Want to subscribe to topics you're interested in?
Become a Member

SSL Letsencrypt Cloudflare Cloudflare 526 error

Discussion in 'Domains, DNS, Email & SSL Certificates' started by cloud9, Jun 24, 2022.

  1. cloud9

    cloud9 Premium Member Premium Member

    303
    85
    28
    Oct 6, 2015
    England
    Ratings:
    +144
    Local Time:
    9:25 PM
    1.21.5
    10.3.32
    Website was fine a few days ago, just checked and 526 error - invalid ssl

    Nothing has been touched though on the vps or Cloudflare

    SSL was from memory all set up fine and was lets encrypt in CMM

    Where to look for the issue ?

     

    Attached Files:

  2. cloud9

    cloud9 Premium Member Premium Member

    303
    85
    28
    Oct 6, 2015
    England
    Ratings:
    +144
    Local Time:
    9:25 PM
    1.21.5
    10.3.32
    If I run this in ssh

    Code:
     /usr/local/src/centminmod/addons/acmetool.sh checkdates 
    the two .cers returned expire in -1 day

    certificate expires in -1 days on 22 Jun 2022
     
  3. eva2000

    eva2000 Administrator Staff Member

    48,873
    11,178
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,412
    Local Time:
    6:25 AM
    Nginx 1.21.x
    MariaDB 10.x
    You may want to switch to Cloudflare DNS API validation with Centmin Mod's acmetool.sh wrapper see Letsencrypt Free SSL Certificates. Once that is setup, you can try a reissue outlined below.

    Try acmetool.sh add reissue-only option for existing nginx HTTPS SSL vhosts with domain.com.ssl.conf vhost config files that exist. This only does reissue of letsencrypt SSL cert without touching the nginx vhost. Ideal for use when you tried creating a Nginx HTTPS SSL default vhost site but letsencrypt SSL issuance failed the first time. When it fails, Centmin Mod usually falls back to self-signed SSL as a place holder for the domain.com.ssl.conf vhost config. When you run:
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue-only domain.com live
    

    It will only try reissuing the letsencrypt SSL certificate for the domain = domain.com for live production SSL certificate without touching any of the existing nginx vhost at domain.com.ssl.conf
     
  4. cloud9

    cloud9 Premium Member Premium Member

    303
    85
    28
    Oct 6, 2015
    England
    Ratings:
    +144
    Local Time:
    9:25 PM
    1.21.5
    10.3.32
    Tried that still got a 526 on Cloudflare

    output from your above

    Code:
    [20:33][root@server.DOMAIN.COM addons]# ./acmetool.sh reissue-only DOMAIN.COM live
    
    ------------------------------------------------------------------------------
    Version Check:
    ------------------------------------------------------------------------------
    !!!  there maybe a newer version of ./acmetool.sh available  !!!
    https://community.centminmod.com/posts/34492/
    update using centmin.sh menu option 23 submenu option 2
    
    or via command: cmupdate
    
    Always ensure Current Version is higher or equal to Latest Version
    ------------------------------------------------------------------------------
    Current acmetool.sh Version: 1.0.79
    Latest acmetool.sh Version: 1.0.82
    ------------------------------------------------------------------------------
    
    
    -----------------------------------------------------
    updating acme.sh client...
    -----------------------------------------------------
    Cloning into 'acme.sh'...
    [Thu Jun 23 20:34:11 UTC 2022] It is recommended to install socat first.
    [Thu Jun 23 20:34:11 UTC 2022] We use socat for standalone server if you use standalone mode.
    [Thu Jun 23 20:34:11 UTC 2022] If you don't use standalone mode, just ignore this warning.
    [Thu Jun 23 20:34:11 UTC 2022] Installing to /root/.acme.sh
    [Thu Jun 23 20:34:11 UTC 2022] Installed to /root/.acme.sh/acme.sh
    [Thu Jun 23 20:34:11 UTC 2022] Installing alias to '/root/.bashrc'
    [Thu Jun 23 20:34:11 UTC 2022] OK, Close and reopen your terminal to start using acme.sh
    [Thu Jun 23 20:34:11 UTC 2022] Installing alias to '/root/.cshrc'
    [Thu Jun 23 20:34:11 UTC 2022] Installing alias to '/root/.tcshrc'
    [Thu Jun 23 20:34:11 UTC 2022] Installing cron job
    50 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Thu Jun 23 20:34:11 UTC 2022] Good, bash is found, so change the shebang to use bash as preferred.
    [Thu Jun 23 20:34:13 UTC 2022] OK
    https://github.com/acmesh-official/acme.sh
    v3.0.5
    -----------------------------------------------------
    set default acme.sh CA to letsencrypt:
    acme.sh --set-default-ca --server letsencrypt
    [Thu Jun 23 20:34:13 UTC 2022] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
    -----------------------------------------------------
    acme.sh updated
    -----------------------------------------------------
    grep 'root' /usr/local/nginx/conf/conf.d/DOMAIN.COM.ssl.conf
      root /home/nginx/domains/DOMAIN.COM/public;
    
    -----------------------------------------------------------
    reissue & install letsencrypt ssl certificate for DOMAIN.COM
    -----------------------------------------------------------
    /root/.acme.sh/acme.sh --force --createDomainKey -d DOMAIN.COM -d www.DOMAIN.COM -k 2048 --useragent centminmod-centos7-acmesh-webroot
    [Thu Jun 23 20:34:13 UTC 2022] Creating domain key
    [Thu Jun 23 20:34:14 UTC 2022] The domain key is here: /root/.acme.sh/DOMAIN.COM/DOMAIN.COM.key
    testcert value = live
    /root/.acme.sh/acme.sh --force --dns dns_cf --issue -d DOMAIN.COM -d www.DOMAIN.COM --days 60 -w /home/nginx/domains/DOMAIN.COM/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-230622-203408.log --log-level 2 --preferred-chain  "ISRG"
    [Thu Jun 23 20:34:15 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
    [Thu Jun 23 20:34:15 UTC 2022] Multi domain='DNS:DOMAIN.COM,DNS:www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] Getting domain auth token for each domain
    [Thu Jun 23 20:34:18 UTC 2022] Getting webroot for domain='DOMAIN.COM'
    [Thu Jun 23 20:34:19 UTC 2022] Getting webroot for domain='www.DOMAIN.COM'
    [Thu Jun 23 20:34:19 UTC 2022] Adding txt value: jb1i9Bb6TbDzoNO1CnRQWi16GTn-IAQ1vywpaDJqTgU for domain:  _acme-challenge.DOMAIN.COM
    [Thu Jun 23 20:34:22 UTC 2022] invalid domain
    [Thu Jun 23 20:34:22 UTC 2022] Error add txt for domain:_acme-challenge.DOMAIN.COM
    [Thu Jun 23 20:34:22 UTC 2022] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-230622-203408.log
    LECHECK = 1
    
    log files saved at /root/centminlogs
    -rw-r--r--  1 root root  37K Jun 23 20:34 acmetool.sh-debug-log-230622-203408.log
    -rw-r--r--  1 root root 3.5K Jun 23 20:34 acmesh-reissue-only_230622-203408.log
     
  5. cloud9

    cloud9 Premium Member Premium Member

    303
    85
    28
    Oct 6, 2015
    England
    Ratings:
    +144
    Local Time:
    9:25 PM
    1.21.5
    10.3.32
    Where it says please check log files, this is the log

    Code:
    [Thu Jun 23 20:34:14 UTC 2022] Lets find script dir.
    [Thu Jun 23 20:34:14 UTC 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Thu Jun 23 20:34:14 UTC 2022] _script='/root/.acme.sh/acme.sh'
    [Thu Jun 23 20:34:14 UTC 2022] _script_home='/root/.acme.sh'
    [Thu Jun 23 20:34:14 UTC 2022] Using config home:/root/.acme.sh
    [Thu Jun 23 20:34:14 UTC 2022] LE_WORKING_DIR='/root/.acme.sh'
    [Thu Jun 23 20:34:14 UTC 2022] Running cmd: issue
    [Thu Jun 23 20:34:14 UTC 2022] _main_domain='DOMAIN.COM'
    [Thu Jun 23 20:34:14 UTC 2022] _alt_domains='www.DOMAIN.COM'
    [Thu Jun 23 20:34:14 UTC 2022] Using config home:/root/.acme.sh
    [Thu Jun 23 20:34:14 UTC 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
    [Thu Jun 23 20:34:14 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Thu Jun 23 20:34:14 UTC 2022] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Thu Jun 23 20:34:14 UTC 2022] _ACME_SERVER_PATH='directory'
    [Thu Jun 23 20:34:14 UTC 2022] DOMAIN_PATH='/root/.acme.sh/DOMAIN.COM'
    [Thu Jun 23 20:34:14 UTC 2022] 'dns_cf,/home/nginx/domains/DOMAIN.COM/public' does not contain 'dns'
    [Thu Jun 23 20:34:14 UTC 2022] Le_NextRenewTime='1653247691'
    [Thu Jun 23 20:34:14 UTC 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
    [Thu Jun 23 20:34:14 UTC 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    [Thu Jun 23 20:34:14 UTC 2022] GET
    [Thu Jun 23 20:34:14 UTC 2022] url='https://acme-v02.api.letsencrypt.org/directory'
    [Thu Jun 23 20:34:14 UTC 2022] timeout=
    [Thu Jun 23 20:34:14 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:14 UTC 2022] ret='0'
    [Thu Jun 23 20:34:14 UTC 2022] response='{
      "8A1Cx__4mWA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
      "meta": {
        "caaIdentities": [
          "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
        "website": "https://letsencrypt.org"
      },
      "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
      "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
      "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
      "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
    }'
    [Thu Jun 23 20:34:15 UTC 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
    [Thu Jun 23 20:34:15 UTC 2022] ACME_NEW_AUTHZ
    [Thu Jun 23 20:34:15 UTC 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Thu Jun 23 20:34:15 UTC 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
    [Thu Jun 23 20:34:15 UTC 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
    [Thu Jun 23 20:34:15 UTC 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
    [Thu Jun 23 20:34:15 UTC 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Thu Jun 23 20:34:15 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
    [Thu Jun 23 20:34:15 UTC 2022] _on_before_issue
    [Thu Jun 23 20:34:15 UTC 2022] _chk_main_domain='DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _chk_alt_domains='www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] 'dns_cf,/home/nginx/domains/DOMAIN.COM/public' does not contain 'no'
    [Thu Jun 23 20:34:15 UTC 2022] Le_LocalAddress
    [Thu Jun 23 20:34:15 UTC 2022] d='DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] Check for domain='DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _currentRoot='dns_cf'
    [Thu Jun 23 20:34:15 UTC 2022] d='www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] Check for domain='www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _currentRoot='/home/nginx/domains/DOMAIN.COM/public'
    [Thu Jun 23 20:34:15 UTC 2022] d
    [Thu Jun 23 20:34:15 UTC 2022] 'dns_cf,/home/nginx/domains/DOMAIN.COM/public' does not contain 'apache'
    [Thu Jun 23 20:34:15 UTC 2022] _saved_account_key_hash='KDzjU6MgXqb2WAEqZTSb8HLlwIT2pqOVU1T9Bq52sv0='
    [Thu Jun 23 20:34:15 UTC 2022] _saved_account_key_hash is not changed, skip register account.
    [Thu Jun 23 20:34:15 UTC 2022] Read key length:2048
    [Thu Jun 23 20:34:15 UTC 2022] _createcsr
    [Thu Jun 23 20:34:15 UTC 2022] domain='DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] domainlist='www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] csrkey='/root/.acme.sh/DOMAIN.COM/DOMAIN.COM.key'
    [Thu Jun 23 20:34:15 UTC 2022] csr='/root/.acme.sh/DOMAIN.COM/DOMAIN.COM.csr'
    [Thu Jun 23 20:34:15 UTC 2022] csrconf='/root/.acme.sh/DOMAIN.COM/DOMAIN.COM.csr.conf'
    [Thu Jun 23 20:34:15 UTC 2022] _is_idn_d='www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _idn_temp
    [Thu Jun 23 20:34:15 UTC 2022] domainlist='www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] seg='DOMAIN'
    [Thu Jun 23 20:34:15 UTC 2022] _is_idn_d='DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _idn_temp
    [Thu Jun 23 20:34:15 UTC 2022] seg='www'
    [Thu Jun 23 20:34:15 UTC 2022] Multi domain='DNS:DOMAIN.COM,DNS:www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _is_idn_d='DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _idn_temp
    [Thu Jun 23 20:34:15 UTC 2022] _csr_cn='DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] seg='DOMAIN'
    [Thu Jun 23 20:34:15 UTC 2022] Getting domain auth token for each domain
    [Thu Jun 23 20:34:15 UTC 2022] seg='DOMAIN'
    [Thu Jun 23 20:34:15 UTC 2022] _is_idn_d='DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _idn_temp
    [Thu Jun 23 20:34:15 UTC 2022] d='www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] seg='www'
    [Thu Jun 23 20:34:15 UTC 2022] _is_idn_d='www.DOMAIN.COM'
    [Thu Jun 23 20:34:15 UTC 2022] _idn_temp
    [Thu Jun 23 20:34:15 UTC 2022] d
    [Thu Jun 23 20:34:15 UTC 2022] _identifiers='{"type":"dns","value":"DOMAIN.COM"},{"type":"dns","value":"www.DOMAIN.COM"}'
    [Thu Jun 23 20:34:15 UTC 2022] _notBefore
    [Thu Jun 23 20:34:15 UTC 2022] _notAfter
    [Thu Jun 23 20:34:15 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Thu Jun 23 20:34:15 UTC 2022] payload='{"identifiers": [{"type":"dns","value":"DOMAIN.COM"},{"type":"dns","value":"www.DOMAIN.COM"}]}'
    [Thu Jun 23 20:34:15 UTC 2022] RSA key
    [Thu Jun 23 20:34:15 UTC 2022] _URGLY_PRINTF
    [Thu Jun 23 20:34:15 UTC 2022] xargs
    [Thu Jun 23 20:34:15 UTC 2022] _URGLY_PRINTF
    [Thu Jun 23 20:34:15 UTC 2022] xargs
    [Thu Jun 23 20:34:15 UTC 2022] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Thu Jun 23 20:34:15 UTC 2022] HEAD
    [Thu Jun 23 20:34:15 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Thu Jun 23 20:34:15 UTC 2022] body
    [Thu Jun 23 20:34:15 UTC 2022] _postContentType='application/jose+json'
    [Thu Jun 23 20:34:15 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
    [Thu Jun 23 20:34:16 UTC 2022] _ret='0'
    [Thu Jun 23 20:34:16 UTC 2022] _headers='HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 23 Jun 2022 20:34:16 GMT
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0102v-cI9xyPLmHcR9CDC-Zcnd9rxwCs-b1W3biOrOVL6UU
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    '
    [Thu Jun 23 20:34:16 UTC 2022] _CACHED_NONCE='0102v-cI9xyPLmHcR9CDC-Zcnd9rxwCs-b1W3biOrOVL6UU'
    [Thu Jun 23 20:34:16 UTC 2022] nonce='0102v-cI9xyPLmHcR9CDC-Zcnd9rxwCs-b1W3biOrOVL6UU'
    [Thu Jun 23 20:34:16 UTC 2022] POST
    [Thu Jun 23 20:34:16 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Thu Jun 23 20:34:16 UTC 2022] body='{"protected": "eyJub25jZSI6ICIwMTAydi1jSTl4eVBMbUhjUjlDREMtWmNuZDlyeHdDcy1iMVczYmlPck9WTDZVVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NjY5MDcxNzAifQ", "payload":
    "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImZpc2hib3VybmVmbGF0Zml2ZS5ydW4ifSx7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Ind3dy5maXNoYm91cm5lZmxhdGZpdmUucnVuIn1dfQ", "signature": "fkaO1eVxur1EGPKKWbkTdQhS2wCohM1f2McyLVzj63O5tKqTVq8Ky3bHCx1a6IGadZvr9c3nMYad-sheYLD-p265jqAxIM0XkrP5BK_Pd1HbO1iuN2EpnKTazs94yeCFFw2tgYkcyZk2o238Bihe9PnE6DFrszhh_C5JkVMDdIcp9WV4IJ6yHiln1ydmt7kglXi2SHCjXoEzIZoxmocK_WuaV0OomYpDH6IlfirnQ820deTmnjSPCxICBg6-KVCUZxhLnOPjErhjqjMZWYXTNRd637lhmGw8n-uVKlftfWR9EWc5Me4T_e9j2kk-ymdhKVi6Mq4ljmMEzIiL_elzLw"}'
    [Thu Jun 23 20:34:16 UTC 2022] _postContentType='application/jose+json'
    [Thu Jun 23 20:34:16 UTC 2022] Http already initialized.
    [Thu Jun 23 20:34:16 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:17 UTC 2022] _ret='0'
    [Thu Jun 23 20:34:17 UTC 2022] responseHeaders='HTTP/1.1 201 Created
    Server: nginx
    Date: Thu, 23 Jun 2022 20:34:17 GMT
    Content-Type: application/json
    Content-Length: 496
    Connection: keep-alive
    Boulder-Requester: 466907170
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Location: https://acme-v02.api.letsencrypt.org/acme/order/466907170/100434360486
    Replay-Nonce: 0002D3Rgn8vUwJilVOzloARCeeG_BcLdEDAHh8GrlZ02C6M
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    '
    [Thu Jun 23 20:34:17 UTC 2022] code='201'
    [Thu Jun 23 20:34:17 UTC 2022] original='{
      "status": "pending",
      "expires": "2022-06-30T20:34:17Z",
      "identifiers": [
        {
          "type": "dns",
          "value": "DOMAIN.COM"
        },
        {
          "type": "dns",
          "value": "www.DOMAIN.COM"
        }
      ],
      "authorizations": [
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003856",
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003866"
      ],
      "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/466907170/100434360486"
    }'
    [Thu Jun 23 20:34:17 UTC 2022] response='{"status":"pending","expires":"2022-06-30T20:34:17Z","identifiers":[{"type":"dns","value":"DOMAIN.COM"},{"type":"dns","value":"www.DOMAIN.COM"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003856","https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003866"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/466907170/100434360486"}'
    [Thu Jun 23 20:34:17 UTC 2022] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/466907170/100434360486'
    [Thu Jun 23 20:34:17 UTC 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/466907170/100434360486'
    [Thu Jun 23 20:34:17 UTC 2022] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003856,https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003866'
    [Thu Jun 23 20:34:17 UTC 2022] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003856'
    [Thu Jun 23 20:34:17 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003856'
    [Thu Jun 23 20:34:17 UTC 2022] payload
    [Thu Jun 23 20:34:17 UTC 2022] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Thu Jun 23 20:34:17 UTC 2022] Use _CACHED_NONCE='0002D3Rgn8vUwJilVOzloARCeeG_BcLdEDAHh8GrlZ02C6M'
    [Thu Jun 23 20:34:17 UTC 2022] nonce='0002D3Rgn8vUwJilVOzloARCeeG_BcLdEDAHh8GrlZ02C6M'
    [Thu Jun 23 20:34:17 UTC 2022] POST
    [Thu Jun 23 20:34:17 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003856'
    [Thu Jun 23 20:34:17 UTC 2022] body='{"protected": "eyJub25jZSI6ICIwMDAyRDNSZ244dlV3SmlsVk96bG9BUkNlZUdfQmNMZEVEQUhoOEdybFowMkM2TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTIyOTE3MDAzODU2IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NjY5MDcxNzAifQ", "payload": "", "signature": "YLLAc-eZjiHeyvvImYPWL-fomFqHPqtft-E4PABclk4QDLRgP3GB2qF6smCyblFoTXDZIdkj0MxY0rk9EzFWMum5Z6QF_s97Hbn_pwxi7fM8k_wSk770lGNHGBypAoVhWCG2P85LnP6EQI2Jx6ADRo6Sh0LNzJj0Qyp8ciOSK7nd5NWXpcj0YhKH6Vpv2MhiKV800ES2S_7XsGr9vCk3QUyVdWmgqvcL7gNAqvDwrB91z3NBqNo09HABNaPLnFvvphfogB7YGGgwkUFxA7tSl62p0z16TKW048b43ma5T1wwljvwmZxEKSsw6drxlHPIaEvZuZTMaA35YmDqWjUISg"}'
    [Thu Jun 23 20:34:17 UTC 2022] _postContentType='application/jose+json'
    [Thu Jun 23 20:34:17 UTC 2022] Http already initialized.
    [Thu Jun 23 20:34:17 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:18 UTC 2022] _ret='0'
    [Thu Jun 23 20:34:18 UTC 2022] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 23 Jun 2022 20:34:17 GMT
    Content-Type: application/json
    Content-Length: 806
    Connection: keep-alive
    Boulder-Requester: 466907170
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0101LZbaU-OrsRSkzgN9DlDiDZ3bZ1zhJosjhDlJklnAg1I
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    '
    [Thu Jun 23 20:34:18 UTC 2022] code='200'
    [Thu Jun 23 20:34:18 UTC 2022] original='{
      "identifier": {
        "type": "dns",
        "value": "DOMAIN.COM"
      },
      "status": "pending",
      "expires": "2022-06-30T20:34:17Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/zqHmcg",
          "token": "GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA",
          "token": "GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/Qyh5iw",
          "token": "GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"
        }
      ]
    }'
    [Thu Jun 23 20:34:18 UTC 2022] response='{"identifier":{"type":"dns","value":"DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/zqHmcg","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/Qyh5iw","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"}]}'
    [Thu Jun 23 20:34:18 UTC 2022] response='{"identifier":{"type":"dns","value":"DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/zqHmcg","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/Qyh5iw","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"}]}'
    [Thu Jun 23 20:34:18 UTC 2022] _d='DOMAIN.COM'
    [Thu Jun 23 20:34:18 UTC 2022] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003866'
    [Thu Jun 23 20:34:18 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003866'
    [Thu Jun 23 20:34:18 UTC 2022] payload
    [Thu Jun 23 20:34:18 UTC 2022] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Thu Jun 23 20:34:18 UTC 2022] Use _CACHED_NONCE='0101LZbaU-OrsRSkzgN9DlDiDZ3bZ1zhJosjhDlJklnAg1I'
    [Thu Jun 23 20:34:18 UTC 2022] nonce='0101LZbaU-OrsRSkzgN9DlDiDZ3bZ1zhJosjhDlJklnAg1I'
    [Thu Jun 23 20:34:18 UTC 2022] POST
    [Thu Jun 23 20:34:18 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003866'
    [Thu Jun 23 20:34:18 UTC 2022] body='{"protected": "eyJub25jZSI6ICIwMTAxTFpiYVUtT3JzUlNremdOOURsRGlEWjNiWjF6aEpvc2poRGxKa2xuQWcxSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTIyOTE3MDAzODY2IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC80NjY5MDcxNzAifQ", "payload": "", "signature": "CaCfj3bsdMaZWFiJc-6uYsEhmCED4gAny0SV9jGN6XTmLMgRhbs0VYcFHmbj2_NiQbZhLsE-ffLTWusFmAlZDLDkdnfb1_XuuMNM48gZ7zwnDoRfG75nPZNRaVBvIKc5mgNCk1OBtfTbUBhv0kONMaEeG7gz9gAvKjhF0hvj94A4rKZv4p6XTs8dbGWLTEG9bSH9nkeeIFdoA9ogjPednrXdX6b33382QoK10KxTI40XT8ENcfGICDp4u9_oUEVTwqPWwAE69zmTz7xSGG210BCOW6AdRP_5QSCL_Axk2Sud3pfgVgFNvH60dQG5qql7zdxZxqriaafiog7B_bL7fg"}'
    [Thu Jun 23 20:34:18 UTC 2022] _postContentType='application/jose+json'
    [Thu Jun 23 20:34:18 UTC 2022] Http already initialized.
    [Thu Jun 23 20:34:18 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:18 UTC 2022] _ret='0'
    [Thu Jun 23 20:34:18 UTC 2022] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 23 Jun 2022 20:34:18 GMT
    Content-Type: application/json
    Content-Length: 810
    Connection: keep-alive
    Boulder-Requester: 466907170
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0102C2o3gp6jnx5P3Otgd3UvkusLVx6vDuw2B1RSdCEHs9E
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    '
    [Thu Jun 23 20:34:18 UTC 2022] code='200'
    [Thu Jun 23 20:34:18 UTC 2022] original='{
      "identifier": {
        "type": "dns",
        "value": "www.DOMAIN.COM"
      },
      "status": "pending",
      "expires": "2022-06-30T20:34:17Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw",
          "token": "3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/XcIaDw",
          "token": "3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/Vbti3g",
          "token": "3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"
        }
      ]
    }'
    [Thu Jun 23 20:34:18 UTC 2022] response='{"identifier":{"type":"dns","value":"www.DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/XcIaDw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/Vbti3g","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"}]}'
    [Thu Jun 23 20:34:18 UTC 2022] response='{"identifier":{"type":"dns","value":"www.DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/XcIaDw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/Vbti3g","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"}]}'
    [Thu Jun 23 20:34:18 UTC 2022] _d='www.DOMAIN.COM'
    [Thu Jun 23 20:34:18 UTC 2022] _authorizations_map='www.DOMAIN.COM,{"identifier":{"type":"dns","value":"www.DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/XcIaDw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/Vbti3g","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"}]}
    DOMAIN.COM,{"identifier":{"type":"dns","value":"DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/zqHmcg","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/Qyh5iw","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"}]}
    '
    [Thu Jun 23 20:34:18 UTC 2022] d='DOMAIN.COM'
    [Thu Jun 23 20:34:18 UTC 2022] Getting webroot for domain='DOMAIN.COM'
    [Thu Jun 23 20:34:18 UTC 2022] _w='dns_cf'
    [Thu Jun 23 20:34:18 UTC 2022] _currentRoot='dns_cf'
    [Thu Jun 23 20:34:18 UTC 2022] _is_idn_d='DOMAIN.COM'
    [Thu Jun 23 20:34:18 UTC 2022] _idn_temp
    [Thu Jun 23 20:34:18 UTC 2022] _candidates='DOMAIN.COM,{"identifier":{"type":"dns","value":"DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/zqHmcg","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/Qyh5iw","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"}]}'
    [Thu Jun 23 20:34:19 UTC 2022] response='{"identifier":{"type":"dns","value":"DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/zqHmcg","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/Qyh5iw","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"}]}'
    [Thu Jun 23 20:34:19 UTC 2022] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"'
    [Thu Jun 23 20:34:19 UTC 2022] token='GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8'
    [Thu Jun 23 20:34:19 UTC 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA'
    [Thu Jun 23 20:34:19 UTC 2022] keyauthorization='GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA'
    [Thu Jun 23 20:34:19 UTC 2022] dvlist='DOMAIN.COM#GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA#dns-01#dns_cf'
    [Thu Jun 23 20:34:19 UTC 2022] d='www.DOMAIN.COM'
    [Thu Jun 23 20:34:19 UTC 2022] Getting webroot for domain='www.DOMAIN.COM'
    [Thu Jun 23 20:34:19 UTC 2022] _w='/home/nginx/domains/DOMAIN.COM/public'
    [Thu Jun 23 20:34:19 UTC 2022] _currentRoot='/home/nginx/domains/DOMAIN.COM/public'
    [Thu Jun 23 20:34:19 UTC 2022] _is_idn_d='www.DOMAIN.COM'
    [Thu Jun 23 20:34:19 UTC 2022] _idn_temp
    [Thu Jun 23 20:34:19 UTC 2022] _candidates='www.DOMAIN.COM,{"identifier":{"type":"dns","value":"www.DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/XcIaDw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/Vbti3g","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"}]}'
    [Thu Jun 23 20:34:19 UTC 2022] response='{"identifier":{"type":"dns","value":"www.DOMAIN.COM"},"status":"pending","expires":"2022-06-30T20:34:17Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/XcIaDw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/Vbti3g","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"}]}'
    [Thu Jun 23 20:34:19 UTC 2022] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"'
    [Thu Jun 23 20:34:19 UTC 2022] token='3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk'
    [Thu Jun 23 20:34:19 UTC 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw'
    [Thu Jun 23 20:34:19 UTC 2022] keyauthorization='3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA'
    [Thu Jun 23 20:34:19 UTC 2022] dvlist='www.DOMAIN.COM#3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw#http-01#/home/nginx/domains/DOMAIN.COM/public'
    [Thu Jun 23 20:34:19 UTC 2022] d
    [Thu Jun 23 20:34:19 UTC 2022] vlist='DOMAIN.COM#GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA#dns-01#dns_cf,www.DOMAIN.COM#3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw#http-01#/home/nginx/domains/DOMAIN.COM/public,'
    [Thu Jun 23 20:34:19 UTC 2022] d='DOMAIN.COM'
    [Thu Jun 23 20:34:19 UTC 2022] _d_alias
    [Thu Jun 23 20:34:19 UTC 2022] txtdomain='_acme-challenge.DOMAIN.COM'
    [Thu Jun 23 20:34:19 UTC 2022] txt='jb1i9Bb6TbDzoNO1CnRQWi16GTn-IAQ1vywpaDJqTgU'
    [Thu Jun 23 20:34:19 UTC 2022] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
    [Thu Jun 23 20:34:19 UTC 2022] dns_entry='DOMAIN.COM,_acme-challenge.DOMAIN.COM,,dns_cf,jb1i9Bb6TbDzoNO1CnRQWi16GTn-IAQ1vywpaDJqTgU,/root/.acme.sh/dnsapi/dns_cf.sh'
    [Thu Jun 23 20:34:19 UTC 2022] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
    [Thu Jun 23 20:34:19 UTC 2022] Adding txt value: jb1i9Bb6TbDzoNO1CnRQWi16GTn-IAQ1vywpaDJqTgU for domain:  _acme-challenge.DOMAIN.COM
    [Thu Jun 23 20:34:19 UTC 2022] First detect the root zone
    [Thu Jun 23 20:34:19 UTC 2022] h='_acme-challenge.DOMAIN.COM'
    [Thu Jun 23 20:34:19 UTC 2022] zones?name=_acme-challenge.DOMAIN.COM&account.id=YOUR_CF_ACCOUNT_ID
    [Thu Jun 23 20:34:19 UTC 2022] GET
    [Thu Jun 23 20:34:19 UTC 2022] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.DOMAIN.COM&account.id=YOUR_CF_ACCOUNT_ID'
    [Thu Jun 23 20:34:19 UTC 2022] timeout=
    [Thu Jun 23 20:34:19 UTC 2022] Http already initialized.
    [Thu Jun 23 20:34:19 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:20 UTC 2022] ret='0'
    [Thu Jun 23 20:34:20 UTC 2022] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}'
    [Thu Jun 23 20:34:20 UTC 2022] h='DOMAIN.COM'
    [Thu Jun 23 20:34:20 UTC 2022] zones?name=DOMAIN.COM&account.id=YOUR_CF_ACCOUNT_ID
    [Thu Jun 23 20:34:20 UTC 2022] GET
    [Thu Jun 23 20:34:20 UTC 2022] url='https://api.cloudflare.com/client/v4/zones?name=DOMAIN.COM&account.id=YOUR_CF_ACCOUNT_ID'
    [Thu Jun 23 20:34:20 UTC 2022] timeout=
    [Thu Jun 23 20:34:20 UTC 2022] Http already initialized.
    [Thu Jun 23 20:34:20 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:21 UTC 2022] ret='0'
    [Thu Jun 23 20:34:21 UTC 2022] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}'
    [Thu Jun 23 20:34:21 UTC 2022] h='run'
    [Thu Jun 23 20:34:21 UTC 2022] zones?name=run&account.id=YOUR_CF_ACCOUNT_ID
    [Thu Jun 23 20:34:21 UTC 2022] GET
    [Thu Jun 23 20:34:21 UTC 2022] url='https://api.cloudflare.com/client/v4/zones?name=run&account.id=YOUR_CF_ACCOUNT_ID'
    [Thu Jun 23 20:34:21 UTC 2022] timeout=
    [Thu Jun 23 20:34:21 UTC 2022] Http already initialized.
    [Thu Jun 23 20:34:21 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:22 UTC 2022] ret='0'
    [Thu Jun 23 20:34:22 UTC 2022] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}'
    [Thu Jun 23 20:34:22 UTC 2022] h
    [Thu Jun 23 20:34:22 UTC 2022] invalid domain
    [Thu Jun 23 20:34:22 UTC 2022] Error add txt for domain:_acme-challenge.DOMAIN.COM
    [Thu Jun 23 20:34:22 UTC 2022] _on_issue_err
    [Thu Jun 23 20:34:22 UTC 2022] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-230622-203408.log
    [Thu Jun 23 20:34:22 UTC 2022] _chk_vlist='DOMAIN.COM#GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA#dns-01#dns_cf,www.DOMAIN.COM#3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw#http-01#/home/nginx/domains/DOMAIN.COM/public,'
    [Thu Jun 23 20:34:22 UTC 2022] start to deactivate authz
    [Thu Jun 23 20:34:22 UTC 2022] Trigger domain validation.
    [Thu Jun 23 20:34:22 UTC 2022] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA'
    [Thu Jun 23 20:34:22 UTC 2022] _t_key_authz='GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA'
    [Thu Jun 23 20:34:22 UTC 2022] _t_vtype
    [Thu Jun 23 20:34:22 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA'
    [Thu Jun 23 20:34:22 UTC 2022] payload='{}'
    [Thu Jun 23 20:34:22 UTC 2022] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Thu Jun 23 20:34:22 UTC 2022] Use _CACHED_NONCE='0102C2o3gp6jnx5P3Otgd3UvkusLVx6vDuw2B1RSdCEHs9E'
    [Thu Jun 23 20:34:22 UTC 2022] nonce='0102C2o3gp6jnx5P3Otgd3UvkusLVx6vDuw2B1RSdCEHs9E'
    [Thu Jun 23 20:34:22 UTC 2022] POST
    [Thu Jun 23 20:34:22 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA'
    [Thu Jun 23 20:34:22 UTC 2022] body='{"protected": "eyJub25jZSI6ICIwMTAyQzJvM2dwNmpueDVQM090Z2QzVXZrdXNMVng2dkR1dzJCMVJTZENFSHM5RSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTIyOTE3MDAzODU2L3RxcGl3QSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDY2OTA3MTcwIn0", "payload": "e30", "signature": "BwM1TrBFL3sytlfwS5GsUrQxcBKoqtw1WCA91oKi_eorod53idWi3XdUMG-LnrA28GA1n0LVZw5ic86ZN3ieqbtxUO4TMUZOKmuSzGEUYBvfS8I05Q1BSGWMfYAvBb9a07IgXshwmGCKFyV__jMgy9YPdUMCVW43Zd6dmWFCXFgTjG1xQYPZcU4hviCc_TEolfFTwvztUXGsuNUpdsSMtsqOYqDR8L4pI0WBh_-VIeZnqP3-t6PXMF0_OT_4fgkJpKqn-N5XWLvJ5iDwRgzU6YmfIUgLXXF0V2bR_fBrpVp_vb1HQ05eB1Q-VJqU9SoGg5dds3I-r6SrX_3lbGjm7A"}'
    [Thu Jun 23 20:34:22 UTC 2022] _postContentType='application/jose+json'
    [Thu Jun 23 20:34:22 UTC 2022] Http already initialized.
    [Thu Jun 23 20:34:22 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:23 UTC 2022] _ret='0'
    [Thu Jun 23 20:34:23 UTC 2022] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 23 Jun 2022 20:34:23 GMT
    Content-Type: application/json
    Content-Length: 186
    Connection: keep-alive
    Boulder-Requester: 466907170
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003856>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA
    Replay-Nonce: 0102ZAB-qhZRtI8PlshVFq25_4slDh9UDEEwhovcQ5nbu68
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    '
    [Thu Jun 23 20:34:23 UTC 2022] code='200'
    [Thu Jun 23 20:34:23 UTC 2022] original='{
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA",
      "token": "GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"
    }'
    [Thu Jun 23 20:34:23 UTC 2022] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003856/tqpiwA","token":"GUTa9Cbyt249zzCzdYcES0KBjFvdXDImUX67WT44xF8"}'
    [Thu Jun 23 20:34:23 UTC 2022] Trigger domain validation.
    [Thu Jun 23 20:34:23 UTC 2022] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw'
    [Thu Jun 23 20:34:23 UTC 2022] _t_key_authz='3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk.wuuSCeqCvJC4ZrDaOQaapNbbsWc-gSJhgaDRjhy8DXA'
    [Thu Jun 23 20:34:23 UTC 2022] _t_vtype
    [Thu Jun 23 20:34:23 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw'
    [Thu Jun 23 20:34:23 UTC 2022] payload='{}'
    [Thu Jun 23 20:34:23 UTC 2022] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
    [Thu Jun 23 20:34:23 UTC 2022] Use _CACHED_NONCE='0102ZAB-qhZRtI8PlshVFq25_4slDh9UDEEwhovcQ5nbu68'
    [Thu Jun 23 20:34:23 UTC 2022] nonce='0102ZAB-qhZRtI8PlshVFq25_4slDh9UDEEwhovcQ5nbu68'
    [Thu Jun 23 20:34:23 UTC 2022] POST
    [Thu Jun 23 20:34:23 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw'
    [Thu Jun 23 20:34:23 UTC 2022] body='{"protected": "eyJub25jZSI6ICIwMTAyWkFCLXFoWlJ0SThQbHNoVkZxMjVfNHNsRGg5VURFRXdob3ZjUTVuYnU2OCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTIyOTE3MDAzODY2LzVxWlpzdyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDY2OTA3MTcwIn0", "payload": "e30", "signature": "d4csiFNYeil3C99zakqdIkoZY6X6brs1fyuupQxJFEplRmpBS_lLY7NPLipPKANn_Bf8tynUDRDMRuvvSyBxNzhE7YHWRYdqC-2sNoWbeXHpTyNs75iR789CD6S0OGcqMEbKrtUR-6laEA4wuEnupAsH93JOhz19hykK6hTeDxGhXRWxfzYzIOm9Y5KeCiOIK3FIGbPysNfMvPt9vu6rvlRom-wSx_EAGfSZw7ukIrGGNjrSySR8LBErZ1PYjDT9njZl4O-qHUqkBSQWKW1YsK4FA6Xm-thiV1sBmoSu2pdtZWIqUbDkFd4doopr1a26ThN5jWZnuWnakZGUmPjATQ"}'
    [Thu Jun 23 20:34:23 UTC 2022] _postContentType='application/jose+json'
    [Thu Jun 23 20:34:23 UTC 2022] Http already initialized.
    [Thu Jun 23 20:34:23 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Thu Jun 23 20:34:24 UTC 2022] _ret='0'
    [Thu Jun 23 20:34:24 UTC 2022] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 23 Jun 2022 20:34:24 GMT
    Content-Type: application/json
    Content-Length: 187
    Connection: keep-alive
    Boulder-Requester: 466907170
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/122917003866>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw
    Replay-Nonce: 0002H84bCH6HaYmru1BZtOqiIzlTKUKlzUBHZ01CvGg54xA
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    '
    [Thu Jun 23 20:34:24 UTC 2022] code='200'
    [Thu Jun 23 20:34:24 UTC 2022] original='{
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw",
      "token": "3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"
    }'
    [Thu Jun 23 20:34:24 UTC 2022] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122917003866/5qZZsw","token":"3QVzzJD2kbSN8eHBBjSPK0E5_gKDhOmJk62ruPnxAFk"}'
    [Thu Jun 23 20:34:24 UTC 2022] pid
    [Thu Jun 23 20:34:24 UTC 2022] No need to restore nginx, skip.
    [Thu Jun 23 20:34:24 UTC 2022] _clearupdns
    [Thu Jun 23 20:34:24 UTC 2022] dns_entries
    [Thu Jun 23 20:34:24 UTC 2022] skip dns.
     
  6. cloud9

    cloud9 Premium Member Premium Member

    303
    85
    28
    Oct 6, 2015
    England
    Ratings:
    +144
    Local Time:
    9:25 PM
    1.21.5
    10.3.32
    I have changed CF from Full strict to Full and the site is now working, however be good to know how to go back to full strict
     
  7. eva2000

    eva2000 Administrator Staff Member

    48,873
    11,178
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,412
    Local Time:
    6:25 AM
    Nginx 1.21.x
    MariaDB 10.x
    That suggested your CF DNS API credentials were not correctly set or have appropriate permission as outlined at Letsencrypt Free SSL Certificates which means letsencrypt was unable to add the validation DNS TXT record for your domain.
     
  8. cloud9

    cloud9 Premium Member Premium Member

    303
    85
    28
    Oct 6, 2015
    England
    Ratings:
    +144
    Local Time:
    9:25 PM
    1.21.5
    10.3.32
    Thanks @eva2000

    Had a typo in the CF token - copied and pasted and missed a digit

    Working on full strict now