Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    problemas al validar el dominio para obtener certificado letsencript

    Español
    1
    1
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luisenrique
      last edited by

      Hola
      Llevo muuchos dias intentando validar un dominio para obtener un certificado *.ibicsa.co.cu
      configure mi servidor dns agregando una llave para realizar la publicacion del record txt para la validacion. di permisos a dicha llave para que se actuailse el dominio correctamente:
      cuando hago clic para solicitar el certificado me da error:

      iBICSA.CO.CU
Renewing certificate
account: BICSA-TESTING
server: letsencrypt-staging-2


/usr/local/pkg/acme/acme.sh --issue -d 'ibicsa.co.cu' --dns 'dns_nsupdate' -d '*.ibicsa.co.cu' --dns 'dns_nsupdate' --home '/tmp/acme/iBICSA.CO.CU/' --accountconf '/tmp/acme/iBICSA.CO.CU/accountconf.conf' --force --reloadCmd '/tmp/acme/iBICSA.CO.CU/reloadcmd.sh' --dnssleep '30' --log-level 3 --log '/tmp/acme/iBICSA.CO.CU/acme_issuecert.log'

Array
(
[path] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[PATH] => /etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin/
[NSUPDATE_SERVER] => /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate
[NSUPDATE_KEYNAME] => _acme-challenge.bicsa.cu
[NSUPDATE_KEYALGO] => 163
[NSUPDATE_KEY] => /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate
[NSUPDATE_ZONE] =>
)
[Wed Feb 6 14:15:53 CST 2019] Registering account
[Wed Feb 6 14:15:54 CST 2019] Already registered
[Wed Feb 6 14:15:54 CST 2019] ACCOUNT_THUMBPRINT='Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y'
[Wed Feb 6 14:15:54 CST 2019] Multi domain='DNS:ibicsa.co.cu,DNS:*.ibicsa.co.cu'
[Wed Feb 6 14:15:54 CST 2019] Getting domain auth token for each domain
[Wed Feb 6 14:15:56 CST 2019] Getting webroot for domain='ibicsa.co.cu'
[Wed Feb 6 14:15:56 CST 2019] Getting webroot for domain='*.ibicsa.co.cu'
[Wed Feb 6 14:15:57 CST 2019] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Wed Feb 6 14:15:57 CST 2019] adding _acme-challenge.ibicsa.co.cu. 60 in txt "bgGqlrfLluESoa3jsew0q1UDtPQ4ELu1xS7TFfWPexI"
[Wed Feb 6 14:15:57 CST 2019] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Wed Feb 6 14:15:57 CST 2019] adding _acme-challenge.ibicsa.co.cu. 60 in txt "0J36YRssJetppEKn0QKnOOhXqWmDMAgYJzKVZNWvvcM"
[Wed Feb 6 14:15:57 CST 2019] Sleep 30 seconds for the txt records to take effect
[Wed Feb 6 14:16:27 CST 2019] Verifying: ibicsa.co.cu
[Wed Feb 6 14:16:31 CST 2019] Found domain http api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Wed Feb 6 14:16:31 CST 2019] Removing DNS records.
[Wed Feb 6 14:16:31 CST 2019] ibicsa.co.cu:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ibicsa.co.cu
[Wed Feb 6 14:16:31 CST 2019] key /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key is unreadable
[Wed Feb 6 14:16:31 CST 2019] Error rm webroot api for domain:dns_nsupdate
[Wed Feb 6 14:16:31 CST 2019] key /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key is unreadable
[Wed Feb 6 14:16:31 CST 2019] Error removing txt for domain:_acme-challenge.ibicsa.co.cu
[Wed Feb 6 14:16:31 CST 2019] key /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key is unreadable
[Wed Feb 6 14:16:31 CST 2019] Error removing txt for domain:_acme-challenge.ibicsa.co.cu
[Wed Feb 6 14:16:31 CST 2019] Please check log file for more details: /tmp/acme/iBICSA.CO.CU/acme_issuecert.log

      segun la traza es un error de resolucion de nombre del record txt ibicsa.co.cu:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ibicsa.co.cu
      pero si yo manualmente realizo una consulta:

      [2.4.4-RELEASE][root@ns1.bicsa.cu]/root: dig @ns1.ibicsa.co.cu _acme-challenge.ibicsa.co.cu. txt

; <<>> DiG 9.12.2-P1 <<>> @ns1.ibicsa.co.cu _acme-challenge.ibicsa.co.cu. txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47472
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 966447b04ca634225db2766e5c5b33ccfaafbaf4b215ecaf (good)
;; QUESTION SECTION:
;_acme-challenge.ibicsa.co.cu.  IN      TXT

;; ANSWER SECTION:
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "w7v2iNrgYU69gIQpHHu_b2Lm7UMYu55gtNqn5h8Opxw"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "tRJwMJX_Vipc1USz48MNRGbPoDh-XJc6XyFPjoH_EIs"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "0J36YRssJetppEKn0QKnOOhXqWmDMAgYJzKVZNWvvcM"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "bgGqlrfLluESoa3jsew0q1UDtPQ4ELu1xS7TFfWPexI"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "PRG3B0uYtgLNMZHTNTt77XhEAq7TVUCMb8IDt_qs0QM"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "j-EyC-9GrQLRqYAVY-PeGdpX4WB_yebPBLUJVsHbSEM"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "3tO1mgF0DfF7W44fKG1DIyaIBgSBsCfPPrPW_p1-TLI"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "HIstplmersloolJYGMZxMN4cEhs6UGpNP2TXjKtU3lU"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "AN9TMb0uGfSriIa1V43Iv5YXagpKDbrCe5QKSZnJyhg"
_acme-challenge.ibicsa.co.cu. 60 IN     TXT     "Sza8-gO9-K8Iahy8gsq-il8NiB6HaIMhnLyHJi4hZpE"

;; AUTHORITY SECTION:
ibicsa.co.cu.           1200    IN      NS      ns2.ibicsa.co.cu.
ibicsa.co.cu.           1200    IN      NS      ns1.ibicsa.co.cu.

;; ADDITIONAL SECTION:
ns1.ibicsa.co.cu.       1200    IN      A       200.55.178.28
ns2.ibicsa.co.cu.       1200    IN      A       200.55.136.19

;; Query time: 0 msec
;; SERVER: 200.55.178.28#53(200.55.178.28)
;; WHEN: Wed Feb 06 14:21:48 CST 2019
;; MSG SIZE  rcvd: 713

code

      Me devuelve todos los registros de las veces anteriores que he probado validar mi dominio, es decir el se actualiza o me permite agregar el record txt para la validacion.
      Si mi servidor dns administrado por mi me permite de forma automatica agregar el registro txt por que al consltarlo durante la validacon da error? inclusive en mi servidor esclavo se replica el registro o los registros y me da error al consultarlos por letsencript durante la validacion y luego no permite borrarlos ya que segun dice la traza :
      key /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key is unreadable en ese directorio no existe dicho fichero:
      [2.4.4-RELEASE][root@ns1.bicsa.cu]/root: cat /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key
      cat: /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key: No such file or directory
      en su lugar hay en ese directorio un config con el nombre: ibicsa.co.cunsupdate_acme-challenge.ibicsa.co.cu.key con la llave correctamente dentro.
      1_1549481412218_Screenshot_2019-02-06 ns1 bicsa cu - Services Acme Certificate options Edit(1).png 0_1549481412217_Screenshot_2019-02-06 ns1 bicsa cu - Services Acme Certificate options Edit.png
      si yo realizo la consulta dig ...
      Por que si el script es capaz de crear el record no lo puede eliminar luego??? si lo crea la llave no esta correctamente configurada para la actualizacion de la zona dns???

      [Wed Feb  6 14:57:34 CST 2019] d
[Wed Feb  6 14:57:34 CST 2019] vlist='ibicsa.co.cu#DGFnmsHgfVqz7j7yaxxbWZ4x-39mPN5EVMDYGJNm6Hw.Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321#dns-01#dns_nsupdate,*.ibicsa.co.cu#Rk52IgIa9JuLqU5e7WH2TaPXwD82zFhuJ4JI1x3e8sA.Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/mr-VlMpCDJXIMUj10-OST0UWHdFM9u9f1cNchqiH27A/240670318#dns-01#dns_nsupdate,'
[Wed Feb  6 14:57:34 CST 2019] d='ibicsa.co.cu'
[Wed Feb  6 14:57:34 CST 2019] _d_alias
[Wed Feb  6 14:57:34 CST 2019] txtdomain='_acme-challenge.ibicsa.co.cu'
[Wed Feb  6 14:57:34 CST 2019] base64 single line.
[Wed Feb  6 14:57:34 CST 2019] txt='6waQElJwknkGgsabcaMNlIDw1-zN3AqbrjXTJ5iFPQc'
[Wed Feb  6 14:57:34 CST 2019] d_api='/usr/local/pkg/acme/dnsapi/dns_nsupdate.sh'
[Wed Feb  6 14:57:34 CST 2019] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Wed Feb  6 14:57:34 CST 2019] dns_nsupdate_add exists=0
[Wed Feb  6 14:57:34 CST 2019] APP
[Wed Feb  6 14:57:34 CST 2019] 5:NSUPDATE_SERVER='ns1.ibicsa.co.cu'
[Wed Feb  6 14:57:34 CST 2019] APP
[Wed Feb  6 14:57:34 CST 2019] 6:NSUPDATE_SERVER_PORT=''
[Wed Feb  6 14:57:34 CST 2019] APP
[Wed Feb  6 14:57:34 CST 2019] 7:NSUPDATE_KEY='/tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate_acme-challenge.ibicsa.co.cu.key'
[Wed Feb  6 14:57:34 CST 2019] APP
[Wed Feb  6 14:57:34 CST 2019] 8:NSUPDATE_ZONE=''
[Wed Feb  6 14:57:34 CST 2019] adding _acme-challenge.ibicsa.co.cu. 60 in txt "6waQElJwknkGgsabcaMNlIDw1-zN3AqbrjXTJ5iFPQc"
[Wed Feb  6 14:57:34 CST 2019] d='*.ibicsa.co.cu'
[Wed Feb  6 14:57:34 CST 2019] _d_alias
[Wed Feb  6 14:57:34 CST 2019] txtdomain='_acme-challenge.ibicsa.co.cu'
[Wed Feb  6 14:57:34 CST 2019] base64 single line.
[Wed Feb  6 14:57:34 CST 2019] txt='ZSUkqtkOHr55NgHC4yo6fsvpOrdu-TCrMtcXCo1-i6I'
[Wed Feb  6 14:57:34 CST 2019] d_api='/usr/local/pkg/acme/dnsapi/dns_nsupdate.sh'
[Wed Feb  6 14:57:34 CST 2019] Found domain api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Wed Feb  6 14:57:34 CST 2019] dns_nsupdate_add exists=0
[Wed Feb  6 14:57:34 CST 2019] OK
[Wed Feb  6 14:57:34 CST 2019] 5:NSUPDATE_SERVER='ns1.ibicsa.co.cu'
[Wed Feb  6 14:57:34 CST 2019] OK
[Wed Feb  6 14:57:34 CST 2019] 6:NSUPDATE_SERVER_PORT=''
[Wed Feb  6 14:57:34 CST 2019] OK
[Wed Feb  6 14:57:34 CST 2019] 7:NSUPDATE_KEY='/tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate_acme-challenge.ibicsa.co.cu.key'
[Wed Feb  6 14:57:34 CST 2019] OK
[Wed Feb  6 14:57:34 CST 2019] 8:NSUPDATE_ZONE=''
[Wed Feb  6 14:57:34 CST 2019] adding _acme-challenge.ibicsa.co.cu. 60 in txt "ZSUkqtkOHr55NgHC4yo6fsvpOrdu-TCrMtcXCo1-i6I"
[Wed Feb  6 14:57:34 CST 2019] APP
[Wed Feb  6 14:57:34 CST 2019] 10:Le_DNSSleep='30'
[Wed Feb  6 14:57:34 CST 2019] Sleep 30 seconds for the txt records to take effect

[Wed Feb  6 14:58:08 CST 2019] response='{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ibicsa.co.cu","status": 400},"url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321","token":"DGFnmsHgfVqz7j7yaxxbWZ4x-39mPN5EVMDYGJNm6Hw"}'
[Wed Feb  6 14:58:08 CST 2019] code='200'
[Wed Feb  6 14:58:08 CST 2019] original='{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ibicsa.co.cu","status": 400},"url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321","token":"DGFnmsHgfVqz7j7yaxxbWZ4x-39mPN5EVMDYGJNm6Hw"}'
[Wed Feb  6 14:58:08 CST 2019] response='{"type":"dns-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ibicsa.co.cu","status": 400},"url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321","token":"DGFnmsHgfVqz7j7yaxxbWZ4x-39mPN5EVMDYGJNm6Hw"}'
[Wed Feb  6 14:58:08 CST 2019] error='"error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ibicsa.co.cu","status": 400'
[Wed Feb  6 14:58:08 CST 2019] errordetail='DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ibicsa.co.cu'
[Wed Feb  6 14:58:08 CST 2019] ibicsa.co.cu:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ibicsa.co.cu
[Wed Feb  6 14:58:08 CST 2019] h_api='/usr/local/pkg/acme/dnsapi/dns_nsupdate.sh'
[Wed Feb  6 14:58:08 CST 2019] Found domain http api file: /usr/local/pkg/acme/dnsapi/dns_nsupdate.sh
[Wed Feb  6 14:58:08 CST 2019] dns_nsupdate_rm exists=0
[Wed Feb  6 14:58:08 CST 2019] key /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key is unreadable
[Wed Feb  6 14:58:08 CST 2019] Error rm webroot api for domain:dns_nsupdate
[Wed Feb  6 14:58:08 CST 2019] pid
[Wed Feb  6 14:58:08 CST 2019] No need to restore nginx, skip.
[Wed Feb  6 14:58:08 CST 2019] _clearupdns
[Wed Feb  6 14:58:08 CST 2019] dnsadded='1'
[Wed Feb  6 14:58:08 CST 2019] vlist='ibicsa.co.cu#DGFnmsHgfVqz7j7yaxxbWZ4x-39mPN5EVMDYGJNm6Hw.Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321#dns-01#dns_nsupdate,*.ibicsa.co.cu#Rk52IgIa9JuLqU5e7WH2TaPXwD82zFhuJ4JI1x3e8sA.Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/mr-VlMpCDJXIMUj10-OST0UWHdFM9u9f1cNchqiH27A/240670318#dns-01#dns_nsupdate,'
[Wed Feb  6 14:58:08 CST 2019] Removing DNS records.
[Wed Feb  6 14:58:08 CST 2019] base64 single line.
[Wed Feb  6 14:58:08 CST 2019] txt='6waQElJwknkGgsabcaMNlIDw1-zN3AqbrjXTJ5iFPQc'
[Wed Feb  6 14:58:08 CST 2019] d_api='/usr/local/pkg/acme/dnsapi/dns_nsupdate.sh'
[Wed Feb  6 14:58:08 CST 2019] dns_nsupdate_rm exists=0
[Wed Feb  6 14:58:08 CST 2019] _d_alias
[Wed Feb  6 14:58:08 CST 2019] key /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key is unreadable
[Wed Feb  6 14:58:08 CST 2019] Error removing txt for domain:_acme-challenge.ibicsa.co.cu
[Wed Feb  6 14:58:08 CST 2019] base64 single line.
[Wed Feb  6 14:58:08 CST 2019] txt='ZSUkqtkOHr55NgHC4yo6fsvpOrdu-TCrMtcXCo1-i6I'
[Wed Feb  6 14:58:08 CST 2019] d_api='/usr/local/pkg/acme/dnsapi/dns_nsupdate.sh'
[Wed Feb  6 14:58:08 CST 2019] dns_nsupdate_rm exists=0
[Wed Feb  6 14:58:08 CST 2019] _d_alias
[Wed Feb  6 14:58:08 CST 2019] key /tmp/acme/iBICSA.CO.CU/ibicsa.co.cunsupdate.key is unreadable
[Wed Feb  6 14:58:08 CST 2019] Error removing txt for domain:_acme-challenge.ibicsa.co.cu
[Wed Feb  6 14:58:08 CST 2019] _on_issue_err
[Wed Feb  6 14:58:08 CST 2019] Please check log file for more details: /tmp/acme/iBICSA.CO.CU/acme_issuecert.log
[Wed Feb  6 14:58:08 CST 2019] _chk_vlist='ibicsa.co.cu#DGFnmsHgfVqz7j7yaxxbWZ4x-39mPN5EVMDYGJNm6Hw.Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321#dns-01#dns_nsupdate,*.ibicsa.co.cu#Rk52IgIa9JuLqU5e7WH2TaPXwD82zFhuJ4JI1x3e8sA.Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/mr-VlMpCDJXIMUj10-OST0UWHdFM9u9f1cNchqiH27A/240670318#dns-01#dns_nsupdate,'
[Wed Feb  6 14:58:08 CST 2019] start to deactivate authz
[Wed Feb  6 14:58:08 CST 2019] Trigger domain validation.
[Wed Feb  6 14:58:08 CST 2019] _t_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321'
[Wed Feb  6 14:58:08 CST 2019] _t_key_authz='DGFnmsHgfVqz7j7yaxxbWZ4x-39mPN5EVMDYGJNm6Hw.Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y'
[Wed Feb  6 14:58:08 CST 2019] _t_vtype
[Wed Feb  6 14:58:08 CST 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321'
[Wed Feb  6 14:58:08 CST 2019] payload='{"keyAuthorization": "DGFnmsHgfVqz7j7yaxxbWZ4x-39mPN5EVMDYGJNm6Hw.Bf2Njt-0NVd9X1Tgay93LAZg_dtJNdjrvcSRBmozl9Y"}'
[Wed Feb  6 14:58:08 CST 2019] Use cached jwk for file: /tmp/acme/iBICSA.CO.CU//ca/acme-staging-v02.api.letsencrypt.org/account.key
[Wed Feb  6 14:58:08 CST 2019] base64 single line.
[Wed Feb  6 14:58:08 CST 2019] payload64='eyJrZXlBdXRob3JpemF0aW9uIjogIkRHRm5tc0hnZlZxejdqN3lheHhiV1o0eC0zOW1QTjVFVk1EWUdKTm02SHcuQmYyTmp0LTBOVmQ5WDFUZ2F5OTNMQVpnX2R0Sk5kanJ2Y1NSQm1vemw5WSJ9'
[Wed Feb  6 14:58:08 CST 2019] _request_retry_times='1'
[Wed Feb  6 14:58:08 CST 2019] Use _CACHED_NONCE='unR2IN2LakWd6C4sx5_7ycAefmLkCERUyggxQa_JiWU'
[Wed Feb  6 14:58:08 CST 2019] nonce='unR2IN2LakWd6C4sx5_7ycAefmLkCERUyggxQa_JiWU'
[Wed Feb  6 14:58:08 CST 2019] protected='{"nonce": "unR2IN2LakWd6C4sx5_7ycAefmLkCERUyggxQa_JiWU", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321", "alg": "RS256", "kid": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/8138841"}'
[Wed Feb  6 14:58:08 CST 2019] base64 single line.
[Wed Feb  6 14:58:08 CST 2019] protected64='eyJub25jZSI6ICJ1blIySU4yTGFrV2Q2QzRzeDVfN3ljQWVmbUxrQ0VSVXlnZ3hRYV9KaVdVIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsZW5nZS9SOHdheWxmMGVKT0tLclpsNFNIUGRtQXMyN3lLNnJuWHJBd3QxVEt2WWE4LzI0MDY3MDMyMSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84MTM4ODQxIn0'
[Wed Feb  6 14:58:08 CST 2019] base64 single line.
[Wed Feb  6 14:58:08 CST 2019] _sig_t='ndHqCXWZvUoXtrRD0iSMkso4aFgEIMxdRj56snXow5Hv4CwH0ScOSuXBbhLjphIf5MObQ0/fE0SPRv413VSClBEsnWjP+4y6F4NUu7nMFe/d9yr6FAgVoRQXRgqqbkjtoS07zx5GEBFypzEbaUASaV8c/ydHrTuAi7rvoAke/qXqy79mck+Vxee3Xs0YwU9tQoMaDIkV22Wp04bBXRX1y9G+6yTo+TznfzD2VMR5CdCc2qoflqsiz6NvX7HsS4xMF+6eQ6QqyPR9ZUIkPwv46CYQ+E8zpvAdu6WLgIz9op8QeZ6AJedm5jWvl5Mi8CK8ggRcOnz677uL6qfS8kV9/rHigVQBBOSBYclKu6HR0abaeYXwNXy6MHsd9jQW5SXrfPq1CHmsECBVCXUUjTQD8bggXtU3vi8bdRf/sUVEFCPNGHbXqBqjhDv6McZZyzwz0IMjlMskCDWHab9OE2GFrlnb2tHvGfgGNkY/O9HrhcXhlxm+qQXKB6Bu0E3XHSJg2Vsq5Kwr/OUJH9ja8ip4PsCqQ/If2RsuTMlW1xxeBP7oTLgvQsOJzNjlaynFl+sYhIwXEAIv2G8j+/NfiRJI5J/+YYz0JVgfnH84XrzfpX9T0o/SqRrgyScPqm1+aUEVu1ulr9sFPI9C8ev7sSZZX1CS3a7wK7/RDP0QYH0yYYg='
[Wed Feb  6 14:58:08 CST 2019] sig='ndHqCXWZvUoXtrRD0iSMkso4aFgEIMxdRj56snXow5Hv4CwH0ScOSuXBbhLjphIf5MObQ0_fE0SPRv413VSClBEsnWjP-4y6F4NUu7nMFe_d9yr6FAgVoRQXRgqqbkjtoS07zx5GEBFypzEbaUASaV8c_ydHrTuAi7rvoAke_qXqy79mck-Vxee3Xs0YwU9tQoMaDIkV22Wp04bBXRX1y9G-6yTo-TznfzD2VMR5CdCc2qoflqsiz6NvX7HsS4xMF-6eQ6QqyPR9ZUIkPwv46CYQ-E8zpvAdu6WLgIz9op8QeZ6AJedm5jWvl5Mi8CK8ggRcOnz677uL6qfS8kV9_rHigVQBBOSBYclKu6HR0abaeYXwNXy6MHsd9jQW5SXrfPq1CHmsECBVCXUUjTQD8bggXtU3vi8bdRf_sUVEFCPNGHbXqBqjhDv6McZZyzwz0IMjlMskCDWHab9OE2GFrlnb2tHvGfgGNkY_O9HrhcXhlxm-qQXKB6Bu0E3XHSJg2Vsq5Kwr_OUJH9ja8ip4PsCqQ_If2RsuTMlW1xxeBP7oTLgvQsOJzNjlaynFl-sYhIwXEAIv2G8j-_NfiRJI5J_-YYz0JVgfnH84XrzfpX9T0o_SqRrgyScPqm1-aUEVu1ulr9sFPI9C8ev7sSZZX1CS3a7wK7_RDP0QYH0yYYg'
[Wed Feb  6 14:58:08 CST 2019] body='{"protected": "eyJub25jZSI6ICJ1blIySU4yTGFrV2Q2QzRzeDVfN3ljQWVmbUxrQ0VSVXlnZ3hRYV9KaVdVIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsZW5nZS9SOHdheWxmMGVKT0tLclpsNFNIUGRtQXMyN3lLNnJuWHJBd3QxVEt2WWE4LzI0MDY3MDMyMSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84MTM4ODQxIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIkRHRm5tc0hnZlZxejdqN3lheHhiV1o0eC0zOW1QTjVFVk1EWUdKTm02SHcuQmYyTmp0LTBOVmQ5WDFUZ2F5OTNMQVpnX2R0Sk5kanJ2Y1NSQm1vemw5WSJ9", "signature": "ndHqCXWZvUoXtrRD0iSMkso4aFgEIMxdRj56snXow5Hv4CwH0ScOSuXBbhLjphIf5MObQ0_fE0SPRv413VSClBEsnWjP-4y6F4NUu7nMFe_d9yr6FAgVoRQXRgqqbkjtoS07zx5GEBFypzEbaUASaV8c_ydHrTuAi7rvoAke_qXqy79mck-Vxee3Xs0YwU9tQoMaDIkV22Wp04bBXRX1y9G-6yTo-TznfzD2VMR5CdCc2qoflqsiz6NvX7HsS4xMF-6eQ6QqyPR9ZUIkPwv46CYQ-E8zpvAdu6WLgIz9op8QeZ6AJedm5jWvl5Mi8CK8ggRcOnz677uL6qfS8kV9_rHigVQBBOSBYclKu6HR0abaeYXwNXy6MHsd9jQW5SXrfPq1CHmsECBVCXUUjTQD8bggXtU3vi8bdRf_sUVEFCPNGHbXqBqjhDv6McZZyzwz0IMjlMskCDWHab9OE2GFrlnb2tHvGfgGNkY_O9HrhcXhlxm-qQXKB6Bu0E3XHSJg2Vsq5Kwr_OUJH9ja8ip4PsCqQ_If2RsuTMlW1xxeBP7oTLgvQsOJzNjlaynFl-sYhIwXEAIv2G8j-_NfiRJI5J_-YYz0JVgfnH84XrzfpX9T0o_SqRrgyScPqm1-aUEVu1ulr9sFPI9C8ev7sSZZX1CS3a7wK7_RDP0QYH0yYYg"}'
[Wed Feb  6 14:58:08 CST 2019] POST
[Wed Feb  6 14:58:08 CST 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/R8waylf0eJOKKrZl4SHPdmAs27yK6rnXrAwt1TKvYa8/240670321'
[Wed Feb  6 14:58:08 CST 2019] body='{"protected": "eyJub25jZSI6ICJ1blIySU4yTGFrV2Q2QzRzeDVfN3ljQWVmbUxrQ0VSVXlnZ3hRYV9KaVdVIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsZW5nZS9SOHdheWxmMGVKT0tLclpsNFNIUGRtQXMyN3lLNnJuWHJBd3QxVEt2WWE4LzI0MDY3MDMyMSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84MTM4ODQxIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIkRHRm5tc0hnZlZxejdqN3lheHhiV1o0eC0zOW1QTjVFVk1EWUdKTm02SHcuQmYyTmp0LTBOVmQ5WDFUZ2F5OTNMQVpnX2R0Sk5kanJ2Y1NSQm1vemw5WSJ9", "signature": "ndHqCXWZvUoXtrRD0iSMkso4aFgEIMxdRj56snXow5Hv4CwH0ScOSuXBbhLjphIf5MObQ0_fE0SPRv413VSClBEsnWjP-4y6F4NUu7nMFe_d9yr6FAgVoRQXRgqqbkjtoS07zx5GEBFypzEbaUASaV8c_ydHrTuAi7rvoAke_qXqy79mck-Vxee3Xs0YwU9tQoMaDIkV22Wp04bBXRX1y9G-6yTo-TznfzD2VMR5CdCc2qoflqsiz6NvX7HsS4xMF-6eQ6QqyPR9ZUIkPwv46CYQ-E8zpvAdu6WLgIz9op8QeZ6AJedm5jWvl5Mi8CK8ggRcOnz677uL6qfS8kV9_rHigVQBBOSBYclKu6HR0abaeYXwNXy6MHsd9jQW5SXrfPq1CHmsECBVCXUUjTQD8bggXtU3vi8bdRf_sUVEFCPNGHbXqBqjhDv6McZZyzwz0IMjlMskCDWHab9OE2GFrlnb2tHvGfgGNkY_O9HrhcXhlxm-qQXKB6Bu0E3XHSJg2Vsq5Kwr_OUJH9ja8ip4PsCqQ_If2RsuTMlW1xxeBP7oTLgvQsOJzNjlaynFl-sYhIwXEAIv2G8j-_NfiRJI5J_-YYz0JVgfnH84XrzfpX9T0o_SqRrgyScPqm1-aUEVu1ulr9sFPI9C8ev7sSZZX1CS3a7wK7_RDP0QYH0yYYg"}'
[Wed Feb  6 14:58:08 CST 2019] _postContentType='application/jose+json'
[Wed Feb  6 14:58:08 CST 2019] Http already initialized.
[Wed Feb  6 14:58:08 CST 2019] _CURL='curl -L --silent --dump-header /tmp/acme/iBICSA.CO.CU//http.header  -g '
[Wed Feb  6 14:58:09 CST 2019] _ret='0'
[Wed Feb  6 14:58:09 CST 2019] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'

      esta claro que es problema en el DNS pero la verdad no se como solucionarlo por que segui el procedimiento se cree la llave la especifico en el dns le doy permisos , luego este se actualiza me crea el record txt se replica correctamente al esclavo(he usado un nombre de llave diferente al dominio en cuestio que estoy validadndo, ya que mas adelante esare esa misma llae para una vez me funcione usarla para actualizar y validar otros dominios)
      saludos y muchas gracias.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.