Enable EAB for ACME CA Handler

[invis-z]

Is it possible to add EAB profiling to the ACME CA handler?

Personally I am using a self hosted Smallstep CA in my LAN and I wish to use this project in front of it to add EAB support. Apart from my use case, this should also be handy to be able to use different CAs based on the EAB profile. For example, key_01 to Let's Encrypt with only domain1.com allowed and key_02 to ZeroSSL for the rest.

Thanks for the amazing project!

[webprofusion-chrisc]

Slightly off topic but does self-hosted smallstep not already have EAB? https://smallstep.com/blog/acme-eab-overview/

[invis-z]

Slightly off topic but does self-hosted smallstep not already have EAB? https://smallstep.com/blog/acme-eab-overview/

No, they paywalled it.

Edit: They had a comment in issue 897 in smallstep/certificates (didn't paste link so that github won't reference & link)

[grindsa]

I pushed an updated handler into the devel branch. Test-workflows are not updated yet but feel free to give it a try.

I also included some configuration instructions hoping they would be helpful to you.

[grindsa]

hi again, unfortunately the profiling feature did not work as expected due to some variable names. Fix is included in 78e1e0a. Please use the updated handler and try again

[invis-z]

Thanks for the ultra fast turnaround! I tested the latest devel branch and the CA handler is working for new issuances. However, when I tried to run the same issue command using acme.sh with --force, it returns 500 with "enrollment failed". I don't know if the issue is on my smallstep setup or here or acme.sh command.

Here smallstep (upstream CA) is on port 8443 and acme2certifier is on 9443 and 80, acme.sh with port 443 and using tls-alpn challenge

log:

starting acme2certifier version 0.34
Helper.config_check()
_config_load()
error_dict_get()
Housekeeping._config_load()
Housekeeping.dbversion_check(0.33.2)
DBStore.dbversion_get()
DBStore.dbversion_get() ended with 0.33.2
acme2certifier database version: 0.33.2 is upto date
Directory._config_load()
load_config(Directory:/var/www/acme2certifier/./acme_srv/acme_srv.cfg)
Directory._config_load() ended
Directory.directory_get()
[pid: 41|app: 0|req: 1/1] 172.17.0.1 () {34 vars in 423 bytes} [Tue Jun 18 13:20:05 2024] GET /directory => generated 718 bytes in 165 msecs (HTTP/1.1 200) 5 headers in 158 bytes (1 switches on core 0)
starting acme2certifier version 0.34
Helper.config_check()
_config_load()
error_dict_get()
Housekeeping._config_load()
Housekeeping.dbversion_check(0.33.2)
DBStore.dbversion_get()
DBStore.dbversion_get() ended with 0.33.2
acme2certifier database version: 0.33.2 is upto date
Nonce.nonce_generate_and_add()
Nonce.nonce__new()
got nonce: 1438e9c5091e40ec85c9755ddd75e979
DBStore.nonce_add(1438e9c5091e40ec85c9755ddd75e979)
Nonce.generate_and_add() ended with:1438e9c5091e40ec85c9755ddd75e979
172.17.0.1 /acme/newnonce {'header': {'Replay-Nonce': '- modified -'}}
[pid: 39|app: 0|req: 1/2] 172.17.0.1 () {36 vars in 495 bytes} [Tue Jun 18 13:20:06 2024] HEAD /acme/newnonce => generated 0 bytes in 162 msecs (HTTP/1.1 200) 6 headers in 212 bytes (1 switches on core 0)
_config_load()
error_dict_get()
Order._config_load()
Order._config_orderconfig_load()
Order._config_orderconfig_load() ended
Order._config_headerinfo_config_load()
Order._config_headerinfo_config_load() ended
Order._config_load() ended.
Order.new()
Message.check()
decode_message()
Message._check()
Nonce.check_nonce()
Nonce.nonce._check_and_delete(1438e9c5091e40ec85c9755ddd75e979)
DBStore.nonce_check(1438e9c5091e40ec85c9755ddd75e979)
DBStore.nonce_delete(1438e9c5091e40ec85c9755ddd75e979)
Nonce._check_and_delete() ended with:200
Nonce.check_nonce() ended with:200
Message._name_get()
kid: https://192.168.1.153:9443/acme/acct/w1cX2e35hEqj
Message._name_get() returns: w1cX2e35hEqj
error_dict_get()
Signature.check(w1cX2e35hEqj)
check signature against account key
Signature._jwk_load(w1cX2e35hEqj)
DBStore.jwk_load(w1cX2e35hEqj)
signature_check(False)
signature_check(): load plain json
signature_check() ended with: True, None
Signature.check() ended with: True:None
Message._check() ended with: 200
Message.check() ended with:200
Order._add(w1cX2e35hEqj)
generate_random_string()
Order._identifiers_check([{'type': 'ip', 'value': '192.168.1.153'}])
Order._identifiers_allowed()
validate_identifier()
validate_ip()
validate_ip() ended with: True
validate_identifier() ended with: True
Order._identifiers_allowed() ended with: None
Order._identifiers_check() done with None:
DBStore.order_add({'status': 2, 'expires': 1718803206, 'account': 'w1cX2e35hEqj', 'name': 'ww5yr08DgdAw', 'identifiers': '[{"type": "ip", "value": "192.168.1.153"}]'})
DBStore._account_getinstance(w1cX2e35hEqj)
DBStore._status_getinstance(id:2)
order_id(3)
Order._auth_add(3)
generate_random_string()
DBStore.authorization_add({'type': 'ip', 'value': '192.168.1.153', 'name': 's8wigvT9042P', 'order': 3, 'status': 'pending', 'expires': 1718803206})
DBStore._order_getinstance(id:3)
DBStore._status_getinstance(name:pending)
auth_id(3)
Order._auth_add() ended with None
Order._add() ended
Message.prepare_response()
Nonce.nonce_generate_and_add()
Nonce.nonce__new()
got nonce: ea87f590f679456ea98ca262ce5eb482
DBStore.nonce_add(ea87f590f679456ea98ca262ce5eb482)
Nonce.generate_and_add() ended with:ea87f590f679456ea98ca262ce5eb482
Order.new() returns: {"header": {"Location": "https://192.168.1.153:9443/acme/order/ww5yr08DgdAw", "Replay-Nonce": "ea87f590f679456ea98ca262ce5eb482"}, "data": {"identifiers": [{"type": "ip", "value": "192.168.1.153"}], "authorizations": ["https://192.168.1.153:9443/acme/authz/s8wigvT9042P"], "status": "pending", "expires": "2024-06-19T13:20:06Z", "finalize": "https://192.168.1.153:9443/acme/order/ww5yr08DgdAw/finalize"}, "code": 201}
172.17.0.1 /acme/neworders {'header': {'Replay-Nonce': '- modified -'}}
[pid: 39|app: 0|req: 2/3] 172.17.0.1 () {38 vars in 526 bytes} [Tue Jun 18 13:20:06 2024] POST /acme/neworders => generated 264 bytes in 56 msecs (HTTP/1.1 201) 7 headers in 273 bytes (1 switches on core 0)
starting acme2certifier version 0.34
Helper.config_check()
_config_load()
error_dict_get()
Housekeeping._config_load()
Housekeeping.dbversion_check(0.33.2)
DBStore.dbversion_get()
DBStore.dbversion_get() ended with 0.33.2
acme2certifier database version: 0.33.2 is upto date
_config_load()
Authorization._config_load()
Authorization._config_load() ended.
Authorization.new_post()
Authorization.invalidate(None)
Authorization.invalidate(): set timestamp to 1718716807
DBStore.authorizations_invalid_search(column:expires, pattern:1718716807)
DBStore._modify_key(expires/<=)
DBStore._modify_key() ended with: expires__lte
DBStore.authorizations_invalid_search() ended
Authorization.invalidate() ended: 0 authorizations identified
Message.check()
decode_message()
Message._check()
Nonce.check_nonce()
Nonce.nonce._check_and_delete(ea87f590f679456ea98ca262ce5eb482)
DBStore.nonce_check(ea87f590f679456ea98ca262ce5eb482)
DBStore.nonce_delete(ea87f590f679456ea98ca262ce5eb482)
Nonce._check_and_delete() ended with:200
Nonce.check_nonce() ended with:200
Message._name_get()
kid: https://192.168.1.153:9443/acme/acct/w1cX2e35hEqj
Message._name_get() returns: w1cX2e35hEqj
error_dict_get()
Signature.check(w1cX2e35hEqj)
check signature against account key
Signature._jwk_load(w1cX2e35hEqj)
DBStore.jwk_load(w1cX2e35hEqj)
signature_check(False)
signature_check(): load plain json
signature_check() ended with: True, None
Signature.check() ended with: True:None
Message._check() ended with: 200
Message.check() ended with:200
Authorization._authz_info()
string_sanitize()
Authorization._authz_info(s8wigvT9042P)
generate_random_string()
Authorization._authz_lookup(s8wigvT9042P)
authorization_lookup(name:s8wigvT9042P:('type', 'value'))
Authorization._authz_lookup() ended
Authorization._expiry_update()
DBStore.authorization_update({'name': 's8wigvT9042P', 'token': '9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl', 'expires': 1718803207})
DBStore.authorization_update(): patching transaction to transform all atomic blocks into immediate transactions
auth_id(3)
Authorization._expiry_update() ended
Authorization._authz_lookup(s8wigvT9042P)
authorization_lookup(name:s8wigvT9042P:['status__name', 'type', 'value'])
Authorization._authz_lookup() ended
Authorization._authz_info_dic_update()
Authorization._authz_info_dic_update() ended
Authorization._challengeset_get(s8wigvT9042P)
_config_load()
error_dict_get()
Challenge._config_load()
Challenge._config_challenge_load()
Challenge._config_challenge_load() ended
Challenge._config_dns_load()
Challenge._config_dns_load() ended
Challenge._config_proxy_load()
Challenge._config_proxy_load() ended
Challenge._config_load() ended.
Authorization._challengeset_get() ended
Challenge.challengeset_get() for auth: s8wigvT9042P:192.168.1.153
Challenge._challengelist_search()
DBStore.challenges_search(authorization__name:s8wigvT9042P)
Challenge._challengelist_search() ended with: []
Challenges not found. Create a new set.
Challenge.new_set(s8wigvT9042P, 192.168.1.153)
Challenge.new_set(): skip dns-01 challenge()
Challenge._new(s8wigvT9042P:http-01:192.168.1.153)
generate_random_string()
DBStore.challenge_add(192.168.1.153:http-01)
DBStore._authorization_getinstance(s8wigvT9042P)
DBStore._status_getinstance(id:2)
DBStore.challenge_add(): patching transaction to transform all atomic blocks into immediate transactions
cid(5)
DBStore.challenge_add(192.168.1.153:http-01:5)
Challenge._new(s8wigvT9042P:tls-alpn-01:192.168.1.153)
generate_random_string()
DBStore.challenge_add(192.168.1.153:tls-alpn-01)
DBStore._authorization_getinstance(s8wigvT9042P)
DBStore._status_getinstance(id:2)
DBStore.challenge_add(): patching transaction to transform all atomic blocks into immediate transactions
cid(6)
DBStore.challenge_add(192.168.1.153:tls-alpn-01:6)
Challenge._new_set returned ([{'type': 'http-01', 'url': 'https://192.168.1.153:9443/acme/chall/ltHt8r8JGlaw', 'token': '9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl', 'status': 'pending'}, {'type': 'tls-alpn-01', 'url': 'https://192.168.1.153:9443/acme/chall/8tax7zhi8Gas', 'token': '9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl', 'status': 'pending'}])
Authorization._authz_info() returns: {"expires": "2024-06-19T13:20:07Z", "status": "pending", "identifier": {"type": "ip", "value": "192.168.1.153"}, "challenges": [{"type": "http-01", "url": "https://192.168.1.153:9443/acme/chall/ltHt8r8JGlaw", "token": "9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl", "status": "pending"}, {"type": "tls-alpn-01", "url": "https://192.168.1.153:9443/acme/chall/8tax7zhi8Gas", "token": "9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl", "status": "pending"}]}
Message.prepare_response()
Nonce.nonce_generate_and_add()
Nonce.nonce__new()
got nonce: 90a755f027184f5592d60cd735582cec
DBStore.nonce_add(90a755f027184f5592d60cd735582cec)
Nonce.generate_and_add() ended with:90a755f027184f5592d60cd735582cec
Authorization.new_post() returns: {"data": {"expires": "2024-06-19T13:20:07Z", "status": "pending", "identifier": {"type": "ip", "value": "192.168.1.153"}, "challenges": [{"type": "http-01", "url": "https://192.168.1.153:9443/acme/chall/ltHt8r8JGlaw", "token": "9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl", "status": "pending"}, {"type": "tls-alpn-01", "url": "https://192.168.1.153:9443/acme/chall/8tax7zhi8Gas", "token": "9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl", "status": "pending"}]}, "code": 200, "header": {"Replay-Nonce": "90a755f027184f5592d60cd735582cec"}}
172.17.0.1 /acme/authz/s8wigvT9042P {'data': {'expires': '2024-06-19T13:20:07Z', 'status': 'pending', 'identifier': {'type': 'ip', 'value': '192.168.1.153'}, 'challenges': [{'type': 'http-01', 'url': 'https://192.168.1.153:9443/acme/chall/ltHt8r8JGlaw', 'token': '- modified - ', 'status': 'pending'}, {'type': 'tls-alpn-01', 'url': 'https://192.168.1.153:9443/acme/chall/8tax7zhi8Gas', 'token': '- modified - ', 'status': 'pending'}]}, 'code': 200, 'header': {'Replay-Nonce': '- modified -'}}
[pid: 37|app: 0|req: 1/4] 172.17.0.1 () {38 vars in 544 bytes} [Tue Jun 18 13:20:06 2024] POST /acme/authz/s8wigvT9042P => generated 428 bytes in 209 msecs (HTTP/1.1 200) 6 headers in 206 bytes (1 switches on core 0)
starting acme2certifier version 0.34
Helper.config_check()
_config_load()
error_dict_get()
Housekeeping._config_load()
Housekeeping.dbversion_check(0.33.2)
DBStore.dbversion_get()
DBStore.dbversion_get() ended with 0.33.2
acme2certifier database version: 0.33.2 is upto date
_config_load()
error_dict_get()
Challenge._config_load()
Challenge._config_challenge_load()
Challenge._config_challenge_load() ended
Challenge._config_dns_load()
Challenge._config_dns_load() ended
Challenge._config_proxy_load()
Challenge._config_proxy_load() ended
Challenge._config_load() ended.
Challenge.parse()
Message.check()
decode_message()
Message._check()
Nonce.check_nonce()
Nonce.nonce._check_and_delete(90a755f027184f5592d60cd735582cec)
DBStore.nonce_check(90a755f027184f5592d60cd735582cec)
DBStore.nonce_delete(90a755f027184f5592d60cd735582cec)
Nonce._check_and_delete() ended with:200
Nonce.check_nonce() ended with:200
Message._name_get()
kid: https://192.168.1.153:9443/acme/acct/w1cX2e35hEqj
Message._name_get() returns: w1cX2e35hEqj
error_dict_get()
Signature.check(w1cX2e35hEqj)
check signature against account key
Signature._jwk_load(w1cX2e35hEqj)
DBStore.jwk_load(w1cX2e35hEqj)
signature_check(False)
signature_check(): load plain json
signature_check() ended with: True, None
Signature.check() ended with: True:None
Message._check() ended with: 200
Message.check() ended with:200
Challenge.get_name(https://192.168.1.153:9443/acme/chall/8tax7zhi8Gas)
parse_url(https://192.168.1.153:9443/acme/chall/8tax7zhi8Gas)
Challenge._info(8tax7zhi8Gas)
DBStore.challenge_lookup(name:8tax7zhi8Gas)
Challenge._info(8tax7zhi8Gas) ended
Challenge._parse(8tax7zhi8Gas)
Challenge._validate(8tax7zhi8Gas: {})
Challenge._update({'name': '8tax7zhi8Gas', 'status': 'processing'})
challenge_update({'name': '8tax7zhi8Gas', 'status': 'processing'})
DBStore._status_getinstance(name:processing)
Challenge._update() ended
Challenge._check(8tax7zhi8Gas)
DBStore.challenge_lookup(name:8tax7zhi8Gas)
DBStore.jwk_load(w1cX2e35hEqj)
Challenge._challenge_validate(8tax7zhi8Gas)
jwk_thumbprint_get()
jwk_thumbprint_get() ended with: CDTFncvECrFhy8tkFxGZvzf5ZqhYeHX3clFVBvOVDH0
Challenge._challenge_validate_loop(8tax7zhi8Gas)
Challenge._validate_alpn_challenge(8tax7zhi8Gas:192.168.1.153:9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl)
ip_validate(192.168.1.153)
ip_validate() ended with: 153.1.168.192.in-addr.arpa:False
sha256_hash_hex()
sha256_hash_hex() ended with 066ee179bba5f1a74a66d48c37393e9b78c922ac1a34c7fb9b0de1f1b660baf3
b64_encode()
computed value: BCAGbuF5u6Xxp0pm1Iw3OT6beMkirBo0x/ubDeHxtmC68w==
servercert_get(192.168.1.153:443)
ipv6_chk(192.168.1.153)
ipv6_chk() ended with False
servercert_get(): 192.168.1.153:153.1.168.192.in-addr.arpa:443 version: TLSv1.3
b64_encode()
servercert_get() ended with: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRRENDQWlpZ0F3SUJBZ0lVU08zOFhsR3pQMXZpekdQZlo3VUdpT2RpcTNBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xkR3h6TG1GamJXVXVjMmd3SGhjTk1qUXdOakU0TVRNeU1EQTNXaGNOTWpVdwpOakU0TVRNeU1EQTNXakFXTVJRd0VnWURWUVFEREF0MGJITXVZV050WlM1emFEQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFLbnhBQzV4ajN1L1lNSFZPckZzOGZwSFk3NGpiTGFndWwyN1hrM08Kblpwd0dKMlc5cDF0bmYyMHFJWmxIVTJWQ2VMdFJPeHBYUmdCc0IrejgwZGM1ZUhtN3lFRkN1endlc1JrWHAwcgpaMHQwNWxRa0lkQ2RpUTJRTEQwYkdPTjFZYmt1Y3d5SHFOMEFiUlFTQitoQ2p2bkFxMktHNXF6TUs5QzliNWptCjhjbEh6aCtoNEx5U09MWUttRk92SnY2NWRxSEY3eWUwMFd4Qng2RS9HdU5uWnZzMUxEOFFEYjE3d21OL0l0cVgKZ3JBdjkxeUNpQ2pPc1ZVSkZ0ZlYzU004Yml2cGxRbnFaVDVkWDNNK2R2TFVBeHVkZVVGVVF0dkxlZHdHU3Z4TAo4NWlCUnVCRVFVTENhZnFOcitYVHpadGh4R05rTlpxeGMzWVFXQlNhZ0JvN2s0Y0NBd0VBQWFPQmhUQ0JnakFkCkJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEd1lEVlIwUkJBZ3dCb2NFd0tnQm1UQXgKQmdnckJnRUZCUWNCSHdFQi93UWlCQ0FHYnVGNXU2WHhwMHBtMUl3M09UNmJlTWtpckJvMHgvdWJEZUh4dG1DNgo4ekFkQmdOVkhRNEVGZ1FVYnMrc0ozT1VNM3BjTTVLMFprckpjWlcvOVd3d0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSHRWUm1rWjd4SCsvb0psMUVzUXl6VHVQZUMyZ3hrZldOZ1BTTUJtV1BBUmNnejRpRmUxRzZ5T01aY0YKamZ6QlZDa3g0OFRENUgzeHFYRTdXS2F4N3VYaGFjNEZIVUJZV0g5U3U1cS81UG1INGo2ZWErVUlCRjlLaHhHZAowSWo1YUI3UDU0SFl2VGxoTm1PRjJjVDUycGo0T0VXWElIeHgwcHZxTWU1aGR2ejc1RjJuUFVlakVTVDB3NUlvCnNTak1VZFBveStVSGRXQ2t1RFF4UU9BZ0wycWRMNjY3UkFKSG1QZXRDN0xKRmZxOEJGVFFrSmpCamlCdWMvZW8KRVk2VnRZYXJEVU9zMitTZU5yaWNIYzM0MnY5WXA5VENjVUo2MGczaGErYlVoLzRGaUVEemQxeS9TckVxRExiRQp1clNSSGR1cXcxYThaUm1BcWRMclB0Umd5a3M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
Challenge._extensions_validate(BCAGbuF5u6Xxp0pm1Iw3OT6beMkirBo0x/ubDeHxtmC68w==/192.168.1.153)
cert_san_get(False)
cert_load(False)
cert_san_get() ended
fqdn_in_san_check([['IP:192.168.1.153']], 192.168.1.153)
fqdn_in_san_check() ended with: True
cert_extensions_get()
cert_load(False)
cert_extensions_get() ended with: ['MBQGCCsGAQUFBwMBBggrBgEFBQcDAg==', 'MAaHBMCoAZk=', 'BCAGbuF5u6Xxp0pm1Iw3OT6beMkirBo0x/ubDeHxtmC68w==', 'BBRuz6wnc5QzelwzkrRmSslxlb/1bA==']
alpn validation successful
Challenge._extensions_validate() ended with: True
Challenge._validate_alpn_challenge() ended with: True/False
Challenge._challenge_validate_loop() ended with: True/False
Challenge._challenge_validate() ended with: True/False
challenge._check() ended with: True/False
Challenge._update({'name': '8tax7zhi8Gas', 'status': 'valid', 'validated': 1718716808})
challenge_update({'name': '8tax7zhi8Gas', 'status': 'valid', 'validated': 1718716808})
DBStore._status_getinstance(name:valid)
Challenge._update() ended
Challenge._update_authz(8tax7zhi8Gas)
DBStore.challenge_lookup(name:8tax7zhi8Gas)
DBStore.authorization_update({'status': 'valid', 'name': 's8wigvT9042P'})
DBStore._status_getinstance(name:valid)
DBStore.authorization_update(): patching transaction to transform all atomic blocks into immediate transactions
auth_id(3)
Challenge._update_authz() ended
Challenge._validate() ended with:True
Challenge._info(8tax7zhi8Gas)
DBStore.challenge_lookup(name:8tax7zhi8Gas)
Challenge._info(8tax7zhi8Gas) ended
Challenge._parse() ended with: 200
Message.prepare_response()
Nonce.nonce_generate_and_add()
Nonce.nonce__new()
got nonce: 1b55b0d0b49e4374a7bd9b190b1a49bb
DBStore.nonce_add(1b55b0d0b49e4374a7bd9b190b1a49bb)
Nonce.generate_and_add() ended with:1b55b0d0b49e4374a7bd9b190b1a49bb
challenge.parse() returns: {"data": {"type": "tls-alpn-01", "token": "9VkYQeBaHbNEHRg6nxPoRSn7AqvoJkEl", "validated": "2024-06-18T13:20:08Z", "status": "valid", "url": "https://192.168.1.153:9443/acme/chall/8tax7zhi8Gas"}, "header": {"Link": "<https://192.168.1.153:9443/acme/authz/>;rel=\"up\"", "Replay-Nonce": "1b55b0d0b49e4374a7bd9b190b1a49bb"}, "code": 200}
172.17.0.1 /acme/chall/8tax7zhi8Gas {'data': {'type': 'tls-alpn-01', 'token': '- modified -', 'validated': '2024-06-18T13:20:08Z', 'status': 'valid', 'url': 'https://192.168.1.153:9443/acme/chall/8tax7zhi8Gas'}, 'header': {'Link': '<https://192.168.1.153:9443/acme/authz/>;rel="up"', 'Replay-Nonce': '- modified -'}, 'code': 200}
[pid: 40|app: 0|req: 1/5] 172.17.0.1 () {38 vars in 544 bytes} [Tue Jun 18 13:20:08 2024] POST /acme/chall/8tax7zhi8Gas => generated 185 bytes in 227 msecs (HTTP/1.1 200) 7 headers in 263 bytes (1 switches on core 0)
_config_load()
error_dict_get()
Order._config_load()
Order._config_orderconfig_load()
Order._config_orderconfig_load() ended
Order._config_headerinfo_config_load()
Order._config_headerinfo_config_load() ended
Order._config_load() ended.
Order.parse()
Order.invalidate(None)
Order.invalidate(): set timestamp to 1718716808
DBStore.orders_search(column:expires, pattern:1718716808)
DBStore._modify_key(expires/<=)
DBStore._modify_key() ended with: expires__lte
Order.invalidate() ended: 0 orders identified
Message.check()
decode_message()
Message._check()
Nonce.check_nonce()
Nonce.nonce._check_and_delete(1b55b0d0b49e4374a7bd9b190b1a49bb)
DBStore.nonce_check(1b55b0d0b49e4374a7bd9b190b1a49bb)
DBStore.nonce_delete(1b55b0d0b49e4374a7bd9b190b1a49bb)
Nonce._check_and_delete() ended with:200
Nonce.check_nonce() ended with:200
Message._name_get()
kid: https://192.168.1.153:9443/acme/acct/w1cX2e35hEqj
Message._name_get() returns: w1cX2e35hEqj
error_dict_get()
Signature.check(w1cX2e35hEqj)
check signature against account key
Signature._jwk_load(w1cX2e35hEqj)
DBStore.jwk_load(w1cX2e35hEqj)
signature_check(False)
signature_check(): load plain json
signature_check() ended with: True, None
Signature.check() ended with: True:None
Message._check() ended with: 200
Message.check() ended with:200
Order._parse()
Order._name_get(https://192.168.1.153:9443/acme/order/ww5yr08DgdAw/finalize)
parse_url(https://192.168.1.153:9443/acme/order/ww5yr08DgdAw/finalize)
Order._name_get() ended
Order._validity_list_create(ww5yr08DgdAw)
Order._info(ww5yr08DgdAw)
order_lookup(name:ww5yr08DgdAw)
Order._order_dic_create()
Order._order_dic_create() ended
Order._authz_list_lookup(ww5yr08DgdAw)
authorization_lookup(order__name:ww5yr08DgdAw:['name', 'status__name'])
Order._authz_list_lookup() ended
Order._validity_list_create()
Order._update({'name': 'ww5yr08DgdAw', 'status': 'ready'})
order_update({'name': 'ww5yr08DgdAw', 'status': 'ready'})
DBStore._status_getinstance(name:ready)
Order._lookup() ended
Order._lookup() ended
Order._process({ww5yr08DgdAw)
Order._finalize()
Order._info(ww5yr08DgdAw)
order_lookup(name:ww5yr08DgdAw)
Order._header_info_lookup()
Order._header_info_lookup() ended with: 0 keys in dic
Order._update({'name': 'ww5yr08DgdAw', 'status': 'processing'})
order_update({'name': 'ww5yr08DgdAw', 'status': 'processing'})
DBStore._status_getinstance(name:processing)
CSR found()
Order._csr_process(ww5yr08DgdAw)
Order._info(ww5yr08DgdAw)
order_lookup(name:ww5yr08DgdAw)
b64_url_recode()
error_dict_get()
_config_load()
Certificate._config_load()
Helper.ca_handler_load()
Certificate._config_hooks_load()
Helper.hooks_load()
Certificate._config_hooks_load() ended
Certificate._config_parameters_load()
Certificate._config_parameters_load() ended
ca_handler: <module 'CAhandler' from '/var/www/acme2certifier/volume/ca_handler/acme_ca_handler.py'>
Certificate._config_load() ended.
Certificate.store_csr(ww5yr08DgdAw)
generate_random_string()
DBStore.certificate_add()
DBStore._order_getinstance(name:ww5yr08DgdAw)
DBStore.certificate_add() ended with :3
Certificate.store_csr() ended
Certificate.enroll_and_store(bnKQ6g6FlOvc, ww5yr08DgdAw)
Certificate._csr_check()
Certificate._info(bnKQ6g6FlOvc)
DBStore.certificate_lookup(name:bnKQ6g6FlOvc)
DBStore.certificate_lookup() ended with: {'name': 'bnKQ6g6FlOvc', 'csr': 'MIIBDTCBtQIBADASMRAwDgYDVQQKDAdhY21lLnNoMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh7jiLWoGBzQfnksvYUrYYp3PSfj4rSEHbcsLB25a3qGeSURXdf+6MXlqBPqutoT3C7uXKyNw5RcXtVN1Gf63DKBBMD8GCSqGSIb3DQEJDjEyMDAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBMCoAZkwCgYIKoZIzj0EAwIDRwAwRAIgJzEBpa3u5kzCblKXnwbZ56TUoIpMIe+sSmJWUth2GtcCIA2YSXMQFa6u4VkfP+ogKft+p99gwBIE1nYuKztpV7cL', 'cert': None, 'order': 'ww5yr08DgdAw'}
Certificate._info() ended with:{'name': 'bnKQ6g6FlOvc', 'csr': 'MIIBDTCBtQIBADASMRAwDgYDVQQKDAdhY21lLnNoMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh7jiLWoGBzQfnksvYUrYYp3PSfj4rSEHbcsLB25a3qGeSURXdf+6MXlqBPqutoT3C7uXKyNw5RcXtVN1Gf63DKBBMD8GCSqGSIb3DQEJDjEyMDAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBMCoAZkwCgYIKoZIzj0EAwIDRwAwRAIgJzEBpa3u5kzCblKXnwbZ56TUoIpMIe+sSmJWUth2GtcCIA2YSXMQFa6u4VkfP+ogKft+p99gwBIE1nYuKztpV7cL', 'cert': None, 'order': 'ww5yr08DgdAw'}
order_lookup(name:ww5yr08DgdAw)
Certificate._identifiers_load()
Certificate._tnauth_identifier_check()
Certificate._tnauth_identifier_check() ended with: False
cert_san_get()
cert_load()
b64_url_recode()
build_pem_file()
csr_san_get() ended with: ['IP:192.168.1.153']
Certificate._identifer_status_list()
Certificate._identifier_chk(ip/192.168.1.153)
Certificate._identifier_chk(True)
SAN check for ip:192.168.1.153 against identifiers returned True
Certificate._identifer_status_list() ended with [True]
Certificate._identifiers_load() ended with [True]
Certificate._csr_check() ended with True
Certificate._enroll_and_store(bnKQ6g6FlOvc, ww5yr08DgdAw, MIIBDTCBtQIBADASMRAwDgYDVQQKDAdhY21lLnNoMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh7jiLWoGBzQfnksvYUrYYp3PSfj4rSEHbcsLB25a3qGeSURXdf+6MXlqBPqutoT3C7uXKyNw5RcXtVN1Gf63DKBBMD8GCSqGSIb3DQEJDjEyMDAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBMCoAZkwCgYIKoZIzj0EAwIDRwAwRAIgJzEBpa3u5kzCblKXnwbZ56TUoIpMIe+sSmJWUth2GtcCIA2YSXMQFa6u4VkfP+ogKft+p99gwBIE1nYuKztpV7cL)
Certificate._pre_hooks_process(bnKQ6g6FlOvc, ww5yr08DgdAw)
Certificate._pre_hooks_process([])
CAhandler._config_load()
CAhandler._config_account_load()
parse_url(https://localhost:8443/acme/abcd)
CAhandler._config_account_load() ended
CAhandler._config_eab_load()
CAhandler._config_eab_load() ended
CAhandler._config_load() ended
_config_eab_profile_load()
Helper.eab_handler_load()
_config_profile_load() ended
config_headerinfo_load()
config_headerinfo_load() ended
Certificate._enroll()
Certificate._enroll(): trigger enrollment
CAhandler.enroll()
b64_url_recode()
CAhandler._profile_check()
CAhandler._eab_profile_check()
EABhandler._config_load()
load_config(EABhandler:/var/www/acme2certifier/./acme_srv/acme_srv.cfg)
EABhandler._config_load() ended
EABhandler._eab_profile_get()
EABhandler._profiles_load()
EABhandler._profiles_load() ended with True
EABhandler.eab_kid_get()
DBStore.certificate_lookup(csr:MIIBDTCBtQIBADASMRAwDgYDVQQKDAdhY21lLnNoMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh7jiLWoGBzQfnksvYUrYYp3PSfj4rSEHbcsLB25a3qGeSURXdf+6MXlqBPqutoT3C7uXKyNw5RcXtVN1Gf63DKBBMD8GCSqGSIb3DQEJDjEyMDAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBMCoAZkwCgYIKoZIzj0EAwIDRwAwRAIgJzEBpa3u5kzCblKXnwbZ56TUoIpMIe+sSmJWUth2GtcCIA2YSXMQFa6u4VkfP+ogKft+p99gwBIE1nYuKztpV7cL)
DBStore.certificate_lookup() ended with: {'name': 'bnKQ6g6FlOvc', 'order__account__name': 'w1cX2e35hEqj', 'order__account__eab_kid': 'keyid_00', 'order': 'ww5yr08DgdAw'}
EABhandler.eab_kid_get() ended with: keyid_00
EABhandler._eab_profile_get() ended with: True
CAhandler._eab_profile_list_check(): list: key: acme_url, value: ['https://192.168.1.153:8443/acme/abcd']
header_info_field_validate(acme_url)
header_info_lookup(acme_url)
header_info_get()
DBStore.certificates_search(csr:MIIBDTCBtQIBADASMRAwDgYDVQQKDAdhY21lLnNoMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh7jiLWoGBzQfnksvYUrYYp3PSfj4rSEHbcsLB25a3qGeSURXdf+6MXlqBPqutoT3C7uXKyNw5RcXtVN1Gf63DKBBMD8GCSqGSIb3DQEJDjEyMDAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBMCoAZkwCgYIKoZIzj0EAwIDRwAwRAIgJzEBpa3u5kzCblKXnwbZ56TUoIpMIe+sSmJWUth2GtcCIA2YSXMQFa6u4VkfP+ogKft+p99gwBIE1nYuKztpV7cL)
DBStore._modify_key(csr/None)
DBStore._modify_key() ended with: csr
header_info_json_parse()
header_info_lookup() could not parse header_info_field: the JSON object must be str, bytes or bytearray, not NoneType
header_info_json_parse() ended with: False
header_info_lookup() header_info_field not found: None
header_info_lookup(acme_url) ended with: None
header_info_field_validate(acme_url) ended with https://192.168.1.153:8443/acme/abcd/None
CAhandler._eab_profile_list_check(): setting attribute: acme_url to https://192.168.1.153:8443/acme/abcd
CAhandler._eab_profile_list_check() ended with: None
CAhandler._eab_profile_list_check(): list: key: allowed_domainlist, value: ['localhost', '^192.168.1.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$']
EABhandler.allowed_domains_check()
EABhandler._chk_san_lists_get()
cert_san_get()
cert_load()
b64_url_recode()
build_pem_file()
csr_san_get() ended with: ['IP:192.168.1.153']
EABhandler._chk_san_lists_get() ended
EABhandler._cn_add()
CAhandler.csr_cn_get()
cert_load()
b64_url_recode()
build_pem_file()
CAhandler.csr_cn_get() ended with: None
EABhandler._cn_add() ended
['192.168.1.153']
[]
EABhandler._wllist_check(192.168.1.153:False)
check against list: ['localhost', '^192.168.1.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$']
EABhandler._list_regex_check()
EABhandler._list_regex_check() ended with: True
EABhandler._wllist_check() ended with: True
EABhandler.allowed_domains_check() ended with: False
CAhandler._eab_profile_list_check() ended with: None
CAhandler._eab_profile_check() ended with: None
CAhandler._profile_check() ended with None
CAhandler._user_key_load(volume/acme/localkey.json)
CAhandler.enroll() opening user_key
CAhandler._user_key_load() ended with: True
Sending GET request to https://192.168.1.153:8443/acme/abcd/directory.
Starting new HTTPS connection (1): 192.168.1.153:8443
https://192.168.1.153:8443 "GET /acme/abcd/directory HTTP/1.1" 200 312
Received response:
HTTP 200
Content-Type: application/json
X-Request-Id: 73543c4d-e9f1-4a2c-a002-410163bccf0a
Date: Tue, 18 Jun 2024 13:20:08 GMT
Content-Length: 312

{"newNonce":"https://192.168.1.153:8443/acme/abcd/new-nonce","newAccount":"https://192.168.1.153:8443/acme/abcd/new-account","newOrder":"https://192.168.1.153:8443/acme/abcd/new-order","revokeCert":"https://192.168.1.153:8443/acme/abcd/revoke-cert","keyChange":"https://192.168.1.153:8443/acme/abcd/key-change"}

CAhandler._account_register(acme2certifier@localhost)
Requesting fresh nonce
Sending HEAD request to https://192.168.1.153:8443/acme/abcd/new-nonce.
https://192.168.1.153:8443 "HEAD /acme/abcd/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Cache-Control: no-store
Link: <https://192.168.1.153:8443/acme/abcd/directory>;rel="index"
Replay-Nonce: STNTaVBSMGtWM05qaFpFSnVmMjZrclFoUHVjcW9wbTA
X-Request-Id: ab78af1f-b653-4304-a6a1-5c4e95ab6e7e
Date: Tue, 18 Jun 2024 13:20:08 GMT


Storing nonce: STNTaVBSMGtWM05qaFpFSnVmMjZrclFoUHVjcW9wbTA
JWS payload:
b'{\n  "key": {\n    "n": "qCSezd27AXWJeDczQS9QodERmQszKbGCVE53GmQkH4wgyHezg6HuhzQCoRPwpdQ5I4GAk3h4Xp8YPqUxeM8AtY4w1JqJoJrSEhsqmXHs4IqPxoNSRkYhhqdaIig7pzA8_IEkj5JB1xwoQodnaKM6zPQIqkpQcxPvrsIkArJ-7s6Y-tPF8jXaoaI2dNd8zz-_OtZkvXIyEBSZYf8xF7aYLB1ZGX1NwGHtl8KDLVHu01EhUjWaxtT3ZTDlvhmOlxhMmHX1NG4OOnY5DrRopMvW7uJ9zJIpe8Bup5mMXhnriH7YDQI-2aZO6sUeNU1QD2kppykrwa-C5aMLYtwnHpsSGw",\n    "e": "AQAB",\n    "d": "KUACraKuFCePuCxiqKVA9NHjrVYwERR5UtGFKrZSnmK0UDn9kleRux2pX3cS3Lv54JoOvx8Y-K2zNvsz7d1q4R-nHyFijkItMz_y7X4jjNqxdxQUhSUDaJN561NPfy64Z4IPRCGvgWRpBBlP5z3UWR-tWImuvuyvKoJ6byb3OQKUeVDsR2AmO1ddagNUSI52A1PeXqEq8_JE0bNWG8giIouYuwYjk8kSyEE4KbKZXazCZtvhj7y8aRHU4x_vHxBNOW2-W0-X7q6zkF-2lL-kQFioBuNDjyWi5uFbKWKQ-zoXzo6oOAVvKLLpVaIDx5Lz2ZnnD6cOR9-wTgn5xLMN0Q",\n    "p": "0unewWJmTaDsNm48arkpC8fLp-hCSxJh3IcrILFAHibVybwbCcEVMr2K97rs8LFfpalvzzzU-HjK9MuFi1JH9MPTAng8lf7CBtBmCNUWQWzEqq9UntOqqhcbBgjr38MvxLgTAKnctAM0fvbAwchxgL1R1FxxXF_CFf8eMJlDtTU",\n    "q": "zBYoS1kQExPK2Kzzb2SrcFLxvotg2raJnSt08mJ6dWRvmbRWiYP8iSdIAHY0KGLfbQRKOxDDI1tfkqv_QxHfFSbob9YdnE8WVn9YOx5tDr3Pm6XdnjwMb8DtDqX5br9eYFqYdB7yeZfCxuoLHb6QjkAk9-ZvYi9rtAxrVDKIJA8",\n    "dp": "GlgwBMO_t46UMrBOR55dLCWGoLB4J1xicONJVcoOEjYTmiEu12cQuMfIJe1pTx84rT6ewqn8iBS-dRk-0woyBra3EqXmG2442hUJyaykHQPzBMblsPkLZjeAnp5aqBZ_TvkXFowhDzMfSYSUyx-4XbZIFFh_qGQloA2_vZ5HQMk",\n    "dq": "y-5MH1aEsHtzk2Xm7uVqRhgrxhoiEwqZojq9ZkKvWUSeG7nPSyRfIXHmCcgTwFNkLNw_jJvoUhlI_BfwP0XJY6p4UuBiwEFq8c3YDWMO2M8kd8SbGjWou7bNanjBMT_6f0-nzUjrREM4d2mA6Bz2953zEt_pZvQ5rDVIvl6sGVM",\n    "qi": "w9lgzuQMop45SQ9pNdiV-sp8niuaNywaYcy2Ap6dG487jNJacpBgtpJHFdnPO3Ysx82OrwuB4REB0iEb_J3JVJzVTKGuZjx_sXxvyvY0fisoGUGgrXYtjE4eJnjet2qrsC2_z6S5gSK842WyIQt7vBMpTPPZGCOy4Z1O6FzU7Qo",\n    "kty": "RSA"\n  },\n  "contact": [\n    "mailto:acme2certifier@localhost"\n  ],\n  "termsOfServiceAgreed": true,\n  "onlyReturnExisting": true\n}'
Sending POST request to https://192.168.1.153:8443/acme/abcd/new-account:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInFDU2V6ZDI3QVhXSmVEY3pRUzlRb2RFUm1Rc3pLYkdDVkU1M0dtUWtINHdneUhlemc2SHVoelFDb1JQd3BkUTVJNEdBazNoNFhwOFlQcVV4ZU04QXRZNHcxSnFKb0pyU0Voc3FtWEhzNElxUHhvTlNSa1loaHFkYUlpZzdwekE4X0lFa2o1SkIxeHdvUW9kbmFLTTZ6UFFJcWtwUWN4UHZyc0lrQXJKLTdzNlktdFBGOGpYYW9hSTJkTmQ4enotX090Wmt2WEl5RUJTWllmOHhGN2FZTEIxWkdYMU53R0h0bDhLRExWSHUwMUVoVWpXYXh0VDNaVERsdmhtT2x4aE1tSFgxTkc0T09uWTVEclJvcE12Vzd1Sjl6SklwZThCdXA1bU1YaG5yaUg3WURRSS0yYVpPNnNVZU5VMVFEMmtwcHlrcndhLUM1YU1MWXR3bkhwc1NHdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiU1ROVGFWQlNNR3RXTTA1cWFGcEZTblZtTWpacmNsRm9VSFZqY1c5d2JUQSIsICJ1cmwiOiAiaHR0cHM6Ly8xOTIuMTY4LjEuMTUzOjg0NDMvYWNtZS9hYmNkL25ldy1hY2NvdW50In0",
  "signature": "KaEQUuPT1NFCRdmmd03svUmpWAaAZ6aI3j255sR9Hj0tzcPc7YdR1oGkEx_pqhrykqlKfOvsfFKGhwUkW3vKXVJ1yHpuXHLnyyJ_08u2aWP5xgCCidQOSOkSRr9ntGiumSb3AYPTRtZdd5nqHWwhzqDV_X_2NPqNrPxgfmW9pAp_86mV1xXRvTyR5XaXoz2ogXM8LXYgX2ognlHGkuCrB-aco2RaY047VqTRWHyu2pfHhjBnsPbQZGoDi6p0tp330kejZDMUu8fMbYsdmCZT1zlHQ1lTVtTJ6qJA8OxRSnicHXizXosE5mBbkDMo2O5Luym6LX8iPiJVn2BuK0T2SQ",
  "payload": "ewogICJrZXkiOiB7CiAgICAibiI6ICJxQ1NlemQyN0FYV0plRGN6UVM5UW9kRVJtUXN6S2JHQ1ZFNTNHbVFrSDR3Z3lIZXpnNkh1aHpRQ29SUHdwZFE1STRHQWszaDRYcDhZUHFVeGVNOEF0WTR3MUpxSm9KclNFaHNxbVhIczRJcVB4b05TUmtZaGhxZGFJaWc3cHpBOF9JRWtqNUpCMXh3b1FvZG5hS002elBRSXFrcFFjeFB2cnNJa0FySi03czZZLXRQRjhqWGFvYUkyZE5kOHp6LV9PdFprdlhJeUVCU1pZZjh4RjdhWUxCMVpHWDFOd0dIdGw4S0RMVkh1MDFFaFVqV2F4dFQzWlREbHZobU9seGhNbUhYMU5HNE9Pblk1RHJSb3BNdlc3dUo5ekpJcGU4QnVwNW1NWGhucmlIN1lEUUktMmFaTzZzVWVOVTFRRDJrcHB5a3J3YS1DNWFNTFl0d25IcHNTR3ciLAogICAgImUiOiAiQVFBQiIsCiAgICAiZCI6ICJLVUFDcmFLdUZDZVB1Q3hpcUtWQTlOSGpyVll3RVJSNVV0R0ZLclpTbm1LMFVEbjlrbGVSdXgycFgzY1MzTHY1NEpvT3Z4OFktSzJ6TnZzejdkMXE0Ui1uSHlGaWprSXRNel95N1g0ampOcXhkeFFVaFNVRGFKTjU2MU5QZnk2NFo0SVBSQ0d2Z1dScEJCbFA1ejNVV1ItdFdJbXV2dXl2S29KNmJ5YjNPUUtVZVZEc1IyQW1PMWRkYWdOVVNJNTJBMVBlWHFFcThfSkUwYk5XRzhnaUlvdVl1d1lqazhrU3lFRTRLYktaWGF6Q1p0dmhqN3k4YVJIVTR4X3ZIeEJOT1cyLVcwLVg3cTZ6a0YtMmxMLWtRRmlvQnVORGp5V2k1dUZiS1dLUS16b1h6bzZvT0FWdktMTHBWYUlEeDVMejJabm5ENmNPUjktd1RnbjV4TE1OMFEiLAogICAgInAiOiAiMHVuZXdXSm1UYURzTm00OGFya3BDOGZMcC1oQ1N4SmgzSWNySUxGQUhpYlZ5YndiQ2NFVk1yMks5N3JzOExGZnBhbHZ6enpVLUhqSzlNdUZpMUpIOU1QVEFuZzhsZjdDQnRCbUNOVVdRV3pFcXE5VW50T3FxaGNiQmdqcjM4TXZ4TGdUQUtuY3RBTTBmdmJBd2NoeGdMMVIxRnh4WEZfQ0ZmOGVNSmxEdFRVIiwKICAgICJxIjogInpCWW9TMWtRRXhQSzJLenpiMlNyY0ZMeHZvdGcycmFKblN0MDhtSjZkV1J2bWJSV2lZUDhpU2RJQUhZMEtHTGZiUVJLT3hEREkxdGZrcXZfUXhIZkZTYm9iOVlkbkU4V1ZuOVlPeDV0RHIzUG02WGRuandNYjhEdERxWDVicjllWUZxWWRCN3llWmZDeHVvTEhiNlFqa0FrOS1adllpOXJ0QXhyVkRLSUpBOCIsCiAgICAiZHAiOiAiR2xnd0JNT190NDZVTXJCT1I1NWRMQ1dHb0xCNEoxeGljT05KVmNvT0VqWVRtaUV1MTJjUXVNZklKZTFwVHg4NHJUNmV3cW44aUJTLWRSay0wd295QnJhM0VxWG1HMjQ0MmhVSnlheWtIUVB6Qk1ibHNQa0xaamVBbnA1YXFCWl9UdmtYRm93aER6TWZTWVNVeXgtNFhiWklGRmhfcUdRbG9BMl92WjVIUU1rIiwKICAgICJkcSI6ICJ5LTVNSDFhRXNIdHprMlhtN3VWcVJoZ3J4aG9pRXdxWm9qcTlaa0t2V1VTZUc3blBTeVJmSVhIbUNjZ1R3Rk5rTE53X2pKdm9VaGxJX0Jmd1AwWEpZNnA0VXVCaXdFRnE4YzNZRFdNTzJNOGtkOFNiR2pXb3U3Yk5hbmpCTVRfNmYwLW56VWpyUkVNNGQybUE2QnoyOTUzekV0X3BadlE1ckRWSXZsNnNHVk0iLAogICAgInFpIjogInc5bGd6dVFNb3A0NVNROXBOZGlWLXNwOG5pdWFOeXdhWWN5MkFwNmRHNDg3ak5KYWNwQmd0cEpIRmRuUE8zWXN4ODJPcnd1QjRSRUIwaUViX0ozSlZKelZUS0d1Wmp4X3NYeHZ5dlkwZmlzb0dVR2dyWFl0akU0ZUpuamV0MnFyc0MyX3o2UzVnU0s4NDJXeUlRdDd2Qk1wVFBQWkdDT3k0WjFPNkZ6VTdRbyIsCiAgICAia3R5IjogIlJTQSIKICB9LAogICJjb250YWN0IjogWwogICAgIm1haWx0bzphY21lMmNlcnRpZmllckBsb2NhbGhvc3QiCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlLAogICJvbmx5UmV0dXJuRXhpc3RpbmciOiB0cnVlCn0"
}
https://192.168.1.153:8443 "POST /acme/abcd/new-account HTTP/1.1" 400 93
Received response:
HTTP 400
Cache-Control: no-store
Content-Type: application/problem+json
Link: <https://192.168.1.153:8443/acme/abcd/directory>;rel="index"
Replay-Nonce: aVdWUnBsUk9OdmVjanRSQWtCSlN4cGRsYWs4SXpiVmo
X-Request-Id: dea6b441-9a48-4183-a9c3-5445c9cafd84
Date: Tue, 18 Jun 2024 13:20:08 GMT
Content-Length: 93

{"type":"urn:ietf:params:acme:error:malformed","detail":"The request message was malformed"}

CAhandler._account_create(): register new account with email: acme2certifier@localhost
CAhandler.__account_register(): register new account with email: acme2certifier@localhost
Requesting fresh nonce
Sending HEAD request to https://192.168.1.153:8443/acme/abcd/new-nonce.
https://192.168.1.153:8443 "HEAD /acme/abcd/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Cache-Control: no-store
Link: <https://192.168.1.153:8443/acme/abcd/directory>;rel="index"
Replay-Nonce: dWxRR2ZjTFJkM0x0eHZxNWNWNHliVDRFeVlHNUgzeVU
X-Request-Id: 529387ab-38f6-4791-b405-ac3fd012bf16
Date: Tue, 18 Jun 2024 13:20:08 GMT


Storing nonce: dWxRR2ZjTFJkM0x0eHZxNWNWNHliVDRFeVlHNUgzeVU
JWS payload:
b'{\n  "key": {\n    "n": "qCSezd27AXWJeDczQS9QodERmQszKbGCVE53GmQkH4wgyHezg6HuhzQCoRPwpdQ5I4GAk3h4Xp8YPqUxeM8AtY4w1JqJoJrSEhsqmXHs4IqPxoNSRkYhhqdaIig7pzA8_IEkj5JB1xwoQodnaKM6zPQIqkpQcxPvrsIkArJ-7s6Y-tPF8jXaoaI2dNd8zz-_OtZkvXIyEBSZYf8xF7aYLB1ZGX1NwGHtl8KDLVHu01EhUjWaxtT3ZTDlvhmOlxhMmHX1NG4OOnY5DrRopMvW7uJ9zJIpe8Bup5mMXhnriH7YDQI-2aZO6sUeNU1QD2kppykrwa-C5aMLYtwnHpsSGw",\n    "e": "AQAB",\n    "d": "KUACraKuFCePuCxiqKVA9NHjrVYwERR5UtGFKrZSnmK0UDn9kleRux2pX3cS3Lv54JoOvx8Y-K2zNvsz7d1q4R-nHyFijkItMz_y7X4jjNqxdxQUhSUDaJN561NPfy64Z4IPRCGvgWRpBBlP5z3UWR-tWImuvuyvKoJ6byb3OQKUeVDsR2AmO1ddagNUSI52A1PeXqEq8_JE0bNWG8giIouYuwYjk8kSyEE4KbKZXazCZtvhj7y8aRHU4x_vHxBNOW2-W0-X7q6zkF-2lL-kQFioBuNDjyWi5uFbKWKQ-zoXzo6oOAVvKLLpVaIDx5Lz2ZnnD6cOR9-wTgn5xLMN0Q",\n    "p": "0unewWJmTaDsNm48arkpC8fLp-hCSxJh3IcrILFAHibVybwbCcEVMr2K97rs8LFfpalvzzzU-HjK9MuFi1JH9MPTAng8lf7CBtBmCNUWQWzEqq9UntOqqhcbBgjr38MvxLgTAKnctAM0fvbAwchxgL1R1FxxXF_CFf8eMJlDtTU",\n    "q": "zBYoS1kQExPK2Kzzb2SrcFLxvotg2raJnSt08mJ6dWRvmbRWiYP8iSdIAHY0KGLfbQRKOxDDI1tfkqv_QxHfFSbob9YdnE8WVn9YOx5tDr3Pm6XdnjwMb8DtDqX5br9eYFqYdB7yeZfCxuoLHb6QjkAk9-ZvYi9rtAxrVDKIJA8",\n    "dp": "GlgwBMO_t46UMrBOR55dLCWGoLB4J1xicONJVcoOEjYTmiEu12cQuMfIJe1pTx84rT6ewqn8iBS-dRk-0woyBra3EqXmG2442hUJyaykHQPzBMblsPkLZjeAnp5aqBZ_TvkXFowhDzMfSYSUyx-4XbZIFFh_qGQloA2_vZ5HQMk",\n    "dq": "y-5MH1aEsHtzk2Xm7uVqRhgrxhoiEwqZojq9ZkKvWUSeG7nPSyRfIXHmCcgTwFNkLNw_jJvoUhlI_BfwP0XJY6p4UuBiwEFq8c3YDWMO2M8kd8SbGjWou7bNanjBMT_6f0-nzUjrREM4d2mA6Bz2953zEt_pZvQ5rDVIvl6sGVM",\n    "qi": "w9lgzuQMop45SQ9pNdiV-sp8niuaNywaYcy2Ap6dG487jNJacpBgtpJHFdnPO3Ysx82OrwuB4REB0iEb_J3JVJzVTKGuZjx_sXxvyvY0fisoGUGgrXYtjE4eJnjet2qrsC2_z6S5gSK842WyIQt7vBMpTPPZGCOy4Z1O6FzU7Qo",\n    "kty": "RSA"\n  },\n  "contact": [\n    "mailto:acme2certifier@localhost"\n  ],\n  "termsOfServiceAgreed": true\n}'
Sending POST request to https://192.168.1.153:8443/acme/abcd/new-account:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogInFDU2V6ZDI3QVhXSmVEY3pRUzlRb2RFUm1Rc3pLYkdDVkU1M0dtUWtINHdneUhlemc2SHVoelFDb1JQd3BkUTVJNEdBazNoNFhwOFlQcVV4ZU04QXRZNHcxSnFKb0pyU0Voc3FtWEhzNElxUHhvTlNSa1loaHFkYUlpZzdwekE4X0lFa2o1SkIxeHdvUW9kbmFLTTZ6UFFJcWtwUWN4UHZyc0lrQXJKLTdzNlktdFBGOGpYYW9hSTJkTmQ4enotX090Wmt2WEl5RUJTWllmOHhGN2FZTEIxWkdYMU53R0h0bDhLRExWSHUwMUVoVWpXYXh0VDNaVERsdmhtT2x4aE1tSFgxTkc0T09uWTVEclJvcE12Vzd1Sjl6SklwZThCdXA1bU1YaG5yaUg3WURRSS0yYVpPNnNVZU5VMVFEMmtwcHlrcndhLUM1YU1MWXR3bkhwc1NHdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiZFd4UlIyWmpURkprTTB4MGVIWnhOV05XTkhsaVZEUkZlVmxITlVnemVWVSIsICJ1cmwiOiAiaHR0cHM6Ly8xOTIuMTY4LjEuMTUzOjg0NDMvYWNtZS9hYmNkL25ldy1hY2NvdW50In0",
  "signature": "pZkzGFcIhy0Lkqf38ZH6KmWuEcZ2Sb1qAbhWBn1GXj6bb3PQvdzj7-xZoy90PzlA1RwRpikrUApKWePbDrYiL1W4Bg5d-vaKW4YyDrH7GUAWQj4NNX1mFw1FaG75AXL9UIc2gSiEuwjBeAazdvJgLT2wIpPAQrsRqd-PKvvjjO9mFzxWON8PzA-k1HywrjwkT3-QQw1S3LVFeC8MTG0PCMDooqgcDnyf1EaUheYfkuSbuhuYiKZrP1mLxWouZTc9l11xLQX5ajKfebktbubPud3TQVsxn6NSpD3xGqDqKo7lXNb2uwpo-ZRId6FPckR9v0sJnMKMMnTeeSbk2oTZBQ",
  "payload": "ewogICJrZXkiOiB7CiAgICAibiI6ICJxQ1NlemQyN0FYV0plRGN6UVM5UW9kRVJtUXN6S2JHQ1ZFNTNHbVFrSDR3Z3lIZXpnNkh1aHpRQ29SUHdwZFE1STRHQWszaDRYcDhZUHFVeGVNOEF0WTR3MUpxSm9KclNFaHNxbVhIczRJcVB4b05TUmtZaGhxZGFJaWc3cHpBOF9JRWtqNUpCMXh3b1FvZG5hS002elBRSXFrcFFjeFB2cnNJa0FySi03czZZLXRQRjhqWGFvYUkyZE5kOHp6LV9PdFprdlhJeUVCU1pZZjh4RjdhWUxCMVpHWDFOd0dIdGw4S0RMVkh1MDFFaFVqV2F4dFQzWlREbHZobU9seGhNbUhYMU5HNE9Pblk1RHJSb3BNdlc3dUo5ekpJcGU4QnVwNW1NWGhucmlIN1lEUUktMmFaTzZzVWVOVTFRRDJrcHB5a3J3YS1DNWFNTFl0d25IcHNTR3ciLAogICAgImUiOiAiQVFBQiIsCiAgICAiZCI6ICJLVUFDcmFLdUZDZVB1Q3hpcUtWQTlOSGpyVll3RVJSNVV0R0ZLclpTbm1LMFVEbjlrbGVSdXgycFgzY1MzTHY1NEpvT3Z4OFktSzJ6TnZzejdkMXE0Ui1uSHlGaWprSXRNel95N1g0ampOcXhkeFFVaFNVRGFKTjU2MU5QZnk2NFo0SVBSQ0d2Z1dScEJCbFA1ejNVV1ItdFdJbXV2dXl2S29KNmJ5YjNPUUtVZVZEc1IyQW1PMWRkYWdOVVNJNTJBMVBlWHFFcThfSkUwYk5XRzhnaUlvdVl1d1lqazhrU3lFRTRLYktaWGF6Q1p0dmhqN3k4YVJIVTR4X3ZIeEJOT1cyLVcwLVg3cTZ6a0YtMmxMLWtRRmlvQnVORGp5V2k1dUZiS1dLUS16b1h6bzZvT0FWdktMTHBWYUlEeDVMejJabm5ENmNPUjktd1RnbjV4TE1OMFEiLAogICAgInAiOiAiMHVuZXdXSm1UYURzTm00OGFya3BDOGZMcC1oQ1N4SmgzSWNySUxGQUhpYlZ5YndiQ2NFVk1yMks5N3JzOExGZnBhbHZ6enpVLUhqSzlNdUZpMUpIOU1QVEFuZzhsZjdDQnRCbUNOVVdRV3pFcXE5VW50T3FxaGNiQmdqcjM4TXZ4TGdUQUtuY3RBTTBmdmJBd2NoeGdMMVIxRnh4WEZfQ0ZmOGVNSmxEdFRVIiwKICAgICJxIjogInpCWW9TMWtRRXhQSzJLenpiMlNyY0ZMeHZvdGcycmFKblN0MDhtSjZkV1J2bWJSV2lZUDhpU2RJQUhZMEtHTGZiUVJLT3hEREkxdGZrcXZfUXhIZkZTYm9iOVlkbkU4V1ZuOVlPeDV0RHIzUG02WGRuandNYjhEdERxWDVicjllWUZxWWRCN3llWmZDeHVvTEhiNlFqa0FrOS1adllpOXJ0QXhyVkRLSUpBOCIsCiAgICAiZHAiOiAiR2xnd0JNT190NDZVTXJCT1I1NWRMQ1dHb0xCNEoxeGljT05KVmNvT0VqWVRtaUV1MTJjUXVNZklKZTFwVHg4NHJUNmV3cW44aUJTLWRSay0wd295QnJhM0VxWG1HMjQ0MmhVSnlheWtIUVB6Qk1ibHNQa0xaamVBbnA1YXFCWl9UdmtYRm93aER6TWZTWVNVeXgtNFhiWklGRmhfcUdRbG9BMl92WjVIUU1rIiwKICAgICJkcSI6ICJ5LTVNSDFhRXNIdHprMlhtN3VWcVJoZ3J4aG9pRXdxWm9qcTlaa0t2V1VTZUc3blBTeVJmSVhIbUNjZ1R3Rk5rTE53X2pKdm9VaGxJX0Jmd1AwWEpZNnA0VXVCaXdFRnE4YzNZRFdNTzJNOGtkOFNiR2pXb3U3Yk5hbmpCTVRfNmYwLW56VWpyUkVNNGQybUE2QnoyOTUzekV0X3BadlE1ckRWSXZsNnNHVk0iLAogICAgInFpIjogInc5bGd6dVFNb3A0NVNROXBOZGlWLXNwOG5pdWFOeXdhWWN5MkFwNmRHNDg3ak5KYWNwQmd0cEpIRmRuUE8zWXN4ODJPcnd1QjRSRUIwaUViX0ozSlZKelZUS0d1Wmp4X3NYeHZ5dlkwZmlzb0dVR2dyWFl0akU0ZUpuamV0MnFyc0MyX3o2UzVnU0s4NDJXeUlRdDd2Qk1wVFBQWkdDT3k0WjFPNkZ6VTdRbyIsCiAgICAia3R5IjogIlJTQSIKICB9LAogICJjb250YWN0IjogWwogICAgIm1haWx0bzphY21lMmNlcnRpZmllckBsb2NhbGhvc3QiCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlCn0"
}
https://192.168.1.153:8443 "POST /acme/abcd/new-account HTTP/1.1" 200 161
Received response:
HTTP 200
Cache-Control: no-store
Content-Type: application/json
Link: <https://192.168.1.153:8443/acme/abcd/directory>;rel="index"
Location: https://192.168.1.153:8443/acme/abcd/account/XC1ECtqBJwQwNJtAzZQeySdLq1Xh6s3B
Replay-Nonce: QVpHNkE4aHVnQ0taU25ReG1ZRVpYcG9KTG16NkZMRVI
X-Request-Id: 800d4f04-9031-4f45-b8d8-ae32480fb6be
Date: Tue, 18 Jun 2024 13:20:08 GMT
Content-Length: 161

{"contact":["mailto:acme2certifier@localhost"],"status":"valid","orders":"https://192.168.1.153:8443/acme/abcd/account/XC1ECtqBJwQwNJtAzZQeySdLq1Xh6s3B/orders"}

Storing nonce: QVpHNkE4aHVnQ0taU25ReG1ZRVpYcG9KTG16NkZMRVI
CAhandler.enroll: error: 
Certificate.enroll() ended
Certificate._enroll() ended
acme2certifier enrollment error: 
Certificate._enrollerror_handler()
Certificate._enrollerror_handler(): invalidating order as there is no certificate and no poll_identifier: /ww5yr08DgdAw
Certificate._order_update({'name': 'ww5yr08DgdAw', 'status': 'invalid'})
order_update({'name': 'ww5yr08DgdAw', 'status': 'invalid'})
DBStore._status_getinstance(name:invalid)
Certificate._store_cert_error(bnKQ6g6FlOvc)
DBStore.certificate_add()
DBStore.certificate_add() ended with :3
Certificate._store_cert_error(3) ended
Certificate._enrollerror_handler() ended with: None
Certificate._pre_hooks_process(bnKQ6g6FlOvc, ww5yr08DgdAw
Certificate._post_hooks_process([])
Certificate._enroll_and_store() ended with: None:urn:ietf:params:acme:error:serverInternal
Certificate.enroll_and_store() ThreadWithReturnValue ended
Certificate.enroll_and_store() ended with: None:urn:ietf:params:acme:error:serverInternal
Order._csr_process() ended with order:ww5yr08DgdAw 500:{urn:ietf:params:acme:error:serverInternal:None
Order._finalize() ended
Order._process() ended with order:ww5yr08DgdAw 500:urn:ietf:params:acme:error:serverInternal:enrollment failed
Order._parse() ended with code: 500
Message.prepare_response()
Error.enrich_error()
Error.acme_errormessage(urn:ietf:params:acme:error:serverInternal)
Nonce.nonce_generate_and_add()
Nonce.nonce__new()
got nonce: deaeb1ebdd8846c5b1884b217b482b7a
DBStore.nonce_add(deaeb1ebdd8846c5b1884b217b482b7a)
Nonce.generate_and_add() ended with:deaeb1ebdd8846c5b1884b217b482b7a
Order.parse() returns: {"code": 500, "header": {"Replay-Nonce": "deaeb1ebdd8846c5b1884b217b482b7a"}, "data": {"status": 500, "type": "urn:ietf:params:acme:error:serverInternal", "detail": "enrollment failed"}}
172.17.0.1 /acme/order/ww5yr08DgdAw/finalize {'code': 500, 'header': {'Replay-Nonce': '- modified -'}, 'data': {'status': 500, 'type': 'urn:ietf:params:acme:error:serverInternal', 'detail': 'enrollment failed'}}
Internal Server Error: /acme/order/ww5yr08DgdAw/finalize
[pid: 40|app: 0|req: 2/6] 172.17.0.1 () {38 vars in 562 bytes} [Tue Jun 18 13:20:08 2024] POST /acme/order/ww5yr08DgdAw/finalize => generated 99 bytes in 201 msecs (HTTP/1.1 500) 6 headers in 232 bytes (1 switches on core 0)

acme.sh log:

[Tue Jun 18 13:20:08 UTC 2024] Lets finalize the order.
[Tue Jun 18 13:20:08 UTC 2024] Le_OrderFinalize='https://192.168.1.153:9443/acme/order/ww5yr08DgdAw/finalize'
[Tue Jun 18 13:20:08 UTC 2024] =======Begin Send Signed Request=======
[Tue Jun 18 13:20:08 UTC 2024] url='https://192.168.1.153:9443/acme/order/ww5yr08DgdAw/finalize'
[Tue Jun 18 13:20:08 UTC 2024] payload='{"csr": "MIIBDTCBtQIBADASMRAwDgYDVQQKDAdhY21lLnNoMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh7jiLWoGBzQfnksvYUrYYp3PSfj4rSEHbcsLB25a3qGeSURXdf-6MXlqBPqutoT3C7uXKyNw5RcXtVN1Gf63DKBBMD8GCSqGSIb3DQEJDjEyMDAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA8GA1UdEQQIMAaHBMCoAZkwCgYIKoZIzj0EAwIDRwAwRAIgJzEBpa3u5kzCblKXnwbZ56TUoIpMIe-sSmJWUth2GtcCIA2YSXMQFa6u4VkfP-ogKft-p99gwBIE1nYuKztpV7cL"}'
[Tue Jun 18 13:20:08 UTC 2024] Use cached jwk for file: /acme.sh/ca/192.168.1.153/directory/account.key
[Tue Jun 18 13:20:08 UTC 2024] base64 single line.
[Tue Jun 18 13:20:08 UTC 2024] payload64='eyJjc3IiOiAiTUlJQkRUQ0J0UUlCQURBU01SQXdEZ1lEVlFRS0RBZGhZMjFsTG5Ob01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRWg3amlMV29HQnpRZm5rc3ZZVXJZWXAzUFNmajRyU0VIYmNzTEIyNWEzcUdlU1VSWGRmLTZNWGxxQlBxdXRvVDNDN3VYS3lOdzVSY1h0Vk4xR2Y2M0RLQkJNRDhHQ1NxR1NJYjNEUUVKRGpFeU1EQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFUVFJTUFhSEJNQ29BWmt3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnSnpFQnBhM3U1a3pDYmxLWG53Ylo1NlRVb0lwTUllLXNTbUpXVXRoMkd0Y0NJQTJZU1hNUUZhNnU0VmtmUC1vZ0tmdC1wOTlnd0JJRTFuWXVLenRwVjdjTCJ9'
[Tue Jun 18 13:20:08 UTC 2024] _request_retry_times='1'
[Tue Jun 18 13:20:08 UTC 2024] Use _CACHED_NONCE='1b55b0d0b49e4374a7bd9b190b1a49bb'
[Tue Jun 18 13:20:08 UTC 2024] nonce='1b55b0d0b49e4374a7bd9b190b1a49bb'
[Tue Jun 18 13:20:08 UTC 2024] protected='{"nonce": "1b55b0d0b49e4374a7bd9b190b1a49bb", "url": "https://192.168.1.153:9443/acme/order/ww5yr08DgdAw/finalize", "alg": "ES256", "kid": "https://192.168.1.153:9443/acme/acct/w1cX2e35hEqj"}'
[Tue Jun 18 13:20:08 UTC 2024] base64 single line.
[Tue Jun 18 13:20:08 UTC 2024] protected64='eyJub25jZSI6ICIxYjU1YjBkMGI0OWU0Mzc0YTdiZDliMTkwYjFhNDliYiIsICJ1cmwiOiAiaHR0cHM6Ly8xOTIuMTY4LjEuMTUzOjk0NDMvYWNtZS9vcmRlci93dzV5cjA4RGdkQXcvZmluYWxpemUiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovLzE5Mi4xNjguMS4xNTM6OTQ0My9hY21lL2FjY3QvdzFjWDJlMzVoRXFqIn0'
[Tue Jun 18 13:20:08 UTC 2024] _signedECText='    0:d=0  hl=2 l=  68 cons: SEQUENCE          
    2:d=1  hl=2 l=  32 prim: INTEGER           :6AED7DB4A720A2A687A5AC5D7531B593645009930A99A4C6945549FD1BD90828
   36:d=1  hl=2 l=  32 prim: INTEGER           :7787A8891F35AEE4F46FAA2E340A743AA36F60E1444733DBFCF9F83FB4B60018'
[Tue Jun 18 13:20:08 UTC 2024] _ec_r='6AED7DB4A720A2A687A5AC5D7531B593645009930A99A4C6945549FD1BD90828'
[Tue Jun 18 13:20:08 UTC 2024] _ec_s='7787A8891F35AEE4F46FAA2E340A743AA36F60E1444733DBFCF9F83FB4B60018'
[Tue Jun 18 13:20:08 UTC 2024] base64 single line.
[Tue Jun 18 13:20:08 UTC 2024] xxd exists=0
[Tue Jun 18 13:20:08 UTC 2024] _sig_t='au19tKcgoqaHpaxddTG1k2RQCZMKmaTGlFVJ/RvZCCh3h6iJHzWu5PRvqi40CnQ6o29g4URHM9v8+fg/tLYAGA=='
[Tue Jun 18 13:20:08 UTC 2024] sig='au19tKcgoqaHpaxddTG1k2RQCZMKmaTGlFVJ_RvZCCh3h6iJHzWu5PRvqi40CnQ6o29g4URHM9v8-fg_tLYAGA'
[Tue Jun 18 13:20:08 UTC 2024] body='{"protected": "eyJub25jZSI6ICIxYjU1YjBkMGI0OWU0Mzc0YTdiZDliMTkwYjFhNDliYiIsICJ1cmwiOiAiaHR0cHM6Ly8xOTIuMTY4LjEuMTUzOjk0NDMvYWNtZS9vcmRlci93dzV5cjA4RGdkQXcvZmluYWxpemUiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovLzE5Mi4xNjguMS4xNTM6OTQ0My9hY21lL2FjY3QvdzFjWDJlMzVoRXFqIn0", "payload": "eyJjc3IiOiAiTUlJQkRUQ0J0UUlCQURBU01SQXdEZ1lEVlFRS0RBZGhZMjFsTG5Ob01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRWg3amlMV29HQnpRZm5rc3ZZVXJZWXAzUFNmajRyU0VIYmNzTEIyNWEzcUdlU1VSWGRmLTZNWGxxQlBxdXRvVDNDN3VYS3lOdzVSY1h0Vk4xR2Y2M0RLQkJNRDhHQ1NxR1NJYjNEUUVKRGpFeU1EQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFUVFJTUFhSEJNQ29BWmt3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnSnpFQnBhM3U1a3pDYmxLWG53Ylo1NlRVb0lwTUllLXNTbUpXVXRoMkd0Y0NJQTJZU1hNUUZhNnU0VmtmUC1vZ0tmdC1wOTlnd0JJRTFuWXVLenRwVjdjTCJ9", "signature": "au19tKcgoqaHpaxddTG1k2RQCZMKmaTGlFVJ_RvZCCh3h6iJHzWu5PRvqi40CnQ6o29g4URHM9v8-fg_tLYAGA"}'
[Tue Jun 18 13:20:08 UTC 2024] POST
[Tue Jun 18 13:20:08 UTC 2024] _post_url='https://192.168.1.153:9443/acme/order/ww5yr08DgdAw/finalize'
[Tue Jun 18 13:20:08 UTC 2024] body='{"protected": "eyJub25jZSI6ICIxYjU1YjBkMGI0OWU0Mzc0YTdiZDliMTkwYjFhNDliYiIsICJ1cmwiOiAiaHR0cHM6Ly8xOTIuMTY4LjEuMTUzOjk0NDMvYWNtZS9vcmRlci93dzV5cjA4RGdkQXcvZmluYWxpemUiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovLzE5Mi4xNjguMS4xNTM6OTQ0My9hY21lL2FjY3QvdzFjWDJlMzVoRXFqIn0", "payload": "eyJjc3IiOiAiTUlJQkRUQ0J0UUlCQURBU01SQXdEZ1lEVlFRS0RBZGhZMjFsTG5Ob01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRWg3amlMV29HQnpRZm5rc3ZZVXJZWXAzUFNmajRyU0VIYmNzTEIyNWEzcUdlU1VSWGRmLTZNWGxxQlBxdXRvVDNDN3VYS3lOdzVSY1h0Vk4xR2Y2M0RLQkJNRDhHQ1NxR1NJYjNEUUVKRGpFeU1EQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFUVFJTUFhSEJNQ29BWmt3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnSnpFQnBhM3U1a3pDYmxLWG53Ylo1NlRVb0lwTUllLXNTbUpXVXRoMkd0Y0NJQTJZU1hNUUZhNnU0VmtmUC1vZ0tmdC1wOTlnd0JJRTFuWXVLenRwVjdjTCJ9", "signature": "au19tKcgoqaHpaxddTG1k2RQCZMKmaTGlFVJ_RvZCCh3h6iJHzWu5PRvqi40CnQ6o29g4URHM9v8-fg_tLYAGA"}'
[Tue Jun 18 13:20:08 UTC 2024] _postContentType='application/jose+json'
[Tue Jun 18 13:20:08 UTC 2024] Http already initialized.
[Tue Jun 18 13:20:08 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.6SzsWkSgNj  -g '
[Tue Jun 18 13:20:08 UTC 2024] _ret='0'
[Tue Jun 18 13:20:08 UTC 2024] responseHeaders='HTTP/1.1 500 Internal Server Error
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 18 Jun 2024 13:20:08 GMT
Content-Type: application/problem+json
Content-Length: 99
Connection: keep-alive
Replay-Nonce: deaeb1ebdd8846c5b1884b217b482b7a
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
'
[Tue Jun 18 13:20:08 UTC 2024] code='500'
[Tue Jun 18 13:20:08 UTC 2024] original='{"status": 500, "type": "urn:ietf:params:acme:error:serverInternal", "detail": "enrollment failed"}'
[Tue Jun 18 13:20:08 UTC 2024] response='{"status": 500, "type": "urn:ietf:params:acme:error:serverInternal", "detail": "enrollment failed"}'
[Tue Jun 18 13:20:08 UTC 2024] Sign failed, finalize code is not 200.
[Tue Jun 18 13:20:08 UTC 2024] {"status": 500, "type": "urn:ietf:params:acme:error:serverInternal", "detail": "enrollment failed"}
[Tue Jun 18 13:20:08 UTC 2024] _on_issue_err
[Tue Jun 18 13:20:08 UTC 2024] Please add '--debug' or '--log' to check more details.
[Tue Jun 18 13:20:08 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Tue Jun 18 13:20:08 UTC 2024] _chk_vlist
[Tue Jun 18 13:20:08 UTC 2024] openssl exists=0
[Tue Jun 18 13:20:08 UTC 2024] nginx exists=127
[Tue Jun 18 13:20:08 UTC 2024] socat exists=0

[grindsa]

There is an "400 - error message" coming from Smallstep. But this does not necessarily mean that we are behaving correctly.

Does this problem also occur without eab-profiling feature enabled?

[grindsa]

Just to keep you updated: I am able to replicate the issue in my setup.

Here is a quick summary what happens.

It seems you do not have the acme_account parameter configured in acme_srv.cfg.
In this case a2c tries to query the account information from Smallstep-CA. This query fails with an "acme:error:malformed" error.
Due to this erorr a2c will try to create a new account on smallstep-ca which will fail with a 'ConflictError' exception.

Hard to say who is behaving wrong here. Good news is that I have a workaround in mind. Further error handling for such situations needs to be improved. So stay tuned…

[grindsa]

Hi,

I pushed an updated handler into the devel branch. Feel free to give it a try but:

• set the account path parameter in acme_srv.cfg as shown below:

acme_keyfile: acme_srv/acme/smallstep.json
acme_url: https://192.168.14.131:9000/acme/acme
acme_account_email: admin@foobar.local
account_path: /
ssl_verify: False

• delete the acme_key file (smallstep.json in my example). This will trigger a new account creation and store the account name along in the key-file that an account-name loop will not fail anymore...

[invis-z]

Thanks so much for the fix! I will try it out as soon as I get time, life was kind of getting in the way of my tinkering. I will post my results here once I get them!

[grindsa]

Feature made it into v0.35. Thus, closing this issue. In case you have comments feel free to reopen...