Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACMEv2 is live!

    Scheduled Pinned Locked Moved ACME
    17 Posts 9 Posters 7.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      The wonderful crew at Let's Encrypt have officially released the ACMEv2 servers for production use!

      If you have the latest version of the ACME package on pfSense, 0.2.4, you can register a new key against the ACMEv2 production server and then use it to sign a key which includes wildcard domains.

      Wildcard validation requires a DNS-based method, and works similar to validating a regular domain. For example, to get a certificate for "*.example.com", you need to update a TXT record in DNS the same as you would for "example.com", which means the DNS record (and potentially key name) would be for "_acme-challenge.example.com".

      As a reminder unrelated to ACME, but wildcard certificates in general, the wildcard only helps for one level of subdomains deep. For example, ".example.com" will work for "host.example.com" but will NOT work for "host.sub.example.com". If your hosts are structured in this way, you will need a wildcard certificate for each sub zone, e.g. ".sub.example.com".

      For more information on how to use the ACME package on pfSense, see https://doc.pfsense.org/index.php/ACME_package

      EDIT: I just pushed version 0.2.5 to sync up with acme.sh bugfixes for issues found after the ACME v2 launch, plus a fix for the "No Key ID in JWS header" error seen by some users when first attempting to issue a wildcard certificate.

      Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • C
        choochoo
        last edited by

        I generated a wildcard cert about an hour ago on 0.2.3, and a different wildcard on 0.2.4 just now. Both work great! Thanks jimp (and pfSense crew)!

        1 Reply Last reply Reply Quote 0
        • N
          Napsterbater
          last edited by

          I have generated a few myself.

          I will note every once in a while I was getting an error "Le_OrderFinalize not found" and even posted a bug report here thinking I found a workaround, turns out simply retrying after a min or so would let it work.

          EdIt: I will note the errors were with 0.2.3 I see there was a small change in 0.2.4 that may have resolved it.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Yes, the fix in 0.2.4 should help there. It's also entirely possible the servers are a bit loaded due to the service just coming online, so retrying is a good idea as well if it fails. I had more than one attempt completely time out earlier just after the launch.

            Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              @Napsterbater:

              I have generated a few myself.

              I will note every once in a while I was getting an error "Le_OrderFinalize not found" and even posted a bug report here thinking I found a workaround, turns out simply retrying after a min or so would let it work.

              EdIt: I will note the errors were with 0.2.3 I see there was a small change in 0.2.4 that may have resolved it.

              I pushed a fix in 0.2.5 that might address this as well, there was another way that sort of error could happen.

              Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • S
                sowil
                last edited by

                What wonderful news ! Yesterday, I just wondered when this package would be updated… but it was already ready ! :)

                So i tried this morning, first by generating a new certificate, but i had a (justified) error :

                "A wildcard 'Domainname' is present but the ACME Account key is not registered to an ACME v2 server."

                So i clicked on "Account keys" > "Add" to generate a new one… and then i had a (unexpected) php error :

                PHP ERROR: Type: 4096, File: /usr/local/www/classes/Form/Input.class.php, Line: 145, Message: Argument 2 passed to Form_Input::setHelp() must be of the type array, string given, called in /usr/local/www/acme/acme_accountkeys_edit.php on line 218 and defined

                Is that a direct error from pfSense or from the new ACME package ?

                Information : pfSense 2.3.5-RELEASE (i386)

                If you need more infos, i'm available.

                Thanks for your work !

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Appears to be a bug, I'll check it out and fix it up ASAP. Looks like it's a quirk in how the help text is processed on 2.3.x compared to 2.4.x

                  Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    @sowil:

                    Is that a direct error from pfSense or from the new ACME package ?

                    Information : pfSense 2.3.5-RELEASE (i386)

                    You should see ACME package version 0.2.5_1 show up shortly, it contains a fix for this for 2.3.x users.

                    Users on 2.4.x will see the update but it doesn't really matter for them, I bumped the version to keep it in line so my next batch of enhancements will be easier to merge across all branches.

                    Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • S
                      sowil
                      last edited by

                      Already available… Wuw, thank you !

                      New account key created, new wildcard certificate generated... Per-fect ;)

                      Thanks for the fast, good service !

                      1 Reply Last reply Reply Quote 0
                      • J
                        jeffc
                        last edited by

                        The original topic for this said:

                        If you have the latest version of the ACME package on pfSense, 0.2.4, …

                        Sorry for the unfamiliarity! How do I get the latest ACME package on a 0.2.4 pfSense installation?

                        Thanks!

                        /Jeff

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          @jeffc:

                          Sorry for the unfamiliarity! How do I get the latest ACME package on a 0.2.4 pfSense installation?

                          The latest version of pfSense is 2.4.2-p1 (or 2.3.5-p1).  The latest version of the ACME package is 0.2.5_1 (there were some changes after 0.2.4). You get it by visiting System > Packages. If the package is already installed, click the little upgrade icon next to the package name to update it. If the package is not installed, visit the Available Packages tab and install it from there.

                          Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan
                            last edited by

                            @jimp : my first wildcard … I'm impressed. Great work !

                            Btw : I guess it's time to open a child forum into the Packages forum for the acme package.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • M
                              michaelschefczyk
                              last edited by

                              Dear All,

                              Unfortunately, this does not work for everyone, yet.

                              Two weeks ago, I did set up everything required to use the DNS-NSupdate / RFC 2136 method. I also tried with Let's Encrypt Staging ACME v2 and everything did work with and without wildcard certificates.

                              Now, I does not work anymore, unfortunately. I always get the following error when requesting a v2 certificate (even for a domain not used before on that particular pfSense machine) with staging and production v2 (while it does work when changing to v1):

                              [Sat Mar 17 23:10:46 CET 2018] Getting domain auth token for each domain
                              [Sat Mar 17 23:10:49 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
                              [Sat Mar 17 23:10:49 CET 2018] Please check log file for more details: /tmp/acme/…/acme_issuecert.log

                              After that, the cert manager does contain "private key only" but no certificate.

                              Does someone have advice on how to proceed?

                              Regards,

                              Michael

                              1 Reply Last reply Reply Quote 0
                              • N
                                Napsterbater
                                last edited by

                                @michaelschefczyk:

                                Dear All,

                                Unfortunately, this does not work for everyone, yet.

                                Two weeks ago, I did set up everything required to use the DNS-NSupdate / RFC 2136 method. I also tried with Let's Encrypt Staging ACME v2 and everything did work with and without wildcard certificates.

                                Now, I does not work anymore, unfortunately. I always get the following error when requesting a v2 certificate (even for a domain not used before on that particular pfSense machine) with staging and production v2 (while it does work when changing to v1):

                                [Sat Mar 17 23:10:46 CET 2018] Getting domain auth token for each domain
                                [Sat Mar 17 23:10:49 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
                                [Sat Mar 17 23:10:49 CET 2018] Please check log file for more details: /tmp/acme/…/acme_issuecert.log

                                After that, the cert manager does contain "private key only" but no certificate.

                                Does someone have advice on how to proceed?

                                Regards,

                                Michael

                                That was the error I was getting, and retrying 2 or 3 times with a few minutes in between was all it took for it to work for me.

                                1 Reply Last reply Reply Quote 0
                                • Y
                                  yon
                                  last edited by

                                  v0.2.5_1 still not work

                                  [Sat Mar 17 16:47:38 CST 2018] readlink exists=0
                                  [Sat Mar 17 16:47:38 CST 2018] dirname exists=0
                                  [Sat Mar 17 16:47:38 CST 2018] Lets find script dir.
                                  [Sat Mar 17 16:47:38 CST 2018] SCRIPT='/usr/local/pkg/acme/acme.sh'
                                  [Sat Mar 17 16:47:38 CST 2018] _script='/usr/local/pkg/acme/acme.sh'
                                  [Sat Mar 17 16:47:38 CST 2018] _script_home='/usr/local/pkg/acme'
                                  [Sat Mar 17 16:47:38 CST 2018] Using config home:/tmp/acme/xiao.net/
                                  [Sat Mar 17 16:47:38 CST 2018] APP
                                  [Sat Mar 17 16:47:38 CST 2018] 2:LOG_FILE='/tmp/acme/xiao.net/acme_issuecert.log'
                                  [Sat Mar 17 16:47:38 CST 2018] APP
                                  [Sat Mar 17 16:47:38 CST 2018] 3:LOG_LEVEL='3'
                                  [Sat Mar 17 16:47:38 CST 2018] LE_WORKING_DIR='/tmp/acme/xiao.net/'
                                  [Sat Mar 17 16:47:38 CST 2018] _main_domain='xiao.net'
                                  [Sat Mar 17 16:47:38 CST 2018] _alt_domains='.xiao.net'
                                  [Sat Mar 17 16:47:38 CST 2018] Using config home:/tmp/acme/xiao.net/
                                  [Sat Mar 17 16:47:38 CST 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
                                  [Sat Mar 17 16:47:38 CST 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
                                  [Sat Mar 17 16:47:38 CST 2018] CA_CONF='/tmp/acme/xiao.net//ca/acme-v02.api.letsencrypt.org/ca.conf'
                                  [Sat Mar 17 16:47:38 CST 2018] DOMAIN_PATH='/tmp/acme/xiao.net//xiao.net'
                                  [Sat Mar 17 16:47:38 CST 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
                                  [Sat Mar 17 16:47:38 CST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
                                  [Sat Mar 17 16:47:38 CST 2018] GET
                                  [Sat Mar 17 16:47:38 CST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
                                  [Sat Mar 17 16:47:38 CST 2018] timeout=
                                  [Sat Mar 17 16:47:38 CST 2018] curl exists=0
                                  [Sat Mar 17 16:47:38 CST 2018] wget exists=127
                                  [Sat Mar 17 16:47:38 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g '
                                  [Sat Mar 17 16:50:11 CST 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
                                  [Sat Mar 17 16:50:11 CST 2018] ret='7'
                                  [Sat Mar 17 16:50:11 CST 2018] response
                                  [Sat Mar 17 16:50:11 CST 2018] Can not init api.
                                  [Sat Mar 17 16:50:11 CST 2018] APP
                                  [Sat Mar 17 16:50:11 CST 2018] 1:Le_Domain='xiao.net'
                                  [Sat Mar 17 16:50:11 CST 2018] APP
                                  [Sat Mar 17 16:50:11 CST 2018] 2:Le_Alt='                                  .xiao.net'
                                  [Sat Mar 17 16:50:11 CST 2018] APP
                                  [Sat Mar 17 16:50:11 CST 2018] 3:Le_Webroot='dns_nsupdate'
                                  [Sat Mar 17 16:50:11 CST 2018] APP
                                  [Sat Mar 17 16:50:11 CST 2018] 4:Le_PreHook=''
                                  [Sat Mar 17 16:50:11 CST 2018] APP
                                  [Sat Mar 17 16:50:11 CST 2018] 5:Le_PostHook=''
                                  [Sat Mar 17 16:50:11 CST 2018] APP
                                  [Sat Mar 17 16:50:11 CST 2018] 6:Le_RenewHook=''
                                  [Sat Mar 17 16:50:11 CST 2018] APP
                                  [Sat Mar 17 16:50:11 CST 2018] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
                                  [Sat Mar 17 16:50:11 CST 2018] _on_before_issue
                                  [Sat Mar 17 16:50:11 CST 2018] _chk_main_domain='xiao.net'
                                  [Sat Mar 17 16:50:11 CST 2018] _chk_alt_domains='.xiao.net'
                                  [Sat Mar 17 16:50:11 CST 2018] 'dns_nsupdate' does not contain 'no'
                                  [Sat Mar 17 16:50:11 CST 2018] Le_LocalAddress
                                  [Sat Mar 17 16:50:11 CST 2018] d='xiao.net'
                                  [Sat Mar 17 16:50:11 CST 2018] Check for domain='xiao.net'
                                  [Sat Mar 17 16:50:11 CST 2018] _currentRoot='dns_nsupdate'
                                  [Sat Mar 17 16:50:11 CST 2018] d='                                  .xiao.net'
                                  [Sat Mar 17 16:50:11 CST 2018] Check for domain='*.xiao.net'
                                  [Sat Mar 17 16:50:11 CST 2018] _currentRoot='dns_nsupdate'
                                  [Sat Mar 17 16:50:11 CST 2018] d
                                  [Sat Mar 17 16:50:11 CST 2018] 'dns_nsupdate' does not contain 'apache'
                                  [Sat Mar 17 16:50:11 CST 2018] config file is empty, can not read CA_KEY_HASH
                                  [Sat Mar 17 16:50:11 CST 2018] _saved_account_key_hash
                                  [Sat Mar 17 16:50:11 CST 2018] Using config home:/tmp/acme/xiao.net/
                                  [Sat Mar 17 16:50:11 CST 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
                                  [Sat Mar 17 16:50:11 CST 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
                                  [Sat Mar 17 16:50:11 CST 2018] CA_CONF='/tmp/acme/xiao.net//ca/acme-v02.api.letsencrypt.org/ca.conf'
                                  [Sat Mar 17 16:50:11 CST 2018] _regAccount
                                  [Sat Mar 17 16:50:11 CST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
                                  [Sat Mar 17 16:50:11 CST 2018] GET
                                  [Sat Mar 17 16:50:11 CST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
                                  [Sat Mar 17 16:50:11 CST 2018] timeout=
                                  [Sat Mar 17 16:50:11 CST 2018] curl exists=0
                                  [Sat Mar 17 16:50:11 CST 2018] wget exists=127
                                  [Sat Mar 17 16:50:11 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g '
                                  [Sat Mar 17 16:50:26 CST 2018] ret='0'
                                  [Sat Mar 17 16:50:26 CST 2018] response='{
                                    "jRY5HULISn4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
                                    "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
                                    "meta": {
                                      "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
                                    },
                                    "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
                                    "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
                                    "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
                                    "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
                                  }'
                                  [Sat Mar 17 16:50:26 CST 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
                                  [Sat Mar 17 16:50:26 CST 2018] ACME_NEW_AUTHZ
                                  [Sat Mar 17 16:50:26 CST 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
                                  [Sat Mar 17 16:50:26 CST 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
                                  [Sat Mar 17 16:50:26 CST 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
                                  [Sat Mar 17 16:50:26 CST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
                                  [Sat Mar 17 16:50:26 CST 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                                  [Sat Mar 17 16:50:26 CST 2018] ACME_VERSION='2'
                                  [Sat Mar 17 16:50:26 CST 2018] RSA key
                                  [Sat Mar 17 16:50:26 CST 2018] pub_exp='010001'
                                  [Sat Mar 17 16:50:26 CST 2018] [Sat Mar 17 16:50:26 CST 2018] xxd exists=127base64 single line.

                                  [Sat Mar 17 16:50:26 CST 2018] _URGLY_PRINTF='1'
                                  [Sat Mar 17 16:50:26 CST 2018] e='AQAB'
                                  [Sat Mar 17 16:50:26 CST 2018] modulus='EAC24EE861DF7201F4517C9CCDEB57E419809E9A04096A4E7C4591D96E0F572CA0CB028D300FE4EEFD192688376610EA18099EF01FC7F6F5E7919EC316D609F227179F02560CEC651D1513F556EAE40714373742952DC8F080EF0131AD5E8AF9304FBB015A44FDCC68CC8090A032F95E5816B0937D6FF9BE62FD06B49DC02350828C4FF5EF5FFB908D2419AC50418E3FFF0645CED3CD7B04E683DAF4A81DE0B68504BDBDF738A6F7AAC70BE0BAC7B1E428CDE0DE62F7CFEF7A4F448E29CD2591C6D76CD15D0F690D192251C37DB18E43A8124E5CD3829E9A82F8B1CF79B11E65655CC01AE7359FA896F82DB72B205530055A86C705CD0C40D73D7313922B2C8A62AEDC0817F4978C762C208DE61A6A852A92D12EE76A1DA63AAD974EA46173B6BFBFE61B60AA3839A46809D24AACA4872653CB24C7F8EE669E038BDFB0CBE1135A22100E19C36DA423E1DB196D10F1E1DFE42C6DEE68582ECBA21E3C39F25EC7F5857651911DD09A6909030F01AAD15FD6369F'
                                  [Sat Mar 17 16:50:26 CST 2018] base64 single line.
                                  [Sat Mar 17 16:50:26 CST 2018] xxd exists=127
                                  [Sat Mar 17 16:50:26 CST 2018] _URGLY_PRINTF='1'
                                  [Sat Mar 17 16:50:26 CST 2018] n='6sJO6GHfcgH0UXyczetX5BmAnpoECWpOfEWR2W4PVyygywKNMA_k7v0ZJog3ZhDqGAme8B_H9vXnkZ7DFtYJ8icXnwJWDOxlHRUT9Vbq5AcUNzdClS3I8IDvATGtXor5ME-7AVpE_cxozICQoDL5XlgWsJN9b_m-Yv0GtJ3AI1CCjE_171_7kI0kGaxQQY4__wZFztPNewTmg9r0qB3gtoUEvb33OKb3qscP6g84vITwHDfIl4ocj-PzSJhroD87AdfC7iLjy9ueI-vmgkvI-t34XNqCMwD_oTrd_diMEf5zSSBjULH7hh4n74E6227L4LrHseQozeDeYvfP73pPRI4pzSWRxtds0V0PaQ0ZIlHDfbGOQ6gSTlzTgp6agvixz3mxHmVlXMAa5zWfqJb4LbcrIFUwBVqGxwXNDEDXPXMTkissimKu3AgX9JeMdiwgjeYaaoUqktEu52odpjqtl06kYXO2v7_mG2CqODmkaAnSSqykhyZTyyTH-O5mngOL37DL4RNaIhAOGcNtpCPh2xltEPHh3-Qsbe5oWC7Loh48OfJex_WFdlGRHdCaaQkDDwGq0V_WNp8'
                                  [Sat Mar 17 16:50:26 CST 2018] jwk='{"e": "AQAB", "kty": "RSA", "n": "6sJO6GHfcgH0UXyczetX5BmAnpoECWpOfEWR2W4PVyygywKNMA_k7v0ZJog3ZhDqGAme8B_H9vXnkZ7DFtYJ8icXnwJWDOxlHRUT9Vbq5AcUNzdClS3I8IDvATGtXor5ME-7AVpE_cxozICQoDL5XlgWsJN9b_m-Yv0GtJ3AI1CCjE_17133OKb3qscP6g84vITwHDfIl4ocj-qJM_M6awjeWTV82BP9JEg1lOosGYLef0QRhlJC48fL937l2DrYpDXs7VekOVMBl_MkNomCM6xu58_wwPL9v_RROx0bId4EIGPzSJhroD87AdfC7iLjy9ueI-vmgkvI-t34XNqCMwD_oTrd_diMEf5zSSBjULH7hh4n74E6227L4LrHseQozeDeYvfP73pPRI4pzSWRxtds0V0PaQ0ZIlHDfbGOQ6gSTlzTgp6agvixz3mxHmVlXMAa5zWfqJb4LbcrIFUwBVqGxwXNDEDXPXMTkissimKu3AgX9JeMdiwgjeYaaoUqktEu52odpjqtl06kYXO2v7_mG2CqODmkaAnSSqykhyZTyyTH-O5mngOL37DL4RNaIhAOGcNtpCPh2xltEPHh3-Qsbe5oWC7Loh48OfJex_WFdlGRHdCaaQkDDwGq0V_WNp8"}'
                                  [Sat Mar 17 16:50:26 CST 2018] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "6sJO6GHfcgH0UXyczetX5BmAnpoECWpOfEWR2W4PVyygywKNMA_k7v0ZJog3ZhDqGAme8B_H9vXnkZ7DFtYJ8icXnwJWDOxlHRUT9Vbq5AcUNzdClS3I8IDvATGtXor5ME-7AVpE_cxozICQoDL5XlgWsJN9b_m-Yv0GtJ3AI1CCjE_17TwHDfIl4ocj-qJM_M6awjeWTV82BP9JEg1lOosGYLef0QRhlJC48fL937l2DrYpDXs7VekOVMBl_MkNomCM6xu58_wwPL9v_RROx0bId4EIGPzSJhroD87AdfC7iLjy9ueI-vmgkvI-t34XNqCMwD_oTrd_diMEf5zSSBjULH7hh4n74E6227L4LrHseQozeDeYvfP73pPRI4pzSWRxtds0V0PaQ0ZIlHDfbGOQ6gSTlzTgp6agvixz3mxHmVlXMAa5zWfqJb4LbcrIFUwBVqGxwXNDEDXPXMTkissimKu3AgX9JeMdiwgjeYaaoUqktEu52odpjqtl06kYXO2v7_mG2CqODmkaAnSSqykhyZTyyTH-O5mngOL37DL4RNaIhAOGcNtpCPh2xltEPHh3-Qsbe5oWC7Loh48OfJex_WFdlGRHdCaaQkDDwGq0V_WNp8"}}'
                                  [Sat Mar 17 16:50:26 CST 2018] Registering account
                                  [Sat Mar 17 16:50:26 CST 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
                                  [Sat Mar 17 16:50:26 CST 2018] payload='{"termsOfServiceAgreed": true}'
                                  [Sat Mar 17 16:50:26 CST 2018] Use cached jwk for file: /tmp/acme/xiao.net//ca/acme-v02.api.letsencrypt.org/account.key
                                  [Sat Mar 17 16:50:26 CST 2018] base64 single line.
                                  [Sat Mar 17 16:50:26 CST 2018] payload64='eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9'
                                  [Sat Mar 17 16:50:26 CST 2018] _request_retry_times='0'
                                  [Sat Mar 17 16:50:26 CST 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                                  [Sat Mar 17 16:50:26 CST 2018] HEAD
                                  [Sat Mar 17 16:50:26 CST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                                  [Sat Mar 17 16:50:26 CST 2018] body
                                  [Sat Mar 17 16:50:26 CST 2018] curl exists=0
                                  [Sat Mar 17 16:50:26 CST 2018] wget exists=127
                                  [Sat Mar 17 16:50:26 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g  -H "Content-Type: application/jose+json" '
                                  [Sat Mar 17 16:51:44 CST 2018] _ret='0'
                                  [Sat Mar 17 16:51:44 CST 2018] _headers='HTTP/1.1 204 No Content
                                  Server: nginx
                                  Replay-Nonce: MxB-Epz9-0zC8EJKa970oigQcoNAGJfK6MzgM2ksMtg
                                  X-Frame-Options: DENY
                                  Strict-Transport-Security: max-age=604800
                                  Expires: Sat, 17 Mar 2018 08:51:44 GMT
                                  Cache-Control: max-age=0, no-cache, no-store
                                  Pragma: no-cache
                                  Date: Sat, 17 Mar 2018 08:51:44 GMT
                                  Connection: keep-alive

                                  '
                                  [Sat Mar 17 16:51:44 CST 2018] _CACHED_NONCE='MxB-Epz9-0zC8EJKa970oigQcoNAGJfK6MzgM2ksMtg'
                                  [Sat Mar 17 16:51:44 CST 2018] nonce='MxB-Epz9-0zC8EJKa970oigQcoNAGJfK6MzgM2ksMtg'
                                  [Sat Mar 17 16:51:44 CST 2018] protected='{"nonce": "MxB-Epz9-0zC8EJKa970oigQcoNAGJfK6MzgM2ksMtg", "url": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "6sJO6GHfcgH0UXyczetX5BmAnpoECWpOfEWR2W4PVyygywKNMA_k7v0ZJog3ZhDqGAme8B_H9vXnkZ7DFtYJ8icXnwJWDOxlHRUT9Vbq5AcUNzdClS3I8IDvATGtXor5ME-7AVpE_cxozICQoDL5XlgWsJN9b_m-Yv0GtJ3AI1CCjE_171_7kI0kGaxQQY4__wZFztPNewTmg9r0qB3gtoUEvb33OKb3qscP6g84vITwHDfIl4ocj-qJM_M6awjeWTV82BP9JEg1lOosGYLef0QRhl0V0PaQ0ZIlHDfbGOQ6gSTlzTgp6agvixz3mxHmVlXMAa5zWfqJb4LbcrIFUwBVqGxwXNDEDXPXMTkissimKu3AgX9JeMdiwgjeYaaoUqktEu52odpjqtl06kYXO2v7_mG2CqODmkaAnSSqykhyZTyyTH-O5mngOL37DL4RNaIhAOGcNtpCPh2xltEPHh3-Qsbe5oWC7Loh48OfJex_WFdlGRHdCaaQkDDwGq0V_WNp8"}}'
                                  [Sat Mar 17 16:51:44 CST 2018] base64 single line.
                                  [Sat Mar 17 16:51:45 CST 2018] protected64='eyJub25jZSI6ICJNeEItRXB6OS0wekM4RUpLYTk3MG9pZ1Fjb05BR0pmSzZNemdNMmtzTXRnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIjZzSk82R0hmY2dIMFVYeWN6ZXRYNUJtQW5wb0VDV3BPZkVXUjJXNFBWeXlneXdLTk1BX2s3djBaSm9nM1poRHFHQW1lOEJfSDl2WG5rWjdERnRZSjhpY1hud0pXRE94bEhSVVQ5VmJxNUFjVU56ZENsUzNJOElEdkFUR3RYb3I1TUUtN0FWcEVfY3hveklDUW9ETDVYbGdXc0pOOWJfbS1ZdjBHdEozQUkxQ0NqRV8xNzFfN2tJMGtHYXhRUVk0X193WkZ6dFBOZXdUbWc5cjBxQjNndG9VRXZiMzNPS2IzcXNjelNTQmpVTEg3aGg0bjc0RTYyMjdMNExySHNlUW96ZURlWXZmUDczcFBSSTRwelNXUnh0ZHMwVjBQYVEwWklsSERmYkdPUTZnU1RselRncDZhZ3ZpeHozbXhIbVZsWE1BYTV6V2ZxSmI0TGJjcklGVXdCVnFHeHdYTkRFRFhQWE1Ua2lzc2ltS3UzQWdYOUplTWRpd2dqZVlhYW9VcWt0RXU1Mm9kcGpxdGwwNmtZWE8ydjdfbUcyQ3FPRG1rYUFuU1NxeWtoeVpUeXlUSC1PNW1uZ09MMzdETDRSTmFJaEFPR2NOdHBDUGgyeGx0RVBIaDMtUXNiZTVvV0M3TG9oNDhPZkpleF9XRmRsR1JIZENhYVFrRER3R3EwVl9XTnA4In19'
                                  [Sat Mar 17 16:51:45 CST 2018] base64 single line.
                                  [Sat Mar 17 16:51:45 CST 2018] _sig_t='j07O97S0F4ASNHhZgdWd5KOQ6MsoKGNn6uI0knA/NDcQa0g12jNk97ZvrYWfHC9fzgxGj8dYCJF6zkxqihxjtB+VkyLx11LwscMK3o8KyceyagapWXvTJOCVyZgI6xqFQIKKK0m7sg09pR/47mbEecLq9t+Flmu/8uJFU8BcuR6pn5urFajR2mHjkyAa29h6cRbnOFlBl0euU8iH9KTcoE4FWW3HTgUNEOyH5fmqUasoVMfmVuv22MF4Q+vhTJrCQNQI0h9DQZp12W2i4LG2NyB48SxOSKMIZRY054KWinFZoCqhhdFquFAnPXT2b17cb3+UI323M5bRRShCxs43blYLzfE8muAqL+dh1nePdBIWJDoSp7epkFWiKPC9m/LSjTeQzBDEI56EuOCIS01uOSxx/SJEtKjwfqW7Z/Y3iBWDXW0LKtfm/xitvZAotdKFoqe7p67HxJMCrjlzEyAyp2h/VBmeLK+Whin6UG8IgH+IioB3SWXgtDOCUmwFuCaxx69bYwZGClu9PdmBbiokwqMfHYedZWlDyzLxteNLcQSs/03S79jnB0wlL9/7sPlaq2+R3x+cdVqy8r1u/QKk063yirdrKofYBvHyEod3F4rgLnKN1t0='
                                  [Sat Mar 17 16:51:45 CST 2018] sig='j07O97S0F4ASNHhZgdWd5KOQ6MsoKGNn6uI0knA_NDcQa0g12jNk97ZvrYWfHC9fzgxGj8dYCJF6zkxqihxjtB-VkyLx11LwscMK3o8KyceyagapWXvTJOCVyZgI6xqFQIKSKMIZRY054KWinFZoCqhhdFquFAnPXT2b17cb3-UI323M5bRRShCxs43blYLzfE8muAqL-dh1nePdBIWJDoSp7epkFWiKPC9m_LSjTeQzBDEI56EuOCIS01uOSxx_SJEtKjwfqW7Z_Y3iBWDXW0LKtfm_xitvZAotdKFoqe7p67HxJMCrjlzEyAyp2h_VBmeLK-Whin6UG8IgH-IioB3SWXgtDOCUmwFuCaxx69bYwZGClu9PdmBbiokwqMfHYedZWlDyzLxteNLcQSs_03S79jnB0wlL9_7sPlaq2-R3x-cdVqy8r1u_QKk063yirdrKofYBvHyEod3F4rgLnKN1t0'
                                  [Sat Mar 17 16:51:45 CST 2018] body='{"protected": "eyJub25jZSI6ICJNeEItRXB6OS0wekM4RUpLYTk3MG9pZ1Fjb05BR0pmSzZNemdNMmtzTXRnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIjZzSk82R0hmY2dIMFVYeWN6ZXRYNUJtQW5wb0VDV3BPZkVXUjJXNFBWeXlneXdLTk1BX2s3djBaSm9nM1poRHFHQW1lOEJfSDl2WG5rWjdERnRZSjhpY1hud0pXRE94bEhSVVQ5VmJxNU0RTYyMjdMNExySHNlUW96ZURlWXZmUDczcFBSSTRwelNXUnh0ZHMwVjBQYVEwWklsSERmYkdPUTZnU1RselRncDZhZ3ZpeHozbXhIbVZsWE1BYTV6V2ZxSmI0TGJjcklGVXdCVnFHeHdYTkRFRFhQWE1Ua2lzc2ltS3UzQWdYOUplTWRpd2dqZVlhYW9VcWt0RXU1Mm9kcGpxdGwwNmtZWE8ydjdfbUcyQ3FPRG1rYUFuU1NxeWtoeVpUeXlUSC1PNW1uZ09MMzdETDRSTmFJaEFPR2NOdHBDUGgyeGx0RVBIaDMtUXNiZTVvV0M3TG9oNDhPZkpleF9XRmRsR1JIZENhYVFrRER3R3EwVl9XTnA4In19", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "j07O97S0F4ASNHhZgdWd5KOQ6MsoKGNn6uI0knA_NDcQa0g12jNk97ZvrYWfHC9fzgxGj8dYCJF6zkxqihxjtB-VkyLx11LwscMK3o8KyceyagapWXvTJOCVyZgI6xqFQIKKK0m7sg09pR_47mbEecLq9t-Flmu_8uJFU8BcuR6pn5urFajR2mHjkyAa29h6cRbnOFlBl0euU8iH9KTcoE4FWW3HTgUNEOyH5fmqUasoVMfmVuv22MF4Q-vhTJrCQNQI0h9Dqxqu90W1Eb5Nwp4KDOkMNV9R5fJoPZkzedA7coUaN5nadQZR46HtH9nNQZp12W2i4LG2NyB48SxOSKMIZRY054KWinFZoCqhhdFquFAnPXT2b17cb3-UI323M5bRRShCxs43blYLzfE8muAqL-dh1nePdBIWJDoSp7epkFWiKPC9m_LSjTeQzBDEI56EuOCIS01uOSxx_SJEtKjwfqW7Z_Y3iBWDXW0LKtfm_xitvZAotdKFoqe7p67HxJMCrjlzEyAyp2h_VBmeLK-Whin6UG8IgH-IioB3SWXgtDOCUmwFuCaxx69bYwZGClu9PdmBbiokwqMfHYedZWlDyzLxteNLcQSs_03S79jnB0wlL9_7sPlaq2-R3x-cdVqy8r1u_QKk063yirdrKofYBvHyEod3F4rgLnKN1t0"}'
                                  [Sat Mar 17 16:51:45 CST 2018] POST
                                  [Sat Mar 17 16:51:45 CST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
                                  [Sat Mar 17 16:51:45 CST 2018] body='{"protected": "eyJub25jZSI6ICJNeEItRXB6OS0wekM4RUpLYTk3MG9pZ1Fjb05BR0pmSzZNemdNMmtzTXRnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIjZzSk82R0hmY2dIMFVYeWN6ZXRYNUJtQW5wb0VDV3BPZkVXUjJXNFBWeXlneXdLTk1BX2s3djBaSm9nM1poRHFHQW1lOEJfSDl2WG5rWjdERnRZSjhpY1hud0pXRE94bEaGg0bjc0RTYyMjdMNExySHNlUW96ZURlWXZmUDczcFBSSTRwelNXUnh0ZHMwVjBQYVEwWklsSERmYkdPUTZnU1RselRncDZhZ3ZpeHozbXhIbVZsWE1BYTV6V2ZxSmI0TGJjcklGVXdCVnFHeHdYTkRFRFhQWE1Ua2lzc2ltS3UzQWdYOUplTWRpd2dqZVlhYW9VcWt0RXU1Mm9kcGpxdGwwNmtZWE8ydjdfbUcyQ3FPRG1rYUFuU1NxeWtoeVpUeXlUSC1PNW1uZ09MMzdETDRSTmFJaEFPR2NOdHBDUGgyeGx0RVBIaDMtUXNiZTVvV0M3TG9oNDhPZkpleF9XRmRsR1JIZENhYVFrRER3R3EwVl9XTnA4In19", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "j07O97S0F4ASNHhZgdWd5KOQ6MsoKGNn6uI0knA_NDcQa0g12jNk97ZvrYWfHC9fzgxGj8dYCJF6zkxqihxjtB-VkyLx11LwscMK3o8KyceyagapWXvTJOCVyZgI6xqFQIKKK0m7sg09pR_47mbEecLq9t-Flmu_8uJFU8BcuR6pn5urFajR2mHjkyAa29h6cRbnOFlBl0euU8iH9KTcoE4FWW3HTgUNEOyH5fmqUasoVMfmVuv22MF4Q-vhTJrCQNQI0h9Dqxqu90W1Eb5Nwp4KDOkMNV9R5fJoPZkzedA7coUaN5nadQZR46HtH9nNQZp12W2i4LG2NyB48SxOSKMIZRY054KWinFZoCqhhdFquFAnPXT2b17cb3-UI323M5bRRShCxs43blYLzfE8muAqL-dh1nePdBIWJDoSp7epkFWiKPC9m_LSjTeQzBDEI56EuOCIS01uOSxx_SJEtKjwfqW7Z_Y3iBWDXW0LKtfm_xitvZAotdKFoqe7p67HxJMCrjlzEyAyp2h_VBmeLK-Whin6UG8IgH-IioB3SWXgtDOCUmwFuCaxx69bYwZGClu9PdmBbiokwqMfHYedZWlDyzLxteNLcQSs_03S79jnB0wlL9_7sPlaq2-R3x-cdVqy8r1u_QKk063yirdrKofYBvHyEod3F4rgLnKN1t0"}'
                                  [Sat Mar 17 16:51:45 CST 2018] Http already initialized.
                                  [Sat Mar 17 16:51:45 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g  -H "Content-Type: application/jose+json" '
                                  [Sat Mar 17 16:53:31 CST 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 52
                                  [Sat Mar 17 16:53:31 CST 2018] _ret='52'
                                  [Sat Mar 17 16:53:31 CST 2018] original
                                  [Sat Mar 17 16:53:31 CST 2018] responseHeaders
                                  [Sat Mar 17 16:53:31 CST 2018] response
                                  [Sat Mar 17 16:53:31 CST 2018] code
                                  [Sat Mar 17 16:53:31 CST 2018] Registered
                                  [Sat Mar 17 16:53:31 CST 2018] _accUri
                                  [Sat Mar 17 16:53:31 CST 2018] APP
                                  [Sat Mar 17 16:53:31 CST 2018] 1:ACCOUNT_URL=''
                                  [Sat Mar 17 16:53:31 CST 2018] base64 single line.
                                  [Sat Mar 17 16:53:31 CST 2018] Calc CA_KEY_HASH='74GXJ5o2fPNBjEtcXrjwFCN4mWwOVoairbac='
                                  [Sat Mar 17 16:53:31 CST 2018] APP
                                  [Sat Mar 17 16:53:31 CST 2018] 2:CA_KEY_HASH='74GXJ5o2fPNBjEtcXrjwFCNVoairbac='
                                  [Sat Mar 17 16:53:31 CST 2018] base64 single line.
                                  [Sat Mar 17 16:53:31 CST 2018] ACCOUNT_THUMBPRINT='UC3ABjg7BqgM9JkZy3Wf3N0LXVnErJrh5Kyw'
                                  [Sat Mar 17 16:53:31 CST 2018] Read key length:
                                  [Sat Mar 17 16:53:31 CST 2018] _createcsr
                                  [Sat Mar 17 16:53:31 CST 2018] domain='xiao.net'
                                  [Sat Mar 17 16:53:31 CST 2018] domainlist='.xiao.net'
                                  [Sat Mar 17 16:53:31 CST 2018] csrkey='/tmp/acme/xiao.net//xiao.net/xiao.net.key'
                                  [Sat Mar 17 16:53:31 CST 2018] csr='/tmp/acme/xiao.net//xiao.net/xiao.net.csr'
                                  [Sat Mar 17 16:53:31 CST 2018] csrconf='/tmp/acme/xiao.net//xiao.net/xiao.net.csr.conf'
                                  [Sat Mar 17 16:53:31 CST 2018] _is_idn_d='                                  .xiao.net'
                                  [Sat Mar 17 16:53:31 CST 2018] _idn_temp
                                  [Sat Mar 17 16:53:31 CST 2018] domainlist='.xiao.net'
                                  [Sat Mar 17 16:53:31 CST 2018] Multi domain='DNS:xiao.net,DNS:                                  .xiao.net'
                                  [Sat Mar 17 16:53:31 CST 2018] _is_idn_d='xiao.net'
                                  [Sat Mar 17 16:53:31 CST 2018] _idn_temp
                                  [Sat Mar 17 16:53:31 CST 2018] _csr_cn='xiao.net'
                                  [Sat Mar 17 16:53:31 CST 2018] APP
                                  [Sat Mar 17 16:53:31 CST 2018] 8:Le_Keylength=''
                                  [Sat Mar 17 16:53:31 CST 2018] Getting domain auth token for each domain
                                  [Sat Mar 17 16:53:31 CST 2018] d='.xiao.net'
                                  [Sat Mar 17 16:53:31 CST 2018] d
                                  [Sat Mar 17 16:53:31 CST 2018] _identifiers='{"type":"dns","value":"xiao.net"},{"type":"dns","value":"                                  .xiao.net"}'
                                  [Sat Mar 17 16:53:31 CST 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
                                  [Sat Mar 17 16:53:31 CST 2018] payload='{"identifiers": [{"type":"dns","value":"xiao.net"},{"type":"dns","value":"*.xiao.net"}]}'
                                  [Sat Mar 17 16:53:31 CST 2018] Use cached jwk for file: /tmp/acme/xiao.net//ca/acme-v02.api.letsencrypt.org/account.key
                                  [Sat Mar 17 16:53:31 CST 2018] base64 single line.
                                  [Sat Mar 17 16:53:31 CST 2018] payload64='eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InhpYW95dS5uZXQifSx7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IioueGlhb3l1Lm5ldCJ9XX0'
                                  [Sat Mar 17 16:53:31 CST 2018] _request_retry_times='0'
                                  [Sat Mar 17 16:53:31 CST 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                                  [Sat Mar 17 16:53:31 CST 2018] HEAD
                                  [Sat Mar 17 16:53:31 CST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                                  [Sat Mar 17 16:53:31 CST 2018] body
                                  [Sat Mar 17 16:53:31 CST 2018] Http already initialized.
                                  [Sat Mar 17 16:53:31 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g  -H "Content-Type: application/jose+json" '
                                  [Sat Mar 17 16:55:23 CST 2018] _ret='0'
                                  [Sat Mar 17 16:55:23 CST 2018] _headers='HTTP/1.1 204 No Content
                                  Server: nginx
                                  Replay-Nonce: YQ0-Z9KX2zzeWcdRBrBEMck1sOLRpHxf4vpPwmo64RM
                                  X-Frame-Options: DENY
                                  Strict-Transport-Security: max-age=604800
                                  Expires: Sat, 17 Mar 2018 08:55:23 GMT
                                  Cache-Control: max-age=0, no-cache, no-store
                                  Pragma: no-cache
                                  Date: Sat, 17 Mar 2018 08:55:23 GMT
                                  Connection: keep-alive

                                  '
                                  [Sat Mar 17 16:55:23 CST 2018] _CACHED_NONCE='YQ0-Z9KX2zzeWcdRBrRpHxf4vpPwmo64RM'
                                  [Sat Mar 17 16:55:23 CST 2018] nonce='YQ0-Z9KX2zzeWcdRBrBEHxf4vpPwmo64RM'
                                  [Sat Mar 17 16:55:23 CST 2018] Re-reading ACCOUNT_URL
                                  [Sat Mar 17 16:55:23 CST 2018] ACCOUNT_URL was empty!
                                  [Sat Mar 17 16:55:23 CST 2018] ACCOUNT_URL
                                  [Sat Mar 17 16:55:23 CST 2018] Cannot locate account URL.
                                  [Sat Mar 17 16:55:23 CST 2018] Create new order error.
                                  [Sat Mar 17 16:55:23 CST 2018] pid
                                  [Sat Mar 17 16:55:23 CST 2018] No need to restore nginx, skip.
                                  [Sat Mar 17 16:55:23 CST 2018] _clearupdns
                                  [Sat Mar 17 16:55:23 CST 2018] skip dns.
                                  [Sat Mar 17 16:55:23 CST 2018] _on_issue_err
                                  [Sat Mar 17 16:55:23 CST 2018] Please check log file for more details: /tmp/acme/xiao.net/acme_issuecert.log
                                  [Sat Mar 17 16:55:23 CST 2018] _chk_vlist

                                  If you are interested in free peering for clearnet and dn42,contact me !

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    Mats
                                    last edited by

                                    Works well here.

                                    Switched from a san cert generated from a web method to wildcard and dns txt validation.
                                    Also meant that i could remove a lot of rules in my HA proxy config

                                    1 Reply Last reply Reply Quote 0
                                    • jimpJ
                                      jimp Rebel Alliance Developer Netgate
                                      last edited by

                                      I updated acme.sh from upstream and pushed out package version 0.2.6. If you still have problems on 0.2.6, please start separate threads.

                                      Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

                                      Need help fast? Netgate Global Support!

                                      Do not Chat/PM for help!

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.