account.
[Sun May 26 23:34:45 UTC 2024] Read key length:ec-256
[Sun May 26 23:34:45 UTC 2024] _createcsr
[Sun May 26 23:34:45 UTC 2024] domain='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] domainlist
[Sun May 26 23:34:45 UTC 2024] csrkey='/root/.acme.sh/img.bookingcar.su_ecc/img.bookingcar.su.key'
[Sun May 26 23:34:45 UTC 2024] csr='/root/.acme.sh/img.bookingcar.su_ecc/img.bookingcar.su.csr'
[Sun May 26 23:34:45 UTC 2024] csrconf='/root/.acme.sh/img.bookingcar.su_ecc/img.bookingcar.su.csr.conf'
[Sun May 26 23:34:45 UTC 2024] Single domain='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] seg='img'
[Sun May 26 23:34:45 UTC 2024] _is_idn_d='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] _idn_temp
[Sun May 26 23:34:45 UTC 2024] _is_idn_d='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] _idn_temp
[Sun May 26 23:34:45 UTC 2024] _csr_cn='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] seg='img'
[Sun May 26 23:34:45 UTC 2024] Getting domain auth token for each domain
[Sun May 26 23:34:45 UTC 2024] seg='img'
[Sun May 26 23:34:45 UTC 2024] _is_idn_d='img.bookingcar.su'
[Sun May 26 23:34:45 UTC 2024] _idn_temp
[Sun May 26 23:34:45 UTC 2024] d
[Sun May 26 23:34:45 UTC 2024] _identifiers='{"type":"dns","value":"img.bookingcar.su"}'
[Sun May 26 23:34:45 UTC 2024] _notBefore
[Sun May 26 23:34:45 UTC 2024] _notAfter
[Sun May 26 23:34:45 UTC 2024] STEP 1, Ordering a Certificate
[Sun May 26 23:34:45 UTC 2024] =======Begin Send Signed Request=======
[Sun May 26 23:34:45 UTC 2024] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun May 26 23:34:45 UTC 2024] payload='{"identifiers": [{"type":"dns","value":"img.bookingcar.su"}]}'
[Sun May 26 23:34:45 UTC 2024] EC key
[Sun May 26 23:34:45 UTC 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun May 26 23:34:45 UTC 2024] HEAD
[Sun May 26 23:34:45 UTC 2024] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun May 26 23:34:45 UTC 2024] body
[Sun May 26 23:34:45 UTC 2024] _postContentType='application/jose+json'
[Sun May 26 23:34:45 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.HhgOoyERHU  -g  -I  '
[Sun May 26 23:35:29 UTC 2024] _ret='0'
[Sun May 26 23:35:29 UTC 2024] _headers='HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 May 2024 23:35:29 GMT
Content-Type: application/octet-stream
Connection: keep-alive
Replay-Nonce: PiuX7XN77bJ6jJ0kM0k5NHirmW-y4i-lwvCbCVwtr7Y
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Strict-Transport-Security: max-age=15724800; includeSubDomains
'
[Sun May 26 23:35:29 UTC 2024] _CACHED_NONCE='PiuX7XN77bJ6jJ0kM0k5NHirmW-y4i-lwvCbCVwtr7Y'
[Sun May 26 23:35:29 UTC 2024] nonce='PiuX7XN77bJ6jJ0kM0k5NHirmW-y4i-lwvCbCVwtr7Y'
[Sun May 26 23:35:29 UTC 2024] POST
[Sun May 26 23:35:29 UTC 2024] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun May 26 23:35:29 UTC 2024] body='{"protected": "eyJub25jZSI6ICJQaXVYN1hONzdiSjZqSjBrTTBrNU5IaXJtVy15NGktbHd2Q2JDVnd0cjdZIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9uZXdPcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS56ZXJvc3NsLmNvbS92Mi9EVjkwL2FjY291bnQvTzJ4TnBwaUJJTWE0UU0tX2RCWG9TUSJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImltZy5ib29raW5nY2FyLnN1In1dfQ", "signature": "z_Hykb2f597AW5ecKnD8EoUsnrNs5LljJZt2eGUsu1DCnANlDkpbDywVTD5l1uJQrOJ8SfgVSpqPtn3olpc43w"}'
[Sun May 26 23:35:29 UTC 2024] _postContentType='application/jose+json'
[Sun May 26 23:35:29 UTC 2024] Http already initialized.
[Sun May 26 23:35:29 UTC 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.HhgOoyERHU  -g '
[Sun May 26 23:36:09 UTC 2024] _ret='0'
[Sun May 26 23:36:09 UTC 2024] responseHeaders='HTTP/1.1 400 Bad Request
Server: nginx
Date: Sun, 26 May 2024 23:36:09 GMT
Content-Type: application/problem+json
Content-Length: 129
Connection: keep-alive
Replay-Nonce: crWmTxUcDWRRyAXTd2zAVpKY4RJ0Novkd7udousLTZA
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Strict-Transport-Security: max-age=15724800; includeSubDomains
'
[Sun May 26 23:36:09 UTC 2024] code='400'
[Sun May 26 23:36:09 UTC 2024] original='{"type":"urn:ietf:params:acme:error:rejectedIdentifier","status":400,"detail":"DNS identifier is disallowed [img.bookingcar.su]"}'
[Sun May 26 23:36:09 UTC 2024] response='{"type":"urn:ietf:params:acme:error:rejectedIdentifier","status":400,"detail":"DNS identifier is disallowed [img.bookingcar.su]"}'
[Sun May 26 23:36:09 UTC 2024] Le_LinkOrder
[Sun May 26 23:36:09 UTC 2024] Le_OrderFinalize
[Sun May 26 23:36:09 UTC 2024] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:rejectedIdentifier","status":400,"detail":"DNS identifier is disallowed [img.bookingcar.su]"}
[Sun May 26 23:36:09 UTC 2024] pid
[Sun May 26 23:36:09 UTC 2024] No need to restore nginx, skip.
[Sun May 26 23:36:09 UTC 2024] _clearupdns
[Sun May 26 23:36:09 UTC 2024] dns_entries
[Sun May 26 23:36:09 UTC 2024] skip dns.
[Sun May 26 23:36:09 UTC 2024] _on_issue_err
[Sun May 26 23:36:09 UTC 2024] Please add '--debug' or '--log' to check more details.
[Sun May 26 23:36:09 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun May 26 23:36:09 UTC 2024] _chk_vlist
[Sun May 26 23:36:10 UTC 2024] socat doesn't exist.
[Sun May 26 23:36:10 UTC 2024] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2g  1 Mar 2016
apache:
apache doesn't exist.
nginx:
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
socat:
@github-actions GitHub Actions
Copy link

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

@webprofusion-chrisc
Copy link

Your .su TLD is blocked by the certificate authority (Zero SSL).

It's not currently listed on their site: https://help.zerossl.com/hc/en-us/articles/360060119833-Restricted-Countries

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webprofusion-chrisc @vkrysanov