SSL Letsencrypt SSL Issues With Acmetool

UsmanGTA · Sep 29, 2018

Please fill in any relevant information that applies to you:

CentOS Version: i.e. CentOS 7 64bit
Centmin Mod Version Installed:123.09beta01
Nginx Version Installed: i.e. 1.15.3
PHP Version Installed:7.2.9
When was last time updated Centmin Mod code base ? : just installed it.

I tried to run acmetool.sh acme-menu and reissue SSL certificates for live HTTPS sites default. Every time I try it... I am getting this issue. I did migrate to another VPS and decided to try out CMM.

www and @ are directed towards the right IP address BTW

This is the error

Code (Text):

-----------------------------------------------------------
reissue & install letsencrypt ssl certificate for geeksultd.com
-----------------------------------------------------------
/root/.acme.sh/acme.sh --force --createDomainKey -d geeksultd.com -d [URL='http://www.geeksultd.com']www.geeksultd.com[/URL] -k 2048 --useragent centminmod-centos7-acmesh-webroot
[Fri Sep 28 19:30:11 UTC 2018] Creating domain key
[Fri Sep 28 19:30:11 UTC 2018] The domain key is here: /root/.acme.sh/geeksultd.com/geeksultd.com.key
testcert value = lived
/root/.acme.sh/acme.sh --force --issue -d geeksultd.com -d [URL='http://www.geeksultd.com']www.geeksultd.com[/URL] --days 60 -w /home/nginx/domains/geeksultd.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-280918-193005.log --log-level 2
[Fri Sep 28 19:30:11 UTC 2018] Multi domain='DNS:geeksultd.com,DNS:[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:12 UTC 2018] Getting domain auth token for each domain
[Fri Sep 28 19:30:12 UTC 2018] Getting webroot for domain='geeksultd.com'
[Fri Sep 28 19:30:12 UTC 2018] Getting new-authz for domain='geeksultd.com'
[Fri Sep 28 19:30:13 UTC 2018] The new-authz request is ok.
[Fri Sep 28 19:30:13 UTC 2018] Getting webroot for domain='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] Getting new-authz for domain='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] The new-authz request is ok.
[Fri Sep 28 19:30:13 UTC 2018] Verifying:geeksultd.com

[Fri Sep 28 19:30:16 UTC 2018] geeksultd.com:Verify error:Invalid response from [URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]:
[Fri Sep 28 19:30:16 UTC 2018] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-280918-193005.log
LECHECK = 1

log files saved at /root/centminlogs
-rw-r--r-- 1 root root  38K Sep 28 19:30 acmetool.sh-debug-log-280918-193005.log
-rw-r--r-- 1 root root 4.1K Sep 28 19:30 acmesh-reissue_280918-193005.log


DIGGING INTO THE ERROR LOGS... HERE'S WHAT I FOUND...
[SIZE=6]acmesh-reissue_280918-193005.log[/SIZE]
[1;32;40m-----------------------------------------------------
(B[mupdating acme.sh client...
[1;32;40m-----------------------------------------------------
(B[mCloning into 'acme.sh'...
[Fri Sep 28 19:30:08 UTC 2018] It is recommended to install socat first.
[Fri Sep 28 19:30:08 UTC 2018] We use socat for standalone server if you use standalone mode.
[Fri Sep 28 19:30:08 UTC 2018] If you don't use standalone mode, just ignore this warning.
[Fri Sep 28 19:30:08 UTC 2018] Installing to /root/.acme.sh
[Fri Sep 28 19:30:08 UTC 2018] Installed to /root/.acme.sh/acme.sh
[Fri Sep 28 19:30:08 UTC 2018] Installing alias to '/root/.bashrc'
[Fri Sep 28 19:30:08 UTC 2018] OK, Close and reopen your terminal to start using acme.sh
[Fri Sep 28 19:30:08 UTC 2018] Installing alias to '/root/.cshrc'
[Fri Sep 28 19:30:08 UTC 2018] Installing alias to '/root/.tcshrc'
[Fri Sep 28 19:30:08 UTC 2018] Installing cron job
5 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Fri Sep 28 19:30:08 UTC 2018] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Sep 28 19:30:09 UTC 2018] OK
[URL='https://github.com/Neilpang/acme.sh']Neilpang/acme.sh[/URL]
v2.8.0
[1;32;40m-----------------------------------------------------
(B[macme.sh updated
[1;32;40m-----------------------------------------------------
(B[mbackup & remove /usr/local/nginx/conf/conf.d/geeksultd.com.conf

[self-signed ssl cert check] required by acmetool.sh

[self-signed ssl] /usr/local/nginx/conf/ssl/geeksultd.com/dhparam.pem exists
[self-signed ssl] /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.crt exists
[self-signed ssl] /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.key exists

[sslvhostsetup] create /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf

[non-wp] backup & remove /usr/local/nginx/conf/conf.d/geeksultd.com.conf
cat /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.crt.key.conf
  ssl_dhparam /usr/local/nginx/conf/ssl/geeksultd.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.key;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com-trusted.crt;
Reloading nginx configuration (via systemctl):  [  OK  ]
grep 'root' /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf
  root /home/nginx/domains/geeksultd.com/public;

-----------------------------------------------------------
reissue & install letsencrypt ssl certificate for geeksultd.com
-----------------------------------------------------------
/root/.acme.sh/acme.sh --force --createDomainKey -d geeksultd.com -d [URL='http://www.geeksultd.com']www.geeksultd.com[/URL] -k 2048 --useragent centminmod-centos7-acmesh-webroot
[Fri Sep 28 19:30:11 UTC 2018] Creating domain key
[Fri Sep 28 19:30:11 UTC 2018] The domain key is here: /root/.acme.sh/geeksultd.com/geeksultd.com.key
testcert value = lived
/root/.acme.sh/acme.sh --force --issue -d geeksultd.com -d [URL='http://www.geeksultd.com']www.geeksultd.com[/URL] --days 60 -w /home/nginx/domains/geeksultd.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-280918-193005.log --log-level 2
[Fri Sep 28 19:30:11 UTC 2018] Multi domain='DNS:geeksultd.com,DNS:[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:12 UTC 2018] Getting domain auth token for each domain
[Fri Sep 28 19:30:12 UTC 2018] Getting webroot for domain='geeksultd.com'
[Fri Sep 28 19:30:12 UTC 2018] Getting new-authz for domain='geeksultd.com'
[Fri Sep 28 19:30:13 UTC 2018] The new-authz request is ok.
[Fri Sep 28 19:30:13 UTC 2018] Getting webroot for domain='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] Getting new-authz for domain='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] The new-authz request is ok.
[Fri Sep 28 19:30:13 UTC 2018] Verifying:geeksultd.com
[Fri Sep 28 19:30:16 UTC 2018] geeksultd.com:Verify error:Invalid response from [URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]:
[Fri Sep 28 19:30:16 UTC 2018] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-280918-193005.log
LECHECK = 1

log files saved at /root/centminlogs
-rw-r--r-- 1 root root  38K Sep 28 19:30 acmetool.sh-debug-log-280918-193005.log
-rw-r--r-- 1 root root 4.1K Sep 28 19:30 acmesh-reissue_280918-193005.log

[SIZE=6]acmetool.sh-debug-log-280918-193005[/SIZE]
[Fri Sep 28 19:30:11 UTC 2018] Lets find script dir.
[Fri Sep 28 19:30:11 UTC 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Sep 28 19:30:11 UTC 2018] _script='/root/.acme.sh/acme.sh'
[Fri Sep 28 19:30:11 UTC 2018] _script_home='/root/.acme.sh'
[Fri Sep 28 19:30:11 UTC 2018] Using config home:/root/.acme.sh
[Fri Sep 28 19:30:11 UTC 2018] LE_WORKING_DIR='/root/.acme.sh'
[Fri Sep 28 19:30:11 UTC 2018] _main_domain='geeksultd.com'
[Fri Sep 28 19:30:11 UTC 2018] _alt_domains='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] Using config home:/root/.acme.sh
[Fri Sep 28 19:30:11 UTC 2018] ACME_DIRECTORY='[URL]https://acme-v01.api.letsencrypt.org/directory[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Fri Sep 28 19:30:11 UTC 2018] DOMAIN_PATH='/root/.acme.sh/geeksultd.com'
[Fri Sep 28 19:30:11 UTC 2018] '/home/nginx/domains/geeksultd.com/public' does not contain 'dns'
[Fri Sep 28 19:30:11 UTC 2018] Using ACME_DIRECTORY: [URL]https://acme-v01.api.letsencrypt.org/directory[/URL]
[Fri Sep 28 19:30:11 UTC 2018] _init api for server: [URL]https://acme-v01.api.letsencrypt.org/directory[/URL]
[Fri Sep 28 19:30:11 UTC 2018] GET
[Fri Sep 28 19:30:11 UTC 2018] url='[URL]https://acme-v01.api.letsencrypt.org/directory[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] timeout=
[Fri Sep 28 19:30:11 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri Sep 28 19:30:11 UTC 2018] ret='0'
[Fri Sep 28 19:30:11 UTC 2018] response='{
  "key-change": "[URL]https://acme-v01.api.letsencrypt.org/acme/key-change[/URL]",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "[URL]https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf[/URL]",
    "website": "[URL='https://letsencrypt.org']Let's Encrypt - Free SSL/TLS Certificates[/URL]"
  },
  "ndthn40moCI": "[URL='https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417']Adding random entries to the directory[/URL]",
  "new-authz": "[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz[/URL]",
  "new-cert": "[URL]https://acme-v01.api.letsencrypt.org/acme/new-cert[/URL]",
  "new-reg": "[URL]https://acme-v01.api.letsencrypt.org/acme/new-reg[/URL]",
  "revoke-cert": "[URL]https://acme-v01.api.letsencrypt.org/acme/revoke-cert[/URL]"
}'
[Fri Sep 28 19:30:11 UTC 2018] ACME_KEY_CHANGE='[URL]https://acme-v01.api.letsencrypt.org/acme/key-change[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] ACME_NEW_AUTHZ='[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] ACME_NEW_ORDER='[URL]https://acme-v01.api.letsencrypt.org/acme/new-cert[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] ACME_NEW_ACCOUNT='[URL]https://acme-v01.api.letsencrypt.org/acme/new-reg[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] ACME_REVOKE_CERT='[URL]https://acme-v01.api.letsencrypt.org/acme/revoke-cert[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] ACME_AGREEMENT='[URL]https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] ACME_NEW_NONCE
[Fri Sep 28 19:30:11 UTC 2018] ACME_VERSION
[Fri Sep 28 19:30:11 UTC 2018] Le_NextRenewTime
[Fri Sep 28 19:30:11 UTC 2018] _on_before_issue
[Fri Sep 28 19:30:11 UTC 2018] _chk_main_domain='geeksultd.com'
[Fri Sep 28 19:30:11 UTC 2018] _chk_alt_domains='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] '/home/nginx/domains/geeksultd.com/public' does not contain 'no'
[Fri Sep 28 19:30:11 UTC 2018] Le_LocalAddress
[Fri Sep 28 19:30:11 UTC 2018] d='geeksultd.com'
[Fri Sep 28 19:30:11 UTC 2018] Check for domain='geeksultd.com'
[Fri Sep 28 19:30:11 UTC 2018] _currentRoot='/home/nginx/domains/geeksultd.com/public'
[Fri Sep 28 19:30:11 UTC 2018] d='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] Check for domain='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] _currentRoot='/home/nginx/domains/geeksultd.com/public'
[Fri Sep 28 19:30:11 UTC 2018] d
[Fri Sep 28 19:30:11 UTC 2018] '/home/nginx/domains/geeksultd.com/public' does not contain 'apache'
[Fri Sep 28 19:30:11 UTC 2018] _saved_account_key_hash='mINIYWMV8+ivwixKes9IniS5XyjaVuwcR4OEdEsltkw='
[Fri Sep 28 19:30:11 UTC 2018] _saved_account_key_hash is not changed, skip register account.
[Fri Sep 28 19:30:11 UTC 2018] Read key length:2048
[Fri Sep 28 19:30:11 UTC 2018] _createcsr
[Fri Sep 28 19:30:11 UTC 2018] domain='geeksultd.com'
[Fri Sep 28 19:30:11 UTC 2018] domainlist='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] csrkey='/root/.acme.sh/geeksultd.com/geeksultd.com.key'
[Fri Sep 28 19:30:11 UTC 2018] csr='/root/.acme.sh/geeksultd.com/geeksultd.com.csr'
[Fri Sep 28 19:30:11 UTC 2018] csrconf='/root/.acme.sh/geeksultd.com/geeksultd.com.csr.conf'
[Fri Sep 28 19:30:11 UTC 2018] _is_idn_d='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] _idn_temp
[Fri Sep 28 19:30:11 UTC 2018] domainlist='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] Multi domain='DNS:geeksultd.com,DNS:[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:11 UTC 2018] _is_idn_d='geeksultd.com'
[Fri Sep 28 19:30:11 UTC 2018] _idn_temp
[Fri Sep 28 19:30:11 UTC 2018] _csr_cn='geeksultd.com'
[Fri Sep 28 19:30:12 UTC 2018] Getting domain auth token for each domain
[Fri Sep 28 19:30:12 UTC 2018] d='geeksultd.com'
[Fri Sep 28 19:30:12 UTC 2018] Getting webroot for domain='geeksultd.com'
[Fri Sep 28 19:30:12 UTC 2018] _w='/home/nginx/domains/geeksultd.com/public'
[Fri Sep 28 19:30:12 UTC 2018] _currentRoot='/home/nginx/domains/geeksultd.com/public'
[Fri Sep 28 19:30:12 UTC 2018] Getting new-authz for domain='geeksultd.com'
[Fri Sep 28 19:30:12 UTC 2018] _init api for server: [URL]https://acme-v01.api.letsencrypt.org/directory[/URL]
[Fri Sep 28 19:30:12 UTC 2018] Try new-authz for the 0 time.
[Fri Sep 28 19:30:12 UTC 2018] _is_idn_d='geeksultd.com'
[Fri Sep 28 19:30:12 UTC 2018] _idn_temp
[Fri Sep 28 19:30:12 UTC 2018] url='[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz[/URL]'
[Fri Sep 28 19:30:12 UTC 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "geeksultd.com"}}'
[Fri Sep 28 19:30:12 UTC 2018] RSA key
[Fri Sep 28 19:30:12 UTC 2018] Get nonce. ACME_DIRECTORY='[URL]https://acme-v01.api.letsencrypt.org/directory[/URL]'
[Fri Sep 28 19:30:12 UTC 2018] GET
[Fri Sep 28 19:30:12 UTC 2018] url='[URL]https://acme-v01.api.letsencrypt.org/directory[/URL]'
[Fri Sep 28 19:30:12 UTC 2018] timeout=
[Fri Sep 28 19:30:12 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri Sep 28 19:30:12 UTC 2018] ret='0'
[Fri Sep 28 19:30:12 UTC 2018] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: 4ZPSPE-X4xv5RJFhadBIeWZducsd9x71KNlMNxH3tU0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 28 Sep 2018 19:30:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Sep 2018 19:30:12 GMT
Connection: keep-alive

'
[Fri Sep 28 19:30:12 UTC 2018] _CACHED_NONCE='4ZPSPE-X4xv5RJFhadBIeWZducsd9x71KNlMNxH3tU0'
[Fri Sep 28 19:30:12 UTC 2018] nonce='4ZPSPE-X4xv5RJFhadBIeWZducsd9x71KNlMNxH3tU0'
[Fri Sep 28 19:30:12 UTC 2018] POST
[Fri Sep 28 19:30:12 UTC 2018] _post_url='[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz[/URL]'
[Fri Sep 28 19:30:12 UTC 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "plSJ_O55-kBqSPPN91fJoQRsR7-NMbqAZIpKCVcAw52bLKo8dYuX9UWCtC6LDQK_CMzYS_6UtzD-MTv9bwBjaSFtCEawL7G9Xb5Icphc_6ZFVvLAz_oJdqSZ6oV2x3g_aOwkQb6wG_f3PgHNMxizLJepHFSQJx0TVxyNxI-rCdn9X6D3cyKorE_p9w5IZbtjiunExd7WdPS7Xvb41LCCdQpNk3OIASeP20YoyKZU26yD_ENJASvDCoZA5yykkykIsL7fXLB7L-T66US5sKmr3AWXHlBSlUrREoF1S6Su7V281CoFaaj-4x-EZfKOCQTHYjswZy_paLYjOkanUxZ-2w"}}, "protected": "eyJub25jZSI6ICI0WlBTUEUtWDR4djVSSkZoYWRCSWVXWmR1Y3NkOXg3MUtObE1OeEgzdFUwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJwbFNKX081NS1rQnFTUFBOOTFmSm9RUnNSNy1OTWJxQVpJcEtDVmNBdzUyYkxLbzhkWXVYOVVXQ3RDNkxEUUtfQ016WVNfNlV0ekQtTVR2OWJ3QmphU0Z0Q0Vhd0w3RzlYYjVJY3BoY182WkZWdkxBel9vSmRxU1o2b1YyeDNnX2FPd2tRYjZ3R19mM1BnSE5NeGl6TEplcEhGU1FKeDBUVnh5TnhJLXJDZG45WDZEM2N5S29yRV9wOXc1SVpidGppdW5FeGQ3V2RQUzdYdmI0MUxDQ2RRcE5rM09JQVNlUDIwWW95S1pVMjZ5RF9FTkpBU3ZEQ29aQTV5eWtreWtJc0w3ZlhMQjdMLVQ2NlVTNXNLbXIzQVdYSGxCU2xVclJFb0YxUzZTdTdWMjgxQ29GYWFqLTR4LUVaZktPQ1FUSFlqc3daeV9wYUxZak9rYW5VeFotMncifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiZ2Vla3N1bHRkLmNvbSJ9fQ", "signature": "Io-C-UJJGuLT0sDV9bGe4H_u-NYpc1Hxq2jiUhiLxPzxeD4st9HUAZ3sJkUwHrugkbc6lMFSpd6HVwCurdfyBh9H8KgemGNw4T6cWOy1Fz-dqDBSUUdjJwhiAW_yp6jrqEjmjlkepr5p3hV7HVZUtRmZa3LaL67fy3JgzUTmyisUBUqP64rSAf1BUWNpa_VBCo1AF69FG25DHJyDtad9_u6b2NPDM5anifR3hNQH8U_2ujLxd9Ka8R_wR4sdBFRiEBZ3A1fowGdcFLWC7rsCW71PRjuGm52mR356Xljeu0yVkGm2mneAq4K_dZ2mBVP2gaGEX_9t1XBWqIVCIsmkGA"}'
[Fri Sep 28 19:30:12 UTC 2018] _postContentType='application/jose+json'
[Fri Sep 28 19:30:12 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri Sep 28 19:30:13 UTC 2018] _ret='0'
[Fri Sep 28 19:30:13 UTC 2018] original='{
  "identifier": {
    "type": "dns",
    "value": "geeksultd.com"
  },
  "status": "pending",
  "expires": "2018-10-05T19:30:13Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784686[/URL]",
      "token": "Q-blfkB96kUKd3gbB5wN3U9GvuqFN_SIt-u4TIpZ-ZQ"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]",
      "token": "iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784690[/URL]",
      "token": "lXJEsYalEKI340dEei23Hs1jlnfr87aljzFI72V30q8"
    }
  ],
  "combinations": [
    [
      2
    ],
    [
      0
    ],
    [
      1
    ]
  ]
}'
[Fri Sep 28 19:30:13 UTC 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 28 Sep 2018 19:30:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 992
Boulder-Requester: 42937650
Link: <[URL]https://acme-v01.api.letsencrypt.org/acme/new-cert[/URL]>;rel="next"
Location: [URL]https://acme-v01.api.letsencrypt.org/acme/authz/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE[/URL]
Replay-Nonce: jaSSysmEFjaAou5i3L4r3qFHcqKE0qCwKWoAkFU5dvQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 28 Sep 2018 19:30:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Sep 2018 19:30:13 GMT
Connection: keep-alive

'
[Fri Sep 28 19:30:13 UTC 2018] response='{"identifier":{"type":"dns","value":"geeksultd.com"},"status":"pending","expires":"2018-10-05T19:30:13Z","challenges":[{"type":"tls-alpn-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784686[/URL]","token":"Q-blfkB96kUKd3gbB5wN3U9GvuqFN_SIt-u4TIpZ-ZQ"},{"type":"http-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]","token":"iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ"},{"type":"dns-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784690[/URL]","token":"lXJEsYalEKI340dEei23Hs1jlnfr87aljzFI72V30q8"}],"combinations":[[2],[0],[1]]}'
[Fri Sep 28 19:30:13 UTC 2018] code='201'
[Fri Sep 28 19:30:13 UTC 2018] The new-authz request is ok.
[Fri Sep 28 19:30:13 UTC 2018] entry='"type":"http-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]","token":"iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ"'
[Fri Sep 28 19:30:13 UTC 2018] token='iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ'
[Fri Sep 28 19:30:13 UTC 2018] uri='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] keyauthorization='iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM'
[Fri Sep 28 19:30:13 UTC 2018] dvlist='geeksultd.com#iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM#[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688#http-01#/home/nginx/domains/geeksultd.com/public[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] d='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] Getting webroot for domain='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] _w='/home/nginx/domains/geeksultd.com/public'
[Fri Sep 28 19:30:13 UTC 2018] _currentRoot='/home/nginx/domains/geeksultd.com/public'
[Fri Sep 28 19:30:13 UTC 2018] Getting new-authz for domain='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] _init api for server: [URL]https://acme-v01.api.letsencrypt.org/directory[/URL]
[Fri Sep 28 19:30:13 UTC 2018] Try new-authz for the 0 time.
[Fri Sep 28 19:30:13 UTC 2018] _is_idn_d='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] _idn_temp
[Fri Sep 28 19:30:13 UTC 2018] url='[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]"}}'
[Fri Sep 28 19:30:13 UTC 2018] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Fri Sep 28 19:30:13 UTC 2018] Use _CACHED_NONCE='jaSSysmEFjaAou5i3L4r3qFHcqKE0qCwKWoAkFU5dvQ'
[Fri Sep 28 19:30:13 UTC 2018] nonce='jaSSysmEFjaAou5i3L4r3qFHcqKE0qCwKWoAkFU5dvQ'
[Fri Sep 28 19:30:13 UTC 2018] POST
[Fri Sep 28 19:30:13 UTC 2018] _post_url='[URL]https://acme-v01.api.letsencrypt.org/acme/new-authz[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "plSJ_O55-kBqSPPN91fJoQRsR7-NMbqAZIpKCVcAw52bLKo8dYuX9UWCtC6LDQK_CMzYS_6UtzD-MTv9bwBjaSFtCEawL7G9Xb5Icphc_6ZFVvLAz_oJdqSZ6oV2x3g_aOwkQb6wG_f3PgHNMxizLJepHFSQJx0TVxyNxI-rCdn9X6D3cyKorE_p9w5IZbtjiunExd7WdPS7Xvb41LCCdQpNk3OIASeP20YoyKZU26yD_ENJASvDCoZA5yykkykIsL7fXLB7L-T66US5sKmr3AWXHlBSlUrREoF1S6Su7V281CoFaaj-4x-EZfKOCQTHYjswZy_paLYjOkanUxZ-2w"}}, "protected": "eyJub25jZSI6ICJqYVNTeXNtRUZqYUFvdTVpM0w0cjNxRkhjcUtFMHFDd0tXb0FrRlU1ZHZRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJwbFNKX081NS1rQnFTUFBOOTFmSm9RUnNSNy1OTWJxQVpJcEtDVmNBdzUyYkxLbzhkWXVYOVVXQ3RDNkxEUUtfQ016WVNfNlV0ekQtTVR2OWJ3QmphU0Z0Q0Vhd0w3RzlYYjVJY3BoY182WkZWdkxBel9vSmRxU1o2b1YyeDNnX2FPd2tRYjZ3R19mM1BnSE5NeGl6TEplcEhGU1FKeDBUVnh5TnhJLXJDZG45WDZEM2N5S29yRV9wOXc1SVpidGppdW5FeGQ3V2RQUzdYdmI0MUxDQ2RRcE5rM09JQVNlUDIwWW95S1pVMjZ5RF9FTkpBU3ZEQ29aQTV5eWtreWtJc0w3ZlhMQjdMLVQ2NlVTNXNLbXIzQVdYSGxCU2xVclJFb0YxUzZTdTdWMjgxQ29GYWFqLTR4LUVaZktPQ1FUSFlqc3daeV9wYUxZak9rYW5VeFotMncifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAid3d3LmdlZWtzdWx0ZC5jb20ifX0", "signature": "R-mPvrSlXty6UyU8IztS528wNDB6ZP7vmCo8B4rqZBeFQ0P6aASP66FFbFp2r9Aa8V_kJE2tHSIbGVjwqI6EppwdkTVl0COH6i83Py-0kvjPdamQAOnSnji4AGDKkQoLcyId8jYE_VqbEdeRVAFxruAFl8xqx1uLrgo9ARX7zy1SYDpEi2Xwg7lZqZPUPh5P1_hnDQaXrkS0ikYcfSow6NdZjjNn4_Dx7XC9zBz1uSoHPXGxWBfgqikgp87ne5BP1j88vDEXgQr2vGIss7C6NRsU-gwtGvhmvabZJk7ew38Cn8FgbFEi9oCD7UP4s8siVfGWzDadUG-6DpfI7Kqtww"}'
[Fri Sep 28 19:30:13 UTC 2018] _postContentType='application/jose+json'
[Fri Sep 28 19:30:13 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri Sep 28 19:30:13 UTC 2018] _ret='0'
[Fri Sep 28 19:30:13 UTC 2018] original='{
  "identifier": {
    "type": "dns",
    "value": "[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]"
  },
  "status": "pending",
  "expires": "2018-10-05T19:30:13Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]",
      "token": "qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785189[/URL]",
      "token": "0Gv3CCZwDgYugCRjYiKgowDMyEDvNJK87-KrySGUpBo"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785190[/URL]",
      "token": "eHfBuiEo-laaQtkClOS6Ntn8-G2_myX2zscX1ZokAAE"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ],
    [
      2
    ]
  ]
}'
[Fri Sep 28 19:30:13 UTC 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 28 Sep 2018 19:30:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 996
Boulder-Requester: 42937650
Link: <[URL]https://acme-v01.api.letsencrypt.org/acme/new-cert[/URL]>;rel="next"
Location: [URL]https://acme-v01.api.letsencrypt.org/acme/authz/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM[/URL]
Replay-Nonce: HKsrNtzD56knVtXTFktgaHn5Y-ma2Tk6q12Gn_7nZX8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 28 Sep 2018 19:30:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Sep 2018 19:30:13 GMT
Connection: keep-alive

'
[Fri Sep 28 19:30:13 UTC 2018] response='{"identifier":{"type":"dns","value":"[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]"},"status":"pending","expires":"2018-10-05T19:30:13Z","challenges":[{"type":"http-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]","token":"qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM"},{"type":"tls-alpn-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785189[/URL]","token":"0Gv3CCZwDgYugCRjYiKgowDMyEDvNJK87-KrySGUpBo"},{"type":"dns-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785190[/URL]","token":"eHfBuiEo-laaQtkClOS6Ntn8-G2_myX2zscX1ZokAAE"}],"combinations":[[0],[1],[2]]}'
[Fri Sep 28 19:30:13 UTC 2018] code='201'
[Fri Sep 28 19:30:13 UTC 2018] The new-authz request is ok.
[Fri Sep 28 19:30:13 UTC 2018] entry='"type":"http-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]","token":"qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM"'
[Fri Sep 28 19:30:13 UTC 2018] token='qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM'
[Fri Sep 28 19:30:13 UTC 2018] uri='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] keyauthorization='qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM'
[Fri Sep 28 19:30:13 UTC 2018] dvlist='[URL='http://www.geeksultd.com#qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM#https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188#http-01#/home/nginx/domains/geeksultd.com/public']www.geeksultd.com#qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM#https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188#http-01#/home/nginx/domains/geeksultd.com/public[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] d
[Fri Sep 28 19:30:13 UTC 2018] vlist='geeksultd.com#iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM#[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688#http-01#/home/nginx/domains/geeksultd.com/public,www.geeksultd.com#qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM#https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188#http-01#/home/nginx/domains/geeksultd.com/public[/URL],'
[Fri Sep 28 19:30:13 UTC 2018] d='geeksultd.com'
[Fri Sep 28 19:30:13 UTC 2018] d='[URL='http://www.geeksultd.com']www.geeksultd.com[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] ok, let's start to verify
[Fri Sep 28 19:30:13 UTC 2018] Verifying:geeksultd.com
[Fri Sep 28 19:30:13 UTC 2018] d='geeksultd.com'
[Fri Sep 28 19:30:13 UTC 2018] keyauthorization='iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM'
[Fri Sep 28 19:30:13 UTC 2018] uri='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] _currentRoot='/home/nginx/domains/geeksultd.com/public'
[Fri Sep 28 19:30:13 UTC 2018] wellknown_path='/home/nginx/domains/geeksultd.com/public/.well-known/acme-challenge'
[Fri Sep 28 19:30:13 UTC 2018] writing token:iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ to /home/nginx/domains/geeksultd.com/public/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ
[Fri Sep 28 19:30:13 UTC 2018] Changing owner/group of .well-known to nginx:nginx
[Fri Sep 28 19:30:13 UTC 2018] tigger domain validation.
[Fri Sep 28 19:30:13 UTC 2018] _t_url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] _t_key_authz='iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM'
[Fri Sep 28 19:30:13 UTC 2018] url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:13 UTC 2018] payload='{"resource": "challenge", "keyAuthorization": "iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM"}'
[Fri Sep 28 19:30:14 UTC 2018] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Fri Sep 28 19:30:14 UTC 2018] Use _CACHED_NONCE='HKsrNtzD56knVtXTFktgaHn5Y-ma2Tk6q12Gn_7nZX8'
[Fri Sep 28 19:30:14 UTC 2018] nonce='HKsrNtzD56knVtXTFktgaHn5Y-ma2Tk6q12Gn_7nZX8'
[Fri Sep 28 19:30:14 UTC 2018] POST
[Fri Sep 28 19:30:14 UTC 2018] _post_url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:14 UTC 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "plSJ_O55-kBqSPPN91fJoQRsR7-NMbqAZIpKCVcAw52bLKo8dYuX9UWCtC6LDQK_CMzYS_6UtzD-MTv9bwBjaSFtCEawL7G9Xb5Icphc_6ZFVvLAz_oJdqSZ6oV2x3g_aOwkQb6wG_f3PgHNMxizLJepHFSQJx0TVxyNxI-rCdn9X6D3cyKorE_p9w5IZbtjiunExd7WdPS7Xvb41LCCdQpNk3OIASeP20YoyKZU26yD_ENJASvDCoZA5yykkykIsL7fXLB7L-T66US5sKmr3AWXHlBSlUrREoF1S6Su7V281CoFaaj-4x-EZfKOCQTHYjswZy_paLYjOkanUxZ-2w"}}, "protected": "eyJub25jZSI6ICJIS3NyTnR6RDU2a25WdFhURmt0Z2FIbjVZLW1hMlRrNnExMkduXzduWlg4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvWnEtT2lCQjkyVTJrNnEyNlN0Qzc3Tl9OaHNUYmVaY1QzVGtpNUdMQ2dQRS83NzYzNzg0Njg4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAicGxTSl9PNTUta0JxU1BQTjkxZkpvUVJzUjctTk1icUFaSXBLQ1ZjQXc1MmJMS284ZFl1WDlVV0N0QzZMRFFLX0NNellTXzZVdHpELU1Udjlid0JqYVNGdENFYXdMN0c5WGI1SWNwaGNfNlpGVnZMQXpfb0pkcVNaNm9WMngzZ19hT3drUWI2d0dfZjNQZ0hOTXhpekxKZXBIRlNRSngwVFZ4eU54SS1yQ2RuOVg2RDNjeUtvckVfcDl3NUlaYnRqaXVuRXhkN1dkUFM3WHZiNDFMQ0NkUXBOazNPSUFTZVAyMFlveUtaVTI2eURfRU5KQVN2RENvWkE1eXlra3lrSXNMN2ZYTEI3TC1UNjZVUzVzS21yM0FXWEhsQlNsVXJSRW9GMVM2U3U3VjI4MUNvRmFhai00eC1FWmZLT0NRVEhZanN3WnlfcGFMWWpPa2FuVXhaLTJ3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJpS040Q0NZZHQxVkJDdjNfb1ZxTFdoUE04MFpGd3J1SVpNYnlKWFRjM0hRLk1vZUNLTC1QVXlPU2tXUWtmbEp3UWJjZm85eDBJa3RiTkt1ODEtQjdVUE0ifQ", "signature": "OwGfeiUPPWWKQXjCh8BoXkfqJ6Xal942tLoYLZFIwBOoWZO4tDsvgXj0ti0H1p3NzfhTJKpZMD-XhRqxCvKPiKb2NU1R88wvN8v9x7PvHYGqdTsNK7deoyc0HTPrg4InnlraXp287e0F55NMikB05FpwlmUBNpFnR48coFXfmDwWp7rjK9a4Ps8d2bYNbOBIlar6vIU5NjSpW1g--FWpvED0OhB5VB7NrreKBxqU9mptRlJkCIe-g0hEf05eR5uq_DJKxzBopbvcfNlpkM_1V0tpkEdShsIljHNXkBu8PFC7dSTkIhFhy__A1PrYDR0CRHveizM0mkHXopDIr_Fccw"}'
[Fri Sep 28 19:30:14 UTC 2018] _postContentType='application/jose+json'
[Fri Sep 28 19:30:14 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri Sep 28 19:30:14 UTC 2018] _ret='0'
[Fri Sep 28 19:30:14 UTC 2018] original='{
  "type": "http-01",
  "status": "pending",
  "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]",
  "token": "iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ",
  "keyAuthorization": "iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM"
}'
[Fri Sep 28 19:30:14 UTC 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 28 Sep 2018 19:30:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 42937650
Link: <[URL]https://acme-v01.api.letsencrypt.org/acme/authz/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE[/URL]>;rel="up"
Location: [URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]
Replay-Nonce: W9WVqd49t2avv-y20W7D4WYr0ofY2xpezlz9H4hklXs
Expires: Fri, 28 Sep 2018 19:30:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Sep 2018 19:30:14 GMT
Connection: keep-alive

'
[Fri Sep 28 19:30:14 UTC 2018] response='{"type":"http-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]","token":"iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ","keyAuthorization":"iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM"}'
[Fri Sep 28 19:30:14 UTC 2018] code='202'
[Fri Sep 28 19:30:14 UTC 2018] sleep 2 secs to verify
[Fri Sep 28 19:30:16 UTC 2018] checking
[Fri Sep 28 19:30:16 UTC 2018] GET
[Fri Sep 28 19:30:16 UTC 2018] url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:16 UTC 2018] timeout=
[Fri Sep 28 19:30:16 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri Sep 28 19:30:16 UTC 2018] ret='0'
[Fri Sep 28 19:30:16 UTC 2018] original='{
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Invalid response from [URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e300 Multiple Choices\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eMultiple C\"",
    "status": 403
  },
  "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]",
  "token": "iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ",
  "validationRecord": [
    {
      "url": "[URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]",
      "hostname": "geeksultd.com",
      "port": "80",
      "addressesResolved": [
        "144.202.101.170",
        "2607:f1c0:1000:90aa:cc09:4c40:2418:182d"
      ],
      "addressUsed": "2607:f1c0:1000:90aa:cc09:4c40:2418:182d"
    }
  ]
}'
[Fri Sep 28 19:30:16 UTC 2018] response='{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from [URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e300 Multiple Choices\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eMultiple C\"","status": 403},"uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]","token":"iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ","validationRecord":[{"url":"[URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]","hostname":"geeksultd.com","port":"80","addressesResolved":["144.202.101.170","2607:f1c0:1000:90aa:cc09:4c40:2418:182d"],"addressUsed":"2607:f1c0:1000:90aa:cc09:4c40:2418:182d"}]}'
[Fri Sep 28 19:30:16 UTC 2018] error='"error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from [URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]: '
[Fri Sep 28 19:30:16 UTC 2018] errordetail='Invalid response from [URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]: '
[Fri Sep 28 19:30:16 UTC 2018] geeksultd.com:Verify error:Invalid response from [URL]http://geeksultd.com/.well-known/acme-challenge/iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ[/URL]:
[Fri Sep 28 19:30:16 UTC 2018] pid
[Fri Sep 28 19:30:16 UTC 2018] No need to restore nginx, skip.
[Fri Sep 28 19:30:16 UTC 2018] _clearupdns
[Fri Sep 28 19:30:16 UTC 2018] skip dns.
[Fri Sep 28 19:30:16 UTC 2018] _on_issue_err
[Fri Sep 28 19:30:16 UTC 2018] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-280918-193005.log
[Fri Sep 28 19:30:16 UTC 2018] _chk_vlist='geeksultd.com#iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM#[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688#http-01#/home/nginx/domains/geeksultd.com/public,www.geeksultd.com#qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM#https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188#http-01#/home/nginx/domains/geeksultd.com/public[/URL],'
[Fri Sep 28 19:30:16 UTC 2018] start to deactivate authz
[Fri Sep 28 19:30:16 UTC 2018] tigger domain validation.
[Fri Sep 28 19:30:16 UTC 2018] _t_url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:16 UTC 2018] _t_key_authz='iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM'
[Fri Sep 28 19:30:16 UTC 2018] url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:16 UTC 2018] payload='{"resource": "challenge", "keyAuthorization": "iKN4CCYdt1VBCv3_oVqLWhPM80ZFwruIZMbyJXTc3HQ.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM"}'
[Fri Sep 28 19:30:16 UTC 2018] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Fri Sep 28 19:30:16 UTC 2018] Use _CACHED_NONCE='W9WVqd49t2avv-y20W7D4WYr0ofY2xpezlz9H4hklXs'
[Fri Sep 28 19:30:16 UTC 2018] nonce='W9WVqd49t2avv-y20W7D4WYr0ofY2xpezlz9H4hklXs'
[Fri Sep 28 19:30:16 UTC 2018] POST
[Fri Sep 28 19:30:16 UTC 2018] _post_url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Zq-OiBB92U2k6q26StC77N_NhsTbeZcT3Tki5GLCgPE/7763784688[/URL]'
[Fri Sep 28 19:30:16 UTC 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "plSJ_O55-kBqSPPN91fJoQRsR7-NMbqAZIpKCVcAw52bLKo8dYuX9UWCtC6LDQK_CMzYS_6UtzD-MTv9bwBjaSFtCEawL7G9Xb5Icphc_6ZFVvLAz_oJdqSZ6oV2x3g_aOwkQb6wG_f3PgHNMxizLJepHFSQJx0TVxyNxI-rCdn9X6D3cyKorE_p9w5IZbtjiunExd7WdPS7Xvb41LCCdQpNk3OIASeP20YoyKZU26yD_ENJASvDCoZA5yykkykIsL7fXLB7L-T66US5sKmr3AWXHlBSlUrREoF1S6Su7V281CoFaaj-4x-EZfKOCQTHYjswZy_paLYjOkanUxZ-2w"}}, "protected": "eyJub25jZSI6ICJXOVdWcWQ0OXQyYXZ2LXkyMFc3RDRXWXIwb2ZZMnhwZXpsejlINGhrbFhzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvWnEtT2lCQjkyVTJrNnEyNlN0Qzc3Tl9OaHNUYmVaY1QzVGtpNUdMQ2dQRS83NzYzNzg0Njg4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAicGxTSl9PNTUta0JxU1BQTjkxZkpvUVJzUjctTk1icUFaSXBLQ1ZjQXc1MmJMS284ZFl1WDlVV0N0QzZMRFFLX0NNellTXzZVdHpELU1Udjlid0JqYVNGdENFYXdMN0c5WGI1SWNwaGNfNlpGVnZMQXpfb0pkcVNaNm9WMngzZ19hT3drUWI2d0dfZjNQZ0hOTXhpekxKZXBIRlNRSngwVFZ4eU54SS1yQ2RuOVg2RDNjeUtvckVfcDl3NUlaYnRqaXVuRXhkN1dkUFM3WHZiNDFMQ0NkUXBOazNPSUFTZVAyMFlveUtaVTI2eURfRU5KQVN2RENvWkE1eXlra3lrSXNMN2ZYTEI3TC1UNjZVUzVzS21yM0FXWEhsQlNsVXJSRW9GMVM2U3U3VjI4MUNvRmFhai00eC1FWmZLT0NRVEhZanN3WnlfcGFMWWpPa2FuVXhaLTJ3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJpS040Q0NZZHQxVkJDdjNfb1ZxTFdoUE04MFpGd3J1SVpNYnlKWFRjM0hRLk1vZUNLTC1QVXlPU2tXUWtmbEp3UWJjZm85eDBJa3RiTkt1ODEtQjdVUE0ifQ", "signature": "oeYFljjDev7wGGSxSsZ00TydaH0dCeakGxpMWjJYliimF4dhRzxVCiFr0kSRStpVKbSPcQgbo0RzVRXNN0zHtoa-zDLsz9Yo9bj0kWetKJbCHJ48OkC8QNoOu1evYoGDjkOLnEurHvhKdsWUyKpSLZsSigHBhYlKHg5B-DlyS2Qk5MAG-AthQZD9DyKMyOd0f9aaUQkDRKu45zwm9lZDe4Hjyz4Yc_JBDVGJ-C5q98c3WpgUJNpqOKqOf6GMhG7UExlIt0Y-it-IclyDhXYRCLxyBn_K2KajeMjf09DsVxP8vVU41-p2gpISt9xBYq84bMLaq0sb8ec7yRlK32c73w"}'
[Fri Sep 28 19:30:16 UTC 2018] _postContentType='application/jose+json'
[Fri Sep 28 19:30:16 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri Sep 28 19:30:17 UTC 2018] _ret='0'
[Fri Sep 28 19:30:17 UTC 2018] original='{
  "type": "urn:acme:error:malformed",
  "detail": "Unable to update challenge :: The challenge is not pending.",
  "status": 400
}'
[Fri Sep 28 19:30:17 UTC 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 28 Sep 2018 19:30:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 400 Bad Request
Server: nginx
Content-Type: application/problem+json
Content-Length: 132
Boulder-Requester: 42937650
Replay-Nonce: _D51mEYVP7FprzoGMTuSR9nGGviWK_d0G_d6d2qtuN8
Expires: Fri, 28 Sep 2018 19:30:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Sep 2018 19:30:17 GMT
Connection: close

'
[Fri Sep 28 19:30:17 UTC 2018] response='{"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: The challenge is not pending.","status": 400}'
[Fri Sep 28 19:30:17 UTC 2018] code='400'
[Fri Sep 28 19:30:17 UTC 2018] tigger domain validation.
[Fri Sep 28 19:30:17 UTC 2018] _t_url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]'
[Fri Sep 28 19:30:17 UTC 2018] _t_key_authz='qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM'
[Fri Sep 28 19:30:17 UTC 2018] url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]'
[Fri Sep 28 19:30:17 UTC 2018] payload='{"resource": "challenge", "keyAuthorization": "qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM"}'
[Fri Sep 28 19:30:17 UTC 2018] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Fri Sep 28 19:30:17 UTC 2018] Use _CACHED_NONCE='_D51mEYVP7FprzoGMTuSR9nGGviWK_d0G_d6d2qtuN8'
[Fri Sep 28 19:30:17 UTC 2018] nonce='_D51mEYVP7FprzoGMTuSR9nGGviWK_d0G_d6d2qtuN8'
[Fri Sep 28 19:30:17 UTC 2018] POST
[Fri Sep 28 19:30:17 UTC 2018] _post_url='[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]'
[Fri Sep 28 19:30:17 UTC 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "plSJ_O55-kBqSPPN91fJoQRsR7-NMbqAZIpKCVcAw52bLKo8dYuX9UWCtC6LDQK_CMzYS_6UtzD-MTv9bwBjaSFtCEawL7G9Xb5Icphc_6ZFVvLAz_oJdqSZ6oV2x3g_aOwkQb6wG_f3PgHNMxizLJepHFSQJx0TVxyNxI-rCdn9X6D3cyKorE_p9w5IZbtjiunExd7WdPS7Xvb41LCCdQpNk3OIASeP20YoyKZU26yD_ENJASvDCoZA5yykkykIsL7fXLB7L-T66US5sKmr3AWXHlBSlUrREoF1S6Su7V281CoFaaj-4x-EZfKOCQTHYjswZy_paLYjOkanUxZ-2w"}}, "protected": "eyJub25jZSI6ICJfRDUxbUVZVlA3RnByem9HTVR1U1I5bkdHdmlXS19kMEdfZDZkMnF0dU44IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvQmIxeTRoU3B5Z2pGSF9Sd0xDN2lqQUF1VHVKNmFzZk1fWTVBQW9LRjNBTS83NzYzNzg1MTg4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAicGxTSl9PNTUta0JxU1BQTjkxZkpvUVJzUjctTk1icUFaSXBLQ1ZjQXc1MmJMS284ZFl1WDlVV0N0QzZMRFFLX0NNellTXzZVdHpELU1Udjlid0JqYVNGdENFYXdMN0c5WGI1SWNwaGNfNlpGVnZMQXpfb0pkcVNaNm9WMngzZ19hT3drUWI2d0dfZjNQZ0hOTXhpekxKZXBIRlNRSngwVFZ4eU54SS1yQ2RuOVg2RDNjeUtvckVfcDl3NUlaYnRqaXVuRXhkN1dkUFM3WHZiNDFMQ0NkUXBOazNPSUFTZVAyMFlveUtaVTI2eURfRU5KQVN2RENvWkE1eXlra3lrSXNMN2ZYTEI3TC1UNjZVUzVzS21yM0FXWEhsQlNsVXJSRW9GMVM2U3U3VjI4MUNvRmFhai00eC1FWmZLT0NRVEhZanN3WnlfcGFMWWpPa2FuVXhaLTJ3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJxTGhUS1RBTGd4T21pZVNIaHExbGRNb1JzMWwxdS1abk9uNloydHYtY0hNLk1vZUNLTC1QVXlPU2tXUWtmbEp3UWJjZm85eDBJa3RiTkt1ODEtQjdVUE0ifQ", "signature": "V5hALkQyr4LsnMb4y4YtcTVK9jkGzBOKMAgNozMQ2drrtVWhNhJqXfju5q7lqtC6iNceveeMn06Ps81nwfjZy5MPaZ3pMgDsRaMCmqPQ5mHXYa0PrqOyorRnLhmxyfALHKDq0zQ-hejfLiGkOR7yJ7YozaAkKKoBlqsxJ6IXAgtZkyGt14OqLFp6Xg1eFEsUsHi4O6udrKxVvUHspKjTCdm7zBp3aximXOzDhu78JlZOmMoIP7UnzvE4lOypwsW1Bs8k0BpkhmFsqaKCjFGIVKj_ACt3hp8X-BpVj6c_1gQNCWz5UlS75K53oVb5foyXMAjcw4ZEoDq-6Jv3lFDHFA"}'
[Fri Sep 28 19:30:17 UTC 2018] _postContentType='application/jose+json'
[Fri Sep 28 19:30:17 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fri Sep 28 19:30:17 UTC 2018] _ret='0'
[Fri Sep 28 19:30:17 UTC 2018] original='{
  "type": "http-01",
  "status": "pending",
  "uri": "[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]",
  "token": "qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM",
  "keyAuthorization": "qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM"
}'
[Fri Sep 28 19:30:17 UTC 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Fri, 28 Sep 2018 19:30:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 42937650
Link: <[URL]https://acme-v01.api.letsencrypt.org/acme/authz/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM[/URL]>;rel="up"
Location: [URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]
Replay-Nonce: GvBxGRPwlZ0BCtL-ots_4zpo3JM02W527TUxeT--DsA
Expires: Fri, 28 Sep 2018 19:30:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Sep 2018 19:30:17 GMT
Connection: keep-alive

'
[Fri Sep 28 19:30:17 UTC 2018] response='{"type":"http-01","status":"pending","uri":"[URL]https://acme-v01.api.letsencrypt.org/acme/challenge/Bb1y4hSpygjFH_RwLC7ijAAuTuJ6asfM_Y5AAoKF3AM/7763785188[/URL]","token":"qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM","keyAuthorization":"qLhTKTALgxOmieSHhq1ldMoRs1l1u-ZnOn6Z2tv-cHM.MoeCKL-PUyOSkWQkflJwQbcfo9x0IktbNKu81-B7UPM"}'
[Fri Sep 28 19:30:17 UTC 2018] code='202'
[Fri Sep 28 19:36:26 UTC 2018] ACME_DIRECTORY='[URL]https://acme-v01.api.letsencrypt.org/directory[/URL]'
[Fri Sep 28 19:36:26 UTC 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Fri Sep 28 19:36:26 UTC 2018] It is recommended to install socat first.
[Fri Sep 28 19:36:26 UTC 2018] We use socat for standalone server if you use standalone mode.
[Fri Sep 28 19:36:26 UTC 2018] If you don't use standalone mode, just ignore this warning.
[Fri Sep 28 19:36:26 UTC 2018] Installing to /root/.acme.sh
[Fri Sep 28 19:36:26 UTC 2018] Installed to /root/.acme.sh/acme.sh
[Fri Sep 28 19:36:26 UTC 2018] Using config home:/root/.acme.sh
[Fri Sep 28 19:36:26 UTC 2018] ACME_DIRECTORY='[URL]https://acme-v01.api.letsencrypt.org/directory[/URL]'
[Fri Sep 28 19:36:26 UTC 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Fri Sep 28 19:36:26 UTC 2018] options='/^export LE_CONFIG_HOME/d'
[Fri Sep 28 19:36:26 UTC 2018] Using sed  -i
[Fri Sep 28 19:36:26 UTC 2018] Found profile: /root/.bashrc
[Fri Sep 28 19:36:26 UTC 2018] Installing alias to '/root/.bashrc'
[Fri Sep 28 19:36:26 UTC 2018] OK, Close and reopen your terminal to start using acme.sh
[Fri Sep 28 19:36:26 UTC 2018] Installing alias to '/root/.cshrc'
[Fri Sep 28 19:36:26 UTC 2018] options='/^setenv LE_CONFIG_HOME/d'
[Fri Sep 28 19:36:26 UTC 2018] Using sed  -i
[Fri Sep 28 19:36:26 UTC 2018] Installing alias to '/root/.tcshrc'
[Fri Sep 28 19:36:26 UTC 2018] Using config home:/root/.acme.sh
[Fri Sep 28 19:36:26 UTC 2018] ACME_DIRECTORY='[URL]https://acme-v01.api.letsencrypt.org/directory[/URL]'
[Fri Sep 28 19:36:26 UTC 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Fri Sep 28 19:36:26 UTC 2018] Installing cron job
[Fri Sep 28 19:36:26 UTC 2018] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Sep 28 19:36:26 UTC 2018] OK
[Fri Sep 28 19:36:27 UTC 2018] LE_WORKING_DIR='/root/.acme.sh'
[Fri Sep 28 19:36:27 UTC 2018] Creating domain key
[Fri Sep 28 19:36:27 UTC 2018] Using config home:/root/.acme.sh
[Fri Sep 28 19:36:27 UTC 2018] ACME_DIRECTORY='[URL]https://acme-v01.api.letsencrypt.org/directory[/URL]'
[Fri Sep 28 19:36:27 UTC 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Fri Sep 28 19:36:27 UTC 2018] DOMAIN_PATH='/root/.acme.sh/geeksultd.com'
[Fri Sep 28 19:36:27 UTC 2018] _createkey for file:/root/.acme.sh/geeksultd.com/geeksultd.com.key
[Fri Sep 28 19:36:27 UTC 2018] Use length 2048
[Fri Sep 28 19:36:27 UTC 2018] Using RSA: 2048
[Fri Sep 28 19:36:27 UTC 2018] The domain key is here: /root/.acme.sh/geeksultd.com/geeksultd.com.key

eva2000 · Sep 29, 2018

FYI, for posting code or output from commands to keep the formatting and prevent parsing of domain names, you might want to use CODE tags for code How to use forum BBCODE code tags I updated your post to wrap your output in CODEB tags though domains already got parsed so messes with output.

Which of the acmetool.sh options did you run ? the ./acmetool.sh reissue domainname lived one ?
Code (Text):
 ./acmetool.sh {acme-menu|acmeinstall|acmeupdate|acmesetup|manual|issue|reissue|renew|certonly-issue|s3issue|s3reissue|s3renew|renewall|checkdates|checkdomains}

 Usage Commands: 
 ./acmetool.sh acme-menu
 ./acmetool.sh acmeinstall
 ./acmetool.sh acmeupdate
 ./acmetool.sh acmesetup
 ./acmetool.sh manual
 ./acmetool.sh issue domainname
 ./acmetool.sh issue domainname d
 ./acmetool.sh issue domainname live
 ./acmetool.sh issue domainname lived
 ./acmetool.sh reissue domainname
 ./acmetool.sh reissue domainname d
 ./acmetool.sh reissue domainname live
 ./acmetool.sh reissue domainname lived
 ./acmetool.sh renew domainname
 ./acmetool.sh renew domainname d
 ./acmetool.sh renew domainname live
 ./acmetool.sh renew domainname lived
 ./acmetool.sh webroot-issue domainname /path/to/custom/webroot
 ./acmetool.sh webroot-issue domainname /path/to/custom/webroot d
 ./acmetool.sh webroot-issue domainname /path/to/custom/webroot live
 ./acmetool.sh webroot-issue domainname /path/to/custom/webroot lived
 ./acmetool.sh webroot-reissue domainname /path/to/custom/webroot
 ./acmetool.sh webroot-reissue domainname /path/to/custom/webroot d
 ./acmetool.sh webroot-reissue domainname /path/to/custom/webroot live
 ./acmetool.sh webroot-reissue domainname /path/to/custom/webroot lived
 ./acmetool.sh webroot-renew domainname /path/to/custom/webroot
 ./acmetool.sh webroot-renew domainname /path/to/custom/webroot d
 ./acmetool.sh webroot-renew domainname /path/to/custom/webroot live
 ./acmetool.sh webroot-renew domainname /path/to/custom/webroot lived
 ./acmetool.sh certonly-issue domainname
 ./acmetool.sh certonly-issue domainname live
 ./acmetool.sh s3issue domainname
 ./acmetool.sh s3issue domainname d
 ./acmetool.sh s3issue domainname live
 ./acmetool.sh s3issue domainname lived
 ./acmetool.sh s3reissue domainname
 ./acmetool.sh s3reissue domainname d
 ./acmetool.sh s3reissue domainname live
 ./acmetool.sh s3reissue domainname lived
 ./acmetool.sh s3renew domainname
 ./acmetool.sh s3renew domainname d
 ./acmetool.sh s3renew domainname live
 ./acmetool.sh s3renew domainname lived
 ./acmetool.sh renewall
 ./acmetool.sh renewall live
 ./acmetool.sh renewall lived
 ./acmetool.sh checkdates
 ./acmetool.sh checkdomains
When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf

Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com

Vhost public web root will be at /home/nginx/domains/newdomain.com/public

Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

what is output of these commands in ssh
Code (Text):
curl -I https://domain.com
Code (Text):
curl -I https://www.domain.com
Code (Text):
curl -I http://domain.com
Code (Text):
curl -I http://www.domain.com
wrap output in CODE tags

UsmanGTA · Sep 29, 2018

I chose option 6 and then 4 when in ./acmetool.sh acme-menu

This is the output of the CURL commands you told me to check.

I installed my website via centmin.sh menu #22 without the custom_config.ini. But since I had SSL issues, I tried to get the certificate with acme menu at first. Then, I wasn't able to get it. So I chose option 6 and 4 the next time in acme menu... and now we're here...

Code (Text):

[21:10][[email protected] ~]# curl -I https://geeksultd.com
curl: (35) Encountered end of file
[21:10][[email protected] ~]# curl -I https://www.geeksultd.com
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
[21:10][[email protected] ~]# curl -I http://www.geeksultd.com
HTTP/1.1 302 Moved Temporarily
Date: Fri, 28 Sep 2018 21:11:03 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://geeksultd.com/
Server: nginx centminmod
X-Powered-By: centminmod

[21:11][[email protected] ~]# curl -I http://geeksultd.com
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 229
Connection: keep-alive
Keep-Alive: timeout=15
Date: Fri, 28 Sep 2018 21:11:15 GMT
Server: Apache
Last-Modified: Sun, 18 Oct 2015 08:10:44 GMT
ETag: "e5-5225c90ba7e4f"
Accept-Ranges: bytes

[21:11][[email protected] ~]#

eva2000 · Sep 29, 2018

UsmanGTA said: ↑

I chose option 6 and then 4 when in ./acmetool.sh acme-menu
Click to expand...

you mean the 1st option listed from these ?
Code (Text):
 ./acmetool.sh issue domainname
 ./acmetool.sh issue domainname d
 ./acmetool.sh issue domainname live
 ./acmetool.sh issue domainname lived
 ./acmetool.sh reissue domainname
 ./acmetool.sh reissue domainname d
 ./acmetool.sh reissue domainname live
 ./acmetool.sh reissue domainname lived
the options listed without word live/lived are for non-trusted staging test letsencrypt certs as outlined at Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 while options with words live/lived are for live trusted letsencrypt ssl certs. These menu options are still in beta hence why acmetool.sh is disabled by default due to beta testing not having enough user test/feedback to test for every conceivable bug.

Sounds like you have messed up your wordpress install (via centmin.sh menu option 22) and it's https configuration by choosing the wrong options in acmetool.sh and/or it having now messed up your wordpress nginx site vhost to the point of not being able to validate domain for letsencrypt ssl cert issuance.

If the wordpress site can be reinstalled data file/database wise, the easiest fix would be to uninstall the wordpress nginx vhost site via the centmin.sh menu option 22 generated site uninstaller and try proper centmin.sh menu option 22 run with LETSENCRYPT_DETECT='y' set in persistent config file /etc/centminmod/custom_config.inc prior to running centmin.sh menu option 22

Every centmin.sh menu option 22 run has an accompanying uninstall script at /root/tools/wp_uninstall_${vhostname}.sh where ${vhostname} = your domain name. You can run that to uninstall almost everything except mysql database which you have to manually remove yourself - extra precaution in case you accidentally run the wrong uninstall script.

UsmanGTA · Sep 29, 2018

I ran the following commands
./acmetool.sh acme-menu
6
4

That's it.... I have my databased and stuff backed up...

UsmanGTA · Sep 29, 2018

I just uninstalled it... And then set the /etc/centminmod/custom_config.inc with the following single line LETSENCRYPT_DETECT='y'

Did that, re-ran centmin.sh, then chose option 22... Still having the same issue

Code (Text):

Enter option [ 1 - 24 ] 22
--------------------------------------------------------
------------------------------------------------------------
Update wp-cli tool
------------------------------------------------------------
updating...
-------------------------------------------------------------
update wp-cli packages
Using Composer to update packages...
---
Loading composer repositories with package information
Updating dependencies
Resolving dependencies through SAT
Looking at all rules.
Something's changed, looking at all rules again (pass #1)

Dependency resolution completed in 0.009 seconds
Analyzed 1369 packages to resolve dependencies
Analyzed 24859 rules to resolve dependencies
Nothing to install or update
Generating autoload files
---
Success: Packages updated.
-------------------------------------------------------------
update wp-cli
2018-09-28 22:10:36 URL:https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar [5366981/5366981] -> "/usr/bin/wp" [1]
OS:     Linux 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
Shell:  /bin/bash
PHP binary:     /usr/local/bin/php
PHP version:    7.2.10
php.ini used:   /usr/local/lib/php.ini
WP-CLI root dir:        phar://wp-cli.phar/vendor/wp-cli/wp-cli
WP-CLI vendor dir:      phar://wp-cli.phar/vendor
WP_CLI phar path:       /usr/local/src/centminmod/addons
WP-CLI packages dir:    /root/.wp-cli/packages/
WP-CLI global config:
WP-CLI project config:
WP-CLI version: 2.0.1

-------------------------------------------------------------
wp-cli update completed
Read http://wp-cli.org/ for full usage info
-------------------------------------------------------------


-------------------------------------------------------------
Setup full Nginx vhost + Wordpress + WP Plugins
-------------------------------------------------------------

---------------------------------------------------------------
Important Information
---------------------------------------------------------------

You are about to create an Wordpress based Nginx vhost site with
or without HTTPS/SSL support.
Also read the continually updated Getting Started Guide
at centminmod.com/getstarted.html if you haven't already
---------------------------------------------------------------
403 Permission denied message handling
if after vhost site setup you encounter 403 permission denied errors,
check https://community.centminmod.com/threads/11215/ to see if your
site needs tools/autoprotect.sh tweaking & whitelisting
---------------------------------------------------------------

Do you want to continue with Nginx vhost site creation ? [y/n] y

Enter vhost domain name you want to add (without www. prefix): geeksultd.com

Create a self-signed SSL certificate Nginx vhost? [y/n]: y
Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y

You have 4 options:
1. issue staging test cert with HTTP + HTTPS (untrusted)
2. issue staging test cert with HTTPS default (untrusted)
3. issue live cert with HTTP + HTTPS (trusted)
4. issue live cert with HTTPS default (trusted)
Enter option number 1-4: 4

Theme Setup:
Install CyberChimps Responsive Theme (cyberchimps.com/responsive-theme/) [y/n]: n

Wordpress Setup:
Set custom WP Admin Display Name ? [y/n]: n
Install Wordpress in subdirectory /blog ? [y/n]: n
Disable Auto Generated WP Admin Username / Password ? [y/n]: n
Disable wp-login.php password protection ? (less security) [y/n]: y
Enter email address for Admin User for Wordpress Installation: HIDDEN

Default is to install KeyCDN WP Cache Enabler Plugin
as it's more stable and reliable than WP Super Cache.
Redis cache may have issues with caching due to long 6hr cache TTL
You can select which caching method to use below:

--------------------------------------------------------
        Wordpress Caching
--------------------------------------------------------
1). KeyCDN Cache Enabler (default & recommended)
2). Redis Nginx Level Caching (may have issues with some wp plugins)
3). Wordpress Super Cache
--------------------------------------------------------
Enter option [ 1 - 3 ] 2

Create FTP username for vhost domain (enter username): HIDDEN
Do you want to auto generate FTP password (recommended) [y/n]: n
Create FTP password for HIDDEN (enter password): --------------

FTP username you entered: HIDDEN
FTP password you entered: -------------

Password:
Enter it again:
---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------

---------------------------------------------------------------
Generating self signed SSL certificate...
CSR file can also be used to be submitted for paid SSL certificates
If using for paid SSL certificates be sure to keep both private key and CSR safe
creating CSR File: geeksultd.com.csr
creating private key: geeksultd.com.key
creating self-signed SSL certificate: geeksultd.com.crt
Generating a 2048 bit RSA private key
........+++
.................................................................+++
writing new private key to 'geeksultd.com.key'
-----
Signature ok
subject=/C=US/ST=California/L=Los Angeles/O=geeksultd.com/OU=geeksultd.com/CN=geeksultd.com
Getting Private key

---------------------------------------------------------------
Copy/setup dhparam.pem file...
------------------------------------------------------------
Setup Wordpress + Redis Nginx Level Cache for geeksultd.com
------------------------------------------------------------

Using full static page caching may cause problems for mobile & tablet device
visitors depending on your WP themes used so you may want to exclude those

Do you want to exclude mobile/tablet devices from Cache Enabler caching ? [y/n]: y
Downloading WordPress 4.9.8 (en_US)...
Using cached file '/root/.wp-cli/cache/core/wordpress-4.9.8-en_US.tar.gz'...
Success: WordPress downloaded.
Success: Generated 'wp-config.php' file.
13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1
0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null
#*/15 * * * * sleep 163s ; wget -O - -q -t 1 http://rummaninternational.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1
0 */8 * * * sleep 184s ;/root/tools/wp_updater_rummaninternational.com.sh >/dev/null 2>&1
5 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
#*/15 * * * * sleep 266s ; wget -O - -q -t 1 http://geeksultd.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1
Success: WordPress installed successfully.
Success: Rewrite rules flushed.
Success: Rewrite structure set.
------------------------------------------------------------
Installing Nginx Helper (1.9.12)
Downloading installation package from https://downloads.wordpress.org/plugin/nginx-helper.1.9.12.zip...
Using cached file '/root/.wp-cli/cache/plugin/nginx-helper-1.9.12.zip'...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'nginx-helper'...
Plugin 'nginx-helper' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
------------------------------------------------------------
Installing Sucuri Security – Auditing, Malware Scanner and Security Hardening (1.8.18)
Downloading installation package from https://downloads.wordpress.org/plugin/sucuri-scanner.1.8.18.zip...
Using cached file '/root/.wp-cli/cache/plugin/sucuri-scanner-1.8.18.zip'...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'sucuri-scanner'...
Plugin 'sucuri-scanner' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
Installing Disable XML-RPC (1.0.1)
Downloading installation package from https://downloads.wordpress.org/plugin/disable-xml-rpc.1.0.1.zip...
Using cached file '/root/.wp-cli/cache/plugin/disable-xml-rpc-1.0.1.zip'...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'disable-xml-rpc'...
Plugin 'disable-xml-rpc' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
Installing CDN Enabler – WordPress CDN Plugin (1.0.8)
Downloading installation package from https://downloads.wordpress.org/plugin/cdn-enabler.zip...
Using cached file '/root/.wp-cli/cache/plugin/cdn-enabler-1.0.8.zip'...
Unpacking the package...
Installing the plugin...
Plugin installed successfully.
Activating 'cdn-enabler'...
Plugin 'cdn-enabler' activated.
Success: Installed 1 of 1 plugins.
------------------------------------------------------------
Uninstalled and deleted 'hello' plugin.
Success: Uninstalled 1 of 1 plugins.
Success: Plugin already updated.

5 installed plugins:
  I akismet         4.0.8
  A cdn-enabler     1.0.8
  A disable-xml-rpc 1.0.1
  A nginx-helper    1.9.12
  A sucuri-scanner  1.8.18

Legend: I = Inactive, A = Active
------------------------------------------------------------
total 8.0K
drwxr-sr-x 2 nginx nginx 4.0K Sep 28 22:13 .
drwxr-s--- 8 nginx nginx 4.0K Sep 28 22:13 ..
<?php exit(0); ?>
{"sucuriscan_selfhosting_monitor":"disabled","sucuriscan_selfhosting_fpath":"","sucuriscan_api_service":"enabled","sucuriscan_notify_to":"[email protected]","sucuriscan_notify_plugin_activated":"enabled","sucuriscan_addr_header":"HTTP_X_SUCURI_CLIENTIP","sucuriscan_prettify_mails":"disabled","sucuriscan_emails_per_hour":5,"sucuriscan_last_email_at":1538172831,"sucuriscan_emails_sent":3,"sucuriscan_timezone":"UTC+00.00","sucuriscan_email_subject":"Sucuri Alert, :domain, :event, :remoteaddr","sucuriscan_use_wpmail":"enabled","sucuriscan_lastlogin_redirection":"enabled","sucuriscan_revproxy":"disabled","sucuriscan_datastore_path":"\/home\/nginx\/domains\/geeksultd.com\/sucuri_data_storage"}
------------------------------------------------------------
Created uninstall script
/root/tools/wp_uninstall_geeksultd.com.sh
------------------------------------------------------------
------------------------------------------------------------
Created wp_updater_geeksultd.com.sh script
/root/tools/wp_updater_geeksultd.com.sh
------------------------------------------------------------
263
26
783
78
calculated 783
calculated 78
final 783
final 78
13 23 * * * /usr/local/src/centminmod/tools/autoprotect.sh >/dev/null 2>&1
0 */4 * * * /usr/bin/cminfo_updater 2>/dev/null
#*/15 * * * * sleep 163s ; wget -O - -q -t 1 http://rummaninternational.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1
0 */8 * * * sleep 184s ;/root/tools/wp_updater_rummaninternational.com.sh >/dev/null 2>&1
5 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
#*/15 * * * * sleep 266s ; wget -O - -q -t 1 http://geeksultd.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1
0 */8 * * * sleep 783s ;/root/tools/wp_updater_geeksultd.com.sh >/dev/null 2>&1

-------------------------------------------------------------
generated nginx include file [same]: /usr/local/nginx/conf/autoprotect/demodomain.com/autoprotect-demodomain.com.conf
generated nginx include file [diff]: /usr/local/nginx/conf/autoprotect/geeksultd.com/autoprotect-geeksultd.com.conf
generated nginx include file [diff]: /usr/local/nginx/conf/autoprotect/rummaninternational.com/autoprotect-rummaninternational.com.conf

autoprotect.sh run completed...

Reloading nginx configuration (via systemctl):  [  OK  ]
service nginx reload
Reloading nginx configuration (via systemctl):  [  OK  ]
service php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm  done
systemctl restart pure-ftpd.service

-------------------------------------------------------------
ok: /usr/local/src/centminmod/addons/acmetool.sh
/usr/local/src/centminmod/addons/acmetool.sh issue geeksultd.com wplived

-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://centminmod.com/acmetool
-------------------------------------------------

continue [y/n] ? y

-----------------------------------------------------
updating acme.sh client...
-----------------------------------------------------
Cloning into 'acme.sh'...
[Fri Sep 28 22:14:07 UTC 2018] It is recommended to install socat first.
[Fri Sep 28 22:14:07 UTC 2018] We use socat for standalone server if you use standalone mode.
[Fri Sep 28 22:14:07 UTC 2018] If you don't use standalone mode, just ignore this warning.
[Fri Sep 28 22:14:07 UTC 2018] Installing to /root/.acme.sh
[Fri Sep 28 22:14:07 UTC 2018] Installed to /root/.acme.sh/acme.sh
[Fri Sep 28 22:14:07 UTC 2018] Installing alias to '/root/.bashrc'
[Fri Sep 28 22:14:07 UTC 2018] OK, Close and reopen your terminal to start using acme.sh
[Fri Sep 28 22:14:07 UTC 2018] Installing alias to '/root/.cshrc'
[Fri Sep 28 22:14:07 UTC 2018] Installing alias to '/root/.tcshrc'
[Fri Sep 28 22:14:07 UTC 2018] Installing cron job
5 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Fri Sep 28 22:14:07 UTC 2018] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Sep 28 22:14:07 UTC 2018] OK
https://github.com/Neilpang/acme.sh
v2.8.0
-----------------------------------------------------
acme.sh updated
-----------------------------------------------------
backup & remove /usr/local/nginx/conf/conf.d/geeksultd.com.conf

[self-signed ssl cert check] required by acmetool.sh

[self-signed ssl] /usr/local/nginx/conf/ssl/geeksultd.com/dhparam.pem exists
[self-signed ssl] /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.crt exists
[self-signed ssl] /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.key exists

[sslvhostsetup] create /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf

[wp] backup & remove /usr/local/nginx/conf/conf.d/geeksultd.com.conf
[wp] create /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf
cp -a /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf-wp2
sed -i '1,12d' /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf-wp2
cat /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf-wp1 /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf-wp2 > /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf
cat /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.crt.key.conf
  ssl_dhparam /usr/local/nginx/conf/ssl/geeksultd.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.key;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com-trusted.crt;
Reloading nginx configuration (via systemctl):  [  OK  ]

setting HTTPS default in /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf

sed -i 's|^##x# HTTPS-DEFAULT|#x# HTTPS-DEFAULT|g' /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf

remove /usr/local/nginx/conf/conf.d/geeksultd.com.conf

grep 'root' /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf
  root /home/nginx/domains/geeksultd.com/public;

-----------------------------------------------------------
issue & install letsencrypt ssl certificate for geeksultd.com
-----------------------------------------------------------
testcert value = wplived
wp routine detected use reissue instead via --force
/root/.acme.sh/acme.sh --force --issue -d geeksultd.com -d www.geeksultd.com --days 60 -w /home/nginx/domains/geeksultd.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-280918-221359.log --log-level 2
[Fri Sep 28 22:14:09 UTC 2018] Creating domain key
[Fri Sep 28 22:14:09 UTC 2018] The domain key is here: /root/.acme.sh/geeksultd.com/geeksultd.com.key
[Fri Sep 28 22:14:09 UTC 2018] Multi domain='DNS:geeksultd.com,DNS:www.geeksultd.com'
[Fri Sep 28 22:14:09 UTC 2018] Getting domain auth token for each domain
[Fri Sep 28 22:14:09 UTC 2018] Getting webroot for domain='geeksultd.com'
[Fri Sep 28 22:14:09 UTC 2018] Getting new-authz for domain='geeksultd.com'
[Fri Sep 28 22:14:10 UTC 2018] The new-authz request is ok.
[Fri Sep 28 22:14:10 UTC 2018] Getting webroot for domain='www.geeksultd.com'
[Fri Sep 28 22:14:10 UTC 2018] Getting new-authz for domain='www.geeksultd.com'
[Fri Sep 28 22:14:11 UTC 2018] The new-authz request is ok.
[Fri Sep 28 22:14:11 UTC 2018] Verifying:geeksultd.com
[Fri Sep 28 22:14:14 UTC 2018] geeksultd.com:Verify error:Invalid response from http://geeksultd.com/.well-known/acme-challenge/i-U1XK3wjomWYe2UmM-bhVTev3P-s2LgTZ6qXFrluyk:
[Fri Sep 28 22:14:14 UTC 2018] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-280918-221359.log
LECHECK = 1

log files saved at /root/centminlogs
-rw-r--r-- 1 root root  38K Sep 28 22:14 acmetool.sh-debug-log-280918-221359.log
-rw-r--r-- 1 root root 4.7K Sep 28 22:14 acmesh-issue_280918-221359.log


-------------------------------------------------------------

Success: Updated 'home' option.
Success: Updated 'siteurl' option.

-------------------------------------------------------------
FTP hostname : 144.202.101.170
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for geeksultd.com : HIDDEN
FTP password created for geeksultd.com : ---------------
-------------------------------------------------------------
vhost for geeksultd.com created successfully


vhost ssl for geeksultd.com created successfully

domain: https://geeksultd.com
vhost ssl conf file for geeksultd.com created: /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com.csr
Backup SSL Private Key: /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com-backup.key
Backup SSL CSR File: /usr/local/nginx/conf/ssl/geeksultd.com/geeksultd.com-backup.csr

upload files to /home/nginx/domains/geeksultd.com/public
vhost log files directory is /home/nginx/domains/geeksultd.com/log

------------------------------------------------------------
SSH commands to uninstall created Wordpress install and Nginx vhost:
  /root/tools/wp_uninstall_geeksultd.com.sh
------------------------------------------------------------

------------------------------------------------------------
Wordpress Auto Updater created at:
  /root/tools/wp_updater_geeksultd.com.sh
cronjob set for every 8 hours update (3x times per day)
------------------------------------------------------------

eva2000 · Sep 29, 2018

so your domain is failing letsencrypt domain validation ! Checked status of letsencrypt service and no outages have been reported Let's Encrypt Status at their end.

what's current contents of /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf ? you can use cat command
Code (Text):
cat /usr/local/nginx/conf/conf.d/geeksultd.com.ssl.conf
and then copy and paste the cat output and wrap in post CODE/CODEB tags

eva2000 · Sep 29, 2018

oh just rechecked your first post and curl header check for non-https returned apache web server not nginx centmin mod so seems your domain DNS is pointing to wrong IP and not to Centmin Mod Nginx server's IP hehe
Code (Text):
curl -I http://geeksultd.com
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 229
Connection: keep-alive
Keep-Alive: timeout=15
Date: Fri, 28 Sep 2018 21:11:15 GMT
Server: Apache
Last-Modified: Sun, 18 Oct 2015 08:10:44 GMT
ETag: "e5-5225c90ba7e4f"
Accept-Ranges: bytes

UsmanGTA · Sep 29, 2018

It was indeed pointing to the right server... The problem was an orphaned IPV6 address at my registrar... As soon as I removed it... it worked.... Thanks a ton lot anyways for being so active and informative man... Got it fixed... Hopefully this might help someone

Log in / Register

Forums

Want to subscribe to topics you're interested in?

SSL Letsencrypt SSL Issues With Acmetool

UsmanGTA New Member

eva2000 Administrator Staff Member

UsmanGTA New Member

eva2000 Administrator Staff Member

UsmanGTA New Member

UsmanGTA New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

UsmanGTA New Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

SSL Letsencrypt SSL Issues With Acmetool

UsmanGTA New Member

eva2000 Administrator Staff Member

UsmanGTA New Member

eva2000 Administrator Staff Member

UsmanGTA New Member

UsmanGTA New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

UsmanGTA New Member

.