Let's Encrypt Community Support

Loading

Note that in a zone file, names not ending with a dot . are relative, usually to the current domain.

So an entry for _acme-challenge.db.example.com inside the zone for db.example.com actually means an entry for _acme-challenge.db.example.com.db.example.com.

To make sure you have the right entry, you can either:

  • Add a dot a the end: _acme-challenge.db.example.com.

  • Or not include the domain: _acme-challenge

This is based on the zone being for db.example.com, things would be slightly different is the zone were for example.com instead.

Also don’t forget to update the serial of the zone (in the SOA record) when you update it, and reload the zone.

This is of course based on the registered name servers for your domain being your own server (and a secondary).

When querying using nslookup or dig you can tell them which server to ask the answer from. Always start by checking your primary, then your secondary, then other servers. And don’t forget some types of updates may take a while (especially changes which are subject to TTL of the previous record, and additions subject to the negative cache TTL of the domain).

命令:
acme.sh –staging –issue –dns dns_cf -d xxxx.tk

输出:
[Sun Mar 15 09:22:25 UTC 2020] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun Mar 15 09:22:26 UTC 2020] Single domain=’xxxx.tk’
[Sun Mar 15 09:22:26 UTC 2020] Getting domain auth token for each domain
[Sun Mar 15 09:22:29 UTC 2020] Getting webroot for domain=’xxxx.tk’
[Sun Mar 15 09:22:29 UTC 2020] Adding txt value: h2MuUYBtvsXcpyYbFfuAGychu6jot05hrQM9MZTUVWY for domain: _acme-challenge.xxxx.tk
[Sun Mar 15 09:22:29 UTC 2020] Adding record
[Sun Mar 15 09:22:30 UTC 2020] Added, OK
[Sun Mar 15 09:22:30 UTC 2020] The txt record is added: Success.
[Sun Mar 15 09:22:30 UTC 2020] Let’s check each dns records now. Sleep 20 seconds first.
[Sun Mar 15 09:22:51 UTC 2020] Checking xxxx.tk for _acme-challenge.xxxx.tk
[Sun Mar 15 09:22:51 UTC 2020] Domain xxxx.tk ‘_acme-challenge.xxxx.tk’ success.
[Sun Mar 15 09:22:51 UTC 2020] All success, let’s return
[Sun Mar 15 09:22:51 UTC 2020] Verifying: xxxx.tk
[Sun Mar 15 09:22:55 UTC 2020] xxxx.tk:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxx.tk – check that a DNS record exists for this domain
[Sun Mar 15 09:22:55 UTC 2020] Removing DNS records.
[Sun Mar 15 09:22:55 UTC 2020] Removing txt: h2MuUYBtvsXcpyYbFfuAGychu6jot05hrQM9MZTUVWY for domain: _acme-challenge.xxxx.tk
[Sun Mar 15 09:22:56 UTC 2020] Removed: Success
[Sun Mar 15 09:22:56 UTC 2020] Please add ‘–debug’ or ‘–log’ to check more details.
[Sun Mar 15 09:22:56 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

debug 2 输出:
v2.8.6
[Sun Mar 15 09:17:41 UTC 2020] Running cmd: issue
[Sun Mar 15 09:17:41 UTC 2020] _main_domain=’xxxx.tk’
[Sun Mar 15 09:17:41 UTC 2020] _alt_domains=’no’
[Sun Mar 15 09:17:41 UTC 2020] Using config home:/home/acme/.acme.sh
[Sun Mar 15 09:17:41 UTC 2020] Using stage ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun Mar 15 09:17:41 UTC 2020] ACME_DIRECTORY=’https://acme-staging-v02.api.letsencrypt.org/directory’
[Sun Mar 15 09:17:41 UTC 2020] _ACME_SERVER_HOST=’acme-staging-v02.api.letsencrypt.org’
[Sun Mar 15 09:17:41 UTC 2020] DOMAIN_PATH=’/home/acme/.acme.sh/xxxx.tk’
[Sun Mar 15 09:17:41 UTC 2020] ‘dns_cf’ does not contain ‘dns’
[Sun Mar 15 09:17:41 UTC 2020] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun Mar 15 09:17:41 UTC 2020] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory
[Sun Mar 15 09:17:41 UTC 2020] GET
[Sun Mar 15 09:17:41 UTC 2020] url=’https://acme-staging-v02.api.letsencrypt.org/directory’
[Sun Mar 15 09:17:41 UTC 2020] timeout=
[Sun Mar 15 09:17:41 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.aievrTlZJs -g ‘
[Sun Mar 15 09:17:42 UTC 2020] ret=’0′
[Sun Mar 15 09:17:42 UTC 2020] response='{
“fsYZnJzJFFs”: “https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417”,
“keyChange”: “https://acme-staging-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org/docs/staging-environment/”
},
“newAccount”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-staging-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert”
}’
[Sun Mar 15 09:17:42 UTC 2020] ACME_KEY_CHANGE=’https://acme-staging-v02.api.letsencrypt.org/acme/key-change’
[Sun Mar 15 09:17:42 UTC 2020] ACME_NEW_AUTHZ
[Sun Mar 15 09:17:42 UTC 2020] ACME_NEW_ORDER=’https://acme-staging-v02.api.letsencrypt.org/acme/new-order’
[Sun Mar 15 09:17:42 UTC 2020] ACME_NEW_ACCOUNT=’https://acme-staging-v02.api.letsencrypt.org/acme/new-acct’
[Sun Mar 15 09:17:42 UTC 2020] ACME_REVOKE_CERT=’https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert’
[Sun Mar 15 09:17:42 UTC 2020] ACME_AGREEMENT=’https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’
[Sun Mar 15 09:17:42 UTC 2020] ACME_NEW_NONCE=’https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce’
[Sun Mar 15 09:17:42 UTC 2020] ACME_VERSION=’2′
[Sun Mar 15 09:17:42 UTC 2020] Le_NextRenewTime
[Sun Mar 15 09:17:42 UTC 2020] _on_before_issue
[Sun Mar 15 09:17:42 UTC 2020] _chk_main_domain=’xxxx.tk’
[Sun Mar 15 09:17:42 UTC 2020] _chk_alt_domains
[Sun Mar 15 09:17:42 UTC 2020] ‘dns_cf’ does not contain ‘no’
[Sun Mar 15 09:17:42 UTC 2020] Le_LocalAddress
[Sun Mar 15 09:17:42 UTC 2020] d=’xxxx.tk’
[Sun Mar 15 09:17:42 UTC 2020] Check for domain=’xxxx.tk’
[Sun Mar 15 09:17:42 UTC 2020] _currentRoot=’dns_cf’
[Sun Mar 15 09:17:42 UTC 2020] d
[Sun Mar 15 09:17:42 UTC 2020] ‘dns_cf’ does not contain ‘apache’
[Sun Mar 15 09:17:42 UTC 2020] _saved_account_key_hash=’0iPaoAdRNLfO1oNt/a6C4vxJltT4YcwMWfmI6/0qRJQ=’
[Sun Mar 15 09:17:42 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Sun Mar 15 09:17:42 UTC 2020] Read key length:
[Sun Mar 15 09:17:42 UTC 2020] _createcsr
[Sun Mar 15 09:17:42 UTC 2020] domain=’xxxx.tk’
[Sun Mar 15 09:17:42 UTC 2020] domainlist
[Sun Mar 15 09:17:42 UTC 2020] csrkey=’/home/acme/.acme.sh/xxxx.tk/xxxx.tk.key’
[Sun Mar 15 09:17:42 UTC 2020] csr=’/home/acme/.acme.sh/xxxx.tk/xxxx.tk.csr’
[Sun Mar 15 09:17:42 UTC 2020] csrconf=’/home/acme/.acme.sh/xxxx.tk/xxxx.tk.csr.conf’
[Sun Mar 15 09:17:42 UTC 2020] Single domain=’xxxx.tk’
[Sun Mar 15 09:17:42 UTC 2020] _is_idn_d=’xxxx.tk’
[Sun Mar 15 09:17:42 UTC 2020] _idn_temp
[Sun Mar 15 09:17:42 UTC 2020] _is_idn_d=’xxxx.tk’
[Sun Mar 15 09:17:42 UTC 2020] _idn_temp
[Sun Mar 15 09:17:43 UTC 2020] _csr_cn=’xxxx.tk’
[Sun Mar 15 09:17:43 UTC 2020] Getting domain auth token for each domain
[Sun Mar 15 09:17:43 UTC 2020] _is_idn_d=’xxxx.tk’
[Sun Mar 15 09:17:43 UTC 2020] _idn_temp
[Sun Mar 15 09:17:43 UTC 2020] d
[Sun Mar 15 09:17:43 UTC 2020] _identifiers='{“type”:”dns”,”value”:”xxxx.tk”}’
[Sun Mar 15 09:17:43 UTC 2020] url=’https://acme-staging-v02.api.letsencrypt.org/acme/new-order’
[Sun Mar 15 09:17:43 UTC 2020] payload='{“identifiers”: [{“type”:”dns”,”value”:”xxxx.tk”}]}’
[Sun Mar 15 09:17:43 UTC 2020] RSA key
[Sun Mar 15 09:17:43 UTC 2020] Get nonce with HEAD. ACME_NEW_NONCE=’https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce’
[Sun Mar 15 09:17:43 UTC 2020] HEAD
[Sun Mar 15 09:17:43 UTC 2020] _post_url=’https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce’
[Sun Mar 15 09:17:43 UTC 2020] body
[Sun Mar 15 09:17:43 UTC 2020] _postContentType=’application/jose+json’
[Sun Mar 15 09:17:43 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g -I ‘
[Sun Mar 15 09:17:43 UTC 2020] _ret=’0′
[Sun Mar 15 09:17:43 UTC 2020] _headers=’HTTP/2 200
server: nginx
date: Sun, 15 Mar 2020 09:17:43 GMT
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=”index”
replay-nonce: 0001NWjYmXqCFTzvjzG68-d2Kv5FpG9Xndyy7vjnWLVS3KI
x-frame-options: DENY
strict-transport-security: max-age=604800

[Sun Mar 15 09:17:43 UTC 2020] _CACHED_NONCE=’0001NWjYmXqCFTzvjzG68-d2Kv5FpG9Xndyy7vjnWLVS3KI’
[Sun Mar 15 09:17:43 UTC 2020] nonce=’0001NWjYmXqCFTzvjzG68-d2Kv5FpG9Xndyy7vjnWLVS3KI’
[Sun Mar 15 09:17:43 UTC 2020] POST
[Sun Mar 15 09:17:43 UTC 2020] _post_url=’https://acme-staging-v02.api.letsencrypt.org/acme/new-order’
[Sun Mar 15 09:17:44 UTC 2020] body='{“protected”: “eyJub25jZSI6ICIwMDAxTldqWW1YcUNGVHp2anpHNjgtZDJLdjVGcEc5WG5keXk3dmpuV0xWUzNLSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI3ODQxNzkifQ”, “payload”: “eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InRnYnJmdi50ayJ9XX0”, “signature”: “rCjdxyEvdYErVSX3dnYxtAUEBDsfGd3ifgmJGLT5QUP5mx7oJM4fKxy-823E-3rus1r6HNr6iYLXjffQSw2Xmhi6txR8SvovTn-2-D1sx7spYpG33DdXTKhpviUgsi4Ur1EDk9tcBCkwm-Ulv82Pb4rrmZDAVkr_CZg6NknMhSIWGmrWuQBpqdYX_jDfhcic1drE2mYnNpPzau6AU6-lVONY24NfB4_q2XWHwHKtF1xFGNhXZRcaa-c7Fu5xe3xmZbGzSWG44siftGuheSJHJ171YZ_2bnMpiOUVY8r-xkjw9-hL8G6k7bfbiadBnopQiYGbZlM0jg5_qufMrPy3Ag”}’
[Sun Mar 15 09:17:44 UTC 2020] _postContentType=’application/jose+json’
[Sun Mar 15 09:17:44 UTC 2020] Http already initialized.
[Sun Mar 15 09:17:44 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:17:44 UTC 2020] _ret=’0′
[Sun Mar 15 09:17:44 UTC 2020] responseHeaders=’HTTP/2 201
server: nginx
date: Sun, 15 Mar 2020 09:17:44 GMT
content-type: application/json
content-length: 351
boulder-requester: 12784179
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=”index”
location: https://acme-staging-v02.api.letsencrypt.org/acme/order/12784179/79454787
replay-nonce: 0002Y2WjrohOGHDlDJhYihCew_gIJMYtMXvFdjHv6HF26CM
x-frame-options: DENY
strict-transport-security: max-age=604800

[Sun Mar 15 09:17:44 UTC 2020] code=’201′
[Sun Mar 15 09:17:44 UTC 2020] original='{
“status”: “pending”,
“expires”: “2020-03-22T09:17:44.687874152Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “xxxx.tk”
}
],
“authorizations”: [
“https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43839751”
],
“finalize”: “https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12784179/79454787”
}’
[Sun Mar 15 09:17:44 UTC 2020] response='{“status”:”pending”,”expires”:”2020-03-22T09:17:44.687874152Z”,”identifiers”:[{“type”:”dns”,”value”:”xxxx.tk”}],”authorizations”:[“https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43839751″],”finalize”:”https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12784179/79454787″}’
[Sun Mar 15 09:17:44 UTC 2020] Le_LinkOrder=’https://acme-staging-v02.api.letsencrypt.org/acme/order/12784179/79454787′ [Sun Mar 15 09:17:44 UTC 2020] Le_OrderFinalize=’https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12784179/79454787′
[Sun Mar 15 09:17:44 UTC 2020] _authorizations_seg=’https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43839751′[Sun Mar 15 09:17:44 UTC 2020] _authz_url=’https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43839751′
[Sun Mar 15 09:17:44 UTC 2020] url=’https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43839751′
[Sun Mar 15 09:17:44 UTC 2020] payload
[Sun Mar 15 09:17:44 UTC 2020] Use cached jwk for file: /home/acme/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sun Mar 15 09:17:44 UTC 2020] Use _CACHED_NONCE=’0002Y2WjrohOGHDlDJhYihCew_gIJMYtMXvFdjHv6HF26CM’
[Sun Mar 15 09:17:44 UTC 2020] nonce=’0002Y2WjrohOGHDlDJhYihCew_gIJMYtMXvFdjHv6HF26CM’
[Sun Mar 15 09:17:44 UTC 2020] POST
[Sun Mar 15 09:17:44 UTC 2020] _post_url=’https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43839751′
[Sun Mar 15 09:17:44 UTC 2020] body='{“protected”: “eyJub25jZSI6ICIwMDAyWTJXanJvaE9HSERsREpoWWloQ2V3X2dJSk1ZdE1YdkZkakh2NkhGMjZDTSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My80MzgzOTc1MSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMjc4NDE3OSJ9”, “payload”: “”, “signature”: “RO6YN8G86kFkuw_ua_x-QnQ0WpyFmn2ClhZfkOpeyN4_EkLsdQ0e0wx-X00FUls2po0FjVyepCiB_EDAxX5qzjjJOFbMg4jrYEugnuTIc58ZVcl9_sK-whOx900bwqNlxFypRijDwIoHaCSqsjA2zIUO1kv2AttW8TQAyRMFyCxrwRdl9rtXWGZiQ_lGWffL-Y9PNK7Nf6_yJ0DaKodcge9r5-35UfKygDIrGvgTNvqgMxiwTtqiMh5Y4W8JIxnqpKiM6erkHxz-9NoTrKJ7ZaMVHxg2jZrcBJuWQVJZnM3wP2Ej609Lu86waXl9bThsQyt7MBWPwQ7IabsJBuEyeg”}’
[Sun Mar 15 09:17:44 UTC 2020] _postContentType=’application/jose+json’
[Sun Mar 15 09:17:44 UTC 2020] Http already initialized.
[Sun Mar 15 09:17:44 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:17:45 UTC 2020] _ret=’0′
[Sun Mar 15 09:17:45 UTC 2020] responseHeaders=’HTTP/2 200
server: nginx
date: Sun, 15 Mar 2020 09:17:45 GMT
content-type: application/json
content-length: 805
boulder-requester: 12784179
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=”index”
replay-nonce: 0001cf991KXuLQkIP5r1p_Mz_8XAQVhOSo4jbL9aAQjmX_A
x-frame-options: DENY
strict-transport-security: max-age=604800

[Sun Mar 15 09:17:45 UTC 2020] code=’200′
[Sun Mar 15 09:17:45 UTC 2020] original='{
“identifier”: {
“type”: “dns”,
“value”: “xxxx.tk”
},
“status”: “pending”,
“expires”: “2020-03-22T09:17:44Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/aKrXew”,
“token”: “sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,
“token”: “sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/4bA70A”,
“token”: “sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”
}
]
}’
[Sun Mar 15 09:17:45 UTC 2020] response='{“identifier”:{“type”:”dns”,”value”:”xxxx.tk”},”status”:”pending”,”expires”:”2020-03-22T09:17:44Z”,”challenges”:[{“type”:”http-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/aKrXew”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”dns-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”tls-alpn-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/4bA70A”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}]}’
[Sun Mar 15 09:17:45 UTC 2020] response='{“identifier”:{“type”:”dns”,”value”:”xxxx.tk”},”status”:”pending”,”expires”:”2020-03-22T09:17:44Z”,”challenges”:[{“type”:”http-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/aKrXew”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”dns-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”tls-alpn-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/4bA70A”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}]}’
[Sun Mar 15 09:17:45 UTC 2020] _d=’xxxx.tk’
[Sun Mar 15 09:17:45 UTC 2020] _authorizations_map=’xxxx.tk,{“identifier”:{“type”:”dns”,”value”:”xxxx.tk”},”status”:”pending”,”expires”:”2020-03-22T09:17:44Z”,”challenges”:[{“type”:”http-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/aKrXew”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”dns-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”tls-alpn-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/4bA70A”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}]}

[Sun Mar 15 09:17:45 UTC 2020] d=’xxxx.tk’
[Sun Mar 15 09:17:45 UTC 2020] Getting webroot for domain=’xxxx.tk’
[Sun Mar 15 09:17:45 UTC 2020] _w=’dns_cf’
[Sun Mar 15 09:17:45 UTC 2020] _currentRoot=’dns_cf’
[Sun Mar 15 09:17:45 UTC 2020] _is_idn_d=’xxxx.tk’
[Sun Mar 15 09:17:45 UTC 2020] _idn_temp
[Sun Mar 15 09:17:45 UTC 2020] _candindates=’xxxx.tk,{“identifier”:{“type”:”dns”,”value”:”xxxx.tk”},”status”:”pending”,”expires”:”2020-03-22T09:17:44Z”,”challenges”:[{“type”:”http-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/aKrXew”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”dns-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”tls-alpn-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/4bA70A”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}]}’
[Sun Mar 15 09:17:45 UTC 2020] response='{“identifier”:{“type”:”dns”,”value”:”xxxx.tk”},”status”:”pending”,”expires”:”2020-03-22T09:17:44Z”,”challenges”:[{“type”:”http-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/aKrXew”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”dns-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”},{“type”:”tls-alpn-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/4bA70A”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}]}’
[Sun Mar 15 09:17:45 UTC 2020] entry='”type”:”dns-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”‘
[Sun Mar 15 09:17:45 UTC 2020] token=’sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs’
[Sun Mar 15 09:17:45 UTC 2020] uri=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:17:45 UTC 2020] keyauthorization=’sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs.uPjmAmwbd1KCNOHOEUwfFqlvfOGQKmLKM9WnHK6jYwU’
[Sun Mar 15 09:17:45 UTC 2020] dvlist=’xxxx.tk#sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs.uPjmAmwbd1KCNOHOEUwfFqlvfOGQKmLKM9WnHK6jYwU#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw#dns-01#dns_cf’
[Sun Mar 15 09:17:45 UTC 2020] d
[Sun Mar 15 09:17:45 UTC 2020] vlist=’xxxx.tk#sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs.uPjmAmwbd1KCNOHOEUwfFqlvfOGQKmLKM9WnHK6jYwU#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw#dns-01#dns_cf,’
[Sun Mar 15 09:17:45 UTC 2020] d=’xxxx.tk’
[Sun Mar 15 09:17:45 UTC 2020] _d_alias
[Sun Mar 15 09:17:45 UTC 2020] txtdomain=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:17:46 UTC 2020] txt=’4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4′
[Sun Mar 15 09:17:46 UTC 2020] d_api=’/home/acme/.acme.sh/dnsapi/dns_cf.sh’
[Sun Mar 15 09:17:46 UTC 2020] dns_entry=’xxxx.tk,_acme-challenge.xxxx.tk,,dns_cf,4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4,/home/acme/.acme.sh/dnsapi/dns_cf.sh’
[Sun Mar 15 09:17:46 UTC 2020] Found domain api file: /home/acme/.acme.sh/dnsapi/dns_cf.sh
[Sun Mar 15 09:17:46 UTC 2020] Adding txt value: 4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4 for domain: _acme-challenge.xxxx.tk
[Sun Mar 15 09:17:46 UTC 2020] First detect the root zone
[Sun Mar 15 09:17:46 UTC 2020] h=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:17:46 UTC 2020] zones?name=_acme-challenge.xxxx.tk
[Sun Mar 15 09:17:46 UTC 2020] GET
[Sun Mar 15 09:17:46 UTC 2020] url=’https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.xxxx.tk’
[Sun Mar 15 09:17:46 UTC 2020] timeout=
[Sun Mar 15 09:17:46 UTC 2020] Http already initialized.
[Sun Mar 15 09:17:46 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:17:46 UTC 2020] ret=’0′
[Sun Mar 15 09:17:46 UTC 2020] response='{“result”:[],”result_info”:{“page”:1,”per_page”:20,”total_pages”:0,”count”:0,”total_count”:0},”success”:true,”errors”:[],”messages”:[]}’
[Sun Mar 15 09:17:46 UTC 2020] h=’xxxx.tk’
[Sun Mar 15 09:17:46 UTC 2020] zones?name=xxxx.tk
[Sun Mar 15 09:17:46 UTC 2020] GET
[Sun Mar 15 09:17:46 UTC 2020] url=’https://api.cloudflare.com/client/v4/zones?name=xxxx.tk’
[Sun Mar 15 09:17:46 UTC 2020] timeout=
[Sun Mar 15 09:17:46 UTC 2020] Http already initialized.
[Sun Mar 15 09:17:46 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:17:46 UTC 2020] ret=’0′
[Sun Mar 15 09:17:46 UTC 2020] response='{“result”:[{“id”:”65620e85c06efbdb3ca9776dd7a06419″,”name”:”xxxx.tk”,”status”:”active”,”paused”:false,”type”:”full”,”development_mode”:0,”name_servers”:[“miles.ns.cloudflare.com”,”monika.ns.cloudflare.com”],”original_name_servers”:[“ns01.freenom.com”,”ns03.freenom.com”,”ns04.freenom.com”,”ns02.freenom.com”],”original_registrar”:null,”original_dnshost”:null,”modified_on”:”2020-03-15T08:36:52.915228Z”,”created_on”:”2020-03-15T06:34:16.586621Z”,”activated_on”:”2020-03-15T06:41:50.184167Z”,”meta”:{“step”:2,”wildcard_proxiable”:false,”custom_certificate_quota”:0,”page_rule_quota”:3,”phishing_detected”:false,”multiple_railguns_allowed”:false},”owner”:{“id”:”cdd8502fcd84f03eb520528f840a813a”,”type”:”user”,”email”:”myy1966@126.com”},”account”:{“id”:”9ab941d57af541cd7f754852e5fc562b”,”name”:”myy1966@126.com”},”permissions”:[“#access:edit”,”#access:read”,”#analytics:read”,”#app:edit”,”#auditlogs:read”,”#billing:edit”,”#billing:read”,”#cache_purge:edit”,”#dns_records:edit”,”#dns_records:read”,”#lb:edit”,”#lb:read”,”#legal:edit”,”#legal:read”,”#logs:edit”,”#logs:read”,”#member:edit”,”#member:read”,”#organization:edit”,”#organization:read”,”#ssl:edit”,”#ssl:read”,”#stream:edit”,”#stream:read”,”#subscription:edit”,”#subscription:read”,”#teams:edit”,”#teams:read”,”#teams:report”,”#waf:edit”,”#waf:read”,”#webhooks:edit”,”#webhooks:read”,”#worker:edit”,”#worker:read”,”#zone:edit”,”#zone:read”,”#zone_settings:edit”,”#zone_settings:read”],”plan”:{“id”:”0feeeeeeeeeeeeeeeeeeeeeeeeeeeeee”,”name”:”Free Website”,”price”:0,”currency”:”USD”,”frequency”:””,”is_subscribed”:true,”can_subscribe”:false,”legacy_id”:”free”,”legacy_discount”:false,”externally_managed”:false}}],”result_info”:{“page”:1,”per_page”:20,”total_pages”:1,”count”:1,”total_count”:1},”success”:true,”errors”:[],”messages”:[]}’
[Sun Mar 15 09:17:46 UTC 2020] _domain_id=’65620e85c06efbdb3ca9776dd7a06419′
[Sun Mar 15 09:17:46 UTC 2020] _sub_domain=’_acme-challenge’
[Sun Mar 15 09:17:46 UTC 2020] _domain=’xxxx.tk’
[Sun Mar 15 09:17:46 UTC 2020] Getting txt records
[Sun Mar 15 09:17:46 UTC 2020] zones/65620e85c06efbdb3ca9776dd7a06419/dns_records?type=TXT&name=_acme-challenge.xxxx.tk
[Sun Mar 15 09:17:46 UTC 2020] GET
[Sun Mar 15 09:17:46 UTC 2020] url=’https://api.cloudflare.com/client/v4/zones/65620e85c06efbdb3ca9776dd7a06419/dns_records?type=TXT&name=_acme-challenge.xxxx.tk’
[Sun Mar 15 09:17:46 UTC 2020] timeout=
[Sun Mar 15 09:17:46 UTC 2020] Http already initialized.
[Sun Mar 15 09:17:46 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:17:46 UTC 2020] ret=’0′
[Sun Mar 15 09:17:46 UTC 2020] response='{“result”:[],”result_info”:{“page”:1,”per_page”:20,”total_pages”:0,”count”:0,”total_count”:0},”success”:true,”errors”:[],”messages”:[]}’
[Sun Mar 15 09:17:46 UTC 2020] Adding record
[Sun Mar 15 09:17:46 UTC 2020] zones/65620e85c06efbdb3ca9776dd7a06419/dns_records
[Sun Mar 15 09:17:46 UTC 2020] data='{“type”:”TXT”,”name”:”_acme-challenge.xxxx.tk”,”content”:”4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4″,”ttl”:120}’
[Sun Mar 15 09:17:46 UTC 2020] POST
[Sun Mar 15 09:17:46 UTC 2020] _post_url=’https://api.cloudflare.com/client/v4/zones/65620e85c06efbdb3ca9776dd7a06419/dns_records’
[Sun Mar 15 09:17:46 UTC 2020] body='{“type”:”TXT”,”name”:”_acme-challenge.xxxx.tk”,”content”:”4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4″,”ttl”:120}’
[Sun Mar 15 09:17:46 UTC 2020] _postContentType
[Sun Mar 15 09:17:46 UTC 2020] Http already initialized.
[Sun Mar 15 09:17:46 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:17:47 UTC 2020] _ret=’0′
[Sun Mar 15 09:17:47 UTC 2020] response='{“result”:{“id”:”3ceb3748ebdd6e1232aa0ef05c49d49e”,”type”:”TXT”,”name”:”_acme-challenge.xxxx.tk”,”content”:”4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4″,”proxiable”:false,”proxied”:false,”ttl”:120,”locked”:false,”zone_id”:”65620e85c06efbdb3ca9776dd7a06419″,”zone_name”:”xxxx.tk”,”modified_on”:”2020-03-15T09:17:47.292022Z”,”created_on”:”2020-03-15T09:17:47.292022Z”,”meta”:{“auto_added”:false,”managed_by_apps”:false,”managed_by_argo_tunnel”:false}},”success”:true,”errors”:[],”messages”:[]}’
[Sun Mar 15 09:17:47 UTC 2020] Added, OK
[Sun Mar 15 09:17:47 UTC 2020] The txt record is added: Success.
[Sun Mar 15 09:17:47 UTC 2020] xxxx.tk,_acme-challenge.xxxx.tk,,dns_cf,4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4,/home/acme/.acme.sh/dnsapi/dns_cf.sh

[Sun Mar 15 09:17:47 UTC 2020] Let’s check each dns records now. Sleep 20 seconds first.
[Sun Mar 15 09:18:08 UTC 2020] _is_idn_d=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:08 UTC 2020] _idn_temp
[Sun Mar 15 09:18:08 UTC 2020] _is_idn_d=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:08 UTC 2020] _idn_temp
[Sun Mar 15 09:18:08 UTC 2020] d=’xxxx.tk’
[Sun Mar 15 09:18:08 UTC 2020] txtdomain=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:08 UTC 2020] aliasDomain=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:08 UTC 2020] txt=’4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4′
[Sun Mar 15 09:18:08 UTC 2020] d_api=’/home/acme/.acme.sh/dnsapi/dns_cf.sh’
[Sun Mar 15 09:18:08 UTC 2020] Checking xxxx.tk for _acme-challenge.xxxx.tk
[Sun Mar 15 09:18:08 UTC 2020] _c_txtdomain=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:08 UTC 2020] _c_aliasdomain=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:08 UTC 2020] _c_txt=’4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4′
[Sun Mar 15 09:18:08 UTC 2020] Detect dns server first.
[Sun Mar 15 09:18:08 UTC 2020] Use cloudflare doh server
[Sun Mar 15 09:18:08 UTC 2020] _ns_ep=’https://cloudflare-dns.com/dns-query’
[Sun Mar 15 09:18:08 UTC 2020] _ns_domain=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:08 UTC 2020] _ns_type=’TXT’
[Sun Mar 15 09:18:08 UTC 2020] GET
[Sun Mar 15 09:18:08 UTC 2020] url=’https://cloudflare-dns.com/dns-query?name=_acme-challenge.xxxx.tk&type=TXT’
[Sun Mar 15 09:18:08 UTC 2020] timeout=
[Sun Mar 15 09:18:08 UTC 2020] Http already initialized.
[Sun Mar 15 09:18:08 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:18:09 UTC 2020] ret=’0′
[Sun Mar 15 09:18:09 UTC 2020] response='{“Status”: 0,”TC”: false,”RD”: true, “RA”: true, “AD”: false,”CD”: false,”Question”:[{“name”: “_acme-challenge.xxxx.tk.”, “type”: 16}],”Answer”:[{“name”: “_acme-challenge.xxxx.tk.”, “type”: 16, “TTL”: 120, “data”: “”4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4″”}]}’
[Sun Mar 15 09:18:09 UTC 2020] _answers='”Answer”:[
“name”: “_acme-challenge.xxxx.tk.”, “type”: 16, “TTL”: 120, “data”: “”4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4″” ]’
[Sun Mar 15 09:18:09 UTC 2020] Domain xxxx.tk ‘_acme-challenge.xxxx.tk’ success.
[Sun Mar 15 09:18:09 UTC 2020] All success, let’s return
[Sun Mar 15 09:18:09 UTC 2020] ok, let’s start to verify
[Sun Mar 15 09:18:09 UTC 2020] Verifying: xxxx.tk
[Sun Mar 15 09:18:09 UTC 2020] d=’xxxx.tk’
[Sun Mar 15 09:18:09 UTC 2020] keyauthorization=’sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs.uPjmAmwbd1KCNOHOEUwfFqlvfOGQKmLKM9WnHK6jYwU’
[Sun Mar 15 09:18:09 UTC 2020] uri=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:09 UTC 2020] _currentRoot=’dns_cf’
[Sun Mar 15 09:18:09 UTC 2020] Trigger domain validation.
[Sun Mar 15 09:18:09 UTC 2020] _t_url=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:09 UTC 2020] _t_key_authz=’sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs.uPjmAmwbd1KCNOHOEUwfFqlvfOGQKmLKM9WnHK6jYwU’
[Sun Mar 15 09:18:09 UTC 2020] _t_vtype=’dns-01′
[Sun Mar 15 09:18:09 UTC 2020] url=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:09 UTC 2020] payload='{}’
[Sun Mar 15 09:18:09 UTC 2020] Use cached jwk for file: /home/acme/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sun Mar 15 09:18:09 UTC 2020] Use _CACHED_NONCE=’0001cf991KXuLQkIP5r1p_Mz_8XAQVhOSo4jbL9aAQjmX_A’
[Sun Mar 15 09:18:09 UTC 2020] nonce=’0001cf991KXuLQkIP5r1p_Mz_8XAQVhOSo4jbL9aAQjmX_A’
[Sun Mar 15 09:18:09 UTC 2020] POST
[Sun Mar 15 09:18:09 UTC 2020] _post_url=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:09 UTC 2020] body='{“protected”: “eyJub25jZSI6ICIwMDAxY2Y5OTFLWHVMUWtJUDVyMXBfTXpfOFhBUVZoT1NvNGpiTDlhQVFqbVhfQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My80MzgzOTc1MS9yTmY3WnciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI3ODQxNzkifQ”, “payload”: “e30”, “signature”: “XBXSWgWWHS_5jF7n3hhLB5ZXCT1_EWazQCY-6MqRSUAQsMjd_KmiDyRZN88Ig9mwtbB9gdhxjoUBG7KScXe_KR2cb3mMeyKf-AcgRaSzWjs7o0DAmKumyDfKy2n5rVX4J6YvDYxM03H3OFOnabomUC07pwr_D3ZwsApkr0fo7gO2T5lvUe0y1kwA37BfZi9XgwkhyBOt-lqvk9VSYeccohWJPQiZooI2njE6gSPrGKiC-wPTss4W3ku7SvzZIPmJB7Po3YkRTZ-MJdSLhPoZyTFZBj1KB5Uv48mFCWMC3zpKj9nD4-X_OlQ1vJBJADEoh6lvoh_te2w3A1gJ9mB6kg”}’
[Sun Mar 15 09:18:09 UTC 2020] _postContentType=’application/jose+json’
[Sun Mar 15 09:18:09 UTC 2020] Http already initialized.
[Sun Mar 15 09:18:09 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:18:09 UTC 2020] _ret=’0′
[Sun Mar 15 09:18:09 UTC 2020] responseHeaders=’HTTP/2 200
server: nginx
date: Sun, 15 Mar 2020 09:18:09 GMT
content-type: application/json
content-length: 190
boulder-requester: 12784179
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=”index”
link: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43839751;rel=”up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw
replay-nonce: 00010RBvkOAzSetSRNoQRf6A2tR2hYuxmH22n082mXc5BM0
x-frame-options: DENY
strict-transport-security: max-age=604800

[Sun Mar 15 09:18:09 UTC 2020] code=’200′
[Sun Mar 15 09:18:09 UTC 2020] original='{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,
“token”: “sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”
}’
[Sun Mar 15 09:18:10 UTC 2020] response='{“type”:”dns-01″,”status”:”pending”,”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}’
[Sun Mar 15 09:18:10 UTC 2020] trigger validation code: 200
[Sun Mar 15 09:18:10 UTC 2020] sleep 2 secs to verify
[Sun Mar 15 09:18:12 UTC 2020] checking
[Sun Mar 15 09:18:12 UTC 2020] url=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:12 UTC 2020] payload
[Sun Mar 15 09:18:12 UTC 2020] Use cached jwk for file: /home/acme/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sun Mar 15 09:18:12 UTC 2020] Use _CACHED_NONCE=’00010RBvkOAzSetSRNoQRf6A2tR2hYuxmH22n082mXc5BM0′
[Sun Mar 15 09:18:12 UTC 2020] nonce=’00010RBvkOAzSetSRNoQRf6A2tR2hYuxmH22n082mXc5BM0′
[Sun Mar 15 09:18:12 UTC 2020] POST
[Sun Mar 15 09:18:12 UTC 2020] _post_url=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:12 UTC 2020] body='{“protected”: “eyJub25jZSI6ICIwMDAxMFJCdmtPQXpTZXRTUk5vUVJmNkEydFIyaFl1eG1IMjJuMDgybVhjNUJNMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My80MzgzOTc1MS9yTmY3WnciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI3ODQxNzkifQ”, “payload”: “”, “signature”: “JIgw8VNdJD9Y-5Fwsd54ceiNWvvaqq5rljE2efHM0KkpmM7NPhzONoja2x-QoaCML1lOPNVWNjd0hn0WR7TVTxgwzZPX6CKA7cEnu0yfMAG5svtKi0rEsfQ7oDTREfpsEORczj6WH2aWhQFJLKApIPDESWLsJmZAuP97pZvrSbrdVdIwnpprqe5TuM_JH4b9SPBMZwGPbHmbVe7sOz93KCgwMbUQ_WEoozKeaqbsHuPKDWkk7nTSRIfzp_R4oo30owyUiHxpnbqc79dZvNo9Zp7t888DWL5XM0D-eCKZH14XGciPOwynYBcUXz5gNvETQm-7vBWKrVCsh_V_REQoLw”}’
[Sun Mar 15 09:18:12 UTC 2020] _postContentType=’application/jose+json’
[Sun Mar 15 09:18:12 UTC 2020] Http already initialized.
[Sun Mar 15 09:18:12 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:18:12 UTC 2020] _ret=’0′
[Sun Mar 15 09:18:12 UTC 2020] responseHeaders=’HTTP/2 200
server: nginx
date: Sun, 15 Mar 2020 09:18:12 GMT
content-type: application/json
content-length: 405
boulder-requester: 12784179
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=”index”
link: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/43839751;rel=”up”
location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw
replay-nonce: 0002e0zOuyMf5ZNivjKl2LrHVip2QQ6FTFfTbNyOVcVPTIc
x-frame-options: DENY
strict-transport-security: max-age=604800

[Sun Mar 15 09:18:12 UTC 2020] code=’200′
[Sun Mar 15 09:18:12 UTC 2020] original='{
“type”: “dns-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:dns”,
“detail”: “DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxx.tk – check that a DNS record exists for this domain”,
“status”: 400
},
“url”: “https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,
“token”: “sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”
}’
[Sun Mar 15 09:18:12 UTC 2020] response='{“type”:”dns-01″,”status”:”invalid”,”error”:{“type”:”urn:ietf:params:acme:error:dns”,”detail”:”DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxx.tk – check that a DNS record exists for this domain”,”status”: 400},”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}’
[Sun Mar 15 09:18:12 UTC 2020] original='{“type”:”dns-01″,”status”:”invalid”,”error”:{“type”:”urn:ietf:params:acme:error:dns”,”detail”:”DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxx.tk – check that a DNS record exists for this domain”,”status”: 400},”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}’
[Sun Mar 15 09:18:12 UTC 2020] response='{“type”:”dns-01″,”status”:”invalid”,”error”:{“type”:”urn:ietf:params:acme:error:dns”,”detail”:”DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxx.tk – check that a DNS record exists for this domain”,”status”: 400},”url”:”https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw”,”token”:”sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs”}’
[Sun Mar 15 09:18:12 UTC 2020] error='”error”:{“type”:”urn:ietf:params:acme:error:dns”,”detail”:”DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxx.tk – check that a DNS record exists for this domain”,”status”: 400′
[Sun Mar 15 09:18:12 UTC 2020] errordetail=’DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxx.tk – check that a DNS record exists for this domain’
[Sun Mar 15 09:18:12 UTC 2020] xxxx.tk:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xxxx.tk – check that a DNS record exists for this domain
[Sun Mar 15 09:18:12 UTC 2020] Skip for removelevel:
[Sun Mar 15 09:18:12 UTC 2020] pid
[Sun Mar 15 09:18:12 UTC 2020] No need to restore nginx, skip.
[Sun Mar 15 09:18:12 UTC 2020] _clearupdns
[Sun Mar 15 09:18:12 UTC 2020] dns_entries=’xxxx.tk,_acme-challenge.xxxx.tk,,dns_cf,4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4,/home/acme/.acme.sh/dnsapi/dns_cf.sh

[Sun Mar 15 09:18:12 UTC 2020] Removing DNS records.
[Sun Mar 15 09:18:12 UTC 2020] d=’xxxx.tk’
[Sun Mar 15 09:18:13 UTC 2020] txtdomain=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:13 UTC 2020] aliasDomain=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:13 UTC 2020] _currentRoot=’dns_cf’
[Sun Mar 15 09:18:13 UTC 2020] txt=’4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4′
[Sun Mar 15 09:18:13 UTC 2020] d_api=’/home/acme/.acme.sh/dnsapi/dns_cf.sh’
[Sun Mar 15 09:18:13 UTC 2020] Removing txt: 4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4 for domain: _acme-challenge.xxxx.tk
[Sun Mar 15 09:18:13 UTC 2020] First detect the root zone
[Sun Mar 15 09:18:13 UTC 2020] h=’_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:13 UTC 2020] zones?name=_acme-challenge.xxxx.tk
[Sun Mar 15 09:18:13 UTC 2020] GET
[Sun Mar 15 09:18:13 UTC 2020] url=’https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.xxxx.tk’
[Sun Mar 15 09:18:13 UTC 2020] timeout=
[Sun Mar 15 09:18:13 UTC 2020] Http already initialized.
[Sun Mar 15 09:18:13 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:18:13 UTC 2020] ret=’0′
[Sun Mar 15 09:18:13 UTC 2020] response='{“result”:[],”result_info”:{“page”:1,”per_page”:20,”total_pages”:0,”count”:0,”total_count”:0},”success”:true,”errors”:[],”messages”:[]}’
[Sun Mar 15 09:18:13 UTC 2020] h=’xxxx.tk’
[Sun Mar 15 09:18:13 UTC 2020] zones?name=xxxx.tk
[Sun Mar 15 09:18:13 UTC 2020] GET
[Sun Mar 15 09:18:13 UTC 2020] url=’https://api.cloudflare.com/client/v4/zones?name=xxxx.tk’
[Sun Mar 15 09:18:13 UTC 2020] timeout=
[Sun Mar 15 09:18:13 UTC 2020] Http already initialized.
[Sun Mar 15 09:18:13 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:18:13 UTC 2020] ret=’0′
[Sun Mar 15 09:18:13 UTC 2020] response='{“result”:[{“id”:”65620e85c06efbdb3ca9776dd7a06419″,”name”:”xxxx.tk”,”status”:”active”,”paused”:false,”type”:”full”,”development_mode”:0,”name_servers”:[“miles.ns.cloudflare.com”,”monika.ns.cloudflare.com”],”original_name_servers”:[“ns01.freenom.com”,”ns03.freenom.com”,”ns04.freenom.com”,”ns02.freenom.com”],”original_registrar”:null,”original_dnshost”:null,”modified_on”:”2020-03-15T09:17:47.292022Z”,”created_on”:”2020-03-15T06:34:16.586621Z”,”activated_on”:”2020-03-15T06:41:50.184167Z”,”meta”:{“step”:2,”wildcard_proxiable”:false,”custom_certificate_quota”:0,”page_rule_quota”:3,”phishing_detected”:false,”multiple_railguns_allowed”:false},”owner”:{“id”:”cdd8502fcd84f03eb520528f840a813a”,”type”:”user”,”email”:”myy1966@126.com”},”account”:{“id”:”9ab941d57af541cd7f754852e5fc562b”,”name”:”myy1966@126.com”},”permissions”:[“#access:edit”,”#access:read”,”#analytics:read”,”#app:edit”,”#auditlogs:read”,”#billing:edit”,”#billing:read”,”#cache_purge:edit”,”#dns_records:edit”,”#dns_records:read”,”#lb:edit”,”#lb:read”,”#legal:edit”,”#legal:read”,”#logs:edit”,”#logs:read”,”#member:edit”,”#member:read”,”#organization:edit”,”#organization:read”,”#ssl:edit”,”#ssl:read”,”#stream:edit”,”#stream:read”,”#subscription:edit”,”#subscription:read”,”#teams:edit”,”#teams:read”,”#teams:report”,”#waf:edit”,”#waf:read”,”#webhooks:edit”,”#webhooks:read”,”#worker:edit”,”#worker:read”,”#zone:edit”,”#zone:read”,”#zone_settings:edit”,”#zone_settings:read”],”plan”:{“id”:”0feeeeeeeeeeeeeeeeeeeeeeeeeeeeee”,”name”:”Free Website”,”price”:0,”currency”:”USD”,”frequency”:””,”is_subscribed”:true,”can_subscribe”:false,”legacy_id”:”free”,”legacy_discount”:false,”externally_managed”:false}}],”result_info”:{“page”:1,”per_page”:20,”total_pages”:1,”count”:1,”total_count”:1},”success”:true,”errors”:[],”messages”:[]}’
[Sun Mar 15 09:18:13 UTC 2020] _domain_id=’65620e85c06efbdb3ca9776dd7a06419′
[Sun Mar 15 09:18:13 UTC 2020] _sub_domain=’_acme-challenge’
[Sun Mar 15 09:18:13 UTC 2020] _domain=’xxxx.tk’
[Sun Mar 15 09:18:13 UTC 2020] Getting txt records
[Sun Mar 15 09:18:13 UTC 2020] zones/65620e85c06efbdb3ca9776dd7a06419/dns_records?type=TXT&name=_acme-challenge.xxxx.tk&content=4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4
[Sun Mar 15 09:18:13 UTC 2020] GET
[Sun Mar 15 09:18:13 UTC 2020] url=’https://api.cloudflare.com/client/v4/zones/65620e85c06efbdb3ca9776dd7a06419/dns_records?type=TXT&name=_acme-challenge.xxxx.tk&content=4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4′
[Sun Mar 15 09:18:13 UTC 2020] timeout=
[Sun Mar 15 09:18:13 UTC 2020] Http already initialized.
[Sun Mar 15 09:18:13 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:18:13 UTC 2020] ret=’0′
[Sun Mar 15 09:18:13 UTC 2020] response='{“result”:[{“id”:”3ceb3748ebdd6e1232aa0ef05c49d49e”,”type”:”TXT”,”name”:”_acme-challenge.xxxx.tk”,”content”:”4nQXx_qYwb7bNxCaxQ5t5yiXtYovRUyOlLedrqmEpu4″,”proxiable”:false,”proxied”:false,”ttl”:120,”locked”:false,”zone_id”:”65620e85c06efbdb3ca9776dd7a06419″,”zone_name”:”xxxx.tk”,”modified_on”:”2020-03-15T09:17:47.292022Z”,”created_on”:”2020-03-15T09:17:47.292022Z”,”meta”:{“auto_added”:false,”managed_by_apps”:false,”managed_by_argo_tunnel”:false}}],”result_info”:{“page”:1,”per_page”:20,”total_pages”:1,”count”:1,”total_count”:1},”success”:true,”errors”:[],”messages”:[]}’
[Sun Mar 15 09:18:13 UTC 2020] count=’1′
[Sun Mar 15 09:18:13 UTC 2020] record_id=’3ceb3748ebdd6e1232aa0ef05c49d49e’
[Sun Mar 15 09:18:13 UTC 2020] zones/65620e85c06efbdb3ca9776dd7a06419/dns_records/3ceb3748ebdd6e1232aa0ef05c49d49e
[Sun Mar 15 09:18:13 UTC 2020] data
[Sun Mar 15 09:18:13 UTC 2020] DELETE
[Sun Mar 15 09:18:13 UTC 2020] _post_url=’https://api.cloudflare.com/client/v4/zones/65620e85c06efbdb3ca9776dd7a06419/dns_records/3ceb3748ebdd6e1232aa0ef05c49d49e’
[Sun Mar 15 09:18:13 UTC 2020] body
[Sun Mar 15 09:18:13 UTC 2020] _postContentType
[Sun Mar 15 09:18:13 UTC 2020] Http already initialized.
[Sun Mar 15 09:18:14 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:18:14 UTC 2020] _ret=’0′
[Sun Mar 15 09:18:14 UTC 2020] response='{“result”:{“id”:”3ceb3748ebdd6e1232aa0ef05c49d49e”},”success”:true,”errors”:[],”messages”:[]}’
[Sun Mar 15 09:18:14 UTC 2020] Removed: Success
[Sun Mar 15 09:18:14 UTC 2020] _on_issue_err
[Sun Mar 15 09:18:14 UTC 2020] Please add ‘–debug’ or ‘–log’ to check more details.
[Sun Mar 15 09:18:14 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun Mar 15 09:18:14 UTC 2020] _chk_vlist=’xxxx.tk#sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs.uPjmAmwbd1KCNOHOEUwfFqlvfOGQKmLKM9WnHK6jYwU#https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw#dns-01#dns_cf,’
[Sun Mar 15 09:18:14 UTC 2020] start to deactivate authz
[Sun Mar 15 09:18:14 UTC 2020] Trigger domain validation.
[Sun Mar 15 09:18:14 UTC 2020] _t_url=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:14 UTC 2020] _t_key_authz=’sUTWJwzDEL6hu7ANUDMdrUpTPdHiGONlLereyzVsxbs.uPjmAmwbd1KCNOHOEUwfFqlvfOGQKmLKM9WnHK6jYwU’
[Sun Mar 15 09:18:14 UTC 2020] _t_vtype
[Sun Mar 15 09:18:14 UTC 2020] url=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:14 UTC 2020] payload='{}’
[Sun Mar 15 09:18:14 UTC 2020] Use cached jwk for file: /home/acme/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key
[Sun Mar 15 09:18:14 UTC 2020] Use _CACHED_NONCE=’0002e0zOuyMf5ZNivjKl2LrHVip2QQ6FTFfTbNyOVcVPTIc’
[Sun Mar 15 09:18:14 UTC 2020] nonce=’0002e0zOuyMf5ZNivjKl2LrHVip2QQ6FTFfTbNyOVcVPTIc’
[Sun Mar 15 09:18:14 UTC 2020] POST
[Sun Mar 15 09:18:14 UTC 2020] _post_url=’https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/43839751/rNf7Zw’
[Sun Mar 15 09:18:14 UTC 2020] body='{“protected”: “eyJub25jZSI6ICIwMDAyZTB6T3V5TWY1Wk5pdmpLbDJMckhWaXAyUVE2RlRGZlRiTnlPVmNWUFRJYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My80MzgzOTc1MS9yTmY3WnciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI3ODQxNzkifQ”, “payload”: “e30”, “signature”: “Jxowut_jayhNga-ltNeZtEMlKk9ayLSF895DXZ8IM1pCqDg73jU5ThvNvtGTeNfphr7szLzUWjqiLg1VWprVGtk4JNI33dDBlBJArNZ7Va637CmkiTQYuV5n0e1Oz3kYin4MDKElxAypmjyJVS0NMopze66AbnVKcPcZuIy–pWurkpPjp8L9ZRz6Ododfhm4qjZ1fauJzLS3mduwg68i9DUZFDZLl7jbkfEfCifmXi_dU2vCfYdNMQug_I_3cwDR8gIpxlvz7W2l5-klAb8y1aIISHEN0Eq7t-anjuFZN8SlN8l_0f09Zd40irBkbjNkA4whQwy_i4Yh97H6OKqyQ”}’
[Sun Mar 15 09:18:14 UTC 2020] _postContentType=’application/jose+json’
[Sun Mar 15 09:18:14 UTC 2020] Http already initialized.
[Sun Mar 15 09:18:14 UTC 2020] _CURL=’curl -L –silent –dump-header /home/acme/.acme.sh/http.header –trace-ascii /tmp/tmp.3rGrtAprBe -g ‘
[Sun Mar 15 09:18:15 UTC 2020] _ret=’0′
[Sun Mar 15 09:18:15 UTC 2020] responseHeaders=’HTTP/2 400
server: nginx
date: Sun, 15 Mar 2020 09:18:15 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 12784179
cache-control: public, max-age=0, no-cache
link: https://acme-staging-v02.api.letsencrypt.org/directory;rel=”index”
replay-nonce: 0002824jSd0XhabJb5HUrxZ3Cmc93LgZqOylXdnhQyL4Zh0

[Sun Mar 15 09:18:15 UTC 2020] code=’400′
[Sun Mar 15 09:18:15 UTC 2020] original='{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}’
[Sun Mar 15 09:18:15 UTC 2020] response='{
“type”: “urn:ietf:params:acme:error:malformed”,
“detail”: “Unable to update challenge :: authorization must be pending”,
“status”: 400
}’
[Sun Mar 15 09:18:15 UTC 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1 11 Sep 2018
apache:
apache doesn’t exists.
nginx:
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.1 11 Sep 2018
TLS SNI support enabled
configure arguments: –with-cc-opt=’-g -O2 -fdebug-prefix-map=/build/nginx-GkiujU/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2′ –with-ld-opt=’-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC’ –prefix=/usr/share/nginx –conf-path=/etc/nginx/nginx.conf –http-log-path=/var/log/nginx/access.log –error-log-path=/var/log/nginx/error.log –lock-path=/var/lock/nginx.lock –pid-path=/run/nginx.pid –modules-path=/usr/lib/nginx/modules –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –with-debug –with-pcre-jit –with-http_ssl_module –with-http_stub_status_module –with-http_realip_module –with-http_auth_request_module –with-http_v2_module –with-http_dav_module –with-http_slice_module –with-threads –with-http_addition_module –with-http_geoip_module=dynamic –with-http_gunzip_module –with-http_gzip_static_module –with-http_image_filter_module=dynamic –with-http_sub_module –with-http_xslt_module=dynamic –with-stream=dynamic –with-stream_ssl_module –with-mail=dynamic –with-mail_ssl_module
socat:
socat by Gerhard Rieger and contributors – see www.dest-unreach.org
socat version 1.7.3.2 on Apr 4 2018 10:06:49
running on Linux version #88-Ubuntu SMP Tue Feb 11 20:11:34 UTC 2020, release 4.15.0-88-generic, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#undef WITH_READLINE
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#define WITH_LIBWRAP 1
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /debug/

域名解析正常,浏览器打开可以看到Welcome to nginx!

I followed this guide step by step to generate certificates for my domain (mydomain.click) which is managed by route53.

I created an IAM user with the following permissions:

{
    "Version": "2012-10-17",
    "Id": "certbot-dns-route53 sample policy",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:GetChange"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect" : "Allow",
            "Action" : [
                "route53:ChangeResourceRecordSets"
            ],
            "Resource" : [
                "arn:aws:route53:::hostedzone/aed763ejfgasfja"
            ]
        }
    ]
}

Then I configured the access and secret key of this user on one of the VM where certbot is installed.

Finally, I ran this command to get the certificates:

certbot certonly --dns-route53 -d mydomain.click

It return the following error:

root@ip-192-168-19-189:/tmp# certbot certonly --dns-route53 -d mydomain.click
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mydomain.click
Certbot failed to authenticate some domains (authenticator: dns-route53). The Certificate Authority reported these problems:
  Domain: mydomain.click
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.click - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-route53. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-route53-propagation-seconds (currently 10 seconds).

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I understand that some TXT records need to be created in route53 but what value needs to be entered in that entry? Am I missing any critical step here?

Post Views: 18


[Mon Nov 21 10:26:36 UTC 2022] Verifying: xOpsSchool.com
[Mon Nov 21 10:26:41 UTC 2022] xOpsSchool.com:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.xopsschool.com - check that a DNS record exists for this domain
[Mon Nov 21 10:26:41 UTC 2022] Please add '--debug' or '--log' to check more details.
[Mon Nov 21 10:26:41 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Mon Nov 21 10:26:42 UTC 2022] The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.



[Mon Nov 21 10:45:01 UTC 2022] xopsschool.com:Verify error:184.168.122.73: Invalid response from http://xopsschool.com/.well-known/acme-challenge/HnmVzc5WZG4qxxIBzwUbT9WSH5ALfYYL7tgJ_MeIGzM: 403
[Mon Nov 21 10:45:01 UTC 2022] Please add '--debug' or '--log' to check more details.
[Mon Nov 21 10:45:01 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

Solution

  • Author
  • Recent Posts

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *