Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACMEv2 is live!

    Scheduled Pinned Locked Moved ACME
    17 Posts 9 Posters 7.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      Appears to be a bug, I'll check it out and fix it up ASAP. Looks like it's a quirk in how the help text is processed on 2.3.x compared to 2.4.x

      Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        @sowil:

        Is that a direct error from pfSense or from the new ACME package ?

        Information : pfSense 2.3.5-RELEASE (i386)

        You should see ACME package version 0.2.5_1 show up shortly, it contains a fix for this for 2.3.x users.

        Users on 2.4.x will see the update but it doesn't really matter for them, I bumped the version to keep it in line so my next batch of enhancements will be easier to merge across all branches.

        Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          sowil
          last edited by

          Already available… Wuw, thank you !

          New account key created, new wildcard certificate generated... Per-fect ;)

          Thanks for the fast, good service !

          1 Reply Last reply Reply Quote 0
          • J
            jeffc
            last edited by

            The original topic for this said:

            If you have the latest version of the ACME package on pfSense, 0.2.4, …

            Sorry for the unfamiliarity! How do I get the latest ACME package on a 0.2.4 pfSense installation?

            Thanks!

            /Jeff

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              @jeffc:

              Sorry for the unfamiliarity! How do I get the latest ACME package on a 0.2.4 pfSense installation?

              The latest version of pfSense is 2.4.2-p1 (or 2.3.5-p1).  The latest version of the ACME package is 0.2.5_1 (there were some changes after 0.2.4). You get it by visiting System > Packages. If the package is already installed, click the little upgrade icon next to the package name to update it. If the package is not installed, visit the Available Packages tab and install it from there.

              Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                @jimp : my first wildcard … I'm impressed. Great work !

                Btw : I guess it's time to open a child forum into the Packages forum for the acme package.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • M
                  michaelschefczyk
                  last edited by

                  Dear All,

                  Unfortunately, this does not work for everyone, yet.

                  Two weeks ago, I did set up everything required to use the DNS-NSupdate / RFC 2136 method. I also tried with Let's Encrypt Staging ACME v2 and everything did work with and without wildcard certificates.

                  Now, I does not work anymore, unfortunately. I always get the following error when requesting a v2 certificate (even for a domain not used before on that particular pfSense machine) with staging and production v2 (while it does work when changing to v1):

                  [Sat Mar 17 23:10:46 CET 2018] Getting domain auth token for each domain
                  [Sat Mar 17 23:10:49 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
                  [Sat Mar 17 23:10:49 CET 2018] Please check log file for more details: /tmp/acme/…/acme_issuecert.log

                  After that, the cert manager does contain "private key only" but no certificate.

                  Does someone have advice on how to proceed?

                  Regards,

                  Michael

                  1 Reply Last reply Reply Quote 0
                  • N
                    Napsterbater
                    last edited by

                    @michaelschefczyk:

                    Dear All,

                    Unfortunately, this does not work for everyone, yet.

                    Two weeks ago, I did set up everything required to use the DNS-NSupdate / RFC 2136 method. I also tried with Let's Encrypt Staging ACME v2 and everything did work with and without wildcard certificates.

                    Now, I does not work anymore, unfortunately. I always get the following error when requesting a v2 certificate (even for a domain not used before on that particular pfSense machine) with staging and production v2 (while it does work when changing to v1):

                    [Sat Mar 17 23:10:46 CET 2018] Getting domain auth token for each domain
                    [Sat Mar 17 23:10:49 CET 2018] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Parse error reading JWS","status": 400}
                    [Sat Mar 17 23:10:49 CET 2018] Please check log file for more details: /tmp/acme/…/acme_issuecert.log

                    After that, the cert manager does contain "private key only" but no certificate.

                    Does someone have advice on how to proceed?

                    Regards,

                    Michael

                    That was the error I was getting, and retrying 2 or 3 times with a few minutes in between was all it took for it to work for me.

                    1 Reply Last reply Reply Quote 0
                    • Y
                      yon
                      last edited by

                      v0.2.5_1 still not work

                      [Sat Mar 17 16:47:38 CST 2018] readlink exists=0
                      [Sat Mar 17 16:47:38 CST 2018] dirname exists=0
                      [Sat Mar 17 16:47:38 CST 2018] Lets find script dir.
                      [Sat Mar 17 16:47:38 CST 2018] SCRIPT='/usr/local/pkg/acme/acme.sh'
                      [Sat Mar 17 16:47:38 CST 2018] _script='/usr/local/pkg/acme/acme.sh'
                      [Sat Mar 17 16:47:38 CST 2018] _script_home='/usr/local/pkg/acme'
                      [Sat Mar 17 16:47:38 CST 2018] Using config home:/tmp/acme/xiao.net/
                      [Sat Mar 17 16:47:38 CST 2018] APP
                      [Sat Mar 17 16:47:38 CST 2018] 2:LOG_FILE='/tmp/acme/xiao.net/acme_issuecert.log'
                      [Sat Mar 17 16:47:38 CST 2018] APP
                      [Sat Mar 17 16:47:38 CST 2018] 3:LOG_LEVEL='3'
                      [Sat Mar 17 16:47:38 CST 2018] LE_WORKING_DIR='/tmp/acme/xiao.net/'
                      [Sat Mar 17 16:47:38 CST 2018] _main_domain='xiao.net'
                      [Sat Mar 17 16:47:38 CST 2018] _alt_domains='.xiao.net'
                      [Sat Mar 17 16:47:38 CST 2018] Using config home:/tmp/acme/xiao.net/
                      [Sat Mar 17 16:47:38 CST 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
                      [Sat Mar 17 16:47:38 CST 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
                      [Sat Mar 17 16:47:38 CST 2018] CA_CONF='/tmp/acme/xiao.net//ca/acme-v02.api.letsencrypt.org/ca.conf'
                      [Sat Mar 17 16:47:38 CST 2018] DOMAIN_PATH='/tmp/acme/xiao.net//xiao.net'
                      [Sat Mar 17 16:47:38 CST 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
                      [Sat Mar 17 16:47:38 CST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
                      [Sat Mar 17 16:47:38 CST 2018] GET
                      [Sat Mar 17 16:47:38 CST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
                      [Sat Mar 17 16:47:38 CST 2018] timeout=
                      [Sat Mar 17 16:47:38 CST 2018] curl exists=0
                      [Sat Mar 17 16:47:38 CST 2018] wget exists=127
                      [Sat Mar 17 16:47:38 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g '
                      [Sat Mar 17 16:50:11 CST 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
                      [Sat Mar 17 16:50:11 CST 2018] ret='7'
                      [Sat Mar 17 16:50:11 CST 2018] response
                      [Sat Mar 17 16:50:11 CST 2018] Can not init api.
                      [Sat Mar 17 16:50:11 CST 2018] APP
                      [Sat Mar 17 16:50:11 CST 2018] 1:Le_Domain='xiao.net'
                      [Sat Mar 17 16:50:11 CST 2018] APP
                      [Sat Mar 17 16:50:11 CST 2018] 2:Le_Alt='                      .xiao.net'
                      [Sat Mar 17 16:50:11 CST 2018] APP
                      [Sat Mar 17 16:50:11 CST 2018] 3:Le_Webroot='dns_nsupdate'
                      [Sat Mar 17 16:50:11 CST 2018] APP
                      [Sat Mar 17 16:50:11 CST 2018] 4:Le_PreHook=''
                      [Sat Mar 17 16:50:11 CST 2018] APP
                      [Sat Mar 17 16:50:11 CST 2018] 5:Le_PostHook=''
                      [Sat Mar 17 16:50:11 CST 2018] APP
                      [Sat Mar 17 16:50:11 CST 2018] 6:Le_RenewHook=''
                      [Sat Mar 17 16:50:11 CST 2018] APP
                      [Sat Mar 17 16:50:11 CST 2018] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
                      [Sat Mar 17 16:50:11 CST 2018] _on_before_issue
                      [Sat Mar 17 16:50:11 CST 2018] _chk_main_domain='xiao.net'
                      [Sat Mar 17 16:50:11 CST 2018] _chk_alt_domains='.xiao.net'
                      [Sat Mar 17 16:50:11 CST 2018] 'dns_nsupdate' does not contain 'no'
                      [Sat Mar 17 16:50:11 CST 2018] Le_LocalAddress
                      [Sat Mar 17 16:50:11 CST 2018] d='xiao.net'
                      [Sat Mar 17 16:50:11 CST 2018] Check for domain='xiao.net'
                      [Sat Mar 17 16:50:11 CST 2018] _currentRoot='dns_nsupdate'
                      [Sat Mar 17 16:50:11 CST 2018] d='                      .xiao.net'
                      [Sat Mar 17 16:50:11 CST 2018] Check for domain='*.xiao.net'
                      [Sat Mar 17 16:50:11 CST 2018] _currentRoot='dns_nsupdate'
                      [Sat Mar 17 16:50:11 CST 2018] d
                      [Sat Mar 17 16:50:11 CST 2018] 'dns_nsupdate' does not contain 'apache'
                      [Sat Mar 17 16:50:11 CST 2018] config file is empty, can not read CA_KEY_HASH
                      [Sat Mar 17 16:50:11 CST 2018] _saved_account_key_hash
                      [Sat Mar 17 16:50:11 CST 2018] Using config home:/tmp/acme/xiao.net/
                      [Sat Mar 17 16:50:11 CST 2018] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
                      [Sat Mar 17 16:50:11 CST 2018] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
                      [Sat Mar 17 16:50:11 CST 2018] CA_CONF='/tmp/acme/xiao.net//ca/acme-v02.api.letsencrypt.org/ca.conf'
                      [Sat Mar 17 16:50:11 CST 2018] _regAccount
                      [Sat Mar 17 16:50:11 CST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
                      [Sat Mar 17 16:50:11 CST 2018] GET
                      [Sat Mar 17 16:50:11 CST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
                      [Sat Mar 17 16:50:11 CST 2018] timeout=
                      [Sat Mar 17 16:50:11 CST 2018] curl exists=0
                      [Sat Mar 17 16:50:11 CST 2018] wget exists=127
                      [Sat Mar 17 16:50:11 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g '
                      [Sat Mar 17 16:50:26 CST 2018] ret='0'
                      [Sat Mar 17 16:50:26 CST 2018] response='{
                        "jRY5HULISn4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
                        "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
                        "meta": {
                          "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
                        },
                        "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
                        "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
                        "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
                        "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
                      }'
                      [Sat Mar 17 16:50:26 CST 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
                      [Sat Mar 17 16:50:26 CST 2018] ACME_NEW_AUTHZ
                      [Sat Mar 17 16:50:26 CST 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
                      [Sat Mar 17 16:50:26 CST 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
                      [Sat Mar 17 16:50:26 CST 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
                      [Sat Mar 17 16:50:26 CST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
                      [Sat Mar 17 16:50:26 CST 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                      [Sat Mar 17 16:50:26 CST 2018] ACME_VERSION='2'
                      [Sat Mar 17 16:50:26 CST 2018] RSA key
                      [Sat Mar 17 16:50:26 CST 2018] pub_exp='010001'
                      [Sat Mar 17 16:50:26 CST 2018] [Sat Mar 17 16:50:26 CST 2018] xxd exists=127base64 single line.

                      [Sat Mar 17 16:50:26 CST 2018] _URGLY_PRINTF='1'
                      [Sat Mar 17 16:50:26 CST 2018] e='AQAB'
                      [Sat Mar 17 16:50:26 CST 2018] modulus='EAC24EE861DF7201F4517C9CCDEB57E419809E9A04096A4E7C4591D96E0F572CA0CB028D300FE4EEFD192688376610EA18099EF01FC7F6F5E7919EC316D609F227179F02560CEC651D1513F556EAE40714373742952DC8F080EF0131AD5E8AF9304FBB015A44FDCC68CC8090A032F95E5816B0937D6FF9BE62FD06B49DC02350828C4FF5EF5FFB908D2419AC50418E3FFF0645CED3CD7B04E683DAF4A81DE0B68504BDBDF738A6F7AAC70BE0BAC7B1E428CDE0DE62F7CFEF7A4F448E29CD2591C6D76CD15D0F690D192251C37DB18E43A8124E5CD3829E9A82F8B1CF79B11E65655CC01AE7359FA896F82DB72B205530055A86C705CD0C40D73D7313922B2C8A62AEDC0817F4978C762C208DE61A6A852A92D12EE76A1DA63AAD974EA46173B6BFBFE61B60AA3839A46809D24AACA4872653CB24C7F8EE669E038BDFB0CBE1135A22100E19C36DA423E1DB196D10F1E1DFE42C6DEE68582ECBA21E3C39F25EC7F5857651911DD09A6909030F01AAD15FD6369F'
                      [Sat Mar 17 16:50:26 CST 2018] base64 single line.
                      [Sat Mar 17 16:50:26 CST 2018] xxd exists=127
                      [Sat Mar 17 16:50:26 CST 2018] _URGLY_PRINTF='1'
                      [Sat Mar 17 16:50:26 CST 2018] n='6sJO6GHfcgH0UXyczetX5BmAnpoECWpOfEWR2W4PVyygywKNMA_k7v0ZJog3ZhDqGAme8B_H9vXnkZ7DFtYJ8icXnwJWDOxlHRUT9Vbq5AcUNzdClS3I8IDvATGtXor5ME-7AVpE_cxozICQoDL5XlgWsJN9b_m-Yv0GtJ3AI1CCjE_171_7kI0kGaxQQY4__wZFztPNewTmg9r0qB3gtoUEvb33OKb3qscP6g84vITwHDfIl4ocj-PzSJhroD87AdfC7iLjy9ueI-vmgkvI-t34XNqCMwD_oTrd_diMEf5zSSBjULH7hh4n74E6227L4LrHseQozeDeYvfP73pPRI4pzSWRxtds0V0PaQ0ZIlHDfbGOQ6gSTlzTgp6agvixz3mxHmVlXMAa5zWfqJb4LbcrIFUwBVqGxwXNDEDXPXMTkissimKu3AgX9JeMdiwgjeYaaoUqktEu52odpjqtl06kYXO2v7_mG2CqODmkaAnSSqykhyZTyyTH-O5mngOL37DL4RNaIhAOGcNtpCPh2xltEPHh3-Qsbe5oWC7Loh48OfJex_WFdlGRHdCaaQkDDwGq0V_WNp8'
                      [Sat Mar 17 16:50:26 CST 2018] jwk='{"e": "AQAB", "kty": "RSA", "n": "6sJO6GHfcgH0UXyczetX5BmAnpoECWpOfEWR2W4PVyygywKNMA_k7v0ZJog3ZhDqGAme8B_H9vXnkZ7DFtYJ8icXnwJWDOxlHRUT9Vbq5AcUNzdClS3I8IDvATGtXor5ME-7AVpE_cxozICQoDL5XlgWsJN9b_m-Yv0GtJ3AI1CCjE_17133OKb3qscP6g84vITwHDfIl4ocj-qJM_M6awjeWTV82BP9JEg1lOosGYLef0QRhlJC48fL937l2DrYpDXs7VekOVMBl_MkNomCM6xu58_wwPL9v_RROx0bId4EIGPzSJhroD87AdfC7iLjy9ueI-vmgkvI-t34XNqCMwD_oTrd_diMEf5zSSBjULH7hh4n74E6227L4LrHseQozeDeYvfP73pPRI4pzSWRxtds0V0PaQ0ZIlHDfbGOQ6gSTlzTgp6agvixz3mxHmVlXMAa5zWfqJb4LbcrIFUwBVqGxwXNDEDXPXMTkissimKu3AgX9JeMdiwgjeYaaoUqktEu52odpjqtl06kYXO2v7_mG2CqODmkaAnSSqykhyZTyyTH-O5mngOL37DL4RNaIhAOGcNtpCPh2xltEPHh3-Qsbe5oWC7Loh48OfJex_WFdlGRHdCaaQkDDwGq0V_WNp8"}'
                      [Sat Mar 17 16:50:26 CST 2018] JWK_HEADER='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "6sJO6GHfcgH0UXyczetX5BmAnpoECWpOfEWR2W4PVyygywKNMA_k7v0ZJog3ZhDqGAme8B_H9vXnkZ7DFtYJ8icXnwJWDOxlHRUT9Vbq5AcUNzdClS3I8IDvATGtXor5ME-7AVpE_cxozICQoDL5XlgWsJN9b_m-Yv0GtJ3AI1CCjE_17TwHDfIl4ocj-qJM_M6awjeWTV82BP9JEg1lOosGYLef0QRhlJC48fL937l2DrYpDXs7VekOVMBl_MkNomCM6xu58_wwPL9v_RROx0bId4EIGPzSJhroD87AdfC7iLjy9ueI-vmgkvI-t34XNqCMwD_oTrd_diMEf5zSSBjULH7hh4n74E6227L4LrHseQozeDeYvfP73pPRI4pzSWRxtds0V0PaQ0ZIlHDfbGOQ6gSTlzTgp6agvixz3mxHmVlXMAa5zWfqJb4LbcrIFUwBVqGxwXNDEDXPXMTkissimKu3AgX9JeMdiwgjeYaaoUqktEu52odpjqtl06kYXO2v7_mG2CqODmkaAnSSqykhyZTyyTH-O5mngOL37DL4RNaIhAOGcNtpCPh2xltEPHh3-Qsbe5oWC7Loh48OfJex_WFdlGRHdCaaQkDDwGq0V_WNp8"}}'
                      [Sat Mar 17 16:50:26 CST 2018] Registering account
                      [Sat Mar 17 16:50:26 CST 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
                      [Sat Mar 17 16:50:26 CST 2018] payload='{"termsOfServiceAgreed": true}'
                      [Sat Mar 17 16:50:26 CST 2018] Use cached jwk for file: /tmp/acme/xiao.net//ca/acme-v02.api.letsencrypt.org/account.key
                      [Sat Mar 17 16:50:26 CST 2018] base64 single line.
                      [Sat Mar 17 16:50:26 CST 2018] payload64='eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9'
                      [Sat Mar 17 16:50:26 CST 2018] _request_retry_times='0'
                      [Sat Mar 17 16:50:26 CST 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                      [Sat Mar 17 16:50:26 CST 2018] HEAD
                      [Sat Mar 17 16:50:26 CST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                      [Sat Mar 17 16:50:26 CST 2018] body
                      [Sat Mar 17 16:50:26 CST 2018] curl exists=0
                      [Sat Mar 17 16:50:26 CST 2018] wget exists=127
                      [Sat Mar 17 16:50:26 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g  -H "Content-Type: application/jose+json" '
                      [Sat Mar 17 16:51:44 CST 2018] _ret='0'
                      [Sat Mar 17 16:51:44 CST 2018] _headers='HTTP/1.1 204 No Content
                      Server: nginx
                      Replay-Nonce: MxB-Epz9-0zC8EJKa970oigQcoNAGJfK6MzgM2ksMtg
                      X-Frame-Options: DENY
                      Strict-Transport-Security: max-age=604800
                      Expires: Sat, 17 Mar 2018 08:51:44 GMT
                      Cache-Control: max-age=0, no-cache, no-store
                      Pragma: no-cache
                      Date: Sat, 17 Mar 2018 08:51:44 GMT
                      Connection: keep-alive

                      '
                      [Sat Mar 17 16:51:44 CST 2018] _CACHED_NONCE='MxB-Epz9-0zC8EJKa970oigQcoNAGJfK6MzgM2ksMtg'
                      [Sat Mar 17 16:51:44 CST 2018] nonce='MxB-Epz9-0zC8EJKa970oigQcoNAGJfK6MzgM2ksMtg'
                      [Sat Mar 17 16:51:44 CST 2018] protected='{"nonce": "MxB-Epz9-0zC8EJKa970oigQcoNAGJfK6MzgM2ksMtg", "url": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "6sJO6GHfcgH0UXyczetX5BmAnpoECWpOfEWR2W4PVyygywKNMA_k7v0ZJog3ZhDqGAme8B_H9vXnkZ7DFtYJ8icXnwJWDOxlHRUT9Vbq5AcUNzdClS3I8IDvATGtXor5ME-7AVpE_cxozICQoDL5XlgWsJN9b_m-Yv0GtJ3AI1CCjE_171_7kI0kGaxQQY4__wZFztPNewTmg9r0qB3gtoUEvb33OKb3qscP6g84vITwHDfIl4ocj-qJM_M6awjeWTV82BP9JEg1lOosGYLef0QRhl0V0PaQ0ZIlHDfbGOQ6gSTlzTgp6agvixz3mxHmVlXMAa5zWfqJb4LbcrIFUwBVqGxwXNDEDXPXMTkissimKu3AgX9JeMdiwgjeYaaoUqktEu52odpjqtl06kYXO2v7_mG2CqODmkaAnSSqykhyZTyyTH-O5mngOL37DL4RNaIhAOGcNtpCPh2xltEPHh3-Qsbe5oWC7Loh48OfJex_WFdlGRHdCaaQkDDwGq0V_WNp8"}}'
                      [Sat Mar 17 16:51:44 CST 2018] base64 single line.
                      [Sat Mar 17 16:51:45 CST 2018] protected64='eyJub25jZSI6ICJNeEItRXB6OS0wekM4RUpLYTk3MG9pZ1Fjb05BR0pmSzZNemdNMmtzTXRnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIjZzSk82R0hmY2dIMFVYeWN6ZXRYNUJtQW5wb0VDV3BPZkVXUjJXNFBWeXlneXdLTk1BX2s3djBaSm9nM1poRHFHQW1lOEJfSDl2WG5rWjdERnRZSjhpY1hud0pXRE94bEhSVVQ5VmJxNUFjVU56ZENsUzNJOElEdkFUR3RYb3I1TUUtN0FWcEVfY3hveklDUW9ETDVYbGdXc0pOOWJfbS1ZdjBHdEozQUkxQ0NqRV8xNzFfN2tJMGtHYXhRUVk0X193WkZ6dFBOZXdUbWc5cjBxQjNndG9VRXZiMzNPS2IzcXNjelNTQmpVTEg3aGg0bjc0RTYyMjdMNExySHNlUW96ZURlWXZmUDczcFBSSTRwelNXUnh0ZHMwVjBQYVEwWklsSERmYkdPUTZnU1RselRncDZhZ3ZpeHozbXhIbVZsWE1BYTV6V2ZxSmI0TGJjcklGVXdCVnFHeHdYTkRFRFhQWE1Ua2lzc2ltS3UzQWdYOUplTWRpd2dqZVlhYW9VcWt0RXU1Mm9kcGpxdGwwNmtZWE8ydjdfbUcyQ3FPRG1rYUFuU1NxeWtoeVpUeXlUSC1PNW1uZ09MMzdETDRSTmFJaEFPR2NOdHBDUGgyeGx0RVBIaDMtUXNiZTVvV0M3TG9oNDhPZkpleF9XRmRsR1JIZENhYVFrRER3R3EwVl9XTnA4In19'
                      [Sat Mar 17 16:51:45 CST 2018] base64 single line.
                      [Sat Mar 17 16:51:45 CST 2018] _sig_t='j07O97S0F4ASNHhZgdWd5KOQ6MsoKGNn6uI0knA/NDcQa0g12jNk97ZvrYWfHC9fzgxGj8dYCJF6zkxqihxjtB+VkyLx11LwscMK3o8KyceyagapWXvTJOCVyZgI6xqFQIKKK0m7sg09pR/47mbEecLq9t+Flmu/8uJFU8BcuR6pn5urFajR2mHjkyAa29h6cRbnOFlBl0euU8iH9KTcoE4FWW3HTgUNEOyH5fmqUasoVMfmVuv22MF4Q+vhTJrCQNQI0h9DQZp12W2i4LG2NyB48SxOSKMIZRY054KWinFZoCqhhdFquFAnPXT2b17cb3+UI323M5bRRShCxs43blYLzfE8muAqL+dh1nePdBIWJDoSp7epkFWiKPC9m/LSjTeQzBDEI56EuOCIS01uOSxx/SJEtKjwfqW7Z/Y3iBWDXW0LKtfm/xitvZAotdKFoqe7p67HxJMCrjlzEyAyp2h/VBmeLK+Whin6UG8IgH+IioB3SWXgtDOCUmwFuCaxx69bYwZGClu9PdmBbiokwqMfHYedZWlDyzLxteNLcQSs/03S79jnB0wlL9/7sPlaq2+R3x+cdVqy8r1u/QKk063yirdrKofYBvHyEod3F4rgLnKN1t0='
                      [Sat Mar 17 16:51:45 CST 2018] sig='j07O97S0F4ASNHhZgdWd5KOQ6MsoKGNn6uI0knA_NDcQa0g12jNk97ZvrYWfHC9fzgxGj8dYCJF6zkxqihxjtB-VkyLx11LwscMK3o8KyceyagapWXvTJOCVyZgI6xqFQIKSKMIZRY054KWinFZoCqhhdFquFAnPXT2b17cb3-UI323M5bRRShCxs43blYLzfE8muAqL-dh1nePdBIWJDoSp7epkFWiKPC9m_LSjTeQzBDEI56EuOCIS01uOSxx_SJEtKjwfqW7Z_Y3iBWDXW0LKtfm_xitvZAotdKFoqe7p67HxJMCrjlzEyAyp2h_VBmeLK-Whin6UG8IgH-IioB3SWXgtDOCUmwFuCaxx69bYwZGClu9PdmBbiokwqMfHYedZWlDyzLxteNLcQSs_03S79jnB0wlL9_7sPlaq2-R3x-cdVqy8r1u_QKk063yirdrKofYBvHyEod3F4rgLnKN1t0'
                      [Sat Mar 17 16:51:45 CST 2018] body='{"protected": "eyJub25jZSI6ICJNeEItRXB6OS0wekM4RUpLYTk3MG9pZ1Fjb05BR0pmSzZNemdNMmtzTXRnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIjZzSk82R0hmY2dIMFVYeWN6ZXRYNUJtQW5wb0VDV3BPZkVXUjJXNFBWeXlneXdLTk1BX2s3djBaSm9nM1poRHFHQW1lOEJfSDl2WG5rWjdERnRZSjhpY1hud0pXRE94bEhSVVQ5VmJxNU0RTYyMjdMNExySHNlUW96ZURlWXZmUDczcFBSSTRwelNXUnh0ZHMwVjBQYVEwWklsSERmYkdPUTZnU1RselRncDZhZ3ZpeHozbXhIbVZsWE1BYTV6V2ZxSmI0TGJjcklGVXdCVnFHeHdYTkRFRFhQWE1Ua2lzc2ltS3UzQWdYOUplTWRpd2dqZVlhYW9VcWt0RXU1Mm9kcGpxdGwwNmtZWE8ydjdfbUcyQ3FPRG1rYUFuU1NxeWtoeVpUeXlUSC1PNW1uZ09MMzdETDRSTmFJaEFPR2NOdHBDUGgyeGx0RVBIaDMtUXNiZTVvV0M3TG9oNDhPZkpleF9XRmRsR1JIZENhYVFrRER3R3EwVl9XTnA4In19", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "j07O97S0F4ASNHhZgdWd5KOQ6MsoKGNn6uI0knA_NDcQa0g12jNk97ZvrYWfHC9fzgxGj8dYCJF6zkxqihxjtB-VkyLx11LwscMK3o8KyceyagapWXvTJOCVyZgI6xqFQIKKK0m7sg09pR_47mbEecLq9t-Flmu_8uJFU8BcuR6pn5urFajR2mHjkyAa29h6cRbnOFlBl0euU8iH9KTcoE4FWW3HTgUNEOyH5fmqUasoVMfmVuv22MF4Q-vhTJrCQNQI0h9Dqxqu90W1Eb5Nwp4KDOkMNV9R5fJoPZkzedA7coUaN5nadQZR46HtH9nNQZp12W2i4LG2NyB48SxOSKMIZRY054KWinFZoCqhhdFquFAnPXT2b17cb3-UI323M5bRRShCxs43blYLzfE8muAqL-dh1nePdBIWJDoSp7epkFWiKPC9m_LSjTeQzBDEI56EuOCIS01uOSxx_SJEtKjwfqW7Z_Y3iBWDXW0LKtfm_xitvZAotdKFoqe7p67HxJMCrjlzEyAyp2h_VBmeLK-Whin6UG8IgH-IioB3SWXgtDOCUmwFuCaxx69bYwZGClu9PdmBbiokwqMfHYedZWlDyzLxteNLcQSs_03S79jnB0wlL9_7sPlaq2-R3x-cdVqy8r1u_QKk063yirdrKofYBvHyEod3F4rgLnKN1t0"}'
                      [Sat Mar 17 16:51:45 CST 2018] POST
                      [Sat Mar 17 16:51:45 CST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
                      [Sat Mar 17 16:51:45 CST 2018] body='{"protected": "eyJub25jZSI6ICJNeEItRXB6OS0wekM4RUpLYTk3MG9pZ1Fjb05BR0pmSzZNemdNMmtzTXRnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCIsICJhbGciOiAiUlMyNTYiLCAiandrIjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogIjZzSk82R0hmY2dIMFVYeWN6ZXRYNUJtQW5wb0VDV3BPZkVXUjJXNFBWeXlneXdLTk1BX2s3djBaSm9nM1poRHFHQW1lOEJfSDl2WG5rWjdERnRZSjhpY1hud0pXRE94bEaGg0bjc0RTYyMjdMNExySHNlUW96ZURlWXZmUDczcFBSSTRwelNXUnh0ZHMwVjBQYVEwWklsSERmYkdPUTZnU1RselRncDZhZ3ZpeHozbXhIbVZsWE1BYTV6V2ZxSmI0TGJjcklGVXdCVnFHeHdYTkRFRFhQWE1Ua2lzc2ltS3UzQWdYOUplTWRpd2dqZVlhYW9VcWt0RXU1Mm9kcGpxdGwwNmtZWE8ydjdfbUcyQ3FPRG1rYUFuU1NxeWtoeVpUeXlUSC1PNW1uZ09MMzdETDRSTmFJaEFPR2NOdHBDUGgyeGx0RVBIaDMtUXNiZTVvV0M3TG9oNDhPZkpleF9XRmRsR1JIZENhYVFrRER3R3EwVl9XTnA4In19", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "j07O97S0F4ASNHhZgdWd5KOQ6MsoKGNn6uI0knA_NDcQa0g12jNk97ZvrYWfHC9fzgxGj8dYCJF6zkxqihxjtB-VkyLx11LwscMK3o8KyceyagapWXvTJOCVyZgI6xqFQIKKK0m7sg09pR_47mbEecLq9t-Flmu_8uJFU8BcuR6pn5urFajR2mHjkyAa29h6cRbnOFlBl0euU8iH9KTcoE4FWW3HTgUNEOyH5fmqUasoVMfmVuv22MF4Q-vhTJrCQNQI0h9Dqxqu90W1Eb5Nwp4KDOkMNV9R5fJoPZkzedA7coUaN5nadQZR46HtH9nNQZp12W2i4LG2NyB48SxOSKMIZRY054KWinFZoCqhhdFquFAnPXT2b17cb3-UI323M5bRRShCxs43blYLzfE8muAqL-dh1nePdBIWJDoSp7epkFWiKPC9m_LSjTeQzBDEI56EuOCIS01uOSxx_SJEtKjwfqW7Z_Y3iBWDXW0LKtfm_xitvZAotdKFoqe7p67HxJMCrjlzEyAyp2h_VBmeLK-Whin6UG8IgH-IioB3SWXgtDOCUmwFuCaxx69bYwZGClu9PdmBbiokwqMfHYedZWlDyzLxteNLcQSs_03S79jnB0wlL9_7sPlaq2-R3x-cdVqy8r1u_QKk063yirdrKofYBvHyEod3F4rgLnKN1t0"}'
                      [Sat Mar 17 16:51:45 CST 2018] Http already initialized.
                      [Sat Mar 17 16:51:45 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g  -H "Content-Type: application/jose+json" '
                      [Sat Mar 17 16:53:31 CST 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 52
                      [Sat Mar 17 16:53:31 CST 2018] _ret='52'
                      [Sat Mar 17 16:53:31 CST 2018] original
                      [Sat Mar 17 16:53:31 CST 2018] responseHeaders
                      [Sat Mar 17 16:53:31 CST 2018] response
                      [Sat Mar 17 16:53:31 CST 2018] code
                      [Sat Mar 17 16:53:31 CST 2018] Registered
                      [Sat Mar 17 16:53:31 CST 2018] _accUri
                      [Sat Mar 17 16:53:31 CST 2018] APP
                      [Sat Mar 17 16:53:31 CST 2018] 1:ACCOUNT_URL=''
                      [Sat Mar 17 16:53:31 CST 2018] base64 single line.
                      [Sat Mar 17 16:53:31 CST 2018] Calc CA_KEY_HASH='74GXJ5o2fPNBjEtcXrjwFCN4mWwOVoairbac='
                      [Sat Mar 17 16:53:31 CST 2018] APP
                      [Sat Mar 17 16:53:31 CST 2018] 2:CA_KEY_HASH='74GXJ5o2fPNBjEtcXrjwFCNVoairbac='
                      [Sat Mar 17 16:53:31 CST 2018] base64 single line.
                      [Sat Mar 17 16:53:31 CST 2018] ACCOUNT_THUMBPRINT='UC3ABjg7BqgM9JkZy3Wf3N0LXVnErJrh5Kyw'
                      [Sat Mar 17 16:53:31 CST 2018] Read key length:
                      [Sat Mar 17 16:53:31 CST 2018] _createcsr
                      [Sat Mar 17 16:53:31 CST 2018] domain='xiao.net'
                      [Sat Mar 17 16:53:31 CST 2018] domainlist='.xiao.net'
                      [Sat Mar 17 16:53:31 CST 2018] csrkey='/tmp/acme/xiao.net//xiao.net/xiao.net.key'
                      [Sat Mar 17 16:53:31 CST 2018] csr='/tmp/acme/xiao.net//xiao.net/xiao.net.csr'
                      [Sat Mar 17 16:53:31 CST 2018] csrconf='/tmp/acme/xiao.net//xiao.net/xiao.net.csr.conf'
                      [Sat Mar 17 16:53:31 CST 2018] _is_idn_d='                      .xiao.net'
                      [Sat Mar 17 16:53:31 CST 2018] _idn_temp
                      [Sat Mar 17 16:53:31 CST 2018] domainlist='.xiao.net'
                      [Sat Mar 17 16:53:31 CST 2018] Multi domain='DNS:xiao.net,DNS:                      .xiao.net'
                      [Sat Mar 17 16:53:31 CST 2018] _is_idn_d='xiao.net'
                      [Sat Mar 17 16:53:31 CST 2018] _idn_temp
                      [Sat Mar 17 16:53:31 CST 2018] _csr_cn='xiao.net'
                      [Sat Mar 17 16:53:31 CST 2018] APP
                      [Sat Mar 17 16:53:31 CST 2018] 8:Le_Keylength=''
                      [Sat Mar 17 16:53:31 CST 2018] Getting domain auth token for each domain
                      [Sat Mar 17 16:53:31 CST 2018] d='.xiao.net'
                      [Sat Mar 17 16:53:31 CST 2018] d
                      [Sat Mar 17 16:53:31 CST 2018] _identifiers='{"type":"dns","value":"xiao.net"},{"type":"dns","value":"                      .xiao.net"}'
                      [Sat Mar 17 16:53:31 CST 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
                      [Sat Mar 17 16:53:31 CST 2018] payload='{"identifiers": [{"type":"dns","value":"xiao.net"},{"type":"dns","value":"*.xiao.net"}]}'
                      [Sat Mar 17 16:53:31 CST 2018] Use cached jwk for file: /tmp/acme/xiao.net//ca/acme-v02.api.letsencrypt.org/account.key
                      [Sat Mar 17 16:53:31 CST 2018] base64 single line.
                      [Sat Mar 17 16:53:31 CST 2018] payload64='eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InhpYW95dS5uZXQifSx7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6IioueGlhb3l1Lm5ldCJ9XX0'
                      [Sat Mar 17 16:53:31 CST 2018] _request_retry_times='0'
                      [Sat Mar 17 16:53:31 CST 2018] Get nonce. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                      [Sat Mar 17 16:53:31 CST 2018] HEAD
                      [Sat Mar 17 16:53:31 CST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
                      [Sat Mar 17 16:53:31 CST 2018] body
                      [Sat Mar 17 16:53:31 CST 2018] Http already initialized.
                      [Sat Mar 17 16:53:31 CST 2018] _CURL='curl -L –silent --dump-header /tmp/acme/xiao.net//http.header  -g  -H "Content-Type: application/jose+json" '
                      [Sat Mar 17 16:55:23 CST 2018] _ret='0'
                      [Sat Mar 17 16:55:23 CST 2018] _headers='HTTP/1.1 204 No Content
                      Server: nginx
                      Replay-Nonce: YQ0-Z9KX2zzeWcdRBrBEMck1sOLRpHxf4vpPwmo64RM
                      X-Frame-Options: DENY
                      Strict-Transport-Security: max-age=604800
                      Expires: Sat, 17 Mar 2018 08:55:23 GMT
                      Cache-Control: max-age=0, no-cache, no-store
                      Pragma: no-cache
                      Date: Sat, 17 Mar 2018 08:55:23 GMT
                      Connection: keep-alive

                      '
                      [Sat Mar 17 16:55:23 CST 2018] _CACHED_NONCE='YQ0-Z9KX2zzeWcdRBrRpHxf4vpPwmo64RM'
                      [Sat Mar 17 16:55:23 CST 2018] nonce='YQ0-Z9KX2zzeWcdRBrBEHxf4vpPwmo64RM'
                      [Sat Mar 17 16:55:23 CST 2018] Re-reading ACCOUNT_URL
                      [Sat Mar 17 16:55:23 CST 2018] ACCOUNT_URL was empty!
                      [Sat Mar 17 16:55:23 CST 2018] ACCOUNT_URL
                      [Sat Mar 17 16:55:23 CST 2018] Cannot locate account URL.
                      [Sat Mar 17 16:55:23 CST 2018] Create new order error.
                      [Sat Mar 17 16:55:23 CST 2018] pid
                      [Sat Mar 17 16:55:23 CST 2018] No need to restore nginx, skip.
                      [Sat Mar 17 16:55:23 CST 2018] _clearupdns
                      [Sat Mar 17 16:55:23 CST 2018] skip dns.
                      [Sat Mar 17 16:55:23 CST 2018] _on_issue_err
                      [Sat Mar 17 16:55:23 CST 2018] Please check log file for more details: /tmp/acme/xiao.net/acme_issuecert.log
                      [Sat Mar 17 16:55:23 CST 2018] _chk_vlist

                      If you are interested in free peering for clearnet and dn42,contact me !

                      1 Reply Last reply Reply Quote 0
                      • M
                        Mats
                        last edited by

                        Works well here.

                        Switched from a san cert generated from a web method to wildcard and dns txt validation.
                        Also meant that i could remove a lot of rules in my HA proxy config

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          I updated acme.sh from upstream and pushed out package version 0.2.6. If you still have problems on 0.2.6, please start separate threads.

                          Remember: Upvote with the đź‘Ť button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.