Welcome to Centmin Mod Community
Become a Member

Letsencrypt how to renew letsnecrypt SSL with cloudflare proxy enabled?

Discussion in 'Install & Upgrades or Pre-Install Questions' started by yunos, Dec 25, 2019.

  1. yunos

    yunos Member

    107
    3
    18
    Aug 8, 2015
    Ratings:
    +12
    Local Time:
    6:42 PM
    1.8.0
    Im only able to renew ssl when i disable cloudflare proxy but considering im hosting 30 domains, i dont want to manually disable cloudflare proxy jus to renew each domains every 3 months. So i want this to be an automated process which centminmod has a script for it.

    Any clue how to fix this?
    Code:
    [Tue Dec 24 16:30:30 UTC 2019] Lets find script dir.
    [Tue Dec 24 16:30:30 UTC 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Tue Dec 24 16:30:30 UTC 2019] _script='/root/.acme.sh/acme.sh'
    [Tue Dec 24 16:30:30 UTC 2019] _script_home='/root/.acme.sh'
    [Tue Dec 24 16:30:30 UTC 2019] Using config home:/root/.acme.sh
    [Tue Dec 24 16:30:30 UTC 2019] LE_WORKING_DIR='/root/.acme.sh'
    [Tue Dec 24 16:30:30 UTC 2019] Running cmd: issue
    [Tue Dec 24 16:30:30 UTC 2019] _main_domain='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _alt_domains='www.domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] Using config home:/root/.acme.sh
    [Tue Dec 24 16:30:30 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Tue Dec 24 16:30:30 UTC 2019] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Tue Dec 24 16:30:30 UTC 2019] DOMAIN_PATH='/root/.acme.sh/domain.me_ecc'
    [Tue Dec 24 16:30:30 UTC 2019] '/home/nginx/domains/domain.me/public' does not contain 'dns'
    [Tue Dec 24 16:30:30 UTC 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
    [Tue Dec 24 16:30:30 UTC 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    [Tue Dec 24 16:30:30 UTC 2019] GET
    [Tue Dec 24 16:30:30 UTC 2019] url='https://acme-v02.api.letsencrypt.org/directory'
    [Tue Dec 24 16:30:30 UTC 2019] timeout=
    [Tue Dec 24 16:30:30 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Tue Dec 24 16:30:30 UTC 2019] ret='0'
    [Tue Dec 24 16:30:30 UTC 2019] response='{
      "VGhmqGFfXJw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
      "meta": {
        "caaIdentities": [
          "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
        "website": "https://letsencrypt.org"
      },
      "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
      "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
      "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
      "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
    }'
    [Tue Dec 24 16:30:30 UTC 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
    [Tue Dec 24 16:30:30 UTC 2019] ACME_NEW_AUTHZ
    [Tue Dec 24 16:30:30 UTC 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Tue Dec 24 16:30:30 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
    [Tue Dec 24 16:30:30 UTC 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
    [Tue Dec 24 16:30:30 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
    [Tue Dec 24 16:30:30 UTC 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Tue Dec 24 16:30:30 UTC 2019] ACME_VERSION='2'
    [Tue Dec 24 16:30:30 UTC 2019] Le_NextRenewTime
    [Tue Dec 24 16:30:30 UTC 2019] _on_before_issue
    [Tue Dec 24 16:30:30 UTC 2019] _chk_main_domain='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _chk_alt_domains='www.domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] '/home/nginx/domains/domain.me/public' does not contain 'no'
    [Tue Dec 24 16:30:30 UTC 2019] Le_LocalAddress
    [Tue Dec 24 16:30:30 UTC 2019] d='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] Check for domain='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _currentRoot='/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:30 UTC 2019] d='www.domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] Check for domain='www.domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _currentRoot='/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:30 UTC 2019] d
    [Tue Dec 24 16:30:30 UTC 2019] '/home/nginx/domains/domain.me/public' does not contain 'apache'
    [Tue Dec 24 16:30:30 UTC 2019] _saved_account_key_hash='ayfqaepD45sIn1X7pv4rq3KPjEO7Y9jGnk4/jqYhoEw='
    [Tue Dec 24 16:30:30 UTC 2019] _saved_account_key_hash is not changed, skip register account.
    [Tue Dec 24 16:30:30 UTC 2019] Read key length:ec-256
    [Tue Dec 24 16:30:30 UTC 2019] _createcsr
    [Tue Dec 24 16:30:30 UTC 2019] domain='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] domainlist='www.domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] csrkey='/root/.acme.sh/domain.me_ecc/domain.me.key'
    [Tue Dec 24 16:30:30 UTC 2019] csr='/root/.acme.sh/domain.me_ecc/domain.me.csr'
    [Tue Dec 24 16:30:30 UTC 2019] csrconf='/root/.acme.sh/domain.me_ecc/domain.me.csr.conf'
    [Tue Dec 24 16:30:30 UTC 2019] _is_idn_d='www.domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _idn_temp
    [Tue Dec 24 16:30:30 UTC 2019] domainlist='www.domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _is_idn_d='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _idn_temp
    [Tue Dec 24 16:30:30 UTC 2019] Multi domain='DNS:domain.me,DNS:www.domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _is_idn_d='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _idn_temp
    [Tue Dec 24 16:30:30 UTC 2019] _csr_cn='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] Getting domain auth token for each domain
    [Tue Dec 24 16:30:30 UTC 2019] _is_idn_d='domain.me'
    [Tue Dec 24 16:30:30 UTC 2019] _idn_temp
    [Tue Dec 24 16:30:30 UTC 2019] d='www.domain.me'
    [Tue Dec 24 16:30:31 UTC 2019] _is_idn_d='www.domain.me'
    [Tue Dec 24 16:30:31 UTC 2019] _idn_temp
    [Tue Dec 24 16:30:31 UTC 2019] d
    [Tue Dec 24 16:30:31 UTC 2019] _identifiers='{"type":"dns","value":"domain.me"},{"type":"dns","value":"www.domain.me"}'
    [Tue Dec 24 16:30:31 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Tue Dec 24 16:30:31 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"domain.me"},{"type":"dns","value":"www.domain.me"}]}'
    [Tue Dec 24 16:30:31 UTC 2019] RSA key
    [Tue Dec 24 16:30:31 UTC 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Tue Dec 24 16:30:31 UTC 2019] HEAD
    [Tue Dec 24 16:30:31 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Tue Dec 24 16:30:31 UTC 2019] body
    [Tue Dec 24 16:30:31 UTC 2019] _postContentType='application/jose+json'
    [Tue Dec 24 16:30:31 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g  -I  '
    [Tue Dec 24 16:30:31 UTC 2019] _ret='0'
    [Tue Dec 24 16:30:31 UTC 2019] _headers='HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 24 Dec 2019 16:30:31 GMT
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0001vrQHgvLHbdx-QqLIaHCpCfOI1yIz6BWvLYWHc3o3Ajg
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Tue Dec 24 16:30:31 UTC 2019] _CACHED_NONCE='0001vrQHgvLHbdx-QqLIaHCpCfOI1yIz6BWvLYWHc3o3Ajg'
    [Tue Dec 24 16:30:31 UTC 2019] nonce='0001vrQHgvLHbdx-QqLIaHCpCfOI1yIz6BWvLYWHc3o3Ajg'
    [Tue Dec 24 16:30:31 UTC 2019] POST
    [Tue Dec 24 16:30:31 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Tue Dec 24 16:30:31 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxdnJRSGd2TEhiZHgtUXFMSWFIQ3BDZk9JMXlJejZCV3ZMWVdIYzNvM0FqZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83MzA0NjgyOCJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImFydGNvbW1pc3Npb25zLm1lIn0seyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJ3d3cuYXJ0Y29tbWlzc2lvbnMubWUifV19", "signature": "Z1dVQ6rrJMx9cIh4fmEdfDumraTZNbtD9ABDnc4bCJnkuUFgXQJXuXBtDwY_1jo70dWhuyU1SCjLh9oqGc--ZPbEkahI72WBwFibFwWeFt-HQAyZyRaSbdRXnjv3Hg7cpQe4qqcqtTAxCTHkUsb28Y04-eaCdEjZQGMVCh1dxwvhVy91tfSGYuCwkjxl39VdiWG8soHx_OKv0wuZPlpuP1LNKG2g1f0_ANqG_eiZ7PhyC1MibYC7_yrqKqTGLIK6xSbR9BvyuRVCh8e3I5jRqzGQbu9r0tw22nzp3R1H8NJwczZ5zQoPsZ9YvhqKR8VZMO_ElupneXpSrrCn2edIjg"}'
    [Tue Dec 24 16:30:31 UTC 2019] _postContentType='application/jose+json'
    [Tue Dec 24 16:30:31 UTC 2019] Http already initialized.
    [Tue Dec 24 16:30:31 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Tue Dec 24 16:30:31 UTC 2019] _ret='0'
    [Tue Dec 24 16:30:31 UTC 2019] responseHeaders='HTTP/1.1 201 Created
    Server: nginx
    Date: Tue, 24 Dec 2019 16:30:31 GMT
    Content-Type: application/json
    Content-Length: 489
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Location: https://acme-v02.api.letsencrypt.org/acme/order/73046828/1840393314
    Replay-Nonce: 0002Q5m6_udgKZXGbN792IAXR8IXhKaa_SONSaed9WGXmQ0
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Tue Dec 24 16:30:31 UTC 2019] code='201'
    [Tue Dec 24 16:30:31 UTC 2019] original='{
      "status": "pending",
      "expires": "2019-12-31T16:30:31.434108722Z",
      "identifiers": [
        {
          "type": "dns",
          "value": "domain.me"
        },
        {
          "type": "dns",
          "value": "www.domain.me"
        }
      ],
      "authorizations": [
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/1563551495",
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/1906573829"
      ],
      "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/73046828/1840393314"
    }'
    [Tue Dec 24 16:30:31 UTC 2019] response='{"status":"pending","expires":"2019-12-31T16:30:31.434108722Z","identifiers":[{"type":"dns","value":"domain.me"},{"type":"dns","value":"www.domain.me"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/1563551495","https://acme-v02.api.letsencrypt.org/acme/authz-v3/1906573829"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/73046828/1840393314"}'
    [Tue Dec 24 16:30:31 UTC 2019] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/73046828/1840393314'
    [Tue Dec 24 16:30:31 UTC 2019] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/73046828/1840393314'
    [Tue Dec 24 16:30:31 UTC 2019] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1563551495,https://acme-v02.api.letsencrypt.org/acme/authz-v3/1906573829'
    [Tue Dec 24 16:30:31 UTC 2019] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1563551495'
    [Tue Dec 24 16:30:31 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1563551495'
    [Tue Dec 24 16:30:31 UTC 2019] payload
    [Tue Dec 24 16:30:31 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Tue Dec 24 16:30:31 UTC 2019] Use _CACHED_NONCE='0002Q5m6_udgKZXGbN792IAXR8IXhKaa_SONSaed9WGXmQ0'
    [Tue Dec 24 16:30:31 UTC 2019] nonce='0002Q5m6_udgKZXGbN792IAXR8IXhKaa_SONSaed9WGXmQ0'
    [Tue Dec 24 16:30:31 UTC 2019] POST
    [Tue Dec 24 16:30:31 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1563551495'
    [Tue Dec 24 16:30:31 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyUTVtNl91ZGdLWlhHYk43OTJJQVhSOElYaEthYV9TT05TYWVkOVdHWG1RMCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTU2MzU1MTQ5NSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzMwNDY4MjgifQ", "payload": "", "signature": "oINES5nlSmU6Yv4Pazp6WtL9wZldLEe3WdR4FXHFDa76_iRaoUUB69_b8mjjsFvgid3-24QOxQ-JWy7SkgaZWhHc5Y4O5hGTQjDrKTueXhFWidrcb2Kj7vN1vDGpZ5DtYzfEMoL45Ap1VgsAtEPekymDSX-UbJiQ7eb132_oZWUGzwveAVAa_ikYKNJORSnVAgPWu3Q6vQIEr2AUc85GyttrsCuejbR59hXqOcg4zQdTcOMeCQCh3FHodLlKWqko4Mqu5NDo7eJdy6NLbV7DJenC7ec-rkE-7_q102qwQ1GyEftqWabwEOL41ZuM1x2XM5FpYJihUv7ds-jlR-1b1Q"}'
    [Tue Dec 24 16:30:31 UTC 2019] _postContentType='application/jose+json'
    [Tue Dec 24 16:30:31 UTC 2019] Http already initialized.
    [Tue Dec 24 16:30:31 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Tue Dec 24 16:30:31 UTC 2019] _ret='0'
    [Tue Dec 24 16:30:31 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 24 Dec 2019 16:30:31 GMT
    Content-Type: application/json
    Content-Length: 1463
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0002Wkyca1S3ODw6MZmRcpx_mN9AjlQIknrfi_wUhpFBcZE
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Tue Dec 24 16:30:31 UTC 2019] code='200'
    [Tue Dec 24 16:30:31 UTC 2019] original='{
      "identifier": {
        "type": "dns",
        "value": "domain.me"
      },
      "status": "valid",
      "expires": "2020-01-11T14:13:45Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "valid",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw",
          "token": "k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4",
          "validationRecord": [
            {
              "url": "http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4",
              "hostname": "domain.me",
              "port": "80",
              "addressesResolved": [
                "servrip"
              ],
              "addressUsed": "servrip"
            },
            {
              "url": "https://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4",
              "hostname": "domain.me",
              "port": "443",
              "addressesResolved": [
                "servrip"
              ],
              "addressUsed": "servrip"
            }
          ]
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/uVRLsQ",
          "token": "k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/hOf-hg",
          "token": "k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"
        }
      ]
    }'
    [Tue Dec 24 16:30:31 UTC 2019] response='{"identifier":{"type":"dns","value":"domain.me"},"status":"valid","expires":"2020-01-11T14:13:45Z","challenges":[{"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","validationRecord":[{"url":"http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"80","addressesResolved":["servrip"],"addressUsed":"servrip"},{"url":"https://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"443","addressesResolved":["servrip"],"addressUsed":"servrip"}]},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/uVRLsQ","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/hOf-hg","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"}]}'
    [Tue Dec 24 16:30:31 UTC 2019] response='{"identifier":{"type":"dns","value":"domain.me"},"status":"valid","expires":"2020-01-11T14:13:45Z","challenges":[{"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","validationRecord":[{"url":"http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"80","addressesResolved":["servrip"],"addressUsed":"servrip"},{"url":"https://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"443","addressesResolved":["servrip"],"addressUsed":"servrip"}]},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/uVRLsQ","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/hOf-hg","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"}]}'
    [Tue Dec 24 16:30:31 UTC 2019] _d='domain.me'
    [Tue Dec 24 16:30:31 UTC 2019] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1906573829'
    [Tue Dec 24 16:30:31 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1906573829'
    [Tue Dec 24 16:30:31 UTC 2019] payload
    [Tue Dec 24 16:30:31 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Tue Dec 24 16:30:31 UTC 2019] Use _CACHED_NONCE='0002Wkyca1S3ODw6MZmRcpx_mN9AjlQIknrfi_wUhpFBcZE'
    [Tue Dec 24 16:30:31 UTC 2019] nonce='0002Wkyca1S3ODw6MZmRcpx_mN9AjlQIknrfi_wUhpFBcZE'
    [Tue Dec 24 16:30:31 UTC 2019] POST
    [Tue Dec 24 16:30:31 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1906573829'
    [Tue Dec 24 16:30:31 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyV2t5Y2ExUzNPRHc2TVptUmNweF9tTjlBamxRSWtucmZpX3dVaHBGQmNaRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTkwNjU3MzgyOSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzMwNDY4MjgifQ", "payload": "", "signature": "rLM3Uvv7O76v1_RqSfbWiMXf7OlCNLwqWqOtBRfkFDgVF-m_Fb-zNV4iiT3pl3d9pXNzeVsIGntzW4ujLUGN7MzqxseIO_mF0uVQ9cqr3SRhcXWFfmWlqURtdiFRi-8BzoVRbyDUrvzMlJ4zxdA8mxZM--Yf0zitF1kXwsEUWbwYKCaNZRJoBcgNxfGAZIGqkFxkb7XPvujiMhU0pVf0OO9gcIQYnDnPnR455na-tjqVoVOvsZDEdoPE1b2laxiZsIUhHnLXjHI6lnG4jFMXvQTM9DTmLcWfBVLUdBy1qTgQqjr52iY09gLDDb3N7545fRz3JG3fRzL9E_7-6_wQXw"}'
    [Tue Dec 24 16:30:31 UTC 2019] _postContentType='application/jose+json'
    [Tue Dec 24 16:30:31 UTC 2019] Http already initialized.
    [Tue Dec 24 16:30:31 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Tue Dec 24 16:30:31 UTC 2019] _ret='0'
    [Tue Dec 24 16:30:31 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 24 Dec 2019 16:30:31 GMT
    Content-Type: application/json
    Content-Length: 799
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 00024aCXkp4L23DV5wARNFoke4LSMZtbV3j1jZoXbxlTbEk
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Tue Dec 24 16:30:31 UTC 2019] code='200'
    [Tue Dec 24 16:30:31 UTC 2019] original='{
      "identifier": {
        "type": "dns",
        "value": "www.domain.me"
      },
      "status": "pending",
      "expires": "2019-12-31T16:30:31Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ",
          "token": "2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/ZLXCPg",
          "token": "2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/EkJhAQ",
          "token": "2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"
        }
      ]
    }'
    [Tue Dec 24 16:30:31 UTC 2019] response='{"identifier":{"type":"dns","value":"www.domain.me"},"status":"pending","expires":"2019-12-31T16:30:31Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/ZLXCPg","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/EkJhAQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"}]}'
    [Tue Dec 24 16:30:31 UTC 2019] response='{"identifier":{"type":"dns","value":"www.domain.me"},"status":"pending","expires":"2019-12-31T16:30:31Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/ZLXCPg","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/EkJhAQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"}]}'
    [Tue Dec 24 16:30:31 UTC 2019] _d='www.domain.me'
    [Tue Dec 24 16:30:31 UTC 2019] _authorizations_map='www.domain.me,{"identifier":{"type":"dns","value":"www.domain.me"},"status":"pending","expires":"2019-12-31T16:30:31Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/ZLXCPg","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/EkJhAQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"}]}
    domain.me,{"identifier":{"type":"dns","value":"domain.me"},"status":"valid","expires":"2020-01-11T14:13:45Z","challenges":[{"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","validationRecord":[{"url":"http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"80","addressesResolved":["servrip"],"addressUsed":"servrip"},{"url":"https://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"443","addressesResolved":["servrip"],"addressUsed":"servrip"}]},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/uVRLsQ","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/hOf-hg","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"}]}
    '
    [Tue Dec 24 16:30:31 UTC 2019] d='domain.me'
    [Tue Dec 24 16:30:31 UTC 2019] Getting webroot for domain='domain.me'
    [Tue Dec 24 16:30:31 UTC 2019] _w='/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:31 UTC 2019] _currentRoot='/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:31 UTC 2019] _is_idn_d='domain.me'
    [Tue Dec 24 16:30:31 UTC 2019] _idn_temp
    [Tue Dec 24 16:30:31 UTC 2019] _candindates='domain.me,{"identifier":{"type":"dns","value":"domain.me"},"status":"valid","expires":"2020-01-11T14:13:45Z","challenges":[{"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","validationRecord":[{"url":"http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"80","addressesResolved":["servrip"],"addressUsed":"servrip"},{"url":"https://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"443","addressesResolved":["servrip"],"addressUsed":"servrip"}]},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/uVRLsQ","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/hOf-hg","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"}]}'
    [Tue Dec 24 16:30:31 UTC 2019] response='{"identifier":{"type":"dns","value":"domain.me"},"status":"valid","expires":"2020-01-11T14:13:45Z","challenges":[{"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","validationRecord":[{"url":"http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"80","addressesResolved":["servrip"],"addressUsed":"servrip"},{"url":"https://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"443","addressesResolved":["servrip"],"addressUsed":"servrip"}]},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/uVRLsQ","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/hOf-hg","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4"}]}'
    [Tue Dec 24 16:30:31 UTC 2019] entry='"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","validationRecord":[{"url":"http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"80","addressesResolved":["servrip"],"addressUsed":"servrip"'
    [Tue Dec 24 16:30:31 UTC 2019] token='k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4'
    [Tue Dec 24 16:30:31 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw'
    [Tue Dec 24 16:30:31 UTC 2019] keyauthorization='k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Tue Dec 24 16:30:31 UTC 2019] domain.me is already verified.
    [Tue Dec 24 16:30:31 UTC 2019] keyauthorization='verified_ok'
    [Tue Dec 24 16:30:31 UTC 2019] dvlist='domain.me#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw#http-01#/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:31 UTC 2019] d='www.domain.me'
    [Tue Dec 24 16:30:31 UTC 2019] Getting webroot for domain='www.domain.me'
    [Tue Dec 24 16:30:32 UTC 2019] _w='/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:32 UTC 2019] _currentRoot='/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:32 UTC 2019] _is_idn_d='www.domain.me'
    [Tue Dec 24 16:30:32 UTC 2019] _idn_temp
    [Tue Dec 24 16:30:32 UTC 2019] _candindates='www.domain.me,{"identifier":{"type":"dns","value":"www.domain.me"},"status":"pending","expires":"2019-12-31T16:30:31Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/ZLXCPg","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/EkJhAQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"}]}'
    [Tue Dec 24 16:30:32 UTC 2019] response='{"identifier":{"type":"dns","value":"www.domain.me"},"status":"pending","expires":"2019-12-31T16:30:31Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/ZLXCPg","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/EkJhAQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"}]}'
    [Tue Dec 24 16:30:32 UTC 2019] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"'
    [Tue Dec 24 16:30:32 UTC 2019] token='2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk'
    [Tue Dec 24 16:30:32 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:32 UTC 2019] keyauthorization='2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Tue Dec 24 16:30:32 UTC 2019] dvlist='www.domain.me#2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ#http-01#/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:32 UTC 2019] d
    [Tue Dec 24 16:30:32 UTC 2019] vlist='domain.me#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw#http-01#/home/nginx/domains/domain.me/public,www.domain.me#2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ#http-01#/home/nginx/domains/domain.me/public,'
    [Tue Dec 24 16:30:32 UTC 2019] d='domain.me'
    [Tue Dec 24 16:30:32 UTC 2019] domain.me is already verified, skip http-01.
    [Tue Dec 24 16:30:32 UTC 2019] d='www.domain.me'
    [Tue Dec 24 16:30:32 UTC 2019] ok, let's start to verify
    [Tue Dec 24 16:30:32 UTC 2019] domain.me is already verified, skip http-01.
    [Tue Dec 24 16:30:32 UTC 2019] Verifying: www.domain.me
    [Tue Dec 24 16:30:32 UTC 2019] d='www.domain.me'
    [Tue Dec 24 16:30:32 UTC 2019] keyauthorization='2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Tue Dec 24 16:30:32 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:32 UTC 2019] _currentRoot='/home/nginx/domains/domain.me/public'
    [Tue Dec 24 16:30:32 UTC 2019] wellknown_path='/home/nginx/domains/domain.me/public/.well-known/acme-challenge'
    [Tue Dec 24 16:30:32 UTC 2019] writing token:2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk to /home/nginx/domains/domain.me/public/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk
    [Tue Dec 24 16:30:32 UTC 2019] Changing owner/group of .well-known to nginx:nginx
    [Tue Dec 24 16:30:32 UTC 2019] Trigger domain validation.
    [Tue Dec 24 16:30:32 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:32 UTC 2019] _t_key_authz='2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Tue Dec 24 16:30:32 UTC 2019] _t_vtype='http-01'
    [Tue Dec 24 16:30:32 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:32 UTC 2019] payload='{}'
    [Tue Dec 24 16:30:32 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Tue Dec 24 16:30:32 UTC 2019] Use _CACHED_NONCE='00024aCXkp4L23DV5wARNFoke4LSMZtbV3j1jZoXbxlTbEk'
    [Tue Dec 24 16:30:32 UTC 2019] nonce='00024aCXkp4L23DV5wARNFoke4LSMZtbV3j1jZoXbxlTbEk'
    [Tue Dec 24 16:30:32 UTC 2019] POST
    [Tue Dec 24 16:30:32 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:32 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyNGFDWGtwNEwyM0RWNXdBUk5Gb2tlNExTTVp0YlYzajFqWm9YYnhsVGJFayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTkwNjU3MzgyOS9Ha0F0cFEiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzczMDQ2ODI4In0", "payload": "e30", "signature": "QV0PvrVm11ViogxiZeKgTmjjFHjpy8Ol2lKMZ4E96MWLYtXe7sKKUhu5_HZxRZeITshyemNLY-HCgEJBcwA1c2-rOblwg1ripoWQ8X2bNJRnMPJdcVGkgkrgpq5yEDiGnOaxChlEI2Kzo_GiZ30dYlFQ-xiTdfJ-yAPJ_UnBT-wvdfUNPeOSslSWSdfe-A19gryhmR3I0zBUVXANI4XkhS3wUYSMWPRrK1mSOHPUDIzhRaLGqSKsW7yTf4krpRcuuUNSWcc8hlShSyMjZgaxLML6ZeL_IOt9dMn3mvRhz-aDDFPLa40yDCwRGvs2wzqx9slBrzQUgCZU--0UcQO8oQ"}'
    [Tue Dec 24 16:30:32 UTC 2019] _postContentType='application/jose+json'
    [Tue Dec 24 16:30:32 UTC 2019] Http already initialized.
    [Tue Dec 24 16:30:32 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Tue Dec 24 16:30:32 UTC 2019] _ret='0'
    [Tue Dec 24 16:30:32 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 24 Dec 2019 16:30:32 GMT
    Content-Type: application/json
    Content-Length: 185
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/1906573829>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ
    Replay-Nonce: 0001TfdaAUtFt8ugPfI15d29XK1H0EYVWvaVtOihDgT5ro4
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Tue Dec 24 16:30:32 UTC 2019] code='200'
    [Tue Dec 24 16:30:32 UTC 2019] original='{
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ",
      "token": "2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"
    }'
    [Tue Dec 24 16:30:32 UTC 2019] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk"}'
    [Tue Dec 24 16:30:32 UTC 2019] trigger validation code: 200
    [Tue Dec 24 16:30:32 UTC 2019] sleep 2 secs to verify
    [Tue Dec 24 16:30:34 UTC 2019] checking
    [Tue Dec 24 16:30:34 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:34 UTC 2019] payload
    [Tue Dec 24 16:30:34 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Tue Dec 24 16:30:34 UTC 2019] Use _CACHED_NONCE='0001TfdaAUtFt8ugPfI15d29XK1H0EYVWvaVtOihDgT5ro4'
    [Tue Dec 24 16:30:34 UTC 2019] nonce='0001TfdaAUtFt8ugPfI15d29XK1H0EYVWvaVtOihDgT5ro4'
    [Tue Dec 24 16:30:34 UTC 2019] POST
    [Tue Dec 24 16:30:34 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:34 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxVGZkYUFVdEZ0OHVnUGZJMTVkMjlYSzFIMEVZVld2YVZ0T2loRGdUNXJvNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTkwNjU3MzgyOS9Ha0F0cFEiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzczMDQ2ODI4In0", "payload": "", "signature": "OPaSXEQt-oJzgso05K4TWrS7cth6TisObjt0UsYVUMEvtOo7ILZv4CUBZ0zVUznopIAt-qIfhxlpIwDVIGpIPhEb3knS2nMWISAVJCMUHDMI-wI-ChPKOpfiV9G4FySAydZ7HkRSgEyLd_iDNyNL0t2E-J-3Pmipo8uesmP-Cx3gqnHlRlQTyP9H0zyVLSEqCXBhUJI-J1-oO_cVquQ5oPZzxs7XkKo6fKGApUrtD8x8-iJPsSZ9CmB0EJZ9zYtnFsJ3wEqBUYedJjiEcMYJYrtPMwngkUhTbztDDnEJCJLFWsHFUblGQKnzrcppEWS0prQ3sg19nzN87s2wx-mzIg"}'
    [Tue Dec 24 16:30:34 UTC 2019] _postContentType='application/jose+json'
    [Tue Dec 24 16:30:34 UTC 2019] Http already initialized.
    [Tue Dec 24 16:30:34 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Tue Dec 24 16:30:34 UTC 2019] _ret='0'
    [Tue Dec 24 16:30:34 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 24 Dec 2019 16:30:34 GMT
    Content-Type: application/json
    Content-Length: 1476
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/1906573829>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ
    Replay-Nonce: 0001lP1UphSTVD79WnMVHpMeOXZsS_Dr5CuD1zr61i9lCFI
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Tue Dec 24 16:30:34 UTC 2019] code='200'
    [Tue Dec 24 16:30:34 UTC 2019] original='{
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk [2606:4700:30::681b:8ac3]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ",
      "token": "2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk",
      "validationRecord": [
        {
          "url": "http://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk",
          "hostname": "www.domain.me",
          "port": "80",
          "addressesResolved": [
            "104.27.138.195",
            "104.27.139.195",
            "2606:4700:30::681b:8ac3",
            "2606:4700:30::681b:8bc3"
          ],
          "addressUsed": "2606:4700:30::681b:8ac3"
        },
        {
          "url": "https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk",
          "hostname": "www.domain.me",
          "port": "443",
          "addressesResolved": [
            "104.27.139.195",
            "104.27.138.195",
            "2606:4700:30::681b:8ac3",
            "2606:4700:30::681b:8bc3"
          ],
          "addressUsed": "2606:4700:30::681b:8ac3"
        }
      ]
    }'
    [Tue Dec 24 16:30:34 UTC 2019] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk [2606:4700:30::681b:8ac3]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","validationRecord":[{"url":"http://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","hostname":"www.domain.me","port":"80","addressesResolved":["104.27.138.195","104.27.139.195","2606:4700:30::681b:8ac3","2606:4700:30::681b:8bc3"],"addressUsed":"2606:4700:30::681b:8ac3"},{"url":"https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","hostname":"www.domain.me","port":"443","addressesResolved":["104.27.139.195","104.27.138.195","2606:4700:30::681b:8ac3","2606:4700:30::681b:8bc3"],"addressUsed":"2606:4700:30::681b:8ac3"}]}'
    [Tue Dec 24 16:30:34 UTC 2019] original='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk [2606:4700:30::681b:8ac3]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","validationRecord":[{"url":"http://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","hostname":"www.domain.me","port":"80","addressesResolved":["104.27.138.195","104.27.139.195","2606:4700:30::681b:8ac3","2606:4700:30::681b:8bc3"],"addressUsed":"2606:4700:30::681b:8ac3"},{"url":"https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","hostname":"www.domain.me","port":"443","addressesResolved":["104.27.139.195","104.27.138.195","2606:4700:30::681b:8ac3","2606:4700:30::681b:8bc3"],"addressUsed":"2606:4700:30::681b:8ac3"}]}'
    [Tue Dec 24 16:30:34 UTC 2019] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk [2606:4700:30::681b:8ac3]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ","token":"2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","validationRecord":[{"url":"http://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","hostname":"www.domain.me","port":"80","addressesResolved":["104.27.138.195","104.27.139.195","2606:4700:30::681b:8ac3","2606:4700:30::681b:8bc3"],"addressUsed":"2606:4700:30::681b:8ac3"},{"url":"https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk","hostname":"www.domain.me","port":"443","addressesResolved":["104.27.139.195","104.27.138.195","2606:4700:30::681b:8ac3","2606:4700:30::681b:8bc3"],"addressUsed":"2606:4700:30::681b:8ac3"}]}'
    [Tue Dec 24 16:30:34 UTC 2019] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk [2606:4700:30::681b:8ac3]: '
    [Tue Dec 24 16:30:34 UTC 2019] errordetail='Invalid response from https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk [2606:4700:30::681b:8ac3]: '
    [Tue Dec 24 16:30:34 UTC 2019] www.domain.me:Verify error:Invalid response from https://www.domain.me/.well-known/acme-challenge/2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk [2606:4700:30::681b:8ac3]:
    [Tue Dec 24 16:30:34 UTC 2019] pid
    [Tue Dec 24 16:30:34 UTC 2019] No need to restore nginx, skip.
    [Tue Dec 24 16:30:34 UTC 2019] _clearupdns
    [Tue Dec 24 16:30:34 UTC 2019] dns_entries
    [Tue Dec 24 16:30:34 UTC 2019] skip dns.
    [Tue Dec 24 16:30:34 UTC 2019] _on_issue_err
    [Tue Dec 24 16:30:34 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-241219-163024.log
    [Tue Dec 24 16:30:34 UTC 2019] _chk_vlist='domain.me#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw#http-01#/home/nginx/domains/domain.me/public,www.domain.me#2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ#http-01#/home/nginx/domains/domain.me/public,'
    [Tue Dec 24 16:30:34 UTC 2019] start to deactivate authz
    [Tue Dec 24 16:30:34 UTC 2019] Trigger domain validation.
    [Tue Dec 24 16:30:34 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw'
    [Tue Dec 24 16:30:34 UTC 2019] _t_key_authz='verified_ok'
    [Tue Dec 24 16:30:34 UTC 2019] _t_vtype
    [Tue Dec 24 16:30:34 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw'
    [Tue Dec 24 16:30:34 UTC 2019] payload='{}'
    [Tue Dec 24 16:30:34 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Tue Dec 24 16:30:34 UTC 2019] Use _CACHED_NONCE='0001lP1UphSTVD79WnMVHpMeOXZsS_Dr5CuD1zr61i9lCFI'
    [Tue Dec 24 16:30:34 UTC 2019] nonce='0001lP1UphSTVD79WnMVHpMeOXZsS_Dr5CuD1zr61i9lCFI'
    [Tue Dec 24 16:30:34 UTC 2019] POST
    [Tue Dec 24 16:30:34 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw'
    [Tue Dec 24 16:30:34 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxbFAxVXBoU1RWRDc5V25NVkhwTWVPWFpzU19EcjVDdUQxenI2MWk5bENGSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTU2MzU1MTQ5NS9QeXVzWXciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzczMDQ2ODI4In0", "payload": "e30", "signature": "iPYy7lu6AyI2wPuPA8PvEG_DspjJ4Mgk0iZ4AF9FIdigSxAQu0lgTPcQ8GN5Cbo-12k1lI9j-F0F5kNhBDXSQMVY27CaYFK2kzpibCy_FnLWLv_5jYyajUeonZoLRHvmojw-S0mWsArUuF5icUJ5jYzNIdJH_Jydq6hp4NJ4uDRKKjXE_dNMP0bfy0mibuIyPO1ZaNl9memtOEkqGVN8r_lzyu7itY5iaVT8dsl-4vjCFBJYG149YLLMNFATK_NV_1Bp4kT5ZMPPX34m8M91fE5_N7ZJDvTJt5-e6FMkffNczdUewW-2b9ROK_QYce9CpwAS6t3wUFRSbCRcAMA_UA"}'
    [Tue Dec 24 16:30:34 UTC 2019] _postContentType='application/jose+json'
    [Tue Dec 24 16:30:34 UTC 2019] Http already initialized.
    [Tue Dec 24 16:30:34 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Tue Dec 24 16:30:34 UTC 2019] _ret='0'
    [Tue Dec 24 16:30:34 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 24 Dec 2019 16:30:34 GMT
    Content-Type: application/json
    Content-Length: 775
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/1563551495>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw
    Replay-Nonce: 0001evTAluEk8_w10AnJFsT-qrt8eQfsbZ2N8HtJXonn9pg
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Tue Dec 24 16:30:34 UTC 2019] code='200'
    [Tue Dec 24 16:30:34 UTC 2019] original='{
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw",
      "token": "k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4",
      "validationRecord": [
        {
          "url": "http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4",
          "hostname": "domain.me",
          "port": "80",
          "addressesResolved": [
            "servrip"
          ],
          "addressUsed": "servrip"
        },
        {
          "url": "https://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4",
          "hostname": "domain.me",
          "port": "443",
          "addressesResolved": [
            "servrip"
          ],
          "addressUsed": "servrip"
        }
      ]
    }'
    [Tue Dec 24 16:30:34 UTC 2019] response='{"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1563551495/PyusYw","token":"k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","validationRecord":[{"url":"http://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"80","addressesResolved":["servrip"],"addressUsed":"servrip"},{"url":"https://domain.me/.well-known/acme-challenge/k67cK-z4u7EOdbrytY7lRlk2FwWs_jOo-RrivBXFyp4","hostname":"domain.me","port":"443","addressesResolved":["servrip"],"addressUsed":"servrip"}]}'
    [Tue Dec 24 16:30:34 UTC 2019] Trigger domain validation.
    [Tue Dec 24 16:30:34 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:34 UTC 2019] _t_key_authz='2-EWHbZF1aUvApMlOhWyqau-vQKmxac1z1nP43SasLk.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Tue Dec 24 16:30:34 UTC 2019] _t_vtype
    [Tue Dec 24 16:30:34 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:34 UTC 2019] payload='{}'
    [Tue Dec 24 16:30:34 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Tue Dec 24 16:30:34 UTC 2019] Use _CACHED_NONCE='0001evTAluEk8_w10AnJFsT-qrt8eQfsbZ2N8HtJXonn9pg'
    [Tue Dec 24 16:30:34 UTC 2019] nonce='0001evTAluEk8_w10AnJFsT-qrt8eQfsbZ2N8HtJXonn9pg'
    [Tue Dec 24 16:30:34 UTC 2019] POST
    [Tue Dec 24 16:30:34 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1906573829/GkAtpQ'
    [Tue Dec 24 16:30:34 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxZXZUQWx1RWs4X3cxMEFuSkZzVC1xcnQ4ZVFmc2JaMk44SHRKWG9ubjlwZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTkwNjU3MzgyOS9Ha0F0cFEiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzczMDQ2ODI4In0", "payload": "e30", "signature": "d03bjnD2oALcshDkIcA2TLOZC1Yug8zOqHHacE00AjRKj4TsB1fyin7rY1sXvp8dtLUl232V6-7eCaWKDtQSvwCT3QfA-r1R5W0CpoJBXA_HiO-xMDWngYYE2w7LOY2WLqD6XCGav1QEIcfOeTtQdYJ1dKYw4FQ9rAw4dXsx2vCs-n1_ZFjoay150diniFut5Ac-eHTjBKDhiUFv1CSHq2ED70W0yDM4cGBukJDWubDSy8YTvLiygt6netcE_C0db3L4c6Iu4w9CmksGLT6jbC0PtF4wfL4v_VUwtzpRpzYczMh_Gz-vrR3ovLLDR4dYkXdQiO5efRCkOXTgo0AWxw"}'
    [Tue Dec 24 16:30:34 UTC 2019] _postContentType='application/jose+json'
    [Tue Dec 24 16:30:34 UTC 2019] Http already initialized.
    [Tue Dec 24 16:30:34 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Tue Dec 24 16:30:34 UTC 2019] _ret='0'
    [Tue Dec 24 16:30:34 UTC 2019] responseHeaders='HTTP/1.1 400 Bad Request
    Server: nginx
    Date: Tue, 24 Dec 2019 16:30:34 GMT
    Content-Type: application/problem+json
    Content-Length: 144
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0001Q3sGQmlS6DklL45CH3Gq_nk3HJ0PZpS2RzsJmqJpr6k
    
    '
    [Tue Dec 24 16:30:34 UTC 2019] code='400'
    [Tue Dec 24 16:30:35 UTC 2019] original='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    [Tue Dec 24 16:30:35 UTC 2019] response='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    f
     
  2. pamamolf

    pamamolf Premium Member Premium Member

    3,826
    370
    83
    May 31, 2014
    Ratings:
    +712
    Local Time:
    7:42 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    You just need to use the Centminmod included tool to get the certificates and then all certificates will renew automatically ...

    No need to disable Cloudflare or do anything else.
     
  3. eva2000

    eva2000 Administrator Staff Member

    44,744
    10,201
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,810
    Local Time:
    2:42 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    First try running your intended SSL certificate domain through the letsdebug.net online testing tool to check for potential errors with HTTP-01 validation. Seems you fail validation on www. version of your domains
     
  4. yunos

    yunos Member

    107
    3
    18
    Aug 8, 2015
    Ratings:
    +12
    Local Time:
    6:42 PM
    1.8.0
    fixed the www issue
    The domain is being served through Cloudflare CDN. Any Let's Encrypt certificate installed on the origin server will only encrypt traffic between the server and Cloudflare. It is strongly recommended that the SSL option 'Full SSL (strict)' be enabled.
     
  5. eva2000

    eva2000 Administrator Staff Member

    44,744
    10,201
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,810
    Local Time:
    2:42 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes if you use Centmin Mod Nginx with HTTP/2 HTTPS default, then Cloudflare needs Full SSL mode. But you should be able to auto renew Letsencrypt behind Cloudflare with such setup now that you fixed www domain issue.

    Try acmetool.sh add reissue-only option for existing nginx HTTPS SSL vhosts with domain.com.ssl.conf vhost config files that exist. This only does reissue of letsencrypt SSL cert without touching the nginx vhost. Ideal for use when you tried creating a Nginx HTTPS SSL default vhost site but letsencrypt SSL issuance failed the first time. When it fails, Centmin Mod usually falls back to self-signed SSL as a place holder for the domain.com.ssl.conf vhost config. When you run:
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue-only domain.com live
    

    It will only try reissuing the letsencrypt SSL certificate for the domain = domain.com for live production SSL certificate without touching any of the existing nginx vhost at domain.com.ssl.conf
     
  6. yunos

    yunos Member

    107
    3
    18
    Aug 8, 2015
    Ratings:
    +12
    Local Time:
    6:42 PM
    1.8.0
    getting same issue when creating new subdomain with letnscryp

    Code:
    [Fri Dec 27 15:36:49 UTC 2019] Lets find script dir.
    [Fri Dec 27 15:36:49 UTC 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Fri Dec 27 15:36:49 UTC 2019] _script='/root/.acme.sh/acme.sh'
    [Fri Dec 27 15:36:49 UTC 2019] _script_home='/root/.acme.sh'
    [Fri Dec 27 15:36:49 UTC 2019] Using config home:/root/.acme.sh
    [Fri Dec 27 15:36:49 UTC 2019] LE_WORKING_DIR='/root/.acme.sh'
    [Fri Dec 27 15:36:49 UTC 2019] Running cmd: issue
    [Fri Dec 27 15:36:49 UTC 2019] _main_domain='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] _alt_domains='no'
    [Fri Dec 27 15:36:49 UTC 2019] Using config home:/root/.acme.sh
    [Fri Dec 27 15:36:49 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Fri Dec 27 15:36:49 UTC 2019] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Fri Dec 27 15:36:49 UTC 2019] DOMAIN_PATH='/root/.acme.sh/domain.com_ecc'
    [Fri Dec 27 15:36:49 UTC 2019] '/home/nginx/domains/domain.com/public' does not contain 'dns'
    [Fri Dec 27 15:36:49 UTC 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
    [Fri Dec 27 15:36:49 UTC 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    [Fri Dec 27 15:36:49 UTC 2019] GET
    [Fri Dec 27 15:36:49 UTC 2019] url='https://acme-v02.api.letsencrypt.org/directory'
    [Fri Dec 27 15:36:49 UTC 2019] timeout=
    [Fri Dec 27 15:36:49 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Fri Dec 27 15:36:49 UTC 2019] ret='0'
    [Fri Dec 27 15:36:49 UTC 2019] response='{
      "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
      "meta": {
        "caaIdentities": [
          "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
        "website": "https://letsencrypt.org"
      },
      "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
      "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
      "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
      "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
      "wtyso1STz8I": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
    }'
    [Fri Dec 27 15:36:49 UTC 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
    [Fri Dec 27 15:36:49 UTC 2019] ACME_NEW_AUTHZ
    [Fri Dec 27 15:36:49 UTC 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Fri Dec 27 15:36:49 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
    [Fri Dec 27 15:36:49 UTC 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
    [Fri Dec 27 15:36:49 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
    [Fri Dec 27 15:36:49 UTC 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Fri Dec 27 15:36:49 UTC 2019] ACME_VERSION='2'
    [Fri Dec 27 15:36:49 UTC 2019] _on_before_issue
    [Fri Dec 27 15:36:49 UTC 2019] _chk_main_domain='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] _chk_alt_domains
    [Fri Dec 27 15:36:49 UTC 2019] '/home/nginx/domains/domain.com/public' does not contain 'no'
    [Fri Dec 27 15:36:49 UTC 2019] Le_LocalAddress
    [Fri Dec 27 15:36:49 UTC 2019] d='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] Check for domain='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] _currentRoot='/home/nginx/domains/domain.com/public'
    [Fri Dec 27 15:36:49 UTC 2019] d
    [Fri Dec 27 15:36:49 UTC 2019] '/home/nginx/domains/domain.com/public' does not contain 'apache'
    [Fri Dec 27 15:36:49 UTC 2019] _saved_account_key_hash='ayfqaepD45sIn1X7pv4rq3KPjEO7Y9jGnk4/jqYhoEw='
    [Fri Dec 27 15:36:49 UTC 2019] _saved_account_key_hash is not changed, skip register account.
    [Fri Dec 27 15:36:49 UTC 2019] Read key length:
    [Fri Dec 27 15:36:49 UTC 2019] Creating domain key
    [Fri Dec 27 15:36:49 UTC 2019] Using config home:/root/.acme.sh
    [Fri Dec 27 15:36:49 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Fri Dec 27 15:36:49 UTC 2019] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Fri Dec 27 15:36:49 UTC 2019] _createkey for file:/root/.acme.sh/domain.com_ecc/domain.com.key
    [Fri Dec 27 15:36:49 UTC 2019] Use length 256
    [Fri Dec 27 15:36:49 UTC 2019] Using ec name: prime256v1
    [Fri Dec 27 15:36:49 UTC 2019] The domain key is here: /root/.acme.sh/domain.com_ecc/domain.com.key
    [Fri Dec 27 15:36:49 UTC 2019] _createcsr
    [Fri Dec 27 15:36:49 UTC 2019] domain='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] domainlist
    [Fri Dec 27 15:36:49 UTC 2019] csrkey='/root/.acme.sh/domain.com_ecc/domain.com.key'
    [Fri Dec 27 15:36:49 UTC 2019] csr='/root/.acme.sh/domain.com_ecc/domain.com.csr'
    [Fri Dec 27 15:36:49 UTC 2019] csrconf='/root/.acme.sh/domain.com_ecc/domain.com.csr.conf'
    [Fri Dec 27 15:36:49 UTC 2019] Single domain='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] _is_idn_d='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] _idn_temp
    [Fri Dec 27 15:36:49 UTC 2019] _is_idn_d='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] _idn_temp
    [Fri Dec 27 15:36:49 UTC 2019] _csr_cn='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] Getting domain auth token for each domain
    [Fri Dec 27 15:36:49 UTC 2019] _is_idn_d='domain.com'
    [Fri Dec 27 15:36:49 UTC 2019] _idn_temp
    [Fri Dec 27 15:36:49 UTC 2019] d
    [Fri Dec 27 15:36:49 UTC 2019] _identifiers='{"type":"dns","value":"domain.com"}'
    [Fri Dec 27 15:36:49 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Fri Dec 27 15:36:49 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"domain.com"}]}'
    [Fri Dec 27 15:36:49 UTC 2019] RSA key
    [Fri Dec 27 15:36:49 UTC 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Fri Dec 27 15:36:49 UTC 2019] HEAD
    [Fri Dec 27 15:36:49 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Fri Dec 27 15:36:49 UTC 2019] body
    [Fri Dec 27 15:36:49 UTC 2019] _postContentType='application/jose+json'
    [Fri Dec 27 15:36:49 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g  -I  '
    [Fri Dec 27 15:36:50 UTC 2019] _ret='0'
    [Fri Dec 27 15:36:50 UTC 2019] _headers='HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Dec 2019 15:36:50 GMT
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0002yB846k7eKihQYh0E8b2WpBL9Q7m8YiOsTPsWBExlvCI
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Fri Dec 27 15:36:50 UTC 2019] _CACHED_NONCE='0002yB846k7eKihQYh0E8b2WpBL9Q7m8YiOsTPsWBExlvCI'
    [Fri Dec 27 15:36:50 UTC 2019] nonce='0002yB846k7eKihQYh0E8b2WpBL9Q7m8YiOsTPsWBExlvCI'
    [Fri Dec 27 15:36:50 UTC 2019] POST
    [Fri Dec 27 15:36:50 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Fri Dec 27 15:36:50 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyeUI4NDZrN2VLaWhRWWgwRThiMldwQkw5UTdtOFlpT3NUUHNXQkV4bHZDSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83MzA0NjgyOCJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Imhhby5kaXMudGYifV19", "signature": "i8aNe8tQ4vv2zo_rwv-M99JOsxBxH0_JPeKY9QK6YCogW7Gu74izKBmUXsbtsNzKIj_VZUbMldycyer15mHUsGzsfkY00FMU1LK7fcW0QsUImsMFHey_9aAim-_oDiI0BZ5nAsgtMJtAJCXLdVTeQpWM_0kzydMyEDwtFQiQ7C86gXtUKrvp-7Tf2BpuJSM_kdVczsk4MpZ9LZC30mjRgFd4fOPkEvAdi_dlevKqkwS_NBc3I5SQ--9KONvHnxedvRrpoDiVbzJn3n6Wf4qCjVNhRpWrHq8xu-fwVDxQmQIDlWv4w7PiDIrYobY1Bou-Rc1LoTrRwUlLUXNFWOX9sg"}'
    [Fri Dec 27 15:36:50 UTC 2019] _postContentType='application/jose+json'
    [Fri Dec 27 15:36:50 UTC 2019] Http already initialized.
    [Fri Dec 27 15:36:50 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Fri Dec 27 15:36:50 UTC 2019] _ret='0'
    [Fri Dec 27 15:36:50 UTC 2019] responseHeaders='HTTP/1.1 201 Created
    Server: nginx
    Date: Fri, 27 Dec 2019 15:36:50 GMT
    Content-Type: application/json
    Content-Length: 340
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Location: https://acme-v02.api.letsencrypt.org/acme/order/73046828/1866260228
    Replay-Nonce: 0102gmF5nUErKRSV_YlJ1mkPxZKXIq-86hFHrhW4Fs5TI-s
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Fri Dec 27 15:36:50 UTC 2019] code='201'
    [Fri Dec 27 15:36:50 UTC 2019] original='{
      "status": "pending",
      "expires": "2020-01-03T15:36:50.428745084Z",
      "identifiers": [
        {
          "type": "dns",
          "value": "domain.com"
        }
      ],
      "authorizations": [
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/1959343758"
      ],
      "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/73046828/1866260228"
    }'
    [Fri Dec 27 15:36:50 UTC 2019] response='{"status":"pending","expires":"2020-01-03T15:36:50.428745084Z","identifiers":[{"type":"dns","value":"domain.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/1959343758"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/73046828/1866260228"}'
    [Fri Dec 27 15:36:50 UTC 2019] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/73046828/1866260228'
    [Fri Dec 27 15:36:50 UTC 2019] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/73046828/1866260228'
    [Fri Dec 27 15:36:50 UTC 2019] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1959343758'
    [Fri Dec 27 15:36:50 UTC 2019] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1959343758'
    [Fri Dec 27 15:36:50 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1959343758'
    [Fri Dec 27 15:36:50 UTC 2019] payload
    [Fri Dec 27 15:36:50 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Fri Dec 27 15:36:50 UTC 2019] Use _CACHED_NONCE='0102gmF5nUErKRSV_YlJ1mkPxZKXIq-86hFHrhW4Fs5TI-s'
    [Fri Dec 27 15:36:50 UTC 2019] nonce='0102gmF5nUErKRSV_YlJ1mkPxZKXIq-86hFHrhW4Fs5TI-s'
    [Fri Dec 27 15:36:50 UTC 2019] POST
    [Fri Dec 27 15:36:50 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1959343758'
    [Fri Dec 27 15:36:50 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMTAyZ21GNW5VRXJLUlNWX1lsSjFta1B4WktYSXEtODZoRkhyaFc0RnM1VEktcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTk1OTM0Mzc1OCIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzMwNDY4MjgifQ", "payload": "", "signature": "ptBw7RnVQYH2KRCwwoWZ5ObIUdseBQz-TnZ756Mezm8wrFSzMUSevFdfFdyFFItELp4NXDWZsYVxQaEkrEaIWU4ZeRpIMRhnBXaYRVaqso9uk5wwe6D1pzNm6-39qa6ztO1k-Vz4BGlXxJVR8EzDmM6lKLZ9yu8kN9IUepK-5QKXzdnwOrLp9F10eAZYmLV4k1OH_2yTRzre6lXTPtxhInp16-5fvROtPtdFLOCeh5sFUvh6HBLIlkyZKyZhlx4fzse71QUdyvXKYYwcqJpt4dxaAVUy02Zl_b2rsBy9VULKM8tDvxF_XGAb-zSE0u7roaxt1-eeZY9zutcO5kAEBg"}'
    [Fri Dec 27 15:36:50 UTC 2019] _postContentType='application/jose+json'
    [Fri Dec 27 15:36:50 UTC 2019] Http already initialized.
    [Fri Dec 27 15:36:50 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Fri Dec 27 15:36:50 UTC 2019] _ret='0'
    [Fri Dec 27 15:36:50 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Dec 2019 15:36:50 GMT
    Content-Type: application/json
    Content-Length: 788
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0002i6RQDvgOP98XCS0ZilvJKqqs3wcJKTSCULKpZa-8i1s
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Fri Dec 27 15:36:50 UTC 2019] code='200'
    [Fri Dec 27 15:36:50 UTC 2019] original='{
      "identifier": {
        "type": "dns",
        "value": "domain.com"
      },
      "status": "pending",
      "expires": "2020-01-03T15:36:50Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q",
          "token": "bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/XTXGAA",
          "token": "bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/rzw-hg",
          "token": "bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"
        }
      ]
    }'
    [Fri Dec 27 15:36:50 UTC 2019] response='{"identifier":{"type":"dns","value":"domain.com"},"status":"pending","expires":"2020-01-03T15:36:50Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/XTXGAA","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/rzw-hg","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"}]}'
    [Fri Dec 27 15:36:50 UTC 2019] response='{"identifier":{"type":"dns","value":"domain.com"},"status":"pending","expires":"2020-01-03T15:36:50Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/XTXGAA","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/rzw-hg","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"}]}'
    [Fri Dec 27 15:36:50 UTC 2019] _d='domain.com'
    [Fri Dec 27 15:36:50 UTC 2019] _authorizations_map='domain.com,{"identifier":{"type":"dns","value":"domain.com"},"status":"pending","expires":"2020-01-03T15:36:50Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/XTXGAA","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/rzw-hg","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"}]}
    '
    [Fri Dec 27 15:36:50 UTC 2019] d='domain.com'
    [Fri Dec 27 15:36:50 UTC 2019] Getting webroot for domain='domain.com'
    [Fri Dec 27 15:36:50 UTC 2019] _w='/home/nginx/domains/domain.com/public'
    [Fri Dec 27 15:36:50 UTC 2019] _currentRoot='/home/nginx/domains/domain.com/public'
    [Fri Dec 27 15:36:50 UTC 2019] _is_idn_d='domain.com'
    [Fri Dec 27 15:36:50 UTC 2019] _idn_temp
    [Fri Dec 27 15:36:50 UTC 2019] _candindates='domain.com,{"identifier":{"type":"dns","value":"domain.com"},"status":"pending","expires":"2020-01-03T15:36:50Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/XTXGAA","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/rzw-hg","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"}]}'
    [Fri Dec 27 15:36:50 UTC 2019] response='{"identifier":{"type":"dns","value":"domain.com"},"status":"pending","expires":"2020-01-03T15:36:50Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/XTXGAA","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/rzw-hg","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"}]}'
    [Fri Dec 27 15:36:50 UTC 2019] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"'
    [Fri Dec 27 15:36:50 UTC 2019] token='bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg'
    [Fri Dec 27 15:36:50 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:50 UTC 2019] keyauthorization='bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Fri Dec 27 15:36:50 UTC 2019] dvlist='domain.com#bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q#http-01#/home/nginx/domains/domain.com/public'
    [Fri Dec 27 15:36:50 UTC 2019] d
    [Fri Dec 27 15:36:50 UTC 2019] vlist='domain.com#bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q#http-01#/home/nginx/domains/domain.com/public,'
    [Fri Dec 27 15:36:50 UTC 2019] d='domain.com'
    [Fri Dec 27 15:36:50 UTC 2019] ok, let's start to verify
    [Fri Dec 27 15:36:50 UTC 2019] Verifying: domain.com
    [Fri Dec 27 15:36:50 UTC 2019] d='domain.com'
    [Fri Dec 27 15:36:50 UTC 2019] keyauthorization='bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Fri Dec 27 15:36:50 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:50 UTC 2019] _currentRoot='/home/nginx/domains/domain.com/public'
    [Fri Dec 27 15:36:50 UTC 2019] wellknown_path='/home/nginx/domains/domain.com/public/.well-known/acme-challenge'
    [Fri Dec 27 15:36:50 UTC 2019] writing token:bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg to /home/nginx/domains/domain.com/public/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg
    [Fri Dec 27 15:36:50 UTC 2019] Changing owner/group of .well-known to nginx:nginx
    [Fri Dec 27 15:36:50 UTC 2019] Trigger domain validation.
    [Fri Dec 27 15:36:50 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:50 UTC 2019] _t_key_authz='bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Fri Dec 27 15:36:50 UTC 2019] _t_vtype='http-01'
    [Fri Dec 27 15:36:50 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:50 UTC 2019] payload='{}'
    [Fri Dec 27 15:36:50 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Fri Dec 27 15:36:50 UTC 2019] Use _CACHED_NONCE='0002i6RQDvgOP98XCS0ZilvJKqqs3wcJKTSCULKpZa-8i1s'
    [Fri Dec 27 15:36:50 UTC 2019] nonce='0002i6RQDvgOP98XCS0ZilvJKqqs3wcJKTSCULKpZa-8i1s'
    [Fri Dec 27 15:36:50 UTC 2019] POST
    [Fri Dec 27 15:36:50 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:50 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyaTZSUUR2Z09QOThYQ1MwWmlsdkpLcXFzM3djSktUU0NVTEtwWmEtOGkxcyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTk1OTM0Mzc1OC85M1RmN1EiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzczMDQ2ODI4In0", "payload": "e30", "signature": "XgfqXHNG47Pt4OGxccoPAolo0KU2HSG3rSudLybUtkjAys4EmyKmGZTOMRcwCSkmXrdXkFumlF06CKz_82RPALC9SCs6f9QpBn6jDYX0w0MQH6Yf_FZ0mvOUKDJZnIFHgrMdfjbIQOml8SWwlkdXshTnRz-E12KU2ANz6HJwjYZ_oyy32yL27DkL0juYODf4PKT1BU9h__bFY6fjT0PLYz_dzSsP4RpjZ_CP-E3cOxRM3DSwo_pZOlvzFSYEYHP2BXXEyOyoIUBC0Q2aTqESLKBBl2lShMLJ5QSzhkA2CPwSSsbgOTK7NnNh6hwwrcOq6tfmWSHObswVr13vhNjw-g"}'
    [Fri Dec 27 15:36:50 UTC 2019] _postContentType='application/jose+json'
    [Fri Dec 27 15:36:50 UTC 2019] Http already initialized.
    [Fri Dec 27 15:36:50 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Fri Dec 27 15:36:51 UTC 2019] _ret='0'
    [Fri Dec 27 15:36:51 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Dec 2019 15:36:51 GMT
    Content-Type: application/json
    Content-Length: 185
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/1959343758>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q
    Replay-Nonce: 0001uYdM-FO_gEg-9Baac4x1jglXJuwBzyCXIgxjN6gA1DE
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Fri Dec 27 15:36:51 UTC 2019] code='200'
    [Fri Dec 27 15:36:51 UTC 2019] original='{
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q",
      "token": "bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"
    }'
    [Fri Dec 27 15:36:51 UTC 2019] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg"}'
    [Fri Dec 27 15:36:51 UTC 2019] trigger validation code: 200
    [Fri Dec 27 15:36:51 UTC 2019] sleep 2 secs to verify
    [Fri Dec 27 15:36:53 UTC 2019] checking
    [Fri Dec 27 15:36:53 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:53 UTC 2019] payload
    [Fri Dec 27 15:36:53 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Fri Dec 27 15:36:53 UTC 2019] Use _CACHED_NONCE='0001uYdM-FO_gEg-9Baac4x1jglXJuwBzyCXIgxjN6gA1DE'
    [Fri Dec 27 15:36:53 UTC 2019] nonce='0001uYdM-FO_gEg-9Baac4x1jglXJuwBzyCXIgxjN6gA1DE'
    [Fri Dec 27 15:36:53 UTC 2019] POST
    [Fri Dec 27 15:36:53 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:53 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxdVlkTS1GT19nRWctOUJhYWM0eDFqZ2xYSnV3Qnp5Q1hJZ3hqTjZnQTFERSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTk1OTM0Mzc1OC85M1RmN1EiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzczMDQ2ODI4In0", "payload": "", "signature": "B5lINu6cltLjwJj4Uv4E6YXE8NBPP9wy2lyVDU42MDFrub-OeH2xbhNcG72U5rUpnkE1qYLOf58zJzwH8j6hSQ3J4A5PnLthTsfaljYADI2kFzP_R6ZwctGRS1oYjpWam2NTeccbOLwY_2ziECdWlAwQlOQI68c9MLeJaLZnSD9YgWmJ6AXk67e7eVlCePvr-zs3YlT0EGsM0IvibbuQho04hUzqEqJv8DFzWvB7kiNosT8dEFZMNwvMru0-agxsJ1Inf4xhyEyZ5EeAB7Ax737Y3T_x_mrc7bNiolAU8HiquDaSOpIP86vKafYQFTim-BdoO8xewevsPtEkbDqjbA"}'
    [Fri Dec 27 15:36:53 UTC 2019] _postContentType='application/jose+json'
    [Fri Dec 27 15:36:53 UTC 2019] Http already initialized.
    [Fri Dec 27 15:36:53 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Fri Dec 27 15:36:53 UTC 2019] _ret='0'
    [Fri Dec 27 15:36:53 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 27 Dec 2019 15:36:53 GMT
    Content-Type: application/json
    Content-Length: 1417
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/1959343758>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q
    Replay-Nonce: 0001AxZpdWvK79q6Zr9Y6LjhbNOsHa3Pdy3-7_Bbfoi66tc
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Fri Dec 27 15:36:53 UTC 2019] code='200'
    [Fri Dec 27 15:36:53 UTC 2019] original='{
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg [2606:4700:30::6812:32e2]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q",
      "token": "bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg",
      "validationRecord": [
        {
          "url": "http://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg",
          "hostname": "domain.com",
          "port": "80",
          "addressesResolved": [
            "104.18.51.226",
            "104.18.50.226",
            "2606:4700:30::6812:33e2",
            "2606:4700:30::6812:32e2"
          ],
          "addressUsed": "2606:4700:30::6812:33e2"
        },
        {
          "url": "https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg",
          "hostname": "domain.com",
          "port": "443",
          "addressesResolved": [
            "104.18.51.226",
            "104.18.50.226",
            "2606:4700:30::6812:32e2",
            "2606:4700:30::6812:33e2"
          ],
          "addressUsed": "2606:4700:30::6812:32e2"
        }
      ]
    }'
    [Fri Dec 27 15:36:53 UTC 2019] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg [2606:4700:30::6812:32e2]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","validationRecord":[{"url":"http://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","hostname":"domain.com","port":"80","addressesResolved":["104.18.51.226","104.18.50.226","2606:4700:30::6812:33e2","2606:4700:30::6812:32e2"],"addressUsed":"2606:4700:30::6812:33e2"},{"url":"https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","hostname":"domain.com","port":"443","addressesResolved":["104.18.51.226","104.18.50.226","2606:4700:30::6812:32e2","2606:4700:30::6812:33e2"],"addressUsed":"2606:4700:30::6812:32e2"}]}'
    [Fri Dec 27 15:36:53 UTC 2019] original='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg [2606:4700:30::6812:32e2]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","validationRecord":[{"url":"http://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","hostname":"domain.com","port":"80","addressesResolved":["104.18.51.226","104.18.50.226","2606:4700:30::6812:33e2","2606:4700:30::6812:32e2"],"addressUsed":"2606:4700:30::6812:33e2"},{"url":"https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","hostname":"domain.com","port":"443","addressesResolved":["104.18.51.226","104.18.50.226","2606:4700:30::6812:32e2","2606:4700:30::6812:33e2"],"addressUsed":"2606:4700:30::6812:32e2"}]}'
    [Fri Dec 27 15:36:53 UTC 2019] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg [2606:4700:30::6812:32e2]: \"\u003c!DOCTYPE html\u003e\\n\u003c!--[if lt IE 7]\u003e \u003chtml class=\\\"no-js ie6 oldie\\\" lang=\\\"en-US\\\"\u003e \u003c![endif]--\u003e\\n\u003c!--[if IE 7]\u003e    \u003chtml class=\\\"no-js \"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q","token":"bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","validationRecord":[{"url":"http://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","hostname":"domain.com","port":"80","addressesResolved":["104.18.51.226","104.18.50.226","2606:4700:30::6812:33e2","2606:4700:30::6812:32e2"],"addressUsed":"2606:4700:30::6812:33e2"},{"url":"https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg","hostname":"domain.com","port":"443","addressesResolved":["104.18.51.226","104.18.50.226","2606:4700:30::6812:32e2","2606:4700:30::6812:33e2"],"addressUsed":"2606:4700:30::6812:32e2"}]}'
    [Fri Dec 27 15:36:53 UTC 2019] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg [2606:4700:30::6812:32e2]: '
    [Fri Dec 27 15:36:53 UTC 2019] errordetail='Invalid response from https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg [2606:4700:30::6812:32e2]: '
    [Fri Dec 27 15:36:53 UTC 2019] domain.com:Verify error:Invalid response from https://domain.com/.well-known/acme-challenge/bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg [2606:4700:30::6812:32e2]:
    [Fri Dec 27 15:36:53 UTC 2019] pid
    [Fri Dec 27 15:36:53 UTC 2019] No need to restore nginx, skip.
    [Fri Dec 27 15:36:53 UTC 2019] _clearupdns
    [Fri Dec 27 15:36:53 UTC 2019] dns_entries
    [Fri Dec 27 15:36:53 UTC 2019] skip dns.
    [Fri Dec 27 15:36:53 UTC 2019] _on_issue_err
    [Fri Dec 27 15:36:53 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-271219-153645.log
    [Fri Dec 27 15:36:53 UTC 2019] _chk_vlist='domain.com#bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q#http-01#/home/nginx/domains/domain.com/public,'
    [Fri Dec 27 15:36:53 UTC 2019] start to deactivate authz
    [Fri Dec 27 15:36:53 UTC 2019] Trigger domain validation.
    [Fri Dec 27 15:36:53 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:53 UTC 2019] _t_key_authz='bnYdV2EbogJoNnXO1FlL9STHGhlLsRcGyNT0suntkNg.i-7yMcg0Ks4k4lHJR_esTU5-WsbJ7DnsKtn-JOG5up0'
    [Fri Dec 27 15:36:53 UTC 2019] _t_vtype
    [Fri Dec 27 15:36:53 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:53 UTC 2019] payload='{}'
    [Fri Dec 27 15:36:53 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Fri Dec 27 15:36:53 UTC 2019] Use _CACHED_NONCE='0001AxZpdWvK79q6Zr9Y6LjhbNOsHa3Pdy3-7_Bbfoi66tc'
    [Fri Dec 27 15:36:53 UTC 2019] nonce='0001AxZpdWvK79q6Zr9Y6LjhbNOsHa3Pdy3-7_Bbfoi66tc'
    [Fri Dec 27 15:36:53 UTC 2019] POST
    [Fri Dec 27 15:36:53 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1959343758/93Tf7Q'
    [Fri Dec 27 15:36:53 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxQXhacGRXdks3OXE2WnI5WTZMamhiTk9zSGEzUGR5My03X0JiZm9pNjZ0YyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTk1OTM0Mzc1OC85M1RmN1EiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzczMDQ2ODI4In0", "payload": "e30", "signature": "Luk9-kjQnHAZ6VJ-9jJ0H0-3OVij_7MXb5QtzJsyVUSvVzgeeLA44s6KB425ilr6arO7-eS_TNC0Vcg1wM-44chDuLD3BIZqyU6rBFc50YNQ4zbXQIx5ni5Gfq2zGSIeThf6Vfade6wZNThrN_mDhnJJ6sjve7Cf31jQyGBS0V7khYzDfSsk2BXPuOLOg0Osnit0GqPuO4B-jCN-dgOTRgAgSqnMOv3PbMLW1tNdeSa6OATamqQAZA-S17kJC2OAhkQR3XTC6IUhkeZhzf9FnccKa2Rn3m1rBJgoMShMRK-LjtDYLdNeKmnqQdQUET37G5Bgtpg1EFUsuRUh3jgezg"}'
    [Fri Dec 27 15:36:53 UTC 2019] _postContentType='application/jose+json'
    [Fri Dec 27 15:36:53 UTC 2019] Http already initialized.
    [Fri Dec 27 15:36:53 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Fri Dec 27 15:36:53 UTC 2019] _ret='0'
    [Fri Dec 27 15:36:53 UTC 2019] responseHeaders='HTTP/1.1 400 Bad Request
    Server: nginx
    Date: Fri, 27 Dec 2019 15:36:53 GMT
    Content-Type: application/problem+json
    Content-Length: 144
    Connection: keep-alive
    Boulder-Requester: 73046828
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0001ycTThgiBaqTuPX8KJRJMYM2WYU06prAZQG5aWc3B7Qw
    
    '
    [Fri Dec 27 15:36:53 UTC 2019] code='400'
    [Fri Dec 27 15:36:53 UTC 2019] original='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    [Fri Dec 27 15:36:53 UTC 2019] response='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    44,744
    10,201
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,810
    Local Time:
    2:42 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    what output do you get for command below
    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
     
  8. eva2000

    eva2000 Administrator Staff Member

    44,744
    10,201
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,810
    Local Time:
    2:42 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    what output do you get for command below
    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,744
    10,201
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,810
    Local Time:
    2:42 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    also has Centmin Mod's acemtools.sh/acme.sh ever been successful in auto renewing or issuing letsencrypt ssl certs when behind Cloudflare ?

    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from below 1, 2, 3 or 4 ?
      Code (Text):
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      
     
  10. yunos

    yunos Member

    107
    3
    18
    Aug 8, 2015
    Ratings:
    +12
    Local Time:
    6:42 PM
    1.8.0
    https://i.imgur.com/ZGmBD5y.png
    well it hasnt auto renewed yet becaus this server is less than 1 month old server
    but i get the same invalid response error when i go centmin menu
    2
    create letletsencrypt ssl
    22

    i always select 4 issue live cert with HTTPS default

    if i have cloudflare proxy active, it fails to generate SSL
    so before creating a new domain with letsencrypt ssl, i always disable cloudflare proxy before proceeding forward with the ssl creation
     
  11. eva2000

    eva2000 Administrator Staff Member

    44,744
    10,201
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,810
    Local Time:
    2:42 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    What cloudflare SSL mode you using ? if you have default Centmin Mod Nginx HTTPS, only Cloudflare Full SSL mode will work not Flexible SSL mode.

    But yes the first time at least when you create the domain with HTTPS default Nginx, Cloudflare can't be active if in Full mode or Flexible SSL. As Cloudflare in Flexible needs to communicate with non-https Nginx vhost which won't exist if you have Nginx HTTPS default and in Full mode needs to communicate with Nginx HTTPS vhost which won't exist yet.

    So 2 choices
    1. with Cloudflare Full SSL, create Nginx vhost with HTTPS default first without Cloudflare orange cloud proxy first on DNS record. Then once created enable Cloudflare orange cloud.
    2. or Cloudflare Flexible SSL, create Nginx vhost with selection for both HTTP + HTTPS first with Cloudflare orange cloud on DNS record allowing both http + https. Then once done, disable non-https vhost and change Cloudflare from Flexible SSL to Full SSL and then set non-http to https redirect.
     
    Last edited: Dec 29, 2019
  12. eva2000

    eva2000 Administrator Staff Member

    44,744
    10,201
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,810
    Local Time:
    2:42 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    It should autorenew then. The problem is first time letsencrypt setup behind cloudflare as outlined in previous post

    You can see example of how I setup Wordpress blog using centmin.sh menu option 22 and Cloudflare at https://servermanager.guide/122/how-to-install-wordpress-on-centmin-mod-lemp-stack-guide/ (with updated clarification when using Cloudflare)
     
  13. yunos

    yunos Member

    107
    3
    18
    Aug 8, 2015
    Ratings:
    +12
    Local Time:
    6:42 PM
    1.8.0
    Im using Cloudflare Strict mode but yes i didnt know the setup has to be without cloudflare by default. I will check at later date if auto renewal works with cloudflare proxy enabled thanks.