@gertjan That's what I tought, that Cloudflare should have many users. Anyway I fixed it with removing all domains, saved and reentered everything. That fixed. Maybe the config file was broken, which was used to pass information.

@jimp I had no action. Dumb me. Thanks for help! :)

@jimp Thanks!

@fmrc_cheeky Fair enough. Sounds like a different issue, as this was a fix specifically with the Netlify DNS provider API script, but basically you'll need to figure out a DNS provider that works with ACME, or use a different validation mechanism in this list: https://github.com/acmesh-official/acme.sh#supported-modes

@jimp Just a heads up that my fix has now been released in acme.sh v3.0.4.

Specifically permissions on the .key files should be 600 or 640. This is a basic security for certificates.

@johnpoz

That did not make any difference.

After putting a CAA record in place and removing DNSSEC it starting working.

@robert-de-wit DOH!!! I was looking in ddns services ;) hehehe

I don't use who ever that is, so there is no way for me to test that. Working fine here with clouldflare.

Issue resolved ,
I did add domains manually that ACME try to resolve :
Services > DNS Resolvers> General Settings> Host Overrides
5be85b50-3522-407f-94b3-06afafc4018f-image.png

@mrjoli021 said in ACME cert with rackspace:

tmp/acme/wc_some_domain.com/acme_issuecert.log

What do you see in the file when it fails?

@jimp Excellent, thank you!

DNS-NSupdate / RFC 2136 method, using my own domain name server, works.

I knew I had to look up what "BuyPass" is. What it stand for, advantages, differences.
Now there is SSL.com and ZeroSSL.

The staging server is for testing and is not publicly trusted. You need to edit the account key and set it to use the production server instead, then renew the certificate.

It turned out that, after digging deeply into the issue, my domain registrar does not support DNS_NSupdate RFC2136. So, I switched name server to Cloudflare and after a few stumble, got my certificate...wipe off sweat for lots of reading, swearing, and more reading.

[Fri Feb 18 13:04:37 CST 2022] Your cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.cer
[Fri Feb 18 13:04:37 CST 2022] Your cert key is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/nollivoipserver.nollicomm.net.key
[Fri Feb 18 13:04:37 CST 2022] The intermediate CA cert is in /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/ca.cer
[Fri Feb 18 13:04:37 CST 2022] And the full chain certs is there: /tmp/acme/nollivoipserver_cert//nollivoipserver.nollicomm.net/fullchain.cer
[Fri Feb 18 13:04:37 CST 2022] Run reload cmd: /tmp/acme/nollivoipserver_cert/reloadcmd.sh