Welcome to Centmin Mod Community
Register Now

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    @Mastergumble

    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      
    • Via addons/acmetool.sh ? which specific command ? examples
      Code (Text):
      ./acmetool.sh issue acme.domain.com
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com live
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com d
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com lived
      
    • What was order of steps you did ? Did you run centmin.sh menu option 2 first with letsencrypt ? Then did you run addons/acmetool.sh afterwards ?

    Centmin Mod Self-Signed SSL Fallback



    If you're seeing a Centmin Mod's self-signed ssl certificate instead of letsencrypt ssl certificate, then that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    Without the answers to above questions and logs, there is nothing to help troubleshoot.
     
  2. Mastergumble

    Mastergumble New Member

    21
    5
    3
    Sep 29, 2016
    Ratings:
    +8
    Local Time:
    10:37 AM
    1.11.x
    10.x
    nginx vhost was already created, just issue domain and got this.

    did the same for a second domain and its working (now im confused)
     
  3. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    did you edit or remove staticfiles.conf include on problem domain's vhost config ? that contains the .well-know whitelisting to allow letsencrypt to validate domains. Without it, you get the error you get.
     
  4. Mastergumble

    Mastergumble New Member

    21
    5
    3
    Sep 29, 2016
    Ratings:
    +8
    Local Time:
    10:37 AM
    1.11.x
    10.x
    Didn't touch on staticfiles.conf

    Code:
    [Sun Jul  2 23:28:50 UTC 2017] Lets find script dir.
    [Sun Jul  2 23:28:50 UTC 2017] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Sun Jul  2 23:28:50 UTC 2017] _script='/root/.acme.sh/acme.sh'
    [Sun Jul  2 23:28:50 UTC 2017] _script_home='/root/.acme.sh'
    [Sun Jul  2 23:28:50 UTC 2017] Using config home:/root/.acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] LE_WORKING_DIR='/root/.acme.sh'
    [Sun Jul  2 23:28:50 UTC 2017] Using config home:/root/.acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:50 UTC 2017] _ACME_SERVER_HOST='acme-staging.api.letsencrypt.org'
    [Sun Jul  2 23:28:50 UTC 2017] DOMAIN_PATH='/root/.acme.sh/domain.com'
    [Sun Jul  2 23:28:50 UTC 2017] Using ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:50 UTC 2017] _init api for server: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:50 UTC 2017] GET
    [Sun Jul  2 23:28:50 UTC 2017] url='https://acme-staging.api.letsencrypt.org/directory'
    [Sun Jul  2 23:28:50 UTC 2017] timeout
    [Sun Jul  2 23:28:50 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:51 UTC 2017] ret='0'
    [Sun Jul  2 23:28:51 UTC 2017] response='{
      "key-change": "https://acme-staging.api.letsencrypt.org/acme/key-change",
      "new-authz": "https://acme-staging.api.letsencrypt.org/acme/new-authz",
      "new-cert": "https://acme-staging.api.letsencrypt.org/acme/new-cert",
      "new-reg": "https://acme-staging.api.letsencrypt.org/acme/new-reg",
      "revoke-cert": "https://acme-staging.api.letsencrypt.org/acme/revoke-cert",
      "un3bOOhwUF0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
    }'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_KEY_CHANGE='https://acme-staging.api.letsencrypt.org/acme/key-change'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_AUTHZ='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_ORDER='https://acme-staging.api.letsencrypt.org/acme/new-cert'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_ACCOUNT='https://acme-staging.api.letsencrypt.org/acme/new-reg'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_REVOKE_CERT='https://acme-staging.api.letsencrypt.org/acme/revoke-cert'
    [Sun Jul  2 23:28:51 UTC 2017] Le_NextRenewTime
    [Sun Jul  2 23:28:51 UTC 2017] _on_before_issue
    [Sun Jul  2 23:28:51 UTC 2017] '/home/nginx/domains/domain.com/public' does not contain 'no'
    [Sun Jul  2 23:28:51 UTC 2017] Le_LocalAddress
    [Sun Jul  2 23:28:51 UTC 2017] Check for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:51 UTC 2017] Check for domain='www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:51 UTC 2017] '/home/nginx/domains/domain.com/public' does not contain 'apache'
    [Sun Jul  2 23:28:51 UTC 2017] _saved_account_key_hash='IPihEDqRc5JuZWvmoyqPjpcaonl9dcJpHz2UAyBW3K0='
    [Sun Jul  2 23:28:51 UTC 2017] _saved_account_key_hash is not changed, skip register account.
    [Sun Jul  2 23:28:51 UTC 2017] Read key length:2048
    [Sun Jul  2 23:28:51 UTC 2017] _createcsr
    [Sun Jul  2 23:28:51 UTC 2017] domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] domainlist='www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] csrkey='/root/.acme.sh/domain.com/domain.com.key'
    [Sun Jul  2 23:28:51 UTC 2017] csr='/root/.acme.sh/domain.com/domain.com.csr'
    [Sun Jul  2 23:28:51 UTC 2017] csrconf='/root/.acme.sh/domain.com/domain.com.csr.conf'
    [Sun Jul  2 23:28:51 UTC 2017] _is_idn_d='www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _idn_temp
    [Sun Jul  2 23:28:51 UTC 2017] domainlist='www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Multi domain='DNS:www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _is_idn_d='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _idn_temp
    [Sun Jul  2 23:28:51 UTC 2017] _csr_cn='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Getting domain auth token for each domain
    [Sun Jul  2 23:28:51 UTC 2017] Getting webroot for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _w='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:51 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:51 UTC 2017] Getting new-authz for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _init api for server: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:51 UTC 2017] ACME_KEY_CHANGE='https://acme-staging.api.letsencrypt.org/acme/key-change'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_AUTHZ='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_ORDER='https://acme-staging.api.letsencrypt.org/acme/new-cert'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_NEW_ACCOUNT='https://acme-staging.api.letsencrypt.org/acme/new-reg'
    [Sun Jul  2 23:28:51 UTC 2017] ACME_REVOKE_CERT='https://acme-staging.api.letsencrypt.org/acme/revoke-cert'
    [Sun Jul  2 23:28:51 UTC 2017] Try new-authz for the 0 time.
    [Sun Jul  2 23:28:51 UTC 2017] _is_idn_d='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] _idn_temp
    [Sun Jul  2 23:28:51 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:51 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "domain.com"}}'
    [Sun Jul  2 23:28:51 UTC 2017] RSA key
    [Sun Jul  2 23:28:51 UTC 2017] Get nonce. ACME_DIRECTORY='https://acme-staging.api.letsencrypt.org/directory'
    [Sun Jul  2 23:28:51 UTC 2017] GET
    [Sun Jul  2 23:28:51 UTC 2017] url='https://acme-staging.api.letsencrypt.org/directory'
    [Sun Jul  2 23:28:51 UTC 2017] timeout
    [Sun Jul  2 23:28:51 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:51 UTC 2017] ret='0'
    [Sun Jul  2 23:28:51 UTC 2017] _headers='HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/json
    Content-Length: 473
    Boulder-Request-Id: HICuy_mELref6n2yHxfH3moOWYi8biB2omSJ2MEVlBM
    Replay-Nonce: XsTbkMUmM-Dw6MnMdnon8HK8ZmMcRhSFfUvgNEs9n5A
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Sun, 02 Jul 2017 23:28:51 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:28:51 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:28:51 UTC 2017] _CACHED_NONCE='XsTbkMUmM-Dw6MnMdnon8HK8ZmMcRhSFfUvgNEs9n5A'
    [Sun Jul  2 23:28:51 UTC 2017] nonce='XsTbkMUmM-Dw6MnMdnon8HK8ZmMcRhSFfUvgNEs9n5A'
    [Sun Jul  2 23:28:51 UTC 2017] POST
    [Sun Jul  2 23:28:51 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:51 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICJYc1Ria01VbU0tRHc2TW5NZG5vbjhISzhabU1jUmhTRmZVdmdORXM5bjVBIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWF1dGh6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidDhEMjFkdDFnekRIb21ua0g3MU1JT3RWZXkxblBwbXM0bWFNSjNVMGlSdWQwMVRXNThuaHIwSXk4V0szY3ZqdGl6c2NpcUdpalU2SFhMN29fR2dZUXBaQlJSUzlOeW9oaEEtNlhObGk0RjR4RkVqSG5BSDJpdUNsTXZ3TThLMU5NTi1Cd3JNam5sN0pueDBVVFhZaTBIM2lDNklvWkJKbFV3ZUZPc0J2TkNwZVU3b3k4ak5TNzQzLUVrd21LTmhMUmtTT0tYM0ZDbTBEU1gyOUpycG1qdEZZT3h4ZlFDMXh3ZWkzMzJFZ3U4RTczU19YN2N2WVdSZTdneU5KNE01VERZcUg4aUlZOWE2d2FoUHpLNGM2Ql91eVQ4c2RYeWRxVEhadkg1RVJsbF84TGRKRmJlMzJ2Q2VVT2VQbmlZYm1tNXZ3bkJkQi1kTms4OUpCZ3BYZGp3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAidHJpbG9ieXRlLnB0In19", "signature": "ilPviuXP7nd5Q08JvP01lx68qY-1idSdvkMcdkk6Y8vfAEuZIERnz4zrUVJrszei-iNPDaj3i2HwPnrINFIxZZnuWv0kl26R88mPd1uxrZKqw4k-hntTTQ4CCjfvip6kY9sBFWk5UGmdhOHvGG6MtB72-elvyBRH8g-hEpItcajuGtLDDwNhyagFxSjRDyVOXRaRtp03BBcikh05VVn986TD2mZP_P_gT6Y_6DYfetBut4gKDX0BaBUJcoUJ1rwn77e--AuF3r-0mZkTuRN9Mz-SMdFpQfjZJL5VDjAGFlqch3Qdp-2Q01fw7xv4q1rnL5Jhm7JMHL0JGuCLLKDsOA"}'
    [Sun Jul  2 23:28:51 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:52 UTC 2017] _ret='0'
    [Sun Jul  2 23:28:52 UTC 2017] original='{
      "identifier": {
        "type": "dns",
        "value": "domain.com"
      },
      "status": "pending",
      "expires": "2017-07-09T23:28:52.193364919Z",
      "challenges": [
        {
          "type": "tls-sni-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487663",
          "token": "dgPhk73LmQKkn51ZmwK1DQOwsi4tzjUOJIj106N372Y"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487664",
          "token": "rhV3bh5wXmrQO275xAtrGHozpgLX89gV5sykxWrPwK4"
        },
        {
          "type": "http-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
          "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4"
        }
      ],
      "combinations": [
        [
          0
        ],
        [
          1
        ],
        [
          2
        ]
      ]
    }'
    [Sun Jul  2 23:28:52 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:28:52 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 201 Created
    Server: nginx
    Content-Type: application/json
    Content-Length: 1006
    Boulder-Request-Id: ojTOCBJlq_6vZsOgbR71dAdQsC_VwaD2g3dBgIciqno
    Boulder-Requester: 2784462
    Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
    Location: https://acme-staging.api.letsencrypt.org/acme/authz/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM
    Replay-Nonce: 21jqO2DC7s9D_wAIV6DAWyoezLTCvN2rJzn596SKpvo
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Sun, 02 Jul 2017 23:28:52 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:28:52 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:28:52 UTC 2017] response='{"identifier":{"type":"dns","value":"domain.com"},"status":"pending","expires":"2017-07-09T23:28:52.193364919Z","challenges":[{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487663","token":"dgPhk73LmQKkn51ZmwK1DQOwsi4tzjUOJIj106N372Y"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487664","token":"rhV3bh5wXmrQO275xAtrGHozpgLX89gV5sykxWrPwK4"},{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4"}],"combinations":[[0],[1],[2]]}'
    [Sun Jul  2 23:28:52 UTC 2017] code='201'
    [Sun Jul  2 23:28:52 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:52 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4"'
    [Sun Jul  2 23:28:52 UTC 2017] token='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4'
    [Sun Jul  2 23:28:52 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:52 UTC 2017] keyauthorization='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:28:52 UTC 2017] dvlist='domain.com#gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665#http-01#/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:52 UTC 2017] Getting webroot for domain='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] _w='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:52 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:52 UTC 2017] Getting new-authz for domain='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] _init api for server: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:52 UTC 2017] ACME_KEY_CHANGE='https://acme-staging.api.letsencrypt.org/acme/key-change'
    [Sun Jul  2 23:28:52 UTC 2017] ACME_NEW_AUTHZ='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:52 UTC 2017] ACME_NEW_ORDER='https://acme-staging.api.letsencrypt.org/acme/new-cert'
    [Sun Jul  2 23:28:52 UTC 2017] ACME_NEW_ACCOUNT='https://acme-staging.api.letsencrypt.org/acme/new-reg'
    [Sun Jul  2 23:28:52 UTC 2017] ACME_REVOKE_CERT='https://acme-staging.api.letsencrypt.org/acme/revoke-cert'
    [Sun Jul  2 23:28:52 UTC 2017] Try new-authz for the 0 time.
    [Sun Jul  2 23:28:52 UTC 2017] _is_idn_d='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] _idn_temp
    [Sun Jul  2 23:28:52 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:52 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.domain.com"}}'
    [Sun Jul  2 23:28:52 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Sun Jul  2 23:28:52 UTC 2017] Use _CACHED_NONCE='21jqO2DC7s9D_wAIV6DAWyoezLTCvN2rJzn596SKpvo'
    [Sun Jul  2 23:28:52 UTC 2017] nonce='21jqO2DC7s9D_wAIV6DAWyoezLTCvN2rJzn596SKpvo'
    [Sun Jul  2 23:28:52 UTC 2017] POST
    [Sun Jul  2 23:28:52 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/new-authz'
    [Sun Jul  2 23:28:52 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICIyMWpxTzJEQzdzOURfd0FJVjZEQVd5b2V6TFRDdk4yckp6bjU5NlNLcHZvIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LWF1dGh6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidDhEMjFkdDFnekRIb21ua0g3MU1JT3RWZXkxblBwbXM0bWFNSjNVMGlSdWQwMVRXNThuaHIwSXk4V0szY3ZqdGl6c2NpcUdpalU2SFhMN29fR2dZUXBaQlJSUzlOeW9oaEEtNlhObGk0RjR4RkVqSG5BSDJpdUNsTXZ3TThLMU5NTi1Cd3JNam5sN0pueDBVVFhZaTBIM2lDNklvWkJKbFV3ZUZPc0J2TkNwZVU3b3k4ak5TNzQzLUVrd21LTmhMUmtTT0tYM0ZDbTBEU1gyOUpycG1qdEZZT3h4ZlFDMXh3ZWkzMzJFZ3U4RTczU19YN2N2WVdSZTdneU5KNE01VERZcUg4aUlZOWE2d2FoUHpLNGM2Ql91eVQ4c2RYeWRxVEhadkg1RVJsbF84TGRKRmJlMzJ2Q2VVT2VQbmlZYm1tNXZ3bkJkQi1kTms4OUpCZ3BYZGp3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAid3d3LnRyaWxvYnl0ZS5wdCJ9fQ", "signature": "QHwbpr0nMG4uWRhKbVNWcK0-OxSMTQhQINyF90nGB3_Zaw06N5lx1pf5wQtaPmZxRsIvFbsrTtSM7_O4EOlocJQrPaF6EvqURHxN0uuKSedGvX978gubKJtm2QHG9bbqPoJZ-tr2Pfl_kSqDhezpij9-wu-h_5YDn2uYWji1J9OfOmhrQlFhp8niz6Pn8ZVQvuO4RfdhNDX-I7GHiKZJyLZaNXAj5AJlhSxroK1guZWAOUMv3D45NeG2ILmuedlUoD1N6UBHtfqFc3gT9B7gLE50-NncFI5SYKVTj4GofX_EYZ0uEeLKD9r_nb4q757sOullxcld7JwSH7FFdw2NsQ"}'
    [Sun Jul  2 23:28:52 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:53 UTC 2017] _ret='0'
    [Sun Jul  2 23:28:53 UTC 2017] original='{
      "identifier": {
        "type": "dns",
        "value": "www.domain.com"
      },
      "status": "pending",
      "expires": "2017-07-09T23:28:53.066398155Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666",
          "token": "miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U"
        },
        {
          "type": "tls-sni-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487667",
          "token": "fTNzJw8m1wDKUifAF4iBzqBG4DxGyjD1HOmxI5wXL7c"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487668",
          "token": "Y34gY5imwRyjF_y7NePdKC2guwl0pqF4Fa5CA2TneBg"
        }
      ],
      "combinations": [
        [
          2
        ],
        [
          1
        ],
        [
          0
        ]
      ]
    }'
    [Sun Jul  2 23:28:53 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:28:52 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 201 Created
    Server: nginx
    Content-Type: application/json
    Content-Length: 1010
    Boulder-Request-Id: wPmn0bRh6S1G7xGBgQpqyYrOWTiVxVJwb3QgVwvkGNw
    Boulder-Requester: 2784462
    Link: <https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"
    Location: https://acme-staging.api.letsencrypt.org/acme/authz/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo
    Replay-Nonce: ZQiY4dzE9AjKBUcXVaTH-UVJQV-m6Ph9Ogis4LlqjCM
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    Expires: Sun, 02 Jul 2017 23:28:53 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:28:53 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:28:53 UTC 2017] response='{"identifier":{"type":"dns","value":"www.domain.com"},"status":"pending","expires":"2017-07-09T23:28:53.066398155Z","challenges":[{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666","token":"miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487667","token":"fTNzJw8m1wDKUifAF4iBzqBG4DxGyjD1HOmxI5wXL7c"},{"type":"dns-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487668","token":"Y34gY5imwRyjF_y7NePdKC2guwl0pqF4Fa5CA2TneBg"}],"combinations":[[2],[1],[0]]}'
    [Sun Jul  2 23:28:53 UTC 2017] code='201'
    [Sun Jul  2 23:28:53 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:53 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666","token":"miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U"'
    [Sun Jul  2 23:28:53 UTC 2017] token='miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U'
    [Sun Jul  2 23:28:53 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666'
    [Sun Jul  2 23:28:53 UTC 2017] keyauthorization='miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:28:53 UTC 2017] dvlist='www.domain.com#miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666#http-01#/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:53 UTC 2017] vlist='domain.com#gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665#http-01#/home/nginx/domains/domain.com/public,www.domain.com#miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666#http-01#/home/nginx/domains/domain.com/public,'
    [Sun Jul  2 23:28:53 UTC 2017] ok, let's start to verify
    [Sun Jul  2 23:28:53 UTC 2017] Verifying:domain.com
    [Sun Jul  2 23:28:53 UTC 2017] d='domain.com'
    [Sun Jul  2 23:28:53 UTC 2017] keyauthorization='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:28:53 UTC 2017] uri='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:53 UTC 2017] _currentRoot='/home/nginx/domains/domain.com/public'
    [Sun Jul  2 23:28:53 UTC 2017] wellknown_path='/home/nginx/domains/domain.com/public/.well-known/acme-challenge'
    [Sun Jul  2 23:28:53 UTC 2017] writing token:gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4 to /home/nginx/domains/domain.com/public/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4
    [Sun Jul  2 23:28:53 UTC 2017] Changing owner/group of .well-known to nginx:nginx
    [Sun Jul  2 23:28:53 UTC 2017] tigger domain validation.
    [Sun Jul  2 23:28:53 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:53 UTC 2017] _t_key_authz='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:28:53 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:53 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:28:53 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Sun Jul  2 23:28:53 UTC 2017] Use _CACHED_NONCE='ZQiY4dzE9AjKBUcXVaTH-UVJQV-m6Ph9Ogis4LlqjCM'
    [Sun Jul  2 23:28:53 UTC 2017] nonce='ZQiY4dzE9AjKBUcXVaTH-UVJQV-m6Ph9Ogis4LlqjCM'
    [Sun Jul  2 23:28:53 UTC 2017] POST
    [Sun Jul  2 23:28:53 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:53 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICJaUWlZNGR6RTlBaktCVWNYVmFUSC1VVkpRVi1tNlBoOU9naXM0TGxxakNNIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL25YMU8xbVVZVVBLRDlLSVNQV1dsYVNnanJMWG4tdUoyUWZLeTRRY20xYk0vNDY0ODc2NjUiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ0OEQyMWR0MWd6REhvbW5rSDcxTUlPdFZleTFuUHBtczRtYU1KM1UwaVJ1ZDAxVFc1OG5ocjBJeThXSzNjdmp0aXpzY2lxR2lqVTZIWEw3b19HZ1lRcFpCUlJTOU55b2hoQS02WE5saTRGNHhGRWpIbkFIMml1Q2xNdndNOEsxTk1OLUJ3ck1qbmw3Sm54MFVUWFlpMEgzaUM2SW9aQkpsVXdlRk9zQnZOQ3BlVTdveThqTlM3NDMtRWt3bUtOaExSa1NPS1gzRkNtMERTWDI5SnJwbWp0RllPeHhmUUMxeHdlaTMzMkVndThFNzNTX1g3Y3ZZV1JlN2d5Tko0TTVURFlxSDhpSVk5YTZ3YWhQeks0YzZCX3V5VDhzZFh5ZHFUSFp2SDVFUmxsXzhMZEpGYmUzMnZDZVVPZVBuaVlibW01dnduQmRCLWROazg5SkJncFhkancifX0", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJnUTlaZkxTS0RzNzFwMnhkV041RkRCX2l6U1RiSnVQYjVrd0V1ZzYtZ240Lm9NOVlQSXNtOFVIVGlYVnNXdG0tZ1dKWFBBSDd1T2V5ekRJMVBneldSYlEifQ", "signature": "VmLnmgO2KamsW94X_fuQX2d8HvFHDxHCMAMFdFiER-FfB9PECQggEyBXtjslPPAPEjgbbQg6FbvhrbFTKifaWNIIop1Vjhx8ScbMrKAwuZL-wnaaggzY6qTh8BJv7JOeZtsb2iQ1OwIgwArrPsasizkZMlD9wALb-5Wio6iCMDm8EIu1GS8CBh8ARujoKsvv1wBlRTVk6YIk-m55cu813fUmDJNSbcWwlPeU_sOcm1UyoyrB74KS40itYtOjBo88csGlLhGttt6OVl-7DamwbGYutkFZC2A7O7YaSgBj-iNXQuN7ZW8rhLlfz5uHZx0qBjlW5XhbicguiZhXm7EivA"}'
    [Sun Jul  2 23:28:53 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:54 UTC 2017] _ret='0'
    [Sun Jul  2 23:28:54 UTC 2017] original='{
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
      "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
      "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"
    }'
    [Sun Jul  2 23:28:54 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:28:53 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 202 Accepted
    Server: nginx
    Content-Type: application/json
    Content-Length: 338
    Boulder-Request-Id: rc0h5w4xTwMuyRh7EYez-GI4EWMRz1ucZzqwKTj5U_o
    Boulder-Requester: 2784462
    Link: <https://acme-staging.api.letsencrypt.org/acme/authz/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM>;rel="up"
    Location: https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665
    Replay-Nonce: Jzu1wNwwBLAaZNaCtX0FQkg2Y-zS-9hJcBYWgP_4Ois
    Expires: Sun, 02 Jul 2017 23:28:54 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:28:54 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:28:54 UTC 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","keyAuthorization":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:28:54 UTC 2017] code='202'
    [Sun Jul  2 23:28:54 UTC 2017] sleep 2 secs to verify
    [Sun Jul  2 23:28:56 UTC 2017] checking
    [Sun Jul  2 23:28:56 UTC 2017] GET
    [Sun Jul  2 23:28:56 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:56 UTC 2017] timeout
    [Sun Jul  2 23:28:56 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:56 UTC 2017] ret='0'
    [Sun Jul  2 23:28:56 UTC 2017] original='{
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
      "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
      "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"
    }'
    [Sun Jul  2 23:28:56 UTC 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","keyAuthorization":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:28:56 UTC 2017] Pending
    [Sun Jul  2 23:28:56 UTC 2017] sleep 2 secs to verify
    [Sun Jul  2 23:28:58 UTC 2017] checking
    [Sun Jul  2 23:28:58 UTC 2017] GET
    [Sun Jul  2 23:28:58 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:28:58 UTC 2017] timeout
    [Sun Jul  2 23:28:58 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:28:58 UTC 2017] ret='0'
    [Sun Jul  2 23:28:58 UTC 2017] original='{
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
      "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
      "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"
    }'
    [Sun Jul  2 23:28:58 UTC 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","keyAuthorization":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:28:58 UTC 2017] Pending
    [Sun Jul  2 23:28:58 UTC 2017] sleep 2 secs to verify
    [Sun Jul  2 23:29:00 UTC 2017] checking
    [Sun Jul  2 23:29:00 UTC 2017] GET
    [Sun Jul  2 23:29:00 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:29:00 UTC 2017] timeout
    [Sun Jul  2 23:29:00 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:29:00 UTC 2017] ret='0'
    [Sun Jul  2 23:29:00 UTC 2017] original='{
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:connection",
        "detail": "Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout",
        "status": 400
      },
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665",
      "token": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
      "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ",
      "validationRecord": [
        {
          "url": "http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4",
          "hostname": "domain.com",
          "port": "80",
          "addressesResolved": [
            "147.135.136.156",
            "2001:41d0:1008:283f::1"
          ],
          "addressUsed": "2001:41d0:1008:283f::1",
          "addressesTried": []
        }
      ]
    }'
    [Sun Jul  2 23:29:00 UTC 2017] response='{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:connection","detail":"Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout","status": 400},"uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665","token":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","keyAuthorization":"gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ","validationRecord":[{"url":"http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4","hostname":"domain.com","port":"80","addressesResolved":["147.135.136.156","2001:41d0:1008:283f::1"],"addressUsed":"2001:41d0:1008:283f::1","addressesTried":[]}]}'
    [Sun Jul  2 23:29:00 UTC 2017] error='"error":{"type":"urn:acme:error:connection","detail":"Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout","status": 400'
    [Sun Jul  2 23:29:00 UTC 2017] errordetail='Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout'
    [Sun Jul  2 23:29:00 UTC 2017] domain.com:Verify error:Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout
    [Sun Jul  2 23:29:00 UTC 2017] pid
    [Sun Jul  2 23:29:00 UTC 2017] No need to restore nginx, skip.
    [Sun Jul  2 23:29:00 UTC 2017] _clearupdns
    [Sun Jul  2 23:29:00 UTC 2017] skip dns.
    [Sun Jul  2 23:29:00 UTC 2017] _on_issue_err
    [Sun Jul  2 23:29:00 UTC 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-020717-232844.log
    [Sun Jul  2 23:29:00 UTC 2017] _chk_vlist='domain.com#gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665#http-01#/home/nginx/domains/domain.com/public,www.domain.com#miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ#https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666#http-01#/home/nginx/domains/domain.com/public,'
    [Sun Jul  2 23:29:00 UTC 2017] start to deactivate authz
    [Sun Jul  2 23:29:00 UTC 2017] tigger domain validation.
    [Sun Jul  2 23:29:00 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:29:00 UTC 2017] _t_key_authz='gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:29:00 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:29:00 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:29:00 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Sun Jul  2 23:29:00 UTC 2017] Use _CACHED_NONCE='Jzu1wNwwBLAaZNaCtX0FQkg2Y-zS-9hJcBYWgP_4Ois'
    [Sun Jul  2 23:29:00 UTC 2017] nonce='Jzu1wNwwBLAaZNaCtX0FQkg2Y-zS-9hJcBYWgP_4Ois'
    [Sun Jul  2 23:29:00 UTC 2017] POST
    [Sun Jul  2 23:29:00 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/nX1O1mUYUPKD9KISPWWlaSgjrLXn-uJ2QfKy4Qcm1bM/46487665'
    [Sun Jul  2 23:29:00 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICJKenUxd053d0JMQWFaTmFDdFgwRlFrZzJZLXpTLTloSmNCWVdnUF80T2lzIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL25YMU8xbVVZVVBLRDlLSVNQV1dsYVNnanJMWG4tdUoyUWZLeTRRY20xYk0vNDY0ODc2NjUiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ0OEQyMWR0MWd6REhvbW5rSDcxTUlPdFZleTFuUHBtczRtYU1KM1UwaVJ1ZDAxVFc1OG5ocjBJeThXSzNjdmp0aXpzY2lxR2lqVTZIWEw3b19HZ1lRcFpCUlJTOU55b2hoQS02WE5saTRGNHhGRWpIbkFIMml1Q2xNdndNOEsxTk1OLUJ3ck1qbmw3Sm54MFVUWFlpMEgzaUM2SW9aQkpsVXdlRk9zQnZOQ3BlVTdveThqTlM3NDMtRWt3bUtOaExSa1NPS1gzRkNtMERTWDI5SnJwbWp0RllPeHhmUUMxeHdlaTMzMkVndThFNzNTX1g3Y3ZZV1JlN2d5Tko0TTVURFlxSDhpSVk5YTZ3YWhQeks0YzZCX3V5VDhzZFh5ZHFUSFp2SDVFUmxsXzhMZEpGYmUzMnZDZVVPZVBuaVlibW01dnduQmRCLWROazg5SkJncFhkancifX0", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJnUTlaZkxTS0RzNzFwMnhkV041RkRCX2l6U1RiSnVQYjVrd0V1ZzYtZ240Lm9NOVlQSXNtOFVIVGlYVnNXdG0tZ1dKWFBBSDd1T2V5ekRJMVBneldSYlEifQ", "signature": "P79c8Y6hvq9PjUoT2BfVtUDcTiqFlNPGbCvjF3p6N-bA0LPaVXpdxeZWG93sOjfcfBEXP0fJpC6wclWETSnNuE8zXWwmcLkbFY0pPe1kXF79ATHtgB_bq_B96OAPS2BQmQD0DcB_fx_tcJ9TXIWKvV-CTQOkRgz5WH34ZYyBFViPosLY8jxPrVR68ZPSiVNWmQE37uStGOfWGez4NX1EVCwUIv5lBcDJhXOr1PcRKq5eJR4v_ATJ_Sz9eDc8CNLHSH8ljhKK5Vdmhus9j7T43buI-TN7MqNTUnGE_dd12BpQnNoy_HTacY6-Ec_9ILNq1fo7uNMMjQDXVMzIpULyFw"}'
    [Sun Jul  2 23:29:00 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:29:01 UTC 2017] _ret='0'
    [Sun Jul  2 23:29:01 UTC 2017] original='{
      "type": "urn:acme:error:malformed",
      "detail": "Unable to update challenge :: The challenge is not pending.",
      "status": 400
    }'
    [Sun Jul  2 23:29:01 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:29:01 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 400 Bad Request
    Server: nginx
    Content-Type: application/problem+json
    Content-Length: 132
    Boulder-Request-Id: XaL6finGsnrgSB6WFQlPeD7-E9qiKJferyByu6QLSDs
    Boulder-Requester: 2784462
    Replay-Nonce: 4NAKCSPIUW_HikkVxnNpGS5kRcBaL1MWoQWsDlqxR28
    Expires: Sun, 02 Jul 2017 23:29:01 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:29:01 GMT
    Connection: close
    
    '
    [Sun Jul  2 23:29:01 UTC 2017] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: The challenge is not pending.","status": 400}'
    [Sun Jul  2 23:29:01 UTC 2017] code='400'
    [Sun Jul  2 23:29:01 UTC 2017] tigger domain validation.
    [Sun Jul  2 23:29:01 UTC 2017] _t_url='https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666'
    [Sun Jul  2 23:29:01 UTC 2017] _t_key_authz='miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ'
    [Sun Jul  2 23:29:01 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666'
    [Sun Jul  2 23:29:01 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:29:01 UTC 2017] Use cached jwk for file: /root/.acme.sh/ca/acme-staging.api.letsencrypt.org/account.key
    [Sun Jul  2 23:29:01 UTC 2017] Use _CACHED_NONCE='4NAKCSPIUW_HikkVxnNpGS5kRcBaL1MWoQWsDlqxR28'
    [Sun Jul  2 23:29:01 UTC 2017] nonce='4NAKCSPIUW_HikkVxnNpGS5kRcBaL1MWoQWsDlqxR28'
    [Sun Jul  2 23:29:01 UTC 2017] POST
    [Sun Jul  2 23:29:01 UTC 2017] url='https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666'
    [Sun Jul  2 23:29:01 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "t8D21dt1gzDHomnkH71MIOtVey1nPpms4maMJ3U0iRud01TW58nhr0Iy8WK3cvjtizsciqGijU6HXL7o_GgYQpZBRRS9NyohhA-6XNli4F4xFEjHnAH2iuClMvwM8K1NMN-BwrMjnl7Jnx0UTXYi0H3iC6IoZBJlUweFOsBvNCpeU7oy8jNS743-EkwmKNhLRkSOKX3FCm0DSX29JrpmjtFYOxxfQC1xwei332Egu8E73S_X7cvYWRe7gyNJ4M5TDYqH8iIY9a6wahPzK4c6B_uyT8sdXydqTHZvH5ERll_8LdJFbe32vCeUOePniYbmm5vwnBdB-dNk89JBgpXdjw"}}, "protected": "eyJub25jZSI6ICI0TkFLQ1NQSVVXX0hpa2tWeG5OcEdTNWtSY0JhTDFNV29RV3NEbHF4UjI4IiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL3NQUW9JaHc2X1FJRTZFY2NUN3FLandGaWZaRjFJckRtalhPcVlJM2FVQ28vNDY0ODc2NjYiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ0OEQyMWR0MWd6REhvbW5rSDcxTUlPdFZleTFuUHBtczRtYU1KM1UwaVJ1ZDAxVFc1OG5ocjBJeThXSzNjdmp0aXpzY2lxR2lqVTZIWEw3b19HZ1lRcFpCUlJTOU55b2hoQS02WE5saTRGNHhGRWpIbkFIMml1Q2xNdndNOEsxTk1OLUJ3ck1qbmw3Sm54MFVUWFlpMEgzaUM2SW9aQkpsVXdlRk9zQnZOQ3BlVTdveThqTlM3NDMtRWt3bUtOaExSa1NPS1gzRkNtMERTWDI5SnJwbWp0RllPeHhmUUMxeHdlaTMzMkVndThFNzNTX1g3Y3ZZV1JlN2d5Tko0TTVURFlxSDhpSVk5YTZ3YWhQeks0YzZCX3V5VDhzZFh5ZHFUSFp2SDVFUmxsXzhMZEpGYmUzMnZDZVVPZVBuaVlibW01dnduQmRCLWROazg5SkJncFhkancifX0", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJtaWFONFdCZlZZWUx4YkJTeFFZUlFNX21PdFFJX0c1Q2lwZkFBbjVUUjRVLm9NOVlQSXNtOFVIVGlYVnNXdG0tZ1dKWFBBSDd1T2V5ekRJMVBneldSYlEifQ", "signature": "gezg-UTai0IDeIoOsb6Mr1Zr4wBhVcTKkORk9IP8EWNiOhfw9iixM8E_lwtU9mFd5cVEGVAeFc-7yTtYec7-Wp9EhNhM8Y-bQwgxgZRMIdjtR5IkiERYpaJOcm9f1u3_L5cW7Ii7J8-vV9_rk97lMguO7DSryELlpzTQvHNZ9r2Fg4WK2SHbsGJDJdi8yvU8kJVxg4Vupdz7Qp6vrtQmRLfumpD_2WGzA2RXxHkxnOUsPh_cjOVan7Ciau2w0z0r7SOjRB7Ah-DA81-aCsTv_VvZZfGK97_QDQ5aVgPFxjQAWO8lTUbsOxLdqGU6XsDMeRU-vwelMI0DIDb-zOCcjg"}'
    [Sun Jul  2 23:29:01 UTC 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
    [Sun Jul  2 23:29:02 UTC 2017] _ret='0'
    [Sun Jul  2 23:29:02 UTC 2017] original='{
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666",
      "token": "miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U",
      "keyAuthorization": "miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"
    }'
    [Sun Jul  2 23:29:02 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
    Expires: Sun, 02 Jul 2017 23:29:02 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    
    HTTP/1.1 202 Accepted
    Server: nginx
    Content-Type: application/json
    Content-Length: 338
    Boulder-Request-Id: bV30xx8J6YsilcoQPf2EAkGsBWfGpa66oNkA1EFFCHE
    Boulder-Requester: 2784462
    Link: <https://acme-staging.api.letsencrypt.org/acme/authz/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo>;rel="up"
    Location: https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666
    Replay-Nonce: mTWtNam-m2RUWMohtonEKIw0rBrdqBQe_dn-2D_yWms
    Expires: Sun, 02 Jul 2017 23:29:02 GMT
    Cache-Control: max-age=0, no-cache, no-store
    Pragma: no-cache
    Date: Sun, 02 Jul 2017 23:29:02 GMT
    Connection: keep-alive
    
    '
    [Sun Jul  2 23:29:02 UTC 2017] response='{"type":"http-01","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/sPQoIhw6_QIE6EccT7qKjwFifZF1IrDmjXOqYI3aUCo/46487666","token":"miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U","keyAuthorization":"miaN4WBfVYYLxbBSxQYRQM_mOtQI_G5CipfAAn5TR4U.oM9YPIsm8UHTiXVsWtm-gWJXPAH7uOeyzDI1PgzWRbQ"}'
    [Sun Jul  2 23:29:02 UTC 2017] code='202'
    [Sun Jul  2 23:56:17 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
    [Sun Jul  2 23:56:17 UTC 2017] Installing to /root/.acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] Installed to /root/.acme.sh/acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] Using config home:/root/.acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
    [Sun Jul  2 23:56:17 UTC 2017] options='/^export LE_CONFIG_HOME/d'
    [Sun Jul  2 23:56:17 UTC 2017] Using sed  -i
    [Sun Jul  2 23:56:17 UTC 2017] Found profile: /root/.bashrc
    [Sun Jul  2 23:56:17 UTC 2017] Installing alias to '/root/.bashrc'
    [Sun Jul  2 23:56:17 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] Installing alias to '/root/.cshrc'
    [Sun Jul  2 23:56:17 UTC 2017] options='/^setenv LE_CONFIG_HOME/d'
    [Sun Jul  2 23:56:17 UTC 2017] Using sed  -i
    [Sun Jul  2 23:56:17 UTC 2017] Installing alias to '/root/.tcshrc'
    [Sun Jul  2 23:56:17 UTC 2017] Using config home:/root/.acme.sh
    [Sun Jul  2 23:56:17 UTC 2017] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
    [Sun Jul  2 23:56:17 UTC 2017] Installing cron job
    [Sun Jul  2 23:56:17 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
    [Sun Jul  2 23:56:17 UTC 2017] OK
    

    Code:
    [1;32;40m-----------------------------------------------------
    (B[mupdating acme.sh client...
    [1;32;40m-----------------------------------------------------
    (B[m[Sun Jul  2 23:28:50 UTC 2017] Installing to /root/.acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] Installed to /root/.acme.sh/acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] Installing alias to '/root/.bashrc'
    [Sun Jul  2 23:28:50 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
    [Sun Jul  2 23:28:50 UTC 2017] Installing alias to '/root/.cshrc'
    [Sun Jul  2 23:28:50 UTC 2017] Installing alias to '/root/.tcshrc'
    [Sun Jul  2 23:28:50 UTC 2017] Installing cron job
    30 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Sun Jul  2 23:28:50 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
    [Sun Jul  2 23:28:50 UTC 2017] OK
    https://github.com/Neilpang/acme.sh
    v2.7.3
    [1;32;40m-----------------------------------------------------
    (B[macme.sh updated
    [1;32;40m-----------------------------------------------------
    (B[mgrep 'root' /usr/local/nginx/conf/conf.d/domain.com.conf
      root /home/nginx/domains/domain.com/public;
    grep 'root' /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
      root /home/nginx/domains/domain.com/public;
    
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for domain.com
    -----------------------------------------------------------
    testcert value =
    /root/.acme.sh/acme.sh --staging --issue -d domain.com -d www.domain.com --days 60 -w /home/nginx/domains/domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-020717-232844.log --log-level 2
    [Sun Jul  2 23:28:50 UTC 2017] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
    [Sun Jul  2 23:28:51 UTC 2017] Multi domain='DNS:www.domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Getting domain auth token for each domain
    [Sun Jul  2 23:28:51 UTC 2017] Getting webroot for domain='domain.com'
    [Sun Jul  2 23:28:51 UTC 2017] Getting new-authz for domain='domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:52 UTC 2017] Getting webroot for domain='www.domain.com'
    [Sun Jul  2 23:28:52 UTC 2017] Getting new-authz for domain='www.domain.com'
    [Sun Jul  2 23:28:53 UTC 2017] The new-authz request is ok.
    [Sun Jul  2 23:28:53 UTC 2017] Verifying:domain.com
    [Sun Jul  2 23:28:56 UTC 2017] Pending
    [Sun Jul  2 23:28:58 UTC 2017] Pending
    [Sun Jul  2 23:29:00 UTC 2017] domain.com:Verify error:Fetching http://domain.com/.well-known/acme-challenge/gQ9ZfLSKDs71p2xdWN5FDB_izSTbJuPb5kwEug6-gn4: Timeout
    [Sun Jul  2 23:29:00 UTC 2017] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-020717-232844.log
    LECHECK = 1
    
    log files saved at /root/centminlogs
    -rw-r--r--. 1 root root  40K Jul  2 23:29 acmetool.sh-debug-log-020717-232844.log
    -rw-r--r--. 1 root root 2.9K Jul  2 23:29 acmesh-issue_020717-232844.log
    
    
    


    Code:
        # prepare for letsencrypt
        # https://community.centminmod.com/posts/17774/
        location ~ /.well-known { location ~ /.well-known/acme-challenge/(.*) { more_set_headers    "Content-Type: text/plain"; } }
    
        location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
        gzip_static off;
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        access_log off;
        expires 30d;
        break;
            }
    
        location ~* \.(js)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        access_log off;
        expires 30d;
        break;
            }
    
        location ~* \.(css)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800";
        access_log off;
        expires 30d;
        break;
            }
    
        location ~* \.(html|htm|txt)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 1d;
        break;
            }
    
        location ~* \.(eot|svg|ttf|woff|woff2)$ {
      #add_header Pragma public;
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header Access-Control-Allow-Origin *;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;
        break;
            }
     
  5. Mastergumble

    Mastergumble New Member

    21
    5
    3
    Sep 29, 2016
    Ratings:
    +8
    Local Time:
    10:37 AM
    1.11.x
    10.x
    erm...

    Found it!

    Forgot one bad AAAA record >.<
     
  6. eva2000

    eva2000 Administrator Staff Member

    29,720
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    7:37 PM
    Nginx 1.13.x
    MariaDB 5.5
    ah yes if you're server is setup to use and prefer IPv6 and domain vhost is configured for IPv6 then working AAAA DNS record would be needed :)
     
    • Like Like x 1