Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Could not get nonce, let's try again. #4937

Closed
blankhang opened this issue Dec 30, 2023 · 9 comments
Closed

Could not get nonce, let's try again. #4937

blankhang opened this issue Dec 30, 2023 · 9 comments

Comments

@blankhang
Copy link

Steps to reproduce

acme.sh --upgrade
acme.sh --issue --log --dns dns_dp -d "xxxxx.com" -d "*.xxxxx.com" --debug 2

Debug log

root@us-o-arm-1:/.acme.sh# acme.sh --upgrade
[Sat Dec 30 13:34:30 CST 2023] Already uptodate!
[Sat Dec 30 13:34:30 CST 2023] Upgrade success!
root@us-o-arm-1:/.acme.sh# acme.sh --issue --log --dns dns_dp -d "xxxxx.com" -d ".xxxxx.com"
[Sat Dec 30 13:34:38 CST 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sat Dec 30 13:34:38 CST 2023] Multi domain='DNS:xxxxx.com,DNS:.xxxxx.com'
[Sat Dec 30 13:34:38 CST 2023] Getting domain auth token for each domain
[Sat Dec 30 13:34:40 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:34:44 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:34:48 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:34:52 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:34:56 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:35:00 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:35:04 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:35:09 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:35:13 CST 2023] Could not get nonce, let's try again.
[Sat Dec 30 13:35:17 CST 2023] Could not get nonce, let's try again.
0^C
root@us-o-arm-1:~/.acme.sh# acme.sh --issue --log --dns dns_dp -d "xxxxx.com" -d ".xxxxx.com" --debug 2
[Sat Dec 30 13:35:25 CST 2023] Lets find script dir.
[Sat Dec 30 13:35:25 CST 2023] SCRIPT='/root/.acme.sh/acme.sh'
[Sat Dec 30 13:35:25 CST 2023] _script='/root/.acme.sh/acme.sh'
[Sat Dec 30 13:35:25 CST 2023] _script_home='/root/.acme.sh'
[Sat Dec 30 13:35:25 CST 2023] Using config home:/root/.acme.sh
[Sat Dec 30 13:35:25 CST 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Sat Dec 30 13:35:25 CST 2023] Running cmd: issue
[Sat Dec 30 13:35:25 CST 2023] _main_domain='xxxxx.com'
[Sat Dec 30 13:35:25 CST 2023] _alt_domains='.xxxxx.com'
[Sat Dec 30 13:35:25 CST 2023] Using config home:/root/.acme.sh
[Sat Dec 30 13:35:25 CST 2023] default_acme_server
[Sat Dec 30 13:35:25 CST 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sat Dec 30 13:35:25 CST 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Sat Dec 30 13:35:25 CST 2023] _ACME_SERVER_PATH='v2/DV90'
[Sat Dec 30 13:35:25 CST 2023] DOMAIN_PATH='/root/.acme.sh/xxxxx.com_ecc'
[Sat Dec 30 13:35:25 CST 2023] 'dns_dp' does not contain 'dns'
[Sat Dec 30 13:35:25 CST 2023] Le_NextRenewTime
[Sat Dec 30 13:35:25 CST 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Sat Dec 30 13:35:25 CST 2023] _init api for server: https://acme.zerossl.com/v2/DV90
[Sat Dec 30 13:35:25 CST 2023] GET
[Sat Dec 30 13:35:25 CST 2023] url='https://acme.zerossl.com/v2/DV90'
[Sat Dec 30 13:35:25 CST 2023] timeout=
[Sat Dec 30 13:35:25 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.sOjMmOa7z8 -g '
[Sat Dec 30 13:35:26 CST 2023] ret='0'
[Sat Dec 30 13:35:26 CST 2023] response='{
"newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
"newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
"newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
"revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
"keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
"meta": {
"termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf",
"website": "https://zerossl.com",
"caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
"externalAccountRequired": true
}
}'
[Sat Dec 30 13:35:26 CST 2023] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Sat Dec 30 13:35:26 CST 2023] ACME_NEW_AUTHZ
[Sat Dec 30 13:35:26 CST 2023] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Sat Dec 30 13:35:26 CST 2023] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Sat Dec 30 13:35:26 CST 2023] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Sat Dec 30 13:35:26 CST 2023] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf'
[Sat Dec 30 13:35:26 CST 2023] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sat Dec 30 13:35:26 CST 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sat Dec 30 13:35:26 CST 2023] _on_before_issue
[Sat Dec 30 13:35:26 CST 2023] _chk_main_domain='xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _chk_alt_domains='.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] 'dns_dp' does not contain 'no'
[Sat Dec 30 13:35:26 CST 2023] Le_LocalAddress
[Sat Dec 30 13:35:26 CST 2023] d='xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] Check for domain='xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _currentRoot='dns_dp'
[Sat Dec 30 13:35:26 CST 2023] d='.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] Check for domain='.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _currentRoot='dns_dp'
[Sat Dec 30 13:35:26 CST 2023] d
[Sat Dec 30 13:35:26 CST 2023] 'dns_dp' does not contain 'apache'
[Sat Dec 30 13:35:26 CST 2023] _saved_account_key_hash='tkwHhtACFwB/KgV1G7r0sQVSjDNuRMokCAu3m/ORnm0='
[Sat Dec 30 13:35:26 CST 2023] _saved_account_key_hash is not changed, skip register account.
[Sat Dec 30 13:35:26 CST 2023] Read key length:ec-256
[Sat Dec 30 13:35:26 CST 2023] _createcsr
[Sat Dec 30 13:35:26 CST 2023] domain='xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] domainlist='.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] csrkey='/root/.acme.sh/xxxxx.com_ecc/xxxxx.com.key'
[Sat Dec 30 13:35:26 CST 2023] csr='/root/.acme.sh/xxxxx.com_ecc/xxxxx.com.csr'
[Sat Dec 30 13:35:26 CST 2023] csrconf='/root/.acme.sh/xxxxx.com_ecc/xxxxx.com.csr.conf'
[Sat Dec 30 13:35:26 CST 2023] _is_idn_d='.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _idn_temp
[Sat Dec 30 13:35:26 CST 2023] domainlist='.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] seg='xxxxx'
[Sat Dec 30 13:35:26 CST 2023] _is_idn_d='xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _idn_temp
[Sat Dec 30 13:35:26 CST 2023] seg='account.conf'
[Sat Dec 30 13:35:26 CST 2023] Multi domain='DNS:xxxxx.com,DNS:.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _is_idn_d='xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _idn_temp
[Sat Dec 30 13:35:26 CST 2023] _csr_cn='xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] seg='xxxxx'
[Sat Dec 30 13:35:26 CST 2023] Getting domain auth token for each domain
[Sat Dec 30 13:35:26 CST 2023] seg='xxxxx'
[Sat Dec 30 13:35:26 CST 2023] _is_idn_d='xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _idn_temp
[Sat Dec 30 13:35:26 CST 2023] d='.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] seg='account.conf'
[Sat Dec 30 13:35:26 CST 2023] _is_idn_d='.xxxxx.com'
[Sat Dec 30 13:35:26 CST 2023] _idn_temp
[Sat Dec 30 13:35:26 CST 2023] d
[Sat Dec 30 13:35:26 CST 2023] _identifiers='{"type":"dns","value":"xxxxx.com"},{"type":"dns","value":".xxxxx.com"}'
[Sat Dec 30 13:35:26 CST 2023] _notBefore
[Sat Dec 30 13:35:26 CST 2023] _notAfter
[Sat Dec 30 13:35:26 CST 2023] =======Begin Send Signed Request=======
[Sat Dec 30 13:35:26 CST 2023] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sat Dec 30 13:35:26 CST 2023] payload='{"identifiers": [{"type":"dns","value":"xxxxx.com"},{"type":"dns","value":".xxxxx.com"}]}'
[Sat Dec 30 13:35:26 CST 2023] EC key
[Sat Dec 30 13:35:26 CST 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sat Dec 30 13:35:26 CST 2023] HEAD
[Sat Dec 30 13:35:26 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Sat Dec 30 13:35:26 CST 2023] body
[Sat Dec 30 13:35:26 CST 2023] _postContentType='application/jose+json'
[Sat Dec 30 13:35:26 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7XjxALAr5t -g -I '
[Sat Dec 30 13:35:27 CST 2023] _ret='0'
[Sat Dec 30 13:35:27 CST 2023] _headers='HTTP/2 200
server: nginx
date: Sat, 30 Dec 2023 05:35:27 GMT
content-type: application/octet-stream
replay-nonce: ZojiqmvGllEdrqqo5lOWoJTFs9RYscqw4kz4OPTooNc
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: https://acme.zerossl.com/v2/DV90;rel="index"
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Dec 30 13:35:27 CST 2023] _CACHED_NONCE='ZojiqmvGllEdrqqo5lOWoJTFs9RYscqw4kz4OPTooNc'
[Sat Dec 30 13:35:27 CST 2023] nonce='ZojiqmvGllEdrqqo5lOWoJTFs9RYscqw4kz4OPTooNc'
[Sat Dec 30 13:35:27 CST 2023] POST
[Sat Dec 30 13:35:27 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sat Dec 30 13:35:27 CST 2023] body='{"protected": "eyJub25jZSI6ICJab2ppcW12R2xsRWRycXFvNWxPV29KVEZzOVJZc2NxdzRrejRPUFRvb05jIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9uZXdPcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS56ZXJvc3NsLmNvbS92Mi9EVjkwL2FjY291bnQvVTlzTldnNzRxaVlKT1pqU3V5Tk9pUSJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Im1heWFuZ21lZGlhLmNvbSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5tYXlhbmdtZWRpYS5jb20ifV19", "signature": "ZXmtLMz4aNuUrI9I3I0XR_qUYQM22IyU6q4XYD76Yes8wDJXL80CbNDN4jX4qgfgXJBf4c113UWlurMfTlvBHw"}'
[Sat Dec 30 13:35:27 CST 2023] _postContentType='application/jose+json'
[Sat Dec 30 13:35:27 CST 2023] Http already initialized.
[Sat Dec 30 13:35:27 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7XjxALAr5t -g '
[Sat Dec 30 13:35:28 CST 2023] _ret='0'
[Sat Dec 30 13:35:28 CST 2023] responseHeaders='HTTP/2 201
server: nginx
date: Sat, 30 Dec 2023 05:35:28 GMT
content-type: application/json
content-length: 384
replay-nonce: gtAlUblqfW10Zu42ceHEtwqdkl9dgBH51s058oR8QW8
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
location: https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Dec 30 13:35:28 CST 2023] code='201'
[Sat Dec 30 13:35:28 CST 2023] original='{"status":"pending","expires":"2024-03-29T04:16:24Z","identifiers":[{"type":"dns","value":"xxxxx.com"},{"type":"dns","value":".xxxxx.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw","https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ/finalize"}'
[Sat Dec 30 13:35:28 CST 2023] response='{"status":"pending","expires":"2024-03-29T04:16:24Z","identifiers":[{"type":"dns","value":"xxxxx.com"},{"type":"dns","value":".xxxxx.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw","https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ/finalize"}'
[Sat Dec 30 13:35:28 CST 2023] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ'
[Sat Dec 30 13:35:28 CST 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/RjqaRR_a5GSATGvK-K_dGQ/finalize'
[Sat Dec 30 13:35:28 CST 2023] _authorizations_seg='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw,https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw'
[Sat Dec 30 13:35:28 CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw'
[Sat Dec 30 13:35:28 CST 2023] =======Begin Send Signed Request=======
[Sat Dec 30 13:35:28 CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw'
[Sat Dec 30 13:35:28 CST 2023] payload
[Sat Dec 30 13:35:28 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Dec 30 13:35:28 CST 2023] Use _CACHED_NONCE='gtAlUblqfW10Zu42ceHEtwqdkl9dgBH51s058oR8QW8'
[Sat Dec 30 13:35:28 CST 2023] nonce='gtAlUblqfW10Zu42ceHEtwqdkl9dgBH51s058oR8QW8'
[Sat Dec 30 13:35:28 CST 2023] POST
[Sat Dec 30 13:35:28 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw'
[Sat Dec 30 13:35:28 CST 2023] body='{"protected": "eyJub25jZSI6ICJndEFsVWJscWZXMTBadTQyY2VIRXR3cWRrbDlkZ0JINTFzMDU4b1I4UVc4IiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9fSWlSNWRCdVhGMExGYl9rc1poSFJ3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9VOXNOV2c3NHFpWUpPWmpTdXlOT2lRIn0", "payload": "", "signature": "fiuvT2rHGuvZ_awukZFydWT3DM6PoRQ-ZQ1HT2PT5rftQjeCeEIb-W0sK-70ka7w400Ye-EKC_2Ad8ZTliyRtg"}'
[Sat Dec 30 13:35:28 CST 2023] _postContentType='application/jose+json'
[Sat Dec 30 13:35:28 CST 2023] Http already initialized.
[Sat Dec 30 13:35:28 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7XjxALAr5t -g '
[Sat Dec 30 13:35:29 CST 2023] _ret='0'
[Sat Dec 30 13:35:29 CST 2023] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 30 Dec 2023 05:35:29 GMT
content-type: application/json
content-length: 294
replay-nonce: QXQH50Y45HPgbG69Owf4pPwQhgdBq-7DP00MkKW1PFc
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: https://acme.zerossl.com/v2/DV90;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Dec 30 13:35:29 CST 2023] code='200'
[Sat Dec 30 13:35:29 CST 2023] original='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}'
[Sat Dec 30 13:35:29 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}'
[Sat Dec 30 13:35:29 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}'
[Sat Dec 30 13:35:29 CST 2023] _d='xxxxx.com'
[Sat Dec 30 13:35:29 CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw'
[Sat Dec 30 13:35:29 CST 2023] =======Begin Send Signed Request=======
[Sat Dec 30 13:35:29 CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw'
[Sat Dec 30 13:35:29 CST 2023] payload
[Sat Dec 30 13:35:29 CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sat Dec 30 13:35:29 CST 2023] Use _CACHED_NONCE='QXQH50Y45HPgbG69Owf4pPwQhgdBq-7DP00MkKW1PFc'
[Sat Dec 30 13:35:29 CST 2023] nonce='QXQH50Y45HPgbG69Owf4pPwQhgdBq-7DP00MkKW1PFc'
[Sat Dec 30 13:35:29 CST 2023] POST
[Sat Dec 30 13:35:29 CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw'
[Sat Dec 30 13:35:29 CST 2023] body='{"protected": "eyJub25jZSI6ICJRWFFINTBZNDVIUGdiRzY5T3dmNHBQd1FoZ2RCcS03RFAwME1rS1cxUEZjIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei8ydHdjUHYxbnAxdFFNYVl4aEpYOVR3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9VOXNOV2c3NHFpWUpPWmpTdXlOT2lRIn0", "payload": "", "signature": "EI6KtDEd7WjFoFHZTm0EZl5ri6PmRo7GLj4A5tMFT2g3VU3Nx3Vk489Q1f_tmxfixR-WiRHfrLFf2LRT54diLw"}'
[Sat Dec 30 13:35:29 CST 2023] _postContentType='application/jose+json'
[Sat Dec 30 13:35:29 CST 2023] Http already initialized.
[Sat Dec 30 13:35:29 CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.7XjxALAr5t -g '
[Sat Dec 30 13:35:30 CST 2023] _ret='0'
[Sat Dec 30 13:35:31 CST 2023] responseHeaders='HTTP/2 200
server: nginx
date: Sat, 30 Dec 2023 05:35:30 GMT
content-type: application/json
content-length: 310
replay-nonce: _yHPUONGlB4W1fHIoq8QPInzJhKd2a5ejkjD8weAiC4
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: https://acme.zerossl.com/v2/DV90;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sat Dec 30 13:35:31 CST 2023] code='200'
[Sat Dec 30 13:35:31 CST 2023] original='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/-nCjk-wMkcVYc2HDU4MAew","status":"invalid","error":{},"token":"-ZcfPYO53wEdteCp-cpPMAw9XR3f4Q61rrvu4Se-12s"}],"wildcard":true}'
[Sat Dec 30 13:35:31 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/-nCjk-wMkcVYc2HDU4MAew","status":"invalid","error":{},"token":"-ZcfPYO53wEdteCp-cpPMAw9XR3f4Q61rrvu4Se-12s"}],"wildcard":true}'
[Sat Dec 30 13:35:31 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/-nCjk-wMkcVYc2HDU4MAew","status":"invalid","error":{},"token":"-ZcfPYO53wEdteCp-cpPMAw9XR3f4Q61rrvu4Se-12s"}],"wildcard":true}'
[Sat Dec 30 13:35:31 CST 2023] _d='.xxxxx.com'
[Sat Dec 30 13:35:31 CST 2023] _authorizations_map='*.xxxxx.com,{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/-nCjk-wMkcVYc2HDU4MAew","status":"invalid","error":{},"token":"-ZcfPYO53wEdteCp-cpPMAw9XR3f4Q61rrvu4Se-12s"}],"wildcard":true}#https://acme.zerossl.com/v2/DV90/authz/2twcPv1np1tQMaYxhJX9Tw
xxxxx.com,{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}#https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw
'
[Sat Dec 30 13:35:31 CST 2023] d='xxxxx.com'
[Sat Dec 30 13:35:31 CST 2023] Getting webroot for domain='xxxxx.com'
[Sat Dec 30 13:35:31 CST 2023] _w='dns_dp'
[Sat Dec 30 13:35:31 CST 2023] _currentRoot='dns_dp'
[Sat Dec 30 13:35:31 CST 2023] _is_idn_d='xxxxx.com'
[Sat Dec 30 13:35:31 CST 2023] _idn_temp
[Sat Dec 30 13:35:31 CST 2023] _candidates='xxxxx.com,{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}#https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw'
[Sat Dec 30 13:35:31 CST 2023] response='{"identifier":{"type":"dns","value":"xxxxx.com"},"status":"invalid","expires":"2024-01-29T04:16:24Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{},"token":"3llFwbyZhy6mEUUpllfcPCiC8zvGudbycmQ2aSxvckw"}]}#https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw'
[Sat Dec 30 13:35:31 CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/_IiR5dBuXF0LFb_ksZhHRw'
[Sat Dec 30 13:35:31 CST 2023] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{'
[Sat Dec 30 13:35:31 CST 2023] token
[Sat Dec 30 13:35:31 CST 2023] Error, can not get domain token "type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/YBgKb75qH54m5SV-6dmxNw","status":"invalid","error":{
[Sat Dec 30 13:35:31 CST 2023] pid
[Sat Dec 30 13:35:31 CST 2023] No need to restore nginx, skip.
[Sat Dec 30 13:35:31 CST 2023] _clearupdns
[Sat Dec 30 13:35:31 CST 2023] dns_entries
[Sat Dec 30 13:35:31 CST 2023] skip dns.
[Sat Dec 30 13:35:31 CST 2023] _on_issue_err
[Sat Dec 30 13:35:31 CST 2023] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sat Dec 30 13:35:31 CST 2023] _chk_vlist
[Sat Dec 30 13:35:31 CST 2023] socat doesn't exist.
[Sat Dec 30 13:35:31 CST 2023] Diagnosis versions:
openssl:openssl
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

acme.sh  --issue .....   --debug 2

please help!
@github-actions GitHub Actions
Copy link

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

@ipme
Copy link

ipme commented Dec 30, 2023

我也是同样的问题

root@AliYun-SH:~/.acme.sh# acme.sh --upgrade
[Sun Dec 31 01:35:14 AM CST 2023] Already uptodate!
[Sun Dec 31 01:35:14 AM CST 2023] Upgrade success!
root@AliYun-SH:~/.acme.sh# acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.8

Debug log

[Sun Dec 31 01:14:34 AM CST 2023] payload='{"identifiers": [{"type":"dns","value":"a.com"},{"type":"dns","value":"*.a.com"}]}'

root@AliYun-SH : ~/.acme.sh# acme.sh --issue --log --dns dns_dp -d "google.com" -d "*.google.com" --debug 2
[Sun Dec 31 01:14:33 AM CST 2023] Lets find script dir.
[Sun Dec 31 01:14:33 AM CST 2023] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun Dec 31 01:14:33 AM CST 2023] _script='/root/.acme.sh/acme.sh'
[Sun Dec 31 01:14:33 AM CST 2023] _script_home='/root/.acme.sh'
[Sun Dec 31 01:14:33 AM CST 2023] Using config home:/root/.acme.sh
[Sun Dec 31 01:14:33 AM CST 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8

[Sun Dec 31 01:14:33 AM CST 2023] Running cmd: issue
[Sun Dec 31 01:14:33 AM CST 2023] _main_domain='google.com'
[Sun Dec 31 01:14:33 AM CST 2023] _alt_domains='*.google.com'
[Sun Dec 31 01:14:33 AM CST 2023] Using config home:/root/.acme.sh
[Sun Dec 31 01:14:33 AM CST 2023] default_acme_server='https://acme.zerossl.com/v2/DV90'
[Sun Dec 31 01:14:33 AM CST 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sun Dec 31 01:14:33 AM CST 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Sun Dec 31 01:14:33 AM CST 2023] _ACME_SERVER_PATH='v2/DV90'
[Sun Dec 31 01:14:33 AM CST 2023] DOMAIN_PATH='/root/.acme.sh/google.com_ecc'
[Sun Dec 31 01:14:33 AM CST 2023] 'dns_dp' does not contain 'dns'
[Sun Dec 31 01:14:33 AM CST 2023] Le_NextRenewTime
[Sun Dec 31 01:14:33 AM CST 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Sun Dec 31 01:14:33 AM CST 2023] _init api for server: https://acme.zerossl.com/v2/DV90
[Sun Dec 31 01:14:33 AM CST 2023] GET
[Sun Dec 31 01:14:33 AM CST 2023] url='https://acme.zerossl.com/v2/DV90'
[Sun Dec 31 01:14:33 AM CST 2023] timeout=
[Sun Dec 31 01:14:33 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.Pq2kUAY46T  -g '
[Sun Dec 31 01:14:34 AM CST 2023] ret='0'
[Sun Dec 31 01:14:34 AM CST 2023] response='{
  "newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
  "newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
  "newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
  "revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
  "keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
  "meta": {
    "termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf",
    "website": "https://zerossl.com",
    "caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
    "externalAccountRequired": true
  }
}'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_NEW_AUTHZ
[Sun Dec 31 01:14:34 AM CST 2023] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20230516_Certificate_Subscriber_Agreement_v_2_6_click.pdf'
[Sun Dec 31 01:14:34 AM CST 2023] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 31 01:14:34 AM CST 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Dec 31 01:14:34 AM CST 2023] _on_before_issue
[Sun Dec 31 01:14:34 AM CST 2023] _chk_main_domain='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _chk_alt_domains='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] 'dns_dp' does not contain 'no'
[Sun Dec 31 01:14:34 AM CST 2023] Le_LocalAddress
[Sun Dec 31 01:14:34 AM CST 2023] d='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] Check for domain='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _currentRoot='dns_dp'
[Sun Dec 31 01:14:34 AM CST 2023] d='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] Check for domain='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _currentRoot='dns_dp'
[Sun Dec 31 01:14:34 AM CST 2023] d
[Sun Dec 31 01:14:34 AM CST 2023] 'dns_dp' does not contain 'apache'
[Sun Dec 31 01:14:34 AM CST 2023] _saved_account_key_hash='4k9Gww1ZKLYaNBF9iaFuHQa4HDsiGMNxkXkaGe5+JlM='
[Sun Dec 31 01:14:34 AM CST 2023] _saved_account_key_hash is not changed, skip register account.
[Sun Dec 31 01:14:34 AM CST 2023] Read key length:ec-256
[Sun Dec 31 01:14:34 AM CST 2023] _createcsr
[Sun Dec 31 01:14:34 AM CST 2023] domain='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] domainlist='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] csrkey='/root/.acme.sh/google.com_ecc/google.com.key'
[Sun Dec 31 01:14:34 AM CST 2023] csr='/root/.acme.sh/google.com_ecc/google.com.csr'
[Sun Dec 31 01:14:34 AM CST 2023] csrconf='/root/.acme.sh/google.com_ecc/google.com.csr.conf'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] domainlist='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] seg='atzzz'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] seg='account.conf'
[Sun Dec 31 01:14:34 AM CST 2023] Multi domain='DNS:google.com,DNS:*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] _csr_cn='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] seg='atzzz'
[Sun Dec 31 01:14:34 AM CST 2023] Getting domain auth token for each domain
[Sun Dec 31 01:14:34 AM CST 2023] seg='atzzz'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] d='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] seg='account.conf'
[Sun Dec 31 01:14:34 AM CST 2023] _is_idn_d='*.google.com'
[Sun Dec 31 01:14:34 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:34 AM CST 2023] d
[Sun Dec 31 01:14:34 AM CST 2023] _identifiers='{"type":"dns","value":"google.com"},{"type":"dns","value":"*.google.com"}'
[Sun Dec 31 01:14:34 AM CST 2023] _notBefore
[Sun Dec 31 01:14:34 AM CST 2023] _notAfter
[Sun Dec 31 01:14:34 AM CST 2023] =======Begin Send Signed Request=======
[Sun Dec 31 01:14:34 AM CST 2023] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 31 01:14:34 AM CST 2023] payload='{"identifiers": [{"type":"dns","value":"google.com"},{"type":"dns","value":"*.google.com"}]}'
[Sun Dec 31 01:14:34 AM CST 2023] EC key
[Sun Dec 31 01:14:35 AM CST 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 31 01:14:35 AM CST 2023] HEAD
[Sun Dec 31 01:14:35 AM CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Dec 31 01:14:35 AM CST 2023] body
[Sun Dec 31 01:14:35 AM CST 2023] _postContentType='application/jose+json'
[Sun Dec 31 01:14:35 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.lilUxh3QHe  -g  -I  '
[Sun Dec 31 01:14:36 AM CST 2023] _ret='0'
[Sun Dec 31 01:14:36 AM CST 2023] _headers='HTTP/2 200 
server: nginx
date: Sat, 30 Dec 2023 17:14:36 GMT
content-type: application/octet-stream
replay-nonce: pdBcMeIptCXhzF7bpMqcLJDBlOk-yB1SCUjmJYsWC4c
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 31 01:14:36 AM CST 2023] _CACHED_NONCE='pdBcMeIptCXhzF7bpMqcLJDBlOk-yB1SCUjmJYsWC4c'
[Sun Dec 31 01:14:36 AM CST 2023] nonce='pdBcMeIptCXhzF7bpMqcLJDBlOk-yB1SCUjmJYsWC4c'
[Sun Dec 31 01:14:36 AM CST 2023] POST
[Sun Dec 31 01:14:36 AM CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Dec 31 01:14:36 AM CST 2023] body='{"protected": "eyJub25jZSI6ICJwZEJjTWVJcHRDWGh6RjdicE1xY0xKREJsT2steUIxU0NVam1KWXNXQzRjIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9uZXdPcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS56ZXJvc3NsLmNvbS92Mi9EVjkwL2FjY291bnQvR0hHSEYxTHhMU1VISElCYkExaElFdyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImF0enp6LmNvbSJ9LHsidHlwZSI6ImRucyIsInZhbHVlIjoiKi5hdHp6ei5jb20ifV19", "signature": "5hI04AhqY1Yj7bTIEcQCj4NkewiXltbgoPQTZ_RGJGIP2kVv2pHRCgwR7viz7eANmmDwpKD6Mpmm4H374raTHw"}'
[Sun Dec 31 01:14:36 AM CST 2023] _postContentType='application/jose+json'
[Sun Dec 31 01:14:36 AM CST 2023] Http already initialized.
[Sun Dec 31 01:14:36 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.lilUxh3QHe  -g '
[Sun Dec 31 01:14:38 AM CST 2023] _ret='0'
[Sun Dec 31 01:14:38 AM CST 2023] responseHeaders='HTTP/2 201 
server: nginx
date: Sat, 30 Dec 2023 17:14:38 GMT
content-type: application/json
content-length: 372
replay-nonce: KSTp1QjDYSEEOa6yfXXPVt2-a6FmkCGMR0qhBl8LSBI
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
location: https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 31 01:14:38 AM CST 2023] code='201'
[Sun Dec 31 01:14:38 AM CST 2023] original='{"status":"pending","expires":"2024-03-29T04:33:12Z","identifiers":[{"type":"dns","value":"google.com"},{"type":"dns","value":"*.google.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ","https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw/finalize"}'
[Sun Dec 31 01:14:38 AM CST 2023] response='{"status":"pending","expires":"2024-03-29T04:33:12Z","identifiers":[{"type":"dns","value":"google.com"},{"type":"dns","value":"*.google.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ","https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw/finalize"}'
[Sun Dec 31 01:14:38 AM CST 2023] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw'
[Sun Dec 31 01:14:38 AM CST 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/PTH6wUQzIklyuy8PmvUskw/finalize'
[Sun Dec 31 01:14:38 AM CST 2023] _authorizations_seg='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ,https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw'
[Sun Dec 31 01:14:38 AM CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:38 AM CST 2023] =======Begin Send Signed Request=======
[Sun Dec 31 01:14:38 AM CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:38 AM CST 2023] payload
[Sun Dec 31 01:14:38 AM CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sun Dec 31 01:14:38 AM CST 2023] Use _CACHED_NONCE='KSTp1QjDYSEEOa6yfXXPVt2-a6FmkCGMR0qhBl8LSBI'
[Sun Dec 31 01:14:38 AM CST 2023] nonce='KSTp1QjDYSEEOa6yfXXPVt2-a6FmkCGMR0qhBl8LSBI'
[Sun Dec 31 01:14:38 AM CST 2023] POST
[Sun Dec 31 01:14:38 AM CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:38 AM CST 2023] body='{"protected": "eyJub25jZSI6ICJLU1RwMVFqRFlTRUVPYTZ5ZlhYUFZ0Mi1hNkZta0NHTVIwcWhCbDhMU0JJIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei8tS2FhZktDQ1R5ZkJUZm5lQm0zMk9RIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9HSEdIRjFMeExTVUhISUJiQTFoSUV3In0", "payload": "", "signature": "-5Bf_idYgssXPqm5oCookNCCFrSB00IbjFHurrABQo18lExJhwrzy-FXSRq_PN-tmKaj8k84Q03aXo7A0-8Rqw"}'
[Sun Dec 31 01:14:38 AM CST 2023] _postContentType='application/jose+json'
[Sun Dec 31 01:14:38 AM CST 2023] Http already initialized.
[Sun Dec 31 01:14:38 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.lilUxh3QHe  -g '
[Sun Dec 31 01:14:41 AM CST 2023] _ret='0'
[Sun Dec 31 01:14:41 AM CST 2023] responseHeaders='HTTP/2 200 
server: nginx
date: Sat, 30 Dec 2023 17:14:40 GMT
content-type: application/json
content-length: 288
replay-nonce: C00oHfTRMSqvmKe8mp-7Cuu50w4UCzYWtNuJJczmbAY
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 31 01:14:41 AM CST 2023] code='200'
[Sun Dec 31 01:14:41 AM CST 2023] original='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}'
[Sun Dec 31 01:14:41 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}'
[Sun Dec 31 01:14:41 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}'
[Sun Dec 31 01:14:41 AM CST 2023] _d='google.com'
[Sun Dec 31 01:14:41 AM CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw'
[Sun Dec 31 01:14:41 AM CST 2023] =======Begin Send Signed Request=======
[Sun Dec 31 01:14:41 AM CST 2023] url='https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw'
[Sun Dec 31 01:14:41 AM CST 2023] payload
[Sun Dec 31 01:14:41 AM CST 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Sun Dec 31 01:14:41 AM CST 2023] Use _CACHED_NONCE='C00oHfTRMSqvmKe8mp-7Cuu50w4UCzYWtNuJJczmbAY'
[Sun Dec 31 01:14:41 AM CST 2023] nonce='C00oHfTRMSqvmKe8mp-7Cuu50w4UCzYWtNuJJczmbAY'
[Sun Dec 31 01:14:41 AM CST 2023] POST
[Sun Dec 31 01:14:41 AM CST 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw'
[Sun Dec 31 01:14:41 AM CST 2023] body='{"protected": "eyJub25jZSI6ICJDMDBvSGZUUk1TcXZtS2U4bXAtN0N1dTUwdzRVQ3pZV3ROdUpKY3ptYkFZIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hdXRoei9DNXZlMnk4UzgzVXJFLWQwMzVKNFZ3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9HSEdIRjFMeExTVUhISUJiQTFoSUV3In0", "payload": "", "signature": "TdfLrCQhxi7BCRyNzYooK1gmf9-0CDHpxSZYf_72eTKSq5HqwPNr-gRifkltfcgBw8tOd37rnzEN38sXStr9Ig"}'
[Sun Dec 31 01:14:41 AM CST 2023] _postContentType='application/jose+json'
[Sun Dec 31 01:14:41 AM CST 2023] Http already initialized.
[Sun Dec 31 01:14:41 AM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.lilUxh3QHe  -g '
[Sun Dec 31 01:14:43 AM CST 2023] _ret='0'
[Sun Dec 31 01:14:43 AM CST 2023] responseHeaders='HTTP/2 200 
server: nginx
date: Sat, 30 Dec 2023 17:14:43 GMT
content-type: application/json
content-length: 304
replay-nonce: UrkH5MUaKgsdQY7EWF5-lHMSKjW91g6Zp7UcXhm9gb0
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90>;rel="index"
retry-after: 86400
strict-transport-security: max-age=15724800; includeSubDomains
'
[Sun Dec 31 01:14:43 AM CST 2023] code='200'
[Sun Dec 31 01:14:43 AM CST 2023] original='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/mi2K6rLnjF8foymjBNatnA","status":"invalid","error":{},"token":"KJvln5SOJNDOxMp-WHGWCpcs69BKK2s8rx2U70Tj86g"}],"wildcard":true}'
[Sun Dec 31 01:14:43 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/mi2K6rLnjF8foymjBNatnA","status":"invalid","error":{},"token":"KJvln5SOJNDOxMp-WHGWCpcs69BKK2s8rx2U70Tj86g"}],"wildcard":true}'
[Sun Dec 31 01:14:43 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/mi2K6rLnjF8foymjBNatnA","status":"invalid","error":{},"token":"KJvln5SOJNDOxMp-WHGWCpcs69BKK2s8rx2U70Tj86g"}],"wildcard":true}'
[Sun Dec 31 01:14:43 AM CST 2023] _d='*.google.com'
[Sun Dec 31 01:14:43 AM CST 2023] _authorizations_map='*.google.com,{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/mi2K6rLnjF8foymjBNatnA","status":"invalid","error":{},"token":"KJvln5SOJNDOxMp-WHGWCpcs69BKK2s8rx2U70Tj86g"}],"wildcard":true}#https://acme.zerossl.com/v2/DV90/authz/C5ve2y8S83UrE-d035J4Vw
google.com,{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}#https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ
'
[Sun Dec 31 01:14:43 AM CST 2023] d='google.com'
[Sun Dec 31 01:14:43 AM CST 2023] Getting webroot for domain='google.com'
[Sun Dec 31 01:14:43 AM CST 2023] _w='dns_dp'
[Sun Dec 31 01:14:43 AM CST 2023] _currentRoot='dns_dp'
[Sun Dec 31 01:14:43 AM CST 2023] _is_idn_d='google.com'
[Sun Dec 31 01:14:43 AM CST 2023] _idn_temp
[Sun Dec 31 01:14:43 AM CST 2023] _candidates='google.com,{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}#https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:43 AM CST 2023] response='{"identifier":{"type":"dns","value":"google.com"},"status":"invalid","expires":"2024-01-29T04:33:12Z","challenges":[{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{},"token":"9DujUW_6poFn-9g-lr8NHU-NuEkeTA_ZU3P6U6cti4E"}]}#https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:43 AM CST 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/-KaafKCCTyfBTfneBm32OQ'
[Sun Dec 31 01:14:43 AM CST 2023] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{'
[Sun Dec 31 01:14:43 AM CST 2023] token
[Sun Dec 31 01:14:43 AM CST 2023] Error, can not get domain token "type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/brkIsn04Ai6ugjU0MtXFZw","status":"invalid","error":{
[Sun Dec 31 01:14:43 AM CST 2023] pid
[Sun Dec 31 01:14:43 AM CST 2023] No need to restore nginx, skip.
[Sun Dec 31 01:14:43 AM CST 2023] _clearupdns
[Sun Dec 31 01:14:43 AM CST 2023] dns_entries
[Sun Dec 31 01:14:43 AM CST 2023] skip dns.
[Sun Dec 31 01:14:43 AM CST 2023] _on_issue_err
[Sun Dec 31 01:14:43 AM CST 2023] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun Dec 31 01:14:43 AM CST 2023] _chk_vlist
[Sun Dec 31 01:14:43 AM CST 2023] socat doesn't exist.
[Sun Dec 31 01:14:43 AM CST 2023] Diagnosis versions: 
openssl:openssl
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
apache:
apache doesn't exist.
nginx:
nginx version: openresty/1.21.4.3
built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) 
built with OpenSSL 3.0.12 24 Oct 2023
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt=-O2 --add-module=../ngx_devel_kit-0.3.2 --add-module=../echo-nginx-module-0.63 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.33 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.09 --add-module=../srcache-nginx-module-0.33 --add-module=../ngx_lua-0.10.25 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.34 --add-module=../array-var-nginx-module-0.06 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.9 --add-module=../rds-json-nginx-module-0.16 --add-module=../rds-csv-nginx-module-0.09 --add-module=../ngx_stream_lua-0.0.13 --with-ld-opt='-Wl,-rpath,/usr/local/openresty/luajit/lib -ljemalloc -Wl,-u,pcre_version' --user=www --group=www --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=/root/oneinstack/src/openresty-1.21.4.3/../openssl-3.0.12 --with-pcre=/root/oneinstack/src/openresty-1.21.4.3/../pcre-8.45 --with-pcre-jit --add-module=/root/oneinstack/src/openresty-1.21.4.3/../ngx_brotli --add-module=/root/oneinstack/src/openresty-1.21.4.3/../ngx_cache_purge --with-openssl-opt=-g --with-pcre-opt=-g --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module
socat:```

@bago
Copy link

bago commented Jan 2, 2024
edited
Loading

I guess it is a temporary ZeroSSL issue.
Since Dec 29 I see some
Error, can not get domain token "type":"dns-01","url":"[https://acme.zerossl.com/v2/DV90/chall/####","status":"invalid","error":{
too, while renewing some domain.

The status says now everything works, but I just got the same error trying to force a renew for a domain that is not able to be renewed since dec 29:
https://status.zerossl.com/

Also, maybe the issue is not with the "nonce", but later.

@bago bago mentioned this issue Jan 2, 2024
Open
@bago
Copy link

bago commented Jan 8, 2024

Unfortunately alter 10 days of retries I'm still unable to renew 7 certs. Other certs are correctly renewing, but the 7 attempted on Dec 29 are somehow stuck. I submitted a request to zerossl, but maybe the main issue here is that acme.sh is not logging the error (there is only an open bracket after "error" in the log).

So, maybe zerossl is replying with an error, but acme.sh is losing it.

@blankhang
Copy link
Author

After running the certificate renewal command again on Jan 7, the certificates have been successfully renewed. :D

@jabis
Copy link

jabis commented Jan 15, 2024

Started happening to me just now...

@lurendrejer
Copy link

Started happening to me just now...

Same, I run the renewal every wednesday - it failed today.

@b-0-b
Copy link

b-0-b commented Jan 24, 2024

This is probably a ZeroSSL specific issue. You can always use another ACME server
https://github.com/acmesh-official/acme.sh/wiki/Server

Saw this same error message today while testing acme.sh with --server zerossl

@lurendrejer
Copy link

Moved to letsencrypt.
Had an issue where I had to reinstall acme.sh because some default e-mail used when installing from a script.
Did an acme --install --email [email protected], rm'ed the folder where the old certs were and everything ran from there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jabis @bago @blankhang @Neilpang @b-0-b @ipme @lurendrejer