Learn about Centmin Mod LEMP Stack today
Register Now

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    @Mastergumble

    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      
    • Via addons/acmetool.sh ? which specific command ? examples
      Code (Text):
      ./acmetool.sh issue acme.domain.com
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com live
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com d
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com lived
      
    • What was order of steps you did ? Did you run centmin.sh menu option 2 first with letsencrypt ? Then did you run addons/acmetool.sh afterwards ?

    Centmin Mod Self-Signed SSL Fallback



    If you're seeing a Centmin Mod's self-signed ssl certificate instead of letsencrypt ssl certificate, then that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    Without the answers to above questions and logs, there is nothing to help troubleshoot.
     
  2. Mastergumble

    Mastergumble Premium Member Premium Member

    32
    5
    8
    Sep 29, 2016
    Ratings:
    +12
    Local Time:
    4:47 AM
    1.11.x
    10.x
    nginx vhost was already created, just issue domain and got this.

    did the same for a second domain and its working (now im confused)
     
  3. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    did you edit or remove staticfiles.conf include on problem domain's vhost config ? that contains the .well-know whitelisting to allow letsencrypt to validate domains. Without it, you get the error you get.
     
  4. Mastergumble

    Mastergumble Premium Member Premium Member

    32
    5
    8
    Sep 29, 2016
    Ratings:
    +12
    Local Time:
    4:47 AM
    1.11.x
    10.x
    Didn't touch on staticfiles.conf

    Code:
    [Sun Jul  2 23:28:50 UTC 2017] Lets find script dir.
    [Sun Jul  2 23:28:50 UTC 2017] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Sun Jul  2 23:28:50 UTC 2017] _script='/root/.acme.sh/acme.sh'
    [Sun Jul  2 23:28:50 UTC 2017] _script_home='/root/.acme.sh'
    [Sun Jul  2 23:28:50 UTC 2017] Using config home:/root/.acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] LE_WORKING_DIR='/root/.acme.sh'
    [Sun Jul  2 23:28:50 UTC 2017] Using config home:/root/.acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:50 UTC 2017] _ACME_SERVER_HOST='acme-staging.api.letsencrypt.org'
    [Sun Jul  2 23:28:50 UTC 2017] DOMAIN_PATH='/root/.acme.sh/domain.com'
    [Sun Jul  2 23:28:50 UTC 2017] Using ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:50 UTC 2017] _init api for server: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:50 UTC 2017] GET
    [Sun Jul  2 23:28:50 UTC 2017] url='https://acme-staging.api.letsencrypt.org/directory'
    [Sun Jul  2 23:28:50 UTC 2017] timeout
    [Sun Jul  2 23:28:50 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:51 UTC 2017] ret='0'
    [Sun Jul  2 23:28:51 UTC 2017] response='{
      "key-change": "https://acme-staging.api.letsencrypt.org/acme/key-change",
      "new-authz": "https://acme-staging.api.letsencrypt.org/acme/new-authz",
      "new-cert": "https://acme-staging.api.letsencrypt.org/acme/new-cert",
      "new-reg": "https://acme-staging.api.letsencrypt.org/acme/new-reg",
      "revoke-cert": "https://acme-staging.api.letsencrypt.org/acme/revoke-cert",
      "un3bOOhwUF0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
    }'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_KEY_CHANGE='https://acme-staging.api.letsencrypt.org/acme/key-change'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_AUTHZ='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_ORDER='https://acme-staging.api.letsencrypt.org/acme/new-cert'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_ACCOUNT='https://acme-staging.api.letsencrypt.org/acme/new-reg'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_REVOKE_CERT='https://acme-staging.api.letsencrypt.org/acme/revoke-cert'
    [Sun Jul  2 23:28:51 UTC 2017] Le_NextRenewTime
    [Sun Jul  2 23:28:51 UTC 2017] _on_before_issue
    [Sun Jul  2 23:28:51 UTC 2017] '/home/nginx/domains/domain.com/public' does not contain 'no'
    [Sun Jul  2 23:28:51 UTC 2017] Le_LocalAddress
    [Sun Jul  2 23:28:51 UTC 2017] Check for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:51 UTC 2017] Check for domain='www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:51 UTC 2017] '/home/nginx/domains/domain.com/public' does not contain 'apache'
    [Sun Jul  2 23:28:51 UTC 2017] _saved_account_key_hash='IPihEDqRc5JuZWvmoyqPjpcaonl9dcJpHz2UAyBW3K0='
    [Sun Jul  2 23:28:51 UTC 2017] _saved_account_key_hash is not changed, skip register account.
    [Sun Jul  2 23:28:51 UTC 2017] Read key length:2048
    [Sun Jul  2 23:28:51 UTC 2017] _createcsr
    [Sun Jul  2 23:28:51 UTC 2017] domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] domainlist='www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] csrkey='/root/.acme.sh/domain.com/domain.com.key'
    [Sun Jul  2 23:28:51 UTC 2017] csr='/root/.acme.sh/domain.com/domain.com.csr'
    [Sun Jul  2 23:28:51 UTC 2017] csrconf='/root/.acme.sh/domain.com/domain.com.csr.conf'
    [Sun Jul  2 23:28:51 UTC 2017] _is_idn_d='www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _idn_temp
    [Sun Jul  2 23:28:51 UTC 2017] domainlist='www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Multi domain='DNS:www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _is_idn_d='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _idn_temp
    [Sun Jul  2 23:28:51 UTC 2017] _csr_cn='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Getting domain auth token for each domain
    [Sun Jul  2 23:28:51 UTC 2017] Getting webroot for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _w='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:51 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:51 UTC 2017] Getting new-authz for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _init api for server: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:51 UTC 2017] ACME_KEY_CHANGE='https://acme-staging.api.letsencrypt.org/acme/key-change'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_AUTHZ='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_ORDER='https://acme-staging.api.letsencrypt.org/acme/new-cert'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_ACCOUNT='https://acme-staging.api.letsencrypt.org/acme/new-reg'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_REVOKE_CERT='https://acme-staging.api.letsencrypt.org/acme/revoke-cert'
    [Sun Jul  2 23:28:51 UTC 2017] Try new-authz for the 0 time.
    [Sun Jul  2 23:28:51 UTC 2017] _is_idn_d='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _idn_temp
    [Sun Jul  2 23:28:51 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:51 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "domain.com"}}'
    [Sun Jul  2 23:28:51 UTC 2017] RSA key
    [Sun Jul  2 23:28:51 UTC 2017] Get nonce. ACME_DIRECTORY='https://acme-staging.api.letsencrypt.org/directory'
    [Sun Jul  2 23:28:51 UTC 2017] GET
    [Sun Jul  2 23:28:51 UTC 2017] url='https://acme-staging.api.letsencrypt.org/directory'
    [Sun Jul  2 23:28:51 UTC 2017] timeout
    [Sun Jul  2 23:28:51 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:51 UTC 2017] ret='0'
    [Sun Jul  2 23:28:51 UTC 2017] _headers='HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/json
    Content-Length: 473
    Boulder-Request-Id: HICuy_mELref6n2yHxfH3moOWYi8biB2omSJ2MEVlBM
    Replay-Nonce: XsTbkMUmM-Dw6MnMdnon8HK8ZmMcRhSFfUvgNEs9n5A
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Sun, 02 Jul 2017 23:28:51 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:28:51 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:28:51 UTC 2017] _CACHED_NONCE='XsTbkMUmM-Dw6MnMdnon8HK8ZmMcRhSFfUvgNEs9n5A'
    [Sun Jul  2 23:28:51 UTC 2017] nonce='XsTbkMUmM-Dw6MnMdnon8HK8ZmMcRhSFfUvgNEs9n5A'
    [Sun Jul  2 23:28:51 UTC 2017] POST
    [Sun Jul  2 23:28:51 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:51 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICJYc1Ria01VbU0tRHc2TW5NZG5vbjhISzhabU1jUmhTRmZVdmdORXM5bjVBIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWF1dGh6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidDhEMjFkdDFnekRIb21ua0g3MU1JT3RWZXkxblBwbXM0bWFNSjNVMGlSdWQwMVRXNThuaHIwSXk4V0szY3ZqdGl6c2NpcUdpalU2SFhMN29fR2dZUXBaQlJSUzlOeW9oaEEtNlhObGk0RjR4RkVqSG5BSDJpdUNsTXZ3TThLMU5NTi1Cd3JNam5sN0pueDBVVFhZaTBIM2lDNklvWkJKbFV3ZUZPc0J2TkNwZVU3b3k4ak5TNzQzLUVrd21LTmhMUmtTT0tYM0ZDbTBEU1gyOUpycG1qdEZZT3h4ZlFDMXh3ZWkzMzJFZ3U4RTczU19YN2N2WVdSZTdneU5KNE01VERZcUg4aUlZOWE2d2FoUHpLNGM2Ql91eVQ4c2RYeWRxVEhadkg1RVJsbF84TGRKRmJlMzJ2Q2VVT2VQbmlZYm1tNXZ3bkJkQi1kTms4OUpCZ3BYZGp3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAidHJpbG9ieXRlLnB0In19", "signature": "ilPviuXP7nd5Q08JvP01lx68qY-1idSdvkMcdkk6Y8vfAEuZIERnz4zrUVJrszei-iNPDaj3i2HwPnrINFIxZZnuWv0kl26R88mPd1uxrZKqw4k-hntTTQ4CCjfvip6kY9sBFWk5UGmdhOHvGG6MtB72-elvyBRH8g-hEpItcajuGtLDDwNhyagFxSjRDyVOXRaRtp03BBcikh05VVn986TD2mZP_P_gT6Y_6DYfetBut4gKDX0BaBUJcoUJ1rwn77e--AuF3r-0mZkTuRN9Mz-SMdFpQfjZJL5VDjAGFlqch3Qdp-2Q01fw7xv4q1rnL5Jhm7JMHL0JGuCLLKDsOA"}'
    [Sun Jul  2 23:28:51 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:52 UTC 2017] _ret='0'
    [Sun Jul  2 23:28:52 UTC 2017] original='{
      "identifier": {
        "type": "dns",
        "value": "domain.com"
      },
      "status": "pending",
      "expires": "2017-07-09T23:28:52.193364919Z",
      "challenges": [
        {
          "type": "tls-sni-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487663",
          "token": "dgPhk73LmQKkn51ZmwK1DQOwsi4tzjUOJIj106N372Y"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487664",
          "token": "rhV3bh5wXmrQO275xAtrGHozpgLX89gV5sykxWrPwK4"
        },
        {
          "type": "http-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
          "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4"
        }
      ],
      "combinations": [
        [
          0
        ],
        [
          1
        ],
        [
          2
        ]
      ]
    }'
    [Sun Jul  2 23:28:52 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:28:52 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 201 Created
    Server: nginx
    Content-Type: application/json
    Content-Length: 1006
    Boulder-Request-Id: ojTOCBJlq_6vZsOgbR71dAdQsC_VwaD2g3dBgIciqno
    Boulder-Requester: 2784462
    Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
    Location: https://acme-staging.api.letsencrypt.org/acme/authz/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM
    Replay-Nonce: 21jqO2DC7s9D_wAIV6DAWyoezLTCvN2rJzn596SKpvo
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Sun, 02 Jul 2017 23:28:52 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:28:52 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:28:52 UTC 2017] response='{"identifier":{"type":"dns","value":"domain.com"},"status":"pending","expires":"2017-07-09T23:28:52.193364919Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487663","token":"dgPhk73LmQKkn51ZmwK1DQOwsi4tzjUOJIj106N372Y"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487664","token":"rhV3bh5wXmrQO275xAtrGHozpgLX89gV5sykxWrPwK4"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4"}],"combinations":[[0],[1],[2]]}'
    [Sun Jul  2 23:28:52 UTC 2017] code='201'
    [Sun Jul  2 23:28:52 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:52 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4"'
    [Sun Jul  2 23:28:52 UTC 2017] token='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4'
    [Sun Jul  2 23:28:52 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:52 UTC 2017] keyauthorization='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:28:52 UTC 2017] dvlist='domain.com#gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665#http-01#/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:52 UTC 2017] Getting webroot for domain='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] _w='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:52 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:52 UTC 2017] Getting new-authz for domain='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] _init api for server: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:52 UTC 2017] ACME_KEY_CHANGE='https://acme-staging.api.letsencrypt.org/acme/key-change'
    [Sun Jul  2 23:28:52 UTC 2017] ACME_NEW_AUTHZ='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:52 UTC 2017] ACME_NEW_ORDER='https://acme-staging.api.letsencrypt.org/acme/new-cert'
    [Sun Jul  2 23:28:52 UTC 2017] ACME_NEW_ACCOUNT='https://acme-staging.api.letsencrypt.org/acme/new-reg'
    [Sun Jul  2 23:28:52 UTC 2017] ACME_REVOKE_CERT='https://acme-staging.api.letsencrypt.org/acme/revoke-cert'
    [Sun Jul  2 23:28:52 UTC 2017] Try new-authz for the 0 time.
    [Sun Jul  2 23:28:52 UTC 2017] _is_idn_d='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] _idn_temp
    [Sun Jul  2 23:28:52 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:52 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.domain.com"}}'
    [Sun Jul  2 23:28:52 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Sun Jul  2 23:28:52 UTC 2017] Use _CACHED_NONCE='21jqO2DC7s9D_wAIV6DAWyoezLTCvN2rJzn596SKpvo'
    [Sun Jul  2 23:28:52 UTC 2017] nonce='21jqO2DC7s9D_wAIV6DAWyoezLTCvN2rJzn596SKpvo'
    [Sun Jul  2 23:28:52 UTC 2017] POST
    [Sun Jul  2 23:28:52 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:52 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICIyMWpxTzJEQzdzOURfd0FJVjZEQVd5b2V6TFRDdk4yckp6bjU5NlNLcHZvIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWF1dGh6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidDhEMjFkdDFnekRIb21ua0g3MU1JT3RWZXkxblBwbXM0bWFNSjNVMGlSdWQwMVRXNThuaHIwSXk4V0szY3ZqdGl6c2NpcUdpalU2SFhMN29fR2dZUXBaQlJSUzlOeW9oaEEtNlhObGk0RjR4RkVqSG5BSDJpdUNsTXZ3TThLMU5NTi1Cd3JNam5sN0pueDBVVFhZaTBIM2lDNklvWkJKbFV3ZUZPc0J2TkNwZVU3b3k4ak5TNzQzLUVrd21LTmhMUmtTT0tYM0ZDbTBEU1gyOUpycG1qdEZZT3h4ZlFDMXh3ZWkzMzJFZ3U4RTczU19YN2N2WVdSZTdneU5KNE01VERZcUg4aUlZOWE2d2FoUHpLNGM2Ql91eVQ4c2RYeWRxVEhadkg1RVJsbF84TGRKRmJlMzJ2Q2VVT2VQbmlZYm1tNXZ3bkJkQi1kTms4OUpCZ3BYZGp3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAid3d3LnRyaWxvYnl0ZS5wdCJ9fQ", "signature": "QHwbpr0nMG4uWRhKbVNWcK0-OxSMTQhQINyF90nGB3_Zaw06N5lx1pf5wQtaPmZxRsIvFbsrTtSM7_O4EOlocJQrPaF6EvqURHxN0uuKSedGvX978gubKJtm2QHG9bbqPoJZ-tr2Pfl_kSqDhezpij9-wu-h_5YDn2uYWji1J9OfOmhrQlFhp8niz6Pn8ZVQvuO4RfdhNDX-I7GHiKZJyLZaNXAj5AJlhSxroK1guZWAOUMv3D45NeG2ILmuedlUoD1N6UBHtfqFc3gT9B7gLE50-NncFI5SYKVTj4GofX_EYZ0uEeLKD9r_nb4q757sOullxcld7JwSH7FFdw2NsQ"}'
    [Sun Jul  2 23:28:52 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:53 UTC 2017] _ret='0'
    [Sun Jul  2 23:28:53 UTC 2017] original='{
      "identifier": {
        "type": "dns",
        "value": "www.domain.com"
      },
      "status": "pending",
      "expires": "2017-07-09T23:28:53.066398155Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666",
          "token": "miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U"
        },
        {
          "type": "tls-sni-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487667",
          "token": "fTNzJw8m1wDKUifAF4iBzqBG4DxGyjD1HOmxI5wXL7c"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487668",
          "token": "Y34gY5imwRyjF_y7NePdKC2guwl0pqF4Fa5CA2TneBg"
        }
      ],
      "combinations": [
        [
          2
        ],
        [
          1
        ],
        [
          0
        ]
      ]
    }'
    [Sun Jul  2 23:28:53 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:28:52 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 201 Created
    Server: nginx
    Content-Type: application/json
    Content-Length: 1010
    Boulder-Request-Id: wPmn0bRh6S1G7xGBgQpqyYrOWTiVxVJwb3QgVwvkGNw
    Boulder-Requester: 2784462
    Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
    Location: https://acme-staging.api.letsencrypt.org/acme/authz/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo
    Replay-Nonce: ZQiY4dzE9AjKBUcXVaTH-UVJQV-m6Ph9Ogis4LlqjCM
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Sun, 02 Jul 2017 23:28:53 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:28:53 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:28:53 UTC 2017] response='{"identifier":{"type":"dns","value":"www.domain.com"},"status":"pending","expires":"2017-07-09T23:28:53.066398155Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666","token":"miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487667","token":"fTNzJw8m1wDKUifAF4iBzqBG4DxGyjD1HOmxI5wXL7c"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487668","token":"Y34gY5imwRyjF_y7NePdKC2guwl0pqF4Fa5CA2TneBg"}],"combinations":[[2],[1],[0]]}'
    [Sun Jul  2 23:28:53 UTC 2017] code='201'
    [Sun Jul  2 23:28:53 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:53 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666","token":"miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U"'
    [Sun Jul  2 23:28:53 UTC 2017] token='miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U'
    [Sun Jul  2 23:28:53 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666'
    [Sun Jul  2 23:28:53 UTC 2017] keyauthorization='miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:28:53 UTC 2017] dvlist='www.domain.com#miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666#http-01#/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:53 UTC 2017] vlist='domain.com#gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665#http-01#/home/nginx/domains/domain.com/public,www.domain.com#miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666#http-01#/home/nginx/domains/domain.com/public,'
    [Sun Jul  2 23:28:53 UTC 2017] ok, let's start to verify
    [Sun Jul  2 23:28:53 UTC 2017] Verifying:domain.com
    [Sun Jul  2 23:28:53 UTC 2017] d='domain.com'
    [Sun Jul  2 23:28:53 UTC 2017] keyauthorization='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:28:53 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:53 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:53 UTC 2017] wellknown_path='/home/nginx/domains/domain.com/public/.well-known/acme-challenge'
    [Sun Jul  2 23:28:53 UTC 2017] writing token:gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4 to /home/nginx/domains/domain.com/public/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4
    [Sun Jul  2 23:28:53 UTC 2017] Changing owner/group of .well-known to nginx:nginx
    [Sun Jul  2 23:28:53 UTC 2017] tigger domain validation.
    [Sun Jul  2 23:28:53 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:53 UTC 2017] _t_key_authz='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:28:53 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:53 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:28:53 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Sun Jul  2 23:28:53 UTC 2017] Use _CACHED_NONCE='ZQiY4dzE9AjKBUcXVaTH-UVJQV-m6Ph9Ogis4LlqjCM'
    [Sun Jul  2 23:28:53 UTC 2017] nonce='ZQiY4dzE9AjKBUcXVaTH-UVJQV-m6Ph9Ogis4LlqjCM'
    [Sun Jul  2 23:28:53 UTC 2017] POST
    [Sun Jul  2 23:28:53 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:53 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICJaUWlZNGR6RTlBaktCVWNYVmFUSC1VVkpRVi1tNlBoOU9naXM0TGxxakNNIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL25YMU8xbVVZVVBLRDlLSVNQV1dsYVNnanJMWG4tdUoyUWZLeTRRY20xYk0vNDY0ODc2NjUiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ0OEQyMWR0MWd6REhvbW5rSDcxTUlPdFZleTFuUHBtczRtYU1KM1UwaVJ1ZDAxVFc1OG5ocjBJeThXSzNjdmp0aXpzY2lxR2lqVTZIWEw3b19HZ1lRcFpCUlJTOU55b2hoQS02WE5saTRGNHhGRWpIbkFIMml1Q2xNdndNOEsxTk1OLUJ3ck1qbmw3Sm54MFVUWFlpMEgzaUM2SW9aQkpsVXdlRk9zQnZOQ3BlVTdveThqTlM3NDMtRWt3bUtOaExSa1NPS1gzRkNtMERTWDI5SnJwbWp0RllPeHhmUUMxeHdlaTMzMkVndThFNzNTX1g3Y3ZZV1JlN2d5Tko0TTVURFlxSDhpSVk5YTZ3YWhQeks0YzZCX3V5VDhzZFh5ZHFUSFp2SDVFUmxsXzhMZEpGYmUzMnZDZVVPZVBuaVlibW01dnduQmRCLWROazg5SkJncFhkancifX0", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJnUTlaZkxTS0RzNzFwMnhkV041RkRCX2l6U1RiSnVQYjVrd0V1ZzYtZ240Lm9NOVlQSXNtOFVIVGlYVnNXdG0tZ1dKWFBBSDd1T2V5ekRJMVBneldSYlEifQ", "signature": "VmLnmgO2KamsW94X_fuQX2d8HvFHDxHCMAMFdFiER-FfB9PECQggEyBXtjslPPAPEjgbbQg6FbvhrbFTKifaWNIIop1Vjhx8ScbMrKAwuZL-wnaaggzY6qTh8BJv7JOeZtsb2iQ1OwIgwArrPsasizkZMlD9wALb-5Wio6iCMDm8EIu1GS8CBh8ARujoKsvv1wBlRTVk6YIk-m55cu813fUmDJNSbcWwlPeU_sOcm1UyoyrB74KS40itYtOjBo88csGlLhGttt6OVl-7DamwbGYutkFZC2A7O7YaSgBj-iNXQuN7ZW8rhLlfz5uHZx0qBjlW5XhbicguiZhXm7EivA"}'
    [Sun Jul  2 23:28:53 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:54 UTC 2017] _ret='0'
    [Sun Jul  2 23:28:54 UTC 2017] original='{
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
      "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
      "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"
    }'
    [Sun Jul  2 23:28:54 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:28:53 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 202 Accepted
    Server: nginx
    Content-Type: application/json
    Content-Length: 338
    Boulder-Request-Id: rc0h5w4xTwMuyRh7EYez-GI4EWMRz1ucZzqwKTj5U_o
    Boulder-Requester: 2784462
    Link: <https://acme-staging.api.letsencrypt.org/acme/authz/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM>;rel="up"
    Location: https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665
    Replay-Nonce: Jzu1wNwwBLAaZNaCtX0FQkg2Y-zS-9hJcBYWgP_4Ois
    Expires: Sun, 02 Jul 2017 23:28:54 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:28:54 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:28:54 UTC 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","keyAuthorization":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:28:54 UTC 2017] code='202'
    [Sun Jul  2 23:28:54 UTC 2017] sleep 2 secs to verify
    [Sun Jul  2 23:28:56 UTC 2017] checking
    [Sun Jul  2 23:28:56 UTC 2017] GET
    [Sun Jul  2 23:28:56 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:56 UTC 2017] timeout
    [Sun Jul  2 23:28:56 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:56 UTC 2017] ret='0'
    [Sun Jul  2 23:28:56 UTC 2017] original='{
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
      "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
      "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"
    }'
    [Sun Jul  2 23:28:56 UTC 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","keyAuthorization":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:28:56 UTC 2017] Pending
    [Sun Jul  2 23:28:56 UTC 2017] sleep 2 secs to verify
    [Sun Jul  2 23:28:58 UTC 2017] checking
    [Sun Jul  2 23:28:58 UTC 2017] GET
    [Sun Jul  2 23:28:58 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:58 UTC 2017] timeout
    [Sun Jul  2 23:28:58 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:58 UTC 2017] ret='0'
    [Sun Jul  2 23:28:58 UTC 2017] original='{
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
      "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
      "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"
    }'
    [Sun Jul  2 23:28:58 UTC 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","keyAuthorization":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:28:58 UTC 2017] Pending
    [Sun Jul  2 23:28:58 UTC 2017] sleep 2 secs to verify
    [Sun Jul  2 23:29:00 UTC 2017] checking
    [Sun Jul  2 23:29:00 UTC 2017] GET
    [Sun Jul  2 23:29:00 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:29:00 UTC 2017] timeout
    [Sun Jul  2 23:29:00 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:29:00 UTC 2017] ret='0'
    [Sun Jul  2 23:29:00 UTC 2017] original='{
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:connection",
        "detail": "Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout",
        "status": 400
      },
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
      "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
      "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ",
      "validationRecord": [
        {
          "url": "http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
          "hostname": "domain.com",
          "port": "80",
          "addressesResolved": [
            "147.135.136.156",
            "2001:41d0:1008:283f::1"
          ],
          "addressUsed": "2001:41d0:1008:283f::1",
          "addressesTried": []
        }
      ]
    }'
    [Sun Jul  2 23:29:00 UTC 2017] response='{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout","status": 400},"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","keyAuthorization":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ","validationRecord":[{"url":"http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","hostname":"domain.com","port":"80","addressesResolved":["147.135.136.156","2001:41d0:1008:283f::1"],"addressUsed":"2001:41d0:1008:283f::1","addressesTried":[]}]}'
    [Sun Jul  2 23:29:00 UTC 2017] error='"error":{"type":"urn:acme:error:connection","detail":"Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout","status": 400'
    [Sun Jul  2 23:29:00 UTC 2017] errordetail='Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout'
    [Sun Jul  2 23:29:00 UTC 2017] domain.com:Verify error:Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout
    [Sun Jul  2 23:29:00 UTC 2017] pid
    [Sun Jul  2 23:29:00 UTC 2017] No need to restore nginx, skip.
    [Sun Jul  2 23:29:00 UTC 2017] _clearupdns
    [Sun Jul  2 23:29:00 UTC 2017] skip dns.
    [Sun Jul  2 23:29:00 UTC 2017] _on_issue_err
    [Sun Jul  2 23:29:00 UTC 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-020717-232844.log
    [Sun Jul  2 23:29:00 UTC 2017] _chk_vlist='domain.com#gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665#http-01#/home/nginx/domains/domain.com/public,www.domain.com#miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666#http-01#/home/nginx/domains/domain.com/public,'
    [Sun Jul  2 23:29:00 UTC 2017] start to deactivate authz
    [Sun Jul  2 23:29:00 UTC 2017] tigger domain validation.
    [Sun Jul  2 23:29:00 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:29:00 UTC 2017] _t_key_authz='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:29:00 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:29:00 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:29:00 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Sun Jul  2 23:29:00 UTC 2017] Use _CACHED_NONCE='Jzu1wNwwBLAaZNaCtX0FQkg2Y-zS-9hJcBYWgP_4Ois'
    [Sun Jul  2 23:29:00 UTC 2017] nonce='Jzu1wNwwBLAaZNaCtX0FQkg2Y-zS-9hJcBYWgP_4Ois'
    [Sun Jul  2 23:29:00 UTC 2017] POST
    [Sun Jul  2 23:29:00 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:29:00 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICJKenUxd053d0JMQWFaTmFDdFgwRlFrZzJZLXpTLTloSmNCWVdnUF80T2lzIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL25YMU8xbVVZVVBLRDlLSVNQV1dsYVNnanJMWG4tdUoyUWZLeTRRY20xYk0vNDY0ODc2NjUiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ0OEQyMWR0MWd6REhvbW5rSDcxTUlPdFZleTFuUHBtczRtYU1KM1UwaVJ1ZDAxVFc1OG5ocjBJeThXSzNjdmp0aXpzY2lxR2lqVTZIWEw3b19HZ1lRcFpCUlJTOU55b2hoQS02WE5saTRGNHhGRWpIbkFIMml1Q2xNdndNOEsxTk1OLUJ3ck1qbmw3Sm54MFVUWFlpMEgzaUM2SW9aQkpsVXdlRk9zQnZOQ3BlVTdveThqTlM3NDMtRWt3bUtOaExSa1NPS1gzRkNtMERTWDI5SnJwbWp0RllPeHhmUUMxeHdlaTMzMkVndThFNzNTX1g3Y3ZZV1JlN2d5Tko0TTVURFlxSDhpSVk5YTZ3YWhQeks0YzZCX3V5VDhzZFh5ZHFUSFp2SDVFUmxsXzhMZEpGYmUzMnZDZVVPZVBuaVlibW01dnduQmRCLWROazg5SkJncFhkancifX0", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJnUTlaZkxTS0RzNzFwMnhkV041RkRCX2l6U1RiSnVQYjVrd0V1ZzYtZ240Lm9NOVlQSXNtOFVIVGlYVnNXdG0tZ1dKWFBBSDd1T2V5ekRJMVBneldSYlEifQ", "signature": "P79c8Y6hvq9PjUoT2BfVtUDcTiqFlNPGbCvjF3p6N-bA0LPaVXpdxeZWG93sOjfcfBEXP0fJpC6wclWETSnNuE8zXWwmcLkbFY0pPe1kXF79ATHtgB_bq_B96OAPS2BQmQD0DcB_fx_tcJ9TXIWKvV-CTQOkRgz5WH34ZYyBFViPosLY8jxPrVR68ZPSiVNWmQE37uStGOfWGez4NX1EVCwUIv5lBcDJhXOr1PcRKq5eJR4v_ATJ_Sz9eDc8CNLHSH8ljhKK5Vdmhus9j7T43buI-TN7MqNTUnGE_dd12BpQnNoy_HTacY6-Ec_9ILNq1fo7uNMMjQDXVMzIpULyFw"}'
    [Sun Jul  2 23:29:00 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:29:01 UTC 2017] _ret='0'
    [Sun Jul  2 23:29:01 UTC 2017] original='{
      "type": "urn:acme:error:malformed",
      "detail": "Unable to update challenge :: The challenge is not pending.",
      "status": 400
    }'
    [Sun Jul  2 23:29:01 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:29:01 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 400 Bad Request
    Server: nginx
    Content-Type: application/problem+json
    Content-Length: 132
    Boulder-Request-Id: XaL6finGsnrgSB6WFQlPeD7-E9qiKJferyByu6QLSDs
    Boulder-Requester: 2784462
    Replay-Nonce: 4NAKCSPIUW_HikkVxnNpGS5kRcBaL1MWoQWsDlqxR28
    Expires: Sun, 02 Jul 2017 23:29:01 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:29:01 GMT
    Connection: close
    
    '
    [Sun Jul  2 23:29:01 UTC 2017] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: The challenge is not pending.","status": 400}'
    [Sun Jul  2 23:29:01 UTC 2017] code='400'
    [Sun Jul  2 23:29:01 UTC 2017] tigger domain validation.
    [Sun Jul  2 23:29:01 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666'
    [Sun Jul  2 23:29:01 UTC 2017] _t_key_authz='miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:29:01 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666'
    [Sun Jul  2 23:29:01 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:29:01 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Sun Jul  2 23:29:01 UTC 2017] Use _CACHED_NONCE='4NAKCSPIUW_HikkVxnNpGS5kRcBaL1MWoQWsDlqxR28'
    [Sun Jul  2 23:29:01 UTC 2017] nonce='4NAKCSPIUW_HikkVxnNpGS5kRcBaL1MWoQWsDlqxR28'
    [Sun Jul  2 23:29:01 UTC 2017] POST
    [Sun Jul  2 23:29:01 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666'
    [Sun Jul  2 23:29:01 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICI0TkFLQ1NQSVVXX0hpa2tWeG5OcEdTNWtSY0JhTDFNV29RV3NEbHF4UjI4IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL3NQUW9JaHc2X1FJRTZFY2NUN3FLandGaWZaRjFJckRtalhPcVlJM2FVQ28vNDY0ODc2NjYiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ0OEQyMWR0MWd6REhvbW5rSDcxTUlPdFZleTFuUHBtczRtYU1KM1UwaVJ1ZDAxVFc1OG5ocjBJeThXSzNjdmp0aXpzY2lxR2lqVTZIWEw3b19HZ1lRcFpCUlJTOU55b2hoQS02WE5saTRGNHhGRWpIbkFIMml1Q2xNdndNOEsxTk1OLUJ3ck1qbmw3Sm54MFVUWFlpMEgzaUM2SW9aQkpsVXdlRk9zQnZOQ3BlVTdveThqTlM3NDMtRWt3bUtOaExSa1NPS1gzRkNtMERTWDI5SnJwbWp0RllPeHhmUUMxeHdlaTMzMkVndThFNzNTX1g3Y3ZZV1JlN2d5Tko0TTVURFlxSDhpSVk5YTZ3YWhQeks0YzZCX3V5VDhzZFh5ZHFUSFp2SDVFUmxsXzhMZEpGYmUzMnZDZVVPZVBuaVlibW01dnduQmRCLWROazg5SkJncFhkancifX0", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJtaWFONFdCZlZZWUx4YkJTeFFZUlFNX21PdFFJX0c1Q2lwZkFBbjVUUjRVLm9NOVlQSXNtOFVIVGlYVnNXdG0tZ1dKWFBBSDd1T2V5ekRJMVBneldSYlEifQ", "signature": "gezg-UTai0IDeIoOsb6Mr1Zr4wBhVcTKkORk9IP8EWNiOhfw9iixM8E_lwtU9mFd5cVEGVAeFc-7yTtYec7-Wp9EhNhM8Y-bQwgxgZRMIdjtR5IkiERYpaJOcm9f1u3_L5cW7Ii7J8-vV9_rk97lMguO7DSryELlpzTQvHNZ9r2Fg4WK2SHbsGJDJdi8yvU8kJVxg4Vupdz7Qp6vrtQmRLfumpD_2WGzA2RXxHkxnOUsPh_cjOVan7Ciau2w0z0r7SOjRB7Ah-DA81-aCsTv_VvZZfGK97_QDQ5aVgPFxjQAWO8lTUbsOxLdqGU6XsDMeRU-vwelMI0DIDb-zOCcjg"}'
    [Sun Jul  2 23:29:01 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:29:02 UTC 2017] _ret='0'
    [Sun Jul  2 23:29:02 UTC 2017] original='{
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666",
      "token": "miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U",
      "keyAuthorization": "miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"
    }'
    [Sun Jul  2 23:29:02 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:29:02 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 202 Accepted
    Server: nginx
    Content-Type: application/json
    Content-Length: 338
    Boulder-Request-Id: bV30xx8J6YsilcoQPf2EAkGsBWfGpa66oNkA1EFFCHE
    Boulder-Requester: 2784462
    Link: <https://acme-staging.api.letsencrypt.org/acme/authz/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo>;rel="up"
    Location: https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666
    Replay-Nonce: mTWtNam-m2RUWMohtonEKIw0rBrdqBQe_dn-2D_yWms
    Expires: Sun, 02 Jul 2017 23:29:02 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:29:02 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:29:02 UTC 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666","token":"miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U","keyAuthorization":"miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:29:02 UTC 2017] code='202'
    [Sun Jul  2 23:56:17 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
    [Sun Jul  2 23:56:17 UTC 2017] Installing to /root/.acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] Installed to /root/.acme.sh/acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] Using config home:/root/.acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
    [Sun Jul  2 23:56:17 UTC 2017] options='/^export LE_CONFIG_HOME/d'
    [Sun Jul  2 23:56:17 UTC 2017] Using sed  -i
    [Sun Jul  2 23:56:17 UTC 2017] Found profile: /root/.bashrc
    [Sun Jul  2 23:56:17 UTC 2017] Installing alias to '/root/.bashrc'
    [Sun Jul  2 23:56:17 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] Installing alias to '/root/.cshrc'
    [Sun Jul  2 23:56:17 UTC 2017] options='/^setenv LE_CONFIG_HOME/d'
    [Sun Jul  2 23:56:17 UTC 2017] Using sed  -i
    [Sun Jul  2 23:56:17 UTC 2017] Installing alias to '/root/.tcshrc'
    [Sun Jul  2 23:56:17 UTC 2017] Using config home:/root/.acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
    [Sun Jul  2 23:56:17 UTC 2017] Installing cron job
    [Sun Jul  2 23:56:17 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
    [Sun Jul  2 23:56:17 UTC 2017] OK
    

    Code:
    [1;32;40m-----------------------------------------------------
    (B[mupdating acme.sh client...
    [1;32;40m-----------------------------------------------------
    (B[m[Sun Jul  2 23:28:50 UTC 2017] Installing to /root/.acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] Installed to /root/.acme.sh/acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] Installing alias to '/root/.bashrc'
    [Sun Jul  2 23:28:50 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] Installing alias to '/root/.cshrc'
    [Sun Jul  2 23:28:50 UTC 2017] Installing alias to '/root/.tcshrc'
    [Sun Jul  2 23:28:50 UTC 2017] Installing cron job
    30 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Sun Jul  2 23:28:50 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
    [Sun Jul  2 23:28:50 UTC 2017] OK
    https://github.com/Neilpang/acme.sh
    v2.7.3
    [1;32;40m-----------------------------------------------------
    (B[macme.sh updated
    [1;32;40m-----------------------------------------------------
    (B[mgrep 'root' /usr/local/nginx/conf/conf.d/domain.com.conf
      root /home/nginx/domains/domain.com/public;
    grep 'root' /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
      root /home/nginx/domains/domain.com/public;
    
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for domain.com
    -----------------------------------------------------------
    testcert value =
    /root/.acme.sh/acme.sh --staging --issue -d domain.com -d www.domain.com --days 60 -w /home/nginx/domains/domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-020717-232844.log --log-level 2
    [Sun Jul  2 23:28:50 UTC 2017] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:51 UTC 2017] Multi domain='DNS:www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Getting domain auth token for each domain
    [Sun Jul  2 23:28:51 UTC 2017] Getting webroot for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Getting new-authz for domain='domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:52 UTC 2017] Getting webroot for domain='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] Getting new-authz for domain='www.domain.com'
    [Sun Jul  2 23:28:53 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:53 UTC 2017] Verifying:domain.com
    [Sun Jul  2 23:28:56 UTC 2017] Pending
    [Sun Jul  2 23:28:58 UTC 2017] Pending
    [Sun Jul  2 23:29:00 UTC 2017] domain.com:Verify error:Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout
    [Sun Jul  2 23:29:00 UTC 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-020717-232844.log
    LECHECK = 1
    
    log files saved at /root/centminlogs
    -rw-r--r--. 1 root root  40K Jul  2 23:29 acmetool.sh-debug-log-020717-232844.log
    -rw-r--r--. 1 root root 2.9K Jul  2 23:29 acmesh-issue_020717-232844.log
    
    
    


    Code:
        # prepare for letsencrypt
        # https://community.centminmod.com/posts/17774/
        location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers    "Content-Type: text/plain"; } }
    
        location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
        gzip_static off;
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        access_log off;
        expires 30d;
        break;
            }
    
        location ~* \.(js)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        access_log off;
        expires 30d;
        break;
            }
    
        location ~* \.(css)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        access_log off;
        expires 30d;
        break;
            }
    
        location ~* \.(html|htm|txt)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 1d;
        break;
            }
    
        location ~* \.(eot|svg|ttf|woff|woff2)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;
        break;
            }
     
  5. Mastergumble

    Mastergumble Premium Member Premium Member

    32
    5
    8
    Sep 29, 2016
    Ratings:
    +12
    Local Time:
    4:47 AM
    1.11.x
    10.x
    erm...

    Found it!

    Forgot one bad AAAA record >.<
     
  6. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    ah yes if you're server is setup to use and prefer IPv6 and domain vhost is configured for IPv6 then working AAAA DNS record would be needed :)
     
    • Like Like x 1
  7. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    acmetool.sh 1.0.34 update to fix https default 302 redirect to use vhost domain name instead of variable $server_name

    so instead of http to https 302 redirect like
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name newdomain.com www.newdomain.com;
       return 302 https://$server_name$request_uri;
     }
    

    updated addons/acmetool.sh 1.0.34 configures it as below replacing return 302 redirect $server_name to the actual domain name
    http to https 302 redirect like
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name newdomain.com www.newdomain.com;
       return 302 https://newdomain.com$request_uri;
     }
    
     
  8. arlon

    arlon Member

    91
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    10:47 AM
    1.13.6
    10.1
    How to issue a live real Letsencrypt SSL certificate + make HTTPS default with HTTP to HTTPS with WWW redirect configured

    To issue a live real Letsencrypt SSL certificate + make HTTPS default with HTTP to HTTPS redirect configured
    PHP:
    ./acmetool.sh issue acme.domain.com lived
     
  9. arlon

    arlon Member

    91
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    10:47 AM
    1.13.6
    10.1
    i succesfully install letsencrypt but it give error when i access my site using www
    why doesn't certificate cover domain with WWW as well?
     
  10. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    1 site with 1 ssl cert so subdomain is only for subdomain only main domain covers www version by design for domain validated ssl certs
     
  11. digij

    digij New Member

    12
    3
    3
    Jan 25, 2018
    Ratings:
    +5
    Local Time:
    4:47 AM
    Several other guides reference to this thread when it comes to obtaining a SSL certificate.

    I read in the (updated) OP that acmetool.sh is only recommended for testing purposes, not for live systems. Has this changed meanwhile (in other guides I don't see any beta testing note)?
     
  12. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    There's generally 2 ways of setting up HTTPS SSL certificate for letsencrypt. Latest status is, it can be used in production - I do on all my servers but yes still beta testing especially for more advanced mods of addons/acmetool.sh usage as in development is ongoing mainly as not all scenarios can be tested for by myself and require other user's feedback and that isn't as abundant as I hope for.

    Method 1. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 2. Fully manual method for free Letsencrypt SSL certificates. This is pretty solid and works well.
     
    • Like Like x 1
  13. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Working on some graphics to illustrate setting up HTTP/2 HTTPS Default Centmin Mod Nginx vhost site :)

    acmetool.sh-01.png
    acmetool.sh-02.png acmetool.sh-03.png acmetool.sh-04.png acmetool.sh-05.png
     
  14. rdan

    rdan Premium Member Premium Member

    4,301
    1,040
    113
    May 25, 2014
    Ratings:
    +1,499
    Local Time:
    11:47 AM
    Mainline
    10.2
    Why does it needs FTP username?
     
  15. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +530
    Local Time:
    6:47 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    I want to recommend for Let's encrypt setup at the end to have a notification that the https vhost configuration must be done again.

    As i enable it on one of my domains and i got 404 and didn't know why as it was ok and then i notice that i had a new https host with none of my edits ....

    So i add my edits and all was ok :)
     
  16. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    nv command creates a new nginx vhost from scratch and that has pure-ftpd username attached to creation process just like centmin.sh menu option 2 and 22
    you mean for existing vhost switching to letsencrypt https as per step 7 of Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates ?
     
    • Informative Informative x 1
  17. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +530
    Local Time:
    6:47 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Not exactly as i didn't have an https vhost at all....

    But i think in any case that an https vhost is created from scratch.....

    For example enabling https and a new file created for https then it should not have enable for example:

    But in any case that the https vhost pre exist then the notification is not needed at all as the user can do that changes before the Let's encrypt activation.....

    But in my case i didn't had this file and got a brand new with all default settings and the result was a 404 error that is normal but for a few seconds didn't know why.....

    That's why i am asking about a notification in that case only.... :)
     
  18. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    not sure i understand all vhosts https or non-https come with try_files commented out by default so all vhosts would need users to edit their vhosts for their web app rules.
     
  19. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +530
    Local Time:
    6:47 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Yes i know but if you have a domain with a simple http vhost as you may didn't want to generate back then an https vhost and you already did all the changes that you want and all works great when you activate Let's encrypt it will auto create an https vhost and the site will not work until the edits be in place for it......

    Ok it is not important at all but ok .... you can ignore that request not big deal :)
     
  20. eva2000

    eva2000 Administrator Staff Member

    36,374
    7,985
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,294
    Local Time:
    1:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah that's what step 7 of Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates is for
     
..