RESOLVED - 26.03 - Failure updating ACME certificate

SwissSteph

Hello everyone,

Since updating to PFsense 26.03, I’ve been receiving an email with a renewal error for both of my ACME certificates.

It was working fine before, and I’m not quite sure how to fix this issue.

Do you have any ideas?

Thank you for your help

Is there anything in the log below that might give you a clue as to the cause? I'm also using PFBlockerNG.

/tmp/acme/Cert_DNS_XXXXXXXXXXXX/acme_issuecert.log

[Sat May  2 07:53:56 CEST 2026] readlink exists=0
[Sat May  2 07:53:56 CEST 2026] dirname exists=0
[Sat May  2 07:53:56 CEST 2026] Let's find the script directory.
[Sat May  2 07:53:56 CEST 2026] _SCRIPT_='/usr/local/pkg/acme/acme.sh'
[Sat May  2 07:53:56 CEST 2026] _script='/usr/local/pkg/acme/acme.sh'
[Sat May  2 07:53:56 CEST 2026] _script_home='/usr/local/pkg/acme'
[Sat May  2 07:53:56 CEST 2026] Using config home: /tmp/acme/Cert_DNS_XXXXXXXXXXX
[Sat May  2 07:53:56 CEST 2026] ACCOUNT_CONF_PATH='/tmp/acme/Cert_DNS_XXXXXXXXXXX/accountconf.conf'
[Sat May  2 07:53:56 CEST 2026] APP
[Sat May  2 07:53:56 CEST 2026] 3:LOG_FILE='/tmp/acme/Cert_DNS_XXXXXXXXXXX/acme_issuecert.log'
[Sat May  2 07:53:56 CEST 2026] APP
[Sat May  2 07:53:56 CEST 2026] 4:LOG_LEVEL='3'
[Sat May  2 07:53:56 CEST 2026] LE_WORKING_DIR='/tmp/acme/Cert_DNS_XXXXXXXXXXX'
[Sat May  2 07:53:56 CEST 2026] Running cmd: issue
[Sat May  2 07:53:56 CEST 2026] _main_domain='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:56 CEST 2026] _alt_domains='no'
[Sat May  2 07:53:56 CEST 2026] Using config home: /tmp/acme/Cert_DNS_XXXXXXXXXXX
[Sat May  2 07:53:56 CEST 2026] ACCOUNT_CONF_PATH='/tmp/acme/Cert_DNS_XXXXXXXXXXX/accountconf.conf'
[Sat May  2 07:53:56 CEST 2026] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat May  2 07:53:56 CEST 2026] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sat May  2 07:53:56 CEST 2026] _ACME_SERVER_PATH='directory'
[Sat May  2 07:53:56 CEST 2026] CA_CONF='/tmp/acme/Cert_DNS_XXXXXXXXXXX/ca/acme-v02.api.letsencrypt.org/directory/ca.conf'
[Sat May  2 07:53:56 CEST 2026] DOMAIN_PATH='/tmp/acme/Cert_DNS_XXXXXXXXXXX/*.XXXXXXXXXXX.com'
[Sat May  2 07:53:56 CEST 2026] 'dns_XXXXXXXXXXX' does not contain 'dns'
[Sat May  2 07:53:56 CEST 2026] Le_NextRenewTime
[Sat May  2 07:53:56 CEST 2026] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sat May  2 07:53:56 CEST 2026] _init API for server: https://acme-v02.api.letsencrypt.org/directory
[Sat May  2 07:53:56 CEST 2026] GET
[Sat May  2 07:53:56 CEST 2026] url='https://acme-v02.api.letsencrypt.org/directory'
[Sat May  2 07:53:56 CEST 2026] timeout=10
[Sat May  2 07:53:56 CEST 2026] curl exists=0
[Sat May  2 07:53:56 CEST 2026] wget exists=127
[Sat May  2 07:53:56 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g  --connect-timeout 10'
[Sat May  2 07:53:57 CEST 2026] ret='0'
[Sat May  2 07:53:57 CEST 2026] _json_decode
[Sat May  2 07:53:57 CEST 2026] _j_str='{
  "BjtzJ1YuqGM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat May  2 07:53:57 CEST 2026] response='{
  "BjtzJ1YuqGM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived",
      "tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"

SwissSteph

    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat May  2 07:53:57 CEST 2026] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sat May  2 07:53:57 CEST 2026] ACME_NEW_AUTHZ
[Sat May  2 07:53:57 CEST 2026] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat May  2 07:53:57 CEST 2026] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sat May  2 07:53:57 CEST 2026] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat May  2 07:53:57 CEST 2026] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf'
[Sat May  2 07:53:57 CEST 2026] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat May  2 07:53:57 CEST 2026] ACME_RENEWAL_INFO='https://acme-v02.api.letsencrypt.org/acme/renewal-info'
[Sat May  2 07:53:57 CEST 2026] OK
[Sat May  2 07:53:57 CEST 2026] 1:Le_Domain='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] OK
[Sat May  2 07:53:57 CEST 2026] 2:Le_Alt='no'
[Sat May  2 07:53:57 CEST 2026] OK
[Sat May  2 07:53:57 CEST 2026] 3:Le_Webroot='dns_XXXXXXXXXXX'
[Sat May  2 07:53:57 CEST 2026] OK
[Sat May  2 07:53:57 CEST 2026] 4:Le_PreHook=''
[Sat May  2 07:53:57 CEST 2026] OK
[Sat May  2 07:53:57 CEST 2026] 5:Le_PostHook=''
[Sat May  2 07:53:57 CEST 2026] OK
[Sat May  2 07:53:57 CEST 2026] 6:Le_RenewHook=''
[Sat May  2 07:53:57 CEST 2026] OK
[Sat May  2 07:53:57 CEST 2026] 7:Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Sat May  2 07:53:57 CEST 2026] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat May  2 07:53:57 CEST 2026] _on_before_issue
[Sat May  2 07:53:57 CEST 2026] _chk_main_domain='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] _chk_alt_domains
[Sat May  2 07:53:57 CEST 2026] 'dns_XXXXXXXXXXX' does not contain 'no'
[Sat May  2 07:53:57 CEST 2026] Le_LocalAddress
[Sat May  2 07:53:57 CEST 2026] d='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] Checking for domain='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] _currentRoot='dns_XXXXXXXXXXX'
[Sat May  2 07:53:57 CEST 2026] d
[Sat May  2 07:53:57 CEST 2026] 'dns_XXXXXXXXXXX' does not contain 'apache'
[Sat May  2 07:53:57 CEST 2026] _saved_account_key_hash='pjewp9d60TGzNy18XvevIQEIwAZCJhsssw7eBfz0SFI='
[Sat May  2 07:53:57 CEST 2026] base64 single line.
[Sat May  2 07:53:57 CEST 2026] _saved_account_key_hash was not changed, skipping account registration.
[Sat May  2 07:53:57 CEST 2026] Read key length: 2048
[Sat May  2 07:53:57 CEST 2026] Using pre-generated key: /tmp/acme/Cert_DNS_XXXXXXXXXXX/*.XXXXXXXXXXX.com/*.XXXXXXXXXXX.com.key.next
[Sat May  2 07:53:57 CEST 2026] Generating next pre-generate key.
[Sat May  2 07:53:57 CEST 2026] _createkey for file:/tmp/acme/Cert_DNS_XXXXXXXXXXX/*.XXXXXXXXXXX.com/*.XXXXXXXXXXX.com.key.next
[Sat May  2 07:53:57 CEST 2026] Using length 2048
[Sat May  2 07:53:57 CEST 2026] Using RSA: 2048
[Sat May  2 07:53:57 CEST 2026] _createcsr
[Sat May  2 07:53:57 CEST 2026] domain='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] domainlist
[Sat May  2 07:53:57 CEST 2026] csrkey='/tmp/acme/Cert_DNS_XXXXXXXXXXX/*.XXXXXXXXXXX.com/*.XXXXXXXXXXX.com.key'
[Sat May  2 07:53:57 CEST 2026] csr='/tmp/acme/Cert_DNS_XXXXXXXXXXX/*.XXXXXXXXXXX.com/*.XXXXXXXXXXX.com.csr'
[Sat May  2 07:53:57 CEST 2026] csrconf='/tmp/acme/Cert_DNS_XXXXXXXXXXX/*.XXXXXXXXXXX.com/*.XXXXXXXXXXX.com.csr.conf'
[Sat May  2 07:53:57 CEST 2026] Single domain='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] seg='acme_accountkeys.php'
[Sat May  2 07:53:57 CEST 2026] _is_idn_d='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] _idn_temp
[Sat May  2 07:53:57 CEST 2026] _is_idn_d='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] _idn_temp
[Sat May  2 07:53:57 CEST 2026] _csr_cn='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] seg='acme_accountkeys.php'
[Sat May  2 07:53:57 CEST 2026] OK
[Sat May  2 07:53:57 CEST 2026] 8:Le_Keylength='2048'
[Sat May  2 07:53:57 CEST 2026] Getting domain auth token for each domain
[Sat May  2 07:53:57 CEST 2026] seg='acme_accountkeys.php'
[Sat May  2 07:53:57 CEST 2026] _is_idn_d='*.XXXXXXXXXXX.com'
[Sat May  2 07:53:57 CEST 2026] _idn_temp
[Sat May  2 07:53:57 CEST 2026] d
[Sat May  2 07:53:57 CEST 2026] _identifiers='{"type":"dns","value":"*.XXXXXXXXXXX.com"}'
[Sat May  2 07:53:57 CEST 2026] _notBefore
[Sat May  2 07:53:57 CEST 2026] _notAfter
[Sat May  2 07:53:57 CEST 2026] STEP 1, Ordering a Certificate
[Sat May  2 07:53:57 CEST 2026] =======Sending Signed Request=======
[Sat May  2 07:53:57 CEST 2026] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat May  2 07:53:57 CEST 2026] payload='{"identifiers": [{"type":"dns","value":"*.XXXXXXXXXXX.com"}]}'
[Sat May  2 07:53:57 CEST 2026] RSA key
[Sat May  2 07:53:57 CEST 2026] pub_exp='010001'
[Sat May  2 07:53:57 CEST 2026] xxd exists=127
[Sat May  2 07:53:57 CEST 2026] base64 single line.
[Sat May  2 07:53:57 CEST 2026] _URGLY_PRINTF='1'
[Sat May  2 07:53:57 CEST 2026] e='AQAB'
[Sat May  2 07:53:57 CEST 2026] modulus='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[Sat May  2 07:53:57 CEST 2026] xxd exists=127
[Sat May  2 07:53:57 CEST 2026] base64 single line.
[Sat May  2 07:53:57 CEST 2026] _URGLY_PRINTF='1'
[Sat May  2 07:53:58 CEST 2026] n='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}}'
[Sat May  2 07:53:58 CEST 2026] base64 single line.
[Sat May  2 07:53:58 CEST 2026] payload64='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[Sat May  2 07:53:58 CEST 2026] _request_retry_times='1'
[Sat May  2 07:53:58 CEST 2026] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat May  2 07:53:58 CEST 2026] HEAD
[Sat May  2 07:53:58 CEST 2026] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat May  2 07:53:58 CEST 2026] body
[Sat May  2 07:53:58 CEST 2026] _postContentType='application/jose+json'
[Sat May  2 07:53:58 CEST 2026] curl exists=0
[Sat May  2 07:53:58 CEST 2026] wget exists=127
[Sat May  2 07:53:58 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g  -I  '
[Sat May  2 07:53:59 CEST 2026] _ret='0'
[Sat May  2 07:53:59 CEST 2026] _headers='HTTP/2 200 
server: nginx
date: Sat, 02 May 2026 05:53:58 GMT
cache-control: public, max-age=0, no-cache

SwissSteph

The log file is too long; I can't post the whole thing, so here are a few “snippets” (not the complete log)

[Sat May  2 07:57:05 CEST 2026] response='{"Status":3,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"_acme-challenge.XXXXXXXXXXX.com","type":16}],"Authority":[{"name":"XXXXXXXXXXX.com","type":6,"TTL":3600,"data":"ns31.XXXXXXXXXXX.com. hostmaster.XXXXXXXXXXX.ch. 2026032664 10800 3600 605800 3600"}]}'
[Sat May  2 07:57:05 CEST 2026] _answers
[Sat May  2 07:57:05 CEST 2026] Not valid yet, let's wait for 10 seconds then check the next one.
[Sat May  2 07:57:05 CEST 2026] _p_txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:05 CEST 2026] Purging Cloudflare TXT record for domain _acme-challenge.XXXXXXXXXXX.com
[Sat May  2 07:57:05 CEST 2026] POST
[Sat May  2 07:57:05 CEST 2026] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.XXXXXXXXXXX.com&type=TXT'
[Sat May  2 07:57:05 CEST 2026] body
[Sat May  2 07:57:05 CEST 2026] _postContentType
[Sat May  2 07:57:05 CEST 2026] Http already initialized.
[Sat May  2 07:57:05 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g '
[Sat May  2 07:57:05 CEST 2026] _ret='0'
[Sat May  2 07:57:05 CEST 2026] response='{"msg":"purge request queued. Please wait a few seconds and verify the request was successful"}'
[Sat May  2 07:57:15 CEST 2026] Let's wait for 10 seconds and check again.
[Sat May  2 07:57:25 CEST 2026] You can use '--dnssleep' to disable public dns checks.
[Sat May  2 07:57:25 CEST 2026] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Sat May  2 07:57:25 CEST 2026] _is_idn_d='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:25 CEST 2026] _idn_temp
[Sat May  2 07:57:25 CEST 2026] _is_idn_d='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:25 CEST 2026] _idn_temp
[Sat May  2 07:57:25 CEST 2026] d='XXXXXXXXXXX.com'
[Sat May  2 07:57:25 CEST 2026] txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:25 CEST 2026] aliasDomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:25 CEST 2026] txt='kiLdtSn8eocAU0QbCzGNx1hqJwvKVuL6rtvyfXJTFrI'
[Sat May  2 07:57:25 CEST 2026] d_api='/usr/local/pkg/acme/dnsapi/dns_XXXXXXXXXXX.sh'
[Sat May  2 07:57:25 CEST 2026] Checking XXXXXXXXXXX.com for _acme-challenge.XXXXXXXXXXX.com
[Sat May  2 07:57:25 CEST 2026] _c_txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:25 CEST 2026] _c_aliasdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:25 CEST 2026] _c_txt='kiLdtSn8eocAU0QbCzGNx1hqJwvKVuL6rtvyfXJTFrI'
[Sat May  2 07:57:25 CEST 2026] _ns_ep='https://cloudflare-dns.com/dns-query'
[Sat May  2 07:57:25 CEST 2026] _ns_domain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:25 CEST 2026] _ns_type='TXT'
[Sat May  2 07:57:25 CEST 2026] GET
[Sat May  2 07:57:26 CEST 2026] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.XXXXXXXXXXX.com&type=TXT'
[Sat May  2 07:57:26 CEST 2026] timeout=
[Sat May  2 07:57:26 CEST 2026] Http already initialized.
[Sat May  2 07:57:26 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g '
[Sat May  2 07:57:26 CEST 2026] ret='0'
[Sat May  2 07:57:26 CEST 2026] response='{"Status":3,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"_acme-challenge.XXXXXXXXXXX.com","type":16}],"Authority":[{"name":"XXXXXXXXXXX.com","type":6,"TTL":3600,"data":"ns31.XXXXXXXXXXX.com. hostmaster.XXXXXXXXXXX.ch. 2026032664 10800 3600 605800 3600"}]}'
[Sat May  2 07:57:26 CEST 2026] _answers
[Sat May  2 07:57:26 CEST 2026] Not valid yet, let's wait for 10 seconds then check the next one.
[Sat May  2 07:57:26 CEST 2026] _p_txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:26 CEST 2026] Purging Cloudflare TXT record for domain _acme-challenge.XXXXXXXXXXX.com
[Sat May  2 07:57:26 CEST 2026] POST
[Sat May  2 07:57:26 CEST 2026] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.XXXXXXXXXXX.com&type=TXT'
[Sat May  2 07:57:26 CEST 2026] body
[Sat May  2 07:57:26 CEST 2026] _postContentType
[Sat May  2 07:57:26 CEST 2026] Http already initialized.
[Sat May  2 07:57:26 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g '
[Sat May  2 07:57:26 CEST 2026] _ret='0'
[Sat May  2 07:57:26 CEST 2026] response='{"msg":"purge request queued. Please wait a few seconds and verify the request was successful"}'
[Sat May  2 07:57:36 CEST 2026] Let's wait for 10 seconds and check again.
[Sat May  2 07:57:46 CEST 2026] You can use '--dnssleep' to disable public dns checks.
[Sat May  2 07:57:46 CEST 2026] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Sat May  2 07:57:46 CEST 2026] _is_idn_d='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] _idn_temp
[Sat May  2 07:57:46 CEST 2026] _is_idn_d='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] _idn_temp
[Sat May  2 07:57:46 CEST 2026] d='XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] aliasDomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] txt='kiLdtSn8eocAU0QbCzGNx1hqJwvKVuL6rtvyfXJTFrI'
[Sat May  2 07:57:46 CEST 2026] d_api='/usr/local/pkg/acme/dnsapi/dns_XXXXXXXXXXX.sh'
[Sat May  2 07:57:46 CEST 2026] Checking XXXXXXXXXXX.com for _acme-challenge.XXXXXXXXXXX.com
[Sat May  2 07:57:46 CEST 2026] _c_txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] _c_aliasdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] _c_txt='kiLdtSn8eocAU0QbCzGNx1hqJwvKVuL6rtvyfXJTFrI'
[Sat May  2 07:57:46 CEST 2026] _ns_ep='https://cloudflare-dns.com/dns-query'
[Sat May  2 07:57:46 CEST 2026] _ns_domain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] _ns_type='TXT'
[Sat May  2 07:57:46 CEST 2026] GET
[Sat May  2 07:57:46 CEST 2026] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.XXXXXXXXXXX.com&type=TXT'
[Sat May  2 07:57:46 CEST 2026] timeout=
[Sat May  2 07:57:46 CEST 2026] Http already initialized.
[Sat May  2 07:57:46 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g '
[Sat May  2 07:57:46 CEST 2026] ret='0'
[Sat May  2 07:57:46 CEST 2026] response='{"Status":3,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"_acme-challenge.XXXXXXXXXXX.com","type":16}],"Authority":[{"name":"XXXXXXXXXXX.com","type":6,"TTL":3600,"data":"ns31.XXXXXXXXXXX.com. hostmaster.XXXXXXXXXXX.ch. 2026032664 10800 3600 605800 3600"}]}'
[Sat May  2 07:57:46 CEST 2026] _answers
[Sat May  2 07:57:46 CEST 2026] Not valid yet, let's wait for 10 seconds then check the next one.
[Sat May  2 07:57:46 CEST 2026] _p_txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:57:46 CEST 2026] Purging Cloudflare TXT record for domain _acme-challenge.XXXXXXXXXXX.com
[Sat May  2 07:57:46 CEST 2026] POST
[Sat May  2 07:57:46 CEST 2026] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.XXXXXXXXXXX.com&type=TXT'
[Sat May  2 07:57:46 CEST 2026] body
[Sat May  2 07:57:46 CEST 2026] _postContentType
[Sat May  2 07:57:46 CEST 2026] Http already initialized.
[Sat May  2 07:57:46 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g '
[Sat May  2 07:57:46 CEST 2026] _ret='0'
[Sat May  2 07:57:46 CEST 2026] response='{"msg":"purge request queued. Please wait a few seconds and verify the request was successful"}'
[Sat May  2 07:57:56 CEST 2026] Let's wait for 10 seconds and check again.
[Sat May  2 07:58:06 CEST 2026] You can use '--dnssleep' to disable public dns checks.
[Sat May  2 07:58:06 CEST 2026] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Sat May  2 07:58:06 CEST 2026] _is_idn_d='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] _idn_temp
[Sat May  2 07:58:06 CEST 2026] _is_idn_d='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] _idn_temp
[Sat May  2 07:58:06 CEST 2026] d='XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] aliasDomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] txt='kiLdtSn8eocAU0QbCzGNx1hqJwvKVuL6rtvyfXJTFrI'
[Sat May  2 07:58:06 CEST 2026] d_api='/usr/local/pkg/acme/dnsapi/dns_XXXXXXXXXXX.sh'
[Sat May  2 07:58:06 CEST 2026] Checking XXXXXXXXXXX.com for _acme-challenge.XXXXXXXXXXX.com
[Sat May  2 07:58:06 CEST 2026] _c_txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] _c_aliasdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] _c_txt='kiLdtSn8eocAU0QbCzGNx1hqJwvKVuL6rtvyfXJTFrI'
[Sat May  2 07:58:06 CEST 2026] _ns_ep='https://cloudflare-dns.com/dns-query'
[Sat May  2 07:58:06 CEST 2026] _ns_domain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] _ns_type='TXT'
[Sat May  2 07:58:06 CEST 2026] GET
[Sat May  2 07:58:06 CEST 2026] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.XXXXXXXXXXX.com&type=TXT'
[Sat May  2 07:58:06 CEST 2026] timeout=
[Sat May  2 07:58:06 CEST 2026] Http already initialized.
[Sat May  2 07:58:06 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g '
[Sat May  2 07:58:06 CEST 2026] ret='0'
[Sat May  2 07:58:06 CEST 2026] response='{"Status":3,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"_acme-challenge.XXXXXXXXXXX.com","type":16}],"Authority":[{"name":"XXXXXXXXXXX.com","type":6,"TTL":3600,"data":"ns31.XXXXXXXXXXX.com. hostmaster.XXXXXXXXXXX.ch. 2026032664 10800 3600 605800 3600"}]}'
[Sat May  2 07:58:06 CEST 2026] _answers
[Sat May  2 07:58:06 CEST 2026] Not valid yet, let's wait for 10 seconds then check the next one.
[Sat May  2 07:58:06 CEST 2026] _p_txtdomain='_acme-challenge.XXXXXXXXXXX.com'
[Sat May  2 07:58:06 CEST 2026] Purging Cloudflare TXT record for domain _acme-challenge.XXXXXXXXXXX.com
[Sat May  2 07:58:06 CEST 2026] POST
[Sat May  2 07:58:06 CEST 2026] _post_url='https://cloudflare-dns.com/api/v1/purge?domain=_acme-challenge.XXXXXXXXXXX.com&type=TXT'
[Sat May  2 07:58:06 CEST 2026] body
[Sat May  2 07:58:06 CEST 2026] _postContentType
[Sat May  2 07:58:06 CEST 2026] Http already initialized.
[Sat May  2 07:58:06 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXXXXXXXX/http.header  -L  -g '
[Sat May  2 07:58:07 CEST 2026] _ret='0'
[Sat May  2 07:58:07 CEST 2026] response='{"msg":"purge request queued. Please wait a few seconds and verify the request was successful"}'

SwissSteph

The emails I receive

Notifications in this message: 1
================================

03:57:16 ACME Failed to renew certificate for Cert_DNS_XXXXXXXXXX
ACME Failed to renew certificate for Cert_DNS_YYYYYYYYYYY

Gertjan

@SwissSteph

Where it failed - the part you didn't show ? - is where amce.sh stopped waiting for another "10 seconds more'. That's the fail point.
It does 10 or 20 times maximum.
From what I know : acme.sh 'talks' to the master dns domain name server. This DNS server will then signal all involved dns slave servers, and these, when they've decided, will sync up with the master dns.
Only after this has been done, Letenescrypt should start verifying. Letsencrypt can pick the DNS master, or a slave, or all of them. That's why the "DNS Sleep" exists : the sync delay between domain name server is 'unknown' and we do not have any control over that process. It could be 'seconds' or .... many minutes. And even when you set DNS Sleep to "300" = 5 minutes, it will test, and wait (several ?!) "10 seconds more" if needed. After several tries (20 or 30 ?), it will fail.

The only real solution : retry later in the day ?

Btw : I presume the 'adding' of the TXT record " _acme-challenge.XXXXXXXXXXX.com" went well, as acme would have failed earlier if that's not the case.

While acme.sh is executing this wait loop, you can fact check it.
First, start by asking who your DNS servers are :

dig XXXXXXXXXXX.com NS +short

You'll see this of the NS servers of your domain name.
For each of these, execute :

dig  @DNS-server kiLdtSn8eocAU0QbCzGNx1hqJwvKVuL6rtvyfXJTFrI._acme-challenge.XXXXXXXXXXX.com TXT +short

where "DNS-server" is one of your DNS servers.
I took the "kiLdtSn8eocAU0QbCzGNx1hqJwvKVuL6rtvyfXJTFrI" from your logs : it's the 'name' of the TXT record.
DNS is all synced up and ready when every DNS servers return a TXT result, and the same result, and ever TXT record contains the same secret number, also shown in the logs.

Another issue might be : Letsencrypt itself tells acme.sh "Not now, I'm to busy", as half the planet is renewing it's certificates every '60 days' or so.
Let's say that that Letencrypt handles 100 million domain names (probably more ?), that makes 1000+ certificates per minutes if the demand is spread evenly ....

Solution : try a bit later

SwissSteph

@Gertjan

Thank you very much for taking the time to help me and for your response.

I don't have your expertise, and I have to “decode” your explanations on my own :-)

The servers for both domain names are:
ns31.infomaniak.com
ns32.infomaniak.com
ns41.infomaniak.com
ns42.infomaniak.com

So I “used” the “dig” command as you instructed. Well, so far without any meaningful results.

I’ll follow your advice and periodically click the “renew” button in the Pfsense interface under “acme.”

Thanks again

SteveITS

@SwissSteph The DNS Sleep setting is to tell it to wait longer. I’ve seen DNS servers that take 15 minutes to update so I had to set this to 900 seconds.

Manually renewing as I recall doesn’t help with this because IIRC it will create a new DNS record each time.

SwissSteph

@SteveITS

Thanks for clarifying that. I've now set this parameter to “900” for both of my domains.

I'll check back here in a few hours or days and share my findings.

Thanks for your ideas and comments

johnpoz

@SwissSteph yeah you might want to look at this older thread that goes into the sleep setting a bit

https://forum.netgate.com/post/1240938

I have always just used a setting of 180 in sleep and not had any issues. I think setting that to something other than 0 changes how it overall works.

There is for sure stuff about doh in there, which pfblocker could be blocking?

I have just not ever had any issues to require any digging into the details.. I know it creates a record, and then validates that record, etc. But how that actually happens seems setting sleep value alters that method.

SteveITS

@johnpoz To be more specific about my usage the DNS provider doesn’t update records immediately . I thought it was https://www.namesilo.com/support/v2/articles/domain-manager/dns-troubleshooting#:~:text=only%20push%20DNS%20changes%20every%205%20minutes but that says 5 minutes not 15…whoever it was, or maybe it changed, but in my testing it was 15 minutes. So the polling tried for a while but would never be able to succeed. 900s says to try once at that time.

SwissSteph

I did set the value to ‘900’, but that didn't help.

Yes, I have PFblockerNG, but I haven't changed anything in that configuration for a very long time.

If I look at the last renewal date for my certificates, it says ‘Valid From: Thu, 26 Mar 2026 02:18:02 +0100’. I suppose ‘something’ has changed between then and now.

As I’m not skilled enough to change “what I don’t understand”, I haven’t touched my configuration, apart from updating PFsense and applying the “patches”.

SwissSteph

Well, after several hours and days, my two certificates still haven't been renewed. I tried following your instructions and tutorials, but it still isn't working.
As I mentioned before, I haven't changed anything in the settings recently, and certainly not anything related to the certificates or ACME.

Since I have PFblocketNG, could it be blocking this “on its own”?

What could I check (and where) to see if it’s blocking it or not? Can I add a rule (and where)?

Thanks for your suggestions; I’m not sure what else to do with this feature that’s no longer working.

stephenw10

@SwissSteph said in 26.03 - Failure updating ACME certificate:

Since I have PFblocketNG, could it be blocking this “on its own”?

I could be potentially. If you have it configured to block outgoing traffic.

SwissSteph

@stephenw10
That’s a possibility, yes, but only for updating those certificates, right!?
My network is working as usual right now.

Where should I look? Or what can I do to test whether there’s actually a block? I haven’t changed any settings; I just installed the requested updates.

Thanks for your advice

stephenw10

Check the pfBlocker logs first.

Or you could just disable pfBlocker as a test.

SwissSteph

@stephenw10

Just that little "V" is enough ?

stephenw10

Yes that should remove and auto-added rules.

SwissSteph

@stephenw10
I unchecked that box, but nothing changed—my certificates still aren't being renewed.

johnpoz

@SwissSteph and what is the log say now that you put in sleep value of 900?

SwissSteph

@johnpoz

The last few lines (I can't include the entire text because it's too long) are:

server: nginx
date: Wed, 06 May 2026 11:24:16 GMT
content-type: application/json
content-length: 194
boulder-requester: 2340324837
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz/2340324837/699471226025>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ
replay-nonce: 3A87yRk9-4L7gnbhiaxPgzhHnf0vpswdCOIXuOQDRv7uuubd2qU
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Wed May  6 13:24:16 CEST 2026] code='200'
[Wed May  6 13:24:16 CEST 2026] original='{
  "type": "dns-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ",
  "status": "pending",
  "token": "QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"
}'
[Wed May  6 13:24:16 CEST 2026] _json_decode
[Wed May  6 13:24:16 CEST 2026] _j_str='{
  "type": "dns-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ",
  "status": "pending",
  "token": "QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"
}'
[Wed May  6 13:24:16 CEST 2026] response='{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ","status":"pending","token":"QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"}'
[Wed May  6 13:24:16 CEST 2026] Trigger validation code: 200
[Wed May  6 13:24:16 CEST 2026] Let's check the authz status
[Wed May  6 13:24:16 CEST 2026] original='{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ","status":"pending","token":"QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"}'
[Wed May  6 13:24:16 CEST 2026] response='{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ","status":"pending","token":"QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"}'
[Wed May  6 13:24:16 CEST 2026] status='pending'
[Wed May  6 13:24:16 CEST 2026] Pending. The CA is processing your order, please wait. (1/30)
[Wed May  6 13:24:16 CEST 2026] Sleep 2 seconds before verifying again
[Wed May  6 13:24:18 CEST 2026] Checking
[Wed May  6 13:24:18 CEST 2026] =======Sending Signed Request=======
[Wed May  6 13:24:18 CEST 2026] url='https://acme-v02.api.letsencrypt.org/acme/authz/2340324837/699471226025'
[Wed May  6 13:24:18 CEST 2026] payload
[Wed May  6 13:24:18 CEST 2026] Use cached jwk for file: /tmp/acme/Cert_DNS_XXXXX/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Wed May  6 13:24:18 CEST 2026] base64 single line.
[Wed May  6 13:24:18 CEST 2026] payload64
[Wed May  6 13:24:18 CEST 2026] _request_retry_times='1'
[Wed May  6 13:24:18 CEST 2026] Use _CACHED_NONCE='3A87yRk9-4L7gnbhiaxPgzhHnf0vpswdCOIXuOQDRv7uuubd2qU'
[Wed May  6 13:24:18 CEST 2026] nonce='3A87yRk9-4L7gnbhiaxPgzhHnf0vpswdCOIXuOQDRv7uuubd2qU'
[Wed May  6 13:24:18 CEST 2026] protected='{"nonce": "3A87yRk9-4L7gnbhiaxPgzhHnf0vpswdCOIXuOQDRv7uuubd2qU", "url": "https://acme-v02.api.letsencrypt.org/acme/authz/2340324837/699471226025", "alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/2340324837"}'
[Wed May  6 13:24:18 CEST 2026] base64 single line.
[Wed May  6 13:24:18 CEST 2026] protected64='eyJub25jZSI6ICIzQTg3eVJrOS00TDdnbmJoaWF4UGd6aEhuZjB2cHN3ZENPSVh1T1FEUnY3dXV1YmQycVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIzNDAzMjQ4MzcvNjk5NDcxMjI2MDI1IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8yMzQwMzI0ODM3In0'
[Wed May  6 13:24:18 CEST 2026] base64 single line.
[Wed May  6 13:24:18 CEST 2026] _sig_t='Yt0drmjTnxz1XYtD2dpvPSv6t/OdLyudoEV2fVvJ/n0ZiBU7hZtdAsMwOcZMYldGPUS8KhtycKLDgaPZ6F74V2PWCTnGp8vkEJTvzPxMQvFacqicty317drIsveWHTSZmoVGGcNHiIQIdwNfPsamDIWS+oUl769wFhGp+rK+BiMlBpZHREw1HrhRRv3+gyKUbPfPTBXaC0Fj61gx2ZtbvzoEdk1DAZwEW+t5MzsUc8Ns5c90z8UOP+EfP3H7CnnvdaRqWfyRcNioGZKiNUH/Ef8E4U1WqWqBDw4WY34EX0Y4q6roCjDoiEnH1ZvgBmqVMfRU66ujCNrUULpf+3PZd0YU5nCDxCZXRNZpZHAs3LvRhtvHG5ws9fYgcya7zWXHm8iq1oLFVqEe21dgnYfJgmHDcLbGZyOsebbm+JYjXo5flyjtOuUUWymvZVgklGc9JL+HY0ja/qzF8fNFph3k/E1um75g/HVe4X6BOCqGlaov1Huw4hLJw8KH1Oo+cyHWrEIuDdNu+iD9aaKNTvIGIytOBdZJspy0HrKUfliNnYeIHNbTU9rQBx61p2v13K141NDgRJNnH0lLr/weRLsMStE4Y6PRx3QdGtQuggCm9bwB12I9J96eM+RlGa65bJ5nBuWtP/1+5V/d9KpE+JsvvN0NtyI/OslgUJ7cTIw5AcE='
[Wed May  6 13:24:18 CEST 2026] sig='Yt0drmjTnxz1XYtD2dpvPSv6t_OdLyudoEV2fVvJ_n0ZiBU7hZtdAsMwOcZMYldGPUS8KhtycKLDgaPZ6F74V2PWCTnGp8vkEJTvzPxMQvFacqicty317drIsveWHTSZmoVGGcNHiIQIdwNfPsamDIWS-oUl769wFhGp-rK-BiMlBpZHREw1HrhRRv3-gyKUbPfPTBXaC0Fj61gx2ZtbvzoEdk1DAZwEW-t5MzsUc8Ns5c90z8UOP-EfP3H7CnnvdaRqWfyRcNioGZKiNUH_Ef8E4U1WqWqBDw4WY34EX0Y4q6roCjDoiEnH1ZvgBmqVMfRU66ujCNrUULpf-3PZd0YU5nCDxCZXRNZpZHAs3LvRhtvHG5ws9fYgcya7zWXHm8iq1oLFVqEe21dgnYfJgmHDcLbGZyOsebbm-JYjXo5flyjtOuUUWymvZVgklGc9JL-HY0ja_qzF8fNFph3k_E1um75g_HVe4X6BOCqGlaov1Huw4hLJw8KH1Oo-cyHWrEIuDdNu-iD9aaKNTvIGIytOBdZJspy0HrKUfliNnYeIHNbTU9rQBx61p2v13K141NDgRJNnH0lLr_weRLsMStE4Y6PRx3QdGtQuggCm9bwB12I9J96eM-RlGa65bJ5nBuWtP_1-5V_d9KpE-JsvvN0NtyI_OslgUJ7cTIw5AcE'
[Wed May  6 13:24:18 CEST 2026] body='{"protected": "eyJub25jZSI6ICIzQTg3eVJrOS00TDdnbmJoaWF4UGd6aEhuZjB2cHN3ZENPSVh1T1FEUnY3dXV1YmQycVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIzNDAzMjQ4MzcvNjk5NDcxMjI2MDI1IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8yMzQwMzI0ODM3In0", "payload": "", "signature": "Yt0drmjTnxz1XYtD2dpvPSv6t_OdLyudoEV2fVvJ_n0ZiBU7hZtdAsMwOcZMYldGPUS8KhtycKLDgaPZ6F74V2PWCTnGp8vkEJTvzPxMQvFacqicty317drIsveWHTSZmoVGGcNHiIQIdwNfPsamDIWS-oUl769wFhGp-rK-BiMlBpZHREw1HrhRRv3-gyKUbPfPTBXaC0Fj61gx2ZtbvzoEdk1DAZwEW-t5MzsUc8Ns5c90z8UOP-EfP3H7CnnvdaRqWfyRcNioGZKiNUH_Ef8E4U1WqWqBDw4WY34EX0Y4q6roCjDoiEnH1ZvgBmqVMfRU66ujCNrUULpf-3PZd0YU5nCDxCZXRNZpZHAs3LvRhtvHG5ws9fYgcya7zWXHm8iq1oLFVqEe21dgnYfJgmHDcLbGZyOsebbm-JYjXo5flyjtOuUUWymvZVgklGc9JL-HY0ja_qzF8fNFph3k_E1um75g_HVe4X6BOCqGlaov1Huw4hLJw8KH1Oo-cyHWrEIuDdNu-iD9aaKNTvIGIytOBdZJspy0HrKUfliNnYeIHNbTU9rQBx61p2v13K141NDgRJNnH0lLr_weRLsMStE4Y6PRx3QdGtQuggCm9bwB12I9J96eM-RlGa65bJ5nBuWtP_1-5V_d9KpE-JsvvN0NtyI_OslgUJ7cTIw5AcE"}'
[Wed May  6 13:24:18 CEST 2026] POST
[Wed May  6 13:24:18 CEST 2026] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/2340324837/699471226025'
[Wed May  6 13:24:18 CEST 2026] body='{"protected": "eyJub25jZSI6ICIzQTg3eVJrOS00TDdnbmJoaWF4UGd6aEhuZjB2cHN3ZENPSVh1T1FEUnY3dXV1YmQycVUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIzNDAzMjQ4MzcvNjk5NDcxMjI2MDI1IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8yMzQwMzI0ODM3In0", "payload": "", "signature": "Yt0drmjTnxz1XYtD2dpvPSv6t_OdLyudoEV2fVvJ_n0ZiBU7hZtdAsMwOcZMYldGPUS8KhtycKLDgaPZ6F74V2PWCTnGp8vkEJTvzPxMQvFacqicty317drIsveWHTSZmoVGGcNHiIQIdwNfPsamDIWS-oUl769wFhGp-rK-BiMlBpZHREw1HrhRRv3-gyKUbPfPTBXaC0Fj61gx2ZtbvzoEdk1DAZwEW-t5MzsUc8Ns5c90z8UOP-EfP3H7CnnvdaRqWfyRcNioGZKiNUH_Ef8E4U1WqWqBDw4WY34EX0Y4q6roCjDoiEnH1ZvgBmqVMfRU66ujCNrUULpf-3PZd0YU5nCDxCZXRNZpZHAs3LvRhtvHG5ws9fYgcya7zWXHm8iq1oLFVqEe21dgnYfJgmHDcLbGZyOsebbm-JYjXo5flyjtOuUUWymvZVgklGc9JL-HY0ja_qzF8fNFph3k_E1um75g_HVe4X6BOCqGlaov1Huw4hLJw8KH1Oo-cyHWrEIuDdNu-iD9aaKNTvIGIytOBdZJspy0HrKUfliNnYeIHNbTU9rQBx61p2v13K141NDgRJNnH0lLr_weRLsMStE4Y6PRx3QdGtQuggCm9bwB12I9J96eM-RlGa65bJ5nBuWtP_1-5V_d9KpE-JsvvN0NtyI_OslgUJ7cTIw5AcE"}'
[Wed May  6 13:24:18 CEST 2026] _postContentType='application/jose+json'
[Wed May  6 13:24:18 CEST 2026] Http already initialized.
[Wed May  6 13:24:18 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXX/http.header  -L  -g '
[Wed May  6 13:24:18 CEST 2026] _ret='0'
[Wed May  6 13:24:18 CEST 2026] responseHeaders='HTTP/2 200 
server: nginx
date: Wed, 06 May 2026 11:24:18 GMT
content-type: application/json
content-length: 667
boulder-requester: 2340324837
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 3A87yRk9PZPYvBSOswhVre2tMHpOt_3DJQvb6GqPlk6B2dbF4RY
x-frame-options: DENY
strict-transport-security: max-age=604800

'
[Wed May  6 13:24:18 CEST 2026] code='200'
[Wed May  6 13:24:18 CEST 2026] original='{
  "identifier": {
    "type": "dns",
    "value": "XXXXX.yy"
  },
  "status": "invalid",
  "expires": "2026-05-13T11:09:14Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ",
      "status": "invalid",
      "validated": "2026-05-06T11:24:16Z",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX.yy - check that a DNS record exists for this domain",
        "status": 400
      },
      "token": "QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"
    }
  ],
  "wildcard": true
}'
[Wed May  6 13:24:18 CEST 2026] _json_decode
[Wed May  6 13:24:18 CEST 2026] _j_str='{
  "identifier": {
    "type": "dns",
    "value": "XXXXX.yy"
  },
  "status": "invalid",
  "expires": "2026-05-13T11:09:14Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ",
      "status": "invalid",
      "validated": "2026-05-06T11:24:16Z",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX.yy - check that a DNS record exists for this domain",
        "status": 400
      },
      "token": "QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"
    }
  ],
  "wildcard": true
}'
[Wed May  6 13:24:18 CEST 2026] response='{"identifier":{"type":"dns","value":"XXXXX.yy"},"status":"invalid","expires":"2026-05-13T11:09:14Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ","status":"invalid","validated":"2026-05-06T11:24:16Z","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX.yy - check that a DNS record exists for this domain","status": 400},"token":"QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"}],"wildcard": true}'
[Wed May  6 13:24:18 CEST 2026] original='{"identifier":{"type":"dns","value":"XXXXX.yy"},"status":"invalid","expires":"2026-05-13T11:09:14Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ","status":"invalid","validated":"2026-05-06T11:24:16Z","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX.yy - check that a DNS record exists for this domain","status": 400},"token":"QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"}],"wildcard": true}'
[Wed May  6 13:24:18 CEST 2026] response='{"identifier":{"type":"dns","value":"XXXXX.yy"},"status":"invalid","expires":"2026-05-13T11:09:14Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ","status":"invalid","validated":"2026-05-06T11:24:16Z","error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX.yy - check that a DNS record exists for this domain","status": 400},"token":"QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU"}],"wildcard": true}'
[Wed May  6 13:24:18 CEST 2026] status='invalid
invalid'
[Wed May  6 13:24:18 CEST 2026] error='"error":{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX.yy - check that a DNS record exists for this domain","status": 400'
[Wed May  6 13:24:18 CEST 2026] errordetail='DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX.yy - check that a DNS record exists for this domain'
[Wed May  6 13:24:18 CEST 2026] *.XXXXX.yy: Invalid status. Verification error details: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX.yy - check that a DNS record exists for this domain
[Wed May  6 13:24:18 CEST 2026] Skipping for removelevel: 
[Wed May  6 13:24:18 CEST 2026] pid
[Wed May  6 13:24:18 CEST 2026] No need to restore nginx config, skipping.
[Wed May  6 13:24:18 CEST 2026] _clearupdns
[Wed May  6 13:24:18 CEST 2026] dns_entries='XXXXX.yy,_acme-challenge.XXXXX.yy,,dns_infomaniak,zL85QIS4v5KL0Q-Cjlmne5_IoLbqObfq01WLtZzeDRI,/usr/local/pkg/acme/dnsapi/dns_infomaniak.sh
'
[Wed May  6 13:24:18 CEST 2026] Removing DNS records.
[Wed May  6 13:24:18 CEST 2026] d='XXXXX.yy'
[Wed May  6 13:24:18 CEST 2026] txtdomain='_acme-challenge.XXXXX.yy'
[Wed May  6 13:24:18 CEST 2026] aliasDomain='_acme-challenge.XXXXX.yy'
[Wed May  6 13:24:18 CEST 2026] _currentRoot='dns_infomaniak'
[Wed May  6 13:24:18 CEST 2026] txt='zL85QIS4v5KL0Q-Cjlmne5_IoLbqObfq01WLtZzeDRI'
[Wed May  6 13:24:18 CEST 2026] d_api='/usr/local/pkg/acme/dnsapi/dns_infomaniak.sh'
[Wed May  6 13:24:18 CEST 2026] dns_infomaniak_rm exists=0
[Wed May  6 13:24:18 CEST 2026] Removing txt: zL85QIS4v5KL0Q-Cjlmne5_IoLbqObfq01WLtZzeDRI for domain: _acme-challenge.XXXXX.yy
[Wed May  6 13:24:18 CEST 2026] OK
[Wed May  6 13:24:19 CEST 2026] 5:SAVED_INFOMANIAK_API_TOKEN='j977Z8WOcXpwAFWQfWdsfIfcONy8OxZLz8Wi0VTE_SkO5cNM_UXtU71ewqg1t9B1pmGp6sC2LVqzGNmv'
[Wed May  6 13:24:19 CEST 2026] Infomaniak DNS API
[Wed May  6 13:24:19 CEST 2026] fulldomain='_acme-challenge.XXXXX.yy'
[Wed May  6 13:24:19 CEST 2026] txtvalue='zL85QIS4v5KL0Q-Cjlmne5_IoLbqObfq01WLtZzeDRI'
[Wed May  6 13:24:19 CEST 2026] GET
[Wed May  6 13:24:19 CEST 2026] url='https://api.infomaniak.com/2/domains/_acme-challenge.XXXXX.yy/zones'
[Wed May  6 13:24:19 CEST 2026] timeout=
[Wed May  6 13:24:19 CEST 2026] Http already initialized.
[Wed May  6 13:24:19 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXX/http.header  -L  -g '
[Wed May  6 13:24:19 CEST 2026] ret='0'
[Wed May  6 13:24:19 CEST 2026] zone:{
[Wed May  6 13:24:19 CEST 2026] key:_acme-challenge.XXXXX.yy
[Wed May  6 13:24:19 CEST 2026] GET
[Wed May  6 13:24:19 CEST 2026] url='https://api.infomaniak.com/2/zones/{/records'
[Wed May  6 13:24:19 CEST 2026] timeout=
[Wed May  6 13:24:19 CEST 2026] Http already initialized.
[Wed May  6 13:24:19 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXX/http.header  -L  -g '
[Wed May  6 13:24:19 CEST 2026] ret='0'
[Wed May  6 13:24:19 CEST 2026] key: _acme-challenge.XXXXX.yy
[Wed May  6 13:24:19 CEST 2026] txtvalue: zL85QIS4v5KL0Q-Cjlmne5_IoLbqObfq01WLtZzeDRI
[Wed May  6 13:24:19 CEST 2026] record_id: 
[Wed May  6 13:24:19 CEST 2026] could not find record to delete
[Wed May  6 13:24:19 CEST 2026] response: {"result":"error","error":{"code":"method_not_found","description":"Method not found"}}
[Wed May  6 13:24:19 CEST 2026] Error removing txt for domain: _acme-challenge.XXXXX.yy
[Wed May  6 13:24:19 CEST 2026] _on_issue_err
[Wed May  6 13:24:19 CEST 2026] Please check log file for more details: /tmp/acme/Cert_DNS_XXXXX/acme_issuecert.log
[Wed May  6 13:24:19 CEST 2026] _chk_vlist='*.XXXXX.yy#QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU.4FFwyvBgv2NAY3VFap4--K03k3TmwJuAM2qC-ZWuXC0#https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ#dns-01#dns_infomaniak#https://acme-v02.api.letsencrypt.org/acme/authz/2340324837/699471226025,'
[Wed May  6 13:24:19 CEST 2026] start to deactivate authz
[Wed May  6 13:24:19 CEST 2026] Trigger domain validation.
[Wed May  6 13:24:19 CEST 2026] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ'
[Wed May  6 13:24:19 CEST 2026] _t_key_authz='QNJY5-jUSqKGvFAn4r6vDtSgbjSMJp6eo70sgtNjfgU.4FFwyvBgv2NAY3VFap4--K03k3TmwJuAM2qC-ZWuXC0'
[Wed May  6 13:24:19 CEST 2026] _t_vtype
[Wed May  6 13:24:19 CEST 2026] =======Sending Signed Request=======
[Wed May  6 13:24:19 CEST 2026] url='https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ'
[Wed May  6 13:24:19 CEST 2026] payload='{}'
[Wed May  6 13:24:19 CEST 2026] Use cached jwk for file: /tmp/acme/Cert_DNS_XXXXX/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Wed May  6 13:24:19 CEST 2026] base64 single line.
[Wed May  6 13:24:19 CEST 2026] payload64='e30'
[Wed May  6 13:24:19 CEST 2026] _request_retry_times='1'
[Wed May  6 13:24:19 CEST 2026] Use _CACHED_NONCE='3A87yRk9PZPYvBSOswhVre2tMHpOt_3DJQvb6GqPlk6B2dbF4RY'
[Wed May  6 13:24:19 CEST 2026] nonce='3A87yRk9PZPYvBSOswhVre2tMHpOt_3DJQvb6GqPlk6B2dbF4RY'
[Wed May  6 13:24:19 CEST 2026] protected='{"nonce": "3A87yRk9PZPYvBSOswhVre2tMHpOt_3DJQvb6GqPlk6B2dbF4RY", "url": "https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ", "alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/2340324837"}'
[Wed May  6 13:24:19 CEST 2026] base64 single line.
[Wed May  6 13:24:19 CEST 2026] protected64='eyJub25jZSI6ICIzQTg3eVJrOVBaUFl2QlNPc3doVnJlMnRNSHBPdF8zREpRdmI2R3FQbGs2QjJkYkY0UlkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIzNDAzMjQ4MzcvNjk5NDcxMjI2MDI1L0wtUGRUUSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM0MDMyNDgzNyJ9'
[Wed May  6 13:24:19 CEST 2026] base64 single line.
[Wed May  6 13:24:19 CEST 2026] _sig_t='olRkhX35sa4tqQEj+ccV3J9d59nqIDxkGvEo5aEX0SZjPbwr2koqehXuwXm+PGDsmTSFgC79sliJTVVTEaUPCHgzdLBFI4Q6WiMtfBk22MLrNx3gwvyLp4i68JstnBrukMuW9k8YsjVDQB1Bjly71gH+Vq9vmKNM0NElP56Mw8gGFD18yLO1uzG/ryOnAQzVJda0fBM0gtrZW+n6jUBMPszggAgBZqHk3apaM61EgEyKUJKSweGqXhrR1PKFpLgBJgRi0DwDTtlS/z/DOvfzkU60hJBVULlo3Zp6B45iP/nX5W1Vgaxl8YfdFxk0/8exdEq7HyD3lf4RIdrTdWOc+srOY5P8TiAgdeXlqYa/LjchppMFhrQxbgmD6Sij24KAevOV+sG7HmmEWlSjZ+AX4hRdhUfjBnsa3wFznyRSG3Isas5STA+LMrMaLOi29wHglhPmW/Pt+BLX7D/ldrB0UhorjNqGPu2e/375rwYJPPmPpOHPHteJeaKMC3D1o9JpZxDqU1or43Dl5ca2ZZZax3HEOJV73qusxWmUrZ8bNYCw8VumPYhfd9G0ZGW+W13OVtVFjYevLAcQ5WEHWvKQlu08nHwSWfDLbimIH2U4ltfuyibXF/i8fO0mWS6JZ6sY0N+PkeEudlHdzVNhzN6HS/NBuYgVCYavTAa4zi/WhDA='
[Wed May  6 13:24:19 CEST 2026] sig='olRkhX35sa4tqQEj-ccV3J9d59nqIDxkGvEo5aEX0SZjPbwr2koqehXuwXm-PGDsmTSFgC79sliJTVVTEaUPCHgzdLBFI4Q6WiMtfBk22MLrNx3gwvyLp4i68JstnBrukMuW9k8YsjVDQB1Bjly71gH-Vq9vmKNM0NElP56Mw8gGFD18yLO1uzG_ryOnAQzVJda0fBM0gtrZW-n6jUBMPszggAgBZqHk3apaM61EgEyKUJKSweGqXhrR1PKFpLgBJgRi0DwDTtlS_z_DOvfzkU60hJBVULlo3Zp6B45iP_nX5W1Vgaxl8YfdFxk0_8exdEq7HyD3lf4RIdrTdWOc-srOY5P8TiAgdeXlqYa_LjchppMFhrQxbgmD6Sij24KAevOV-sG7HmmEWlSjZ-AX4hRdhUfjBnsa3wFznyRSG3Isas5STA-LMrMaLOi29wHglhPmW_Pt-BLX7D_ldrB0UhorjNqGPu2e_375rwYJPPmPpOHPHteJeaKMC3D1o9JpZxDqU1or43Dl5ca2ZZZax3HEOJV73qusxWmUrZ8bNYCw8VumPYhfd9G0ZGW-W13OVtVFjYevLAcQ5WEHWvKQlu08nHwSWfDLbimIH2U4ltfuyibXF_i8fO0mWS6JZ6sY0N-PkeEudlHdzVNhzN6HS_NBuYgVCYavTAa4zi_WhDA'
[Wed May  6 13:24:19 CEST 2026] body='{"protected": "eyJub25jZSI6ICIzQTg3eVJrOVBaUFl2QlNPc3doVnJlMnRNSHBPdF8zREpRdmI2R3FQbGs2QjJkYkY0UlkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIzNDAzMjQ4MzcvNjk5NDcxMjI2MDI1L0wtUGRUUSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM0MDMyNDgzNyJ9", "payload": "e30", "signature": "olRkhX35sa4tqQEj-ccV3J9d59nqIDxkGvEo5aEX0SZjPbwr2koqehXuwXm-PGDsmTSFgC79sliJTVVTEaUPCHgzdLBFI4Q6WiMtfBk22MLrNx3gwvyLp4i68JstnBrukMuW9k8YsjVDQB1Bjly71gH-Vq9vmKNM0NElP56Mw8gGFD18yLO1uzG_ryOnAQzVJda0fBM0gtrZW-n6jUBMPszggAgBZqHk3apaM61EgEyKUJKSweGqXhrR1PKFpLgBJgRi0DwDTtlS_z_DOvfzkU60hJBVULlo3Zp6B45iP_nX5W1Vgaxl8YfdFxk0_8exdEq7HyD3lf4RIdrTdWOc-srOY5P8TiAgdeXlqYa_LjchppMFhrQxbgmD6Sij24KAevOV-sG7HmmEWlSjZ-AX4hRdhUfjBnsa3wFznyRSG3Isas5STA-LMrMaLOi29wHglhPmW_Pt-BLX7D_ldrB0UhorjNqGPu2e_375rwYJPPmPpOHPHteJeaKMC3D1o9JpZxDqU1or43Dl5ca2ZZZax3HEOJV73qusxWmUrZ8bNYCw8VumPYhfd9G0ZGW-W13OVtVFjYevLAcQ5WEHWvKQlu08nHwSWfDLbimIH2U4ltfuyibXF_i8fO0mWS6JZ6sY0N-PkeEudlHdzVNhzN6HS_NBuYgVCYavTAa4zi_WhDA"}'
[Wed May  6 13:24:19 CEST 2026] POST
[Wed May  6 13:24:19 CEST 2026] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall/2340324837/699471226025/L-PdTQ'
[Wed May  6 13:24:19 CEST 2026] body='{"protected": "eyJub25jZSI6ICIzQTg3eVJrOVBaUFl2QlNPc3doVnJlMnRNSHBPdF8zREpRdmI2R3FQbGs2QjJkYkY0UlkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIzNDAzMjQ4MzcvNjk5NDcxMjI2MDI1L0wtUGRUUSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM0MDMyNDgzNyJ9", "payload": "e30", "signature": "olRkhX35sa4tqQEj-ccV3J9d59nqIDxkGvEo5aEX0SZjPbwr2koqehXuwXm-PGDsmTSFgC79sliJTVVTEaUPCHgzdLBFI4Q6WiMtfBk22MLrNx3gwvyLp4i68JstnBrukMuW9k8YsjVDQB1Bjly71gH-Vq9vmKNM0NElP56Mw8gGFD18yLO1uzG_ryOnAQzVJda0fBM0gtrZW-n6jUBMPszggAgBZqHk3apaM61EgEyKUJKSweGqXhrR1PKFpLgBJgRi0DwDTtlS_z_DOvfzkU60hJBVULlo3Zp6B45iP_nX5W1Vgaxl8YfdFxk0_8exdEq7HyD3lf4RIdrTdWOc-srOY5P8TiAgdeXlqYa_LjchppMFhrQxbgmD6Sij24KAevOV-sG7HmmEWlSjZ-AX4hRdhUfjBnsa3wFznyRSG3Isas5STA-LMrMaLOi29wHglhPmW_Pt-BLX7D_ldrB0UhorjNqGPu2e_375rwYJPPmPpOHPHteJeaKMC3D1o9JpZxDqU1or43Dl5ca2ZZZax3HEOJV73qusxWmUrZ8bNYCw8VumPYhfd9G0ZGW-W13OVtVFjYevLAcQ5WEHWvKQlu08nHwSWfDLbimIH2U4ltfuyibXF_i8fO0mWS6JZ6sY0N-PkeEudlHdzVNhzN6HS_NBuYgVCYavTAa4zi_WhDA"}'
[Wed May  6 13:24:19 CEST 2026] _postContentType='application/jose+json'
[Wed May  6 13:24:19 CEST 2026] Http already initialized.
[Wed May  6 13:24:19 CEST 2026] _CURL='curl --silent --dump-header /tmp/acme/Cert_DNS_XXXXX/http.header  -L  -g '
[Wed May  6 13:24:20 CEST 2026] _ret='0'
[Wed May  6 13:24:20 CEST 2026] responseHeaders='HTTP/2 400 
server: nginx
date: Wed, 06 May 2026 11:24:20 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 2340324837
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: upAtUo89yqE0ywErt3SIdyi1nP1D3FsCKi38ln-3ha9L97voM28

'
[Wed May  6 13:24:20 CEST 2026] code='400'
[Wed May  6 13:24:20 CEST 2026] original='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'
[Wed May  6 13:24:20 CEST 2026] response='{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}'