OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: astromeier on March 14, 2019, 09:26:20 pm

Title: [solved] Stuck with let's encrypt validation
Post by: astromeier on March 14, 2019, 09:26:20 pm
Dear OPNsense team and community here,
thanks a lot for OPNsense and the great forum - you helped me a lot in the last weeks with my first installation and configuration steps.

But now I'm in a situation all my reading and searching doesn't help anymore - I need your help:
OPNSense 19.1.4:
I installed the let's encrypt and haproxy plugins, configured 2 HTTP servers and 2 FQDNs, via CNAME  pointing to a dynDNS service -> my wan actual address.
So far the two servers can be reached from the WAN and the access is correctly distributed to the two servers by HaProxy.
The redirect of the challenge "/.well-known/acme-challenge/" works - I reach the internal lightttp server of OPNsense.

But getting the first certs from let's encrypt staging env. fails.
Test config is ok -

When I call the link "http://www.FDQN.de/.well-known/acme-challenge/" i get a "Forbidden" (403)
I added the /var/etc/acme-client/challenges/.well-known/acme-challenge manually - maybe I deleted that path in my earliey tries. Then I added a test file test.txt
This test file can be reached with "http://www.FDQN1.de/.well-known/acme-challenge/test.txt"

From the OPNsense shell a curl leads to the same:
Code: [Select]
root@OPNsense:~ # curl -vv http://www.FDQN1.de/.well-known/acme-challenge/
* Expire in 0 ms for 6 (transfer 0x529c9494000)
.....
* Expire in 50 ms for 1 (transfer 0x529c9494000)
*   Trying WAN IP ADDRESS...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x529c9494000)
* Connected to www.FQDN1.de (WAN IP ADDRESS) port 80 (#0)
> GET /.well-known/acme-challenge/ HTTP/1.1
> Host: www.FDQN.de
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Content-Type: text/html
< Content-Length: 341
< Date: Thu, 14 Mar 2019 18:39:45 GMT
< Server: lighttpd/ACME
<
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>403 Forbidden</title>
 </head>
 <body>
  <h1>403 Forbidden</h1>
 </body>
</html>
* Connection #0 to host www.FDQN.de left intact

a direct curl to the internal server leads to a "Not found" (404):
Code: [Select]
Direct curl:
==================
curl -vv http://127.0.0.1/var/etc/acme-client/challenges/.well-known/acme-challenge/
* Expire in 0 ms for 6 (transfer 0x5e239c94000)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5e239c94000)
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /var/etc/acme-client/challenges/.well-known/acme-challenge/ HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: text/html
< Content-Length: 341
< Date: Thu, 14 Mar 2019 18:45:26 GMT
< Server: lighttpd/ACME
<
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>404 Not Found</title>
 </head>
 <body>
  <h1>404 Not Found</h1>
 </body>
</html>
* Connection #0 to host 127.0.0.1 left intact

The syslog just shows:
Code: [Select]
Mar 14 20:35:57 OPNsense api[1429]: LE check: HAProxy integration is complete
Mar 14 20:35:58 OPNsense opnsense: /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: AcmeClient: domain validation failed
Mar 14 20:35:58 OPNsense opnsense: /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: AcmeClient: validation for certificate failed: Cert_FDQN1
Mar 14 20:35:58 OPNsense opnsense: /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: AcmeClient: domain validation failed
Mar 14 20:35:58 OPNsense opnsense: /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php: AcmeClient: validation for certificate failed: Cert_FDQN2

the acme.sh.log:
Code: [Select]
root@OPNsense:~ # clog /var/log/acme.sh.log
[Thu Mar 14 20:53:29 CET 2019] Using stage ACME_DIRECTORY: https://acme-staging.api.letsencrypt.org/directory
[Thu Mar 14 20:53:29 CET 2019] ACME_DIRECTORY='https://acme-staging.api.letsencrypt.org/directory'
[Thu Mar 14 20:53:29 CET 2019] Using config home:/var/etc/acme-client/home
[Thu Mar 14 20:53:29 CET 2019] ACME_DIRECTORY='https://acme-staging.api.letsencrypt.org/directory'
[Thu Mar 14 20:53:29 CET 2019] _init api for server: https://acme-staging.api.letsencrypt.org/directory
[Thu Mar 14 20:53:29 CET 2019] GET
[Thu Mar 14 20:53:29 CET 2019] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu Mar 14 20:53:29 CET 2019] timeout=
[Thu Mar 14 20:53:29 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 20:53:30 CET 2019] ret='0'
[Thu Mar 14 20:53:30 CET 2019] ACME_KEY_CHANGE='https://acme-staging.api.letsencrypt.org/acme/key-change'
[Thu Mar 14 20:53:30 CET 2019] ACME_NEW_AUTHZ='https://acme-staging.api.letsencrypt.org/acme/new-authz'
[Thu Mar 14 20:53:30 CET 2019] ACME_NEW_ORDER='https://acme-staging.api.letsencrypt.org/acme/new-cert'
[Thu Mar 14 20:53:30 CET 2019] ACME_NEW_ACCOUNT='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu Mar 14 20:53:30 CET 2019] ACME_REVOKE_CERT='https://acme-staging.api.letsencrypt.org/acme/revoke-cert'
[Thu Mar 14 20:53:30 CET 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Mar 14 20:53:30 CET 2019] ACME_NEW_NONCE
[Thu Mar 14 20:53:30 CET 2019] ACME_VERSION
[Thu Mar 14 20:53:30 CET 2019] RSA key
[Thu Mar 14 20:53:31 CET 2019] Registering account
[Thu Mar 14 20:53:31 CET 2019] url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu Mar 14 20:53:31 CET 2019] payload='{"resource": "new-reg", "contact": ["mailto: mail@ime.de"], "terms-of-service-agreed": true, "agreement": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"}'
[Thu Mar 14 20:53:31 CET 2019] GET
[Thu Mar 14 20:53:31 CET 2019] url='https://acme-staging.api.letsencrypt.org/directory'
[Thu Mar 14 20:53:31 CET 2019] timeout=
[Thu Mar 14 20:53:32 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 20:53:32 CET 2019] ret='0'
[Thu Mar 14 20:53:32 CET 2019] POST
[Thu Mar 14 20:53:32 CET 2019] _post_url='https://acme-staging.api.letsencrypt.org/acme/new-reg'
[Thu Mar 14 20:53:32 CET 2019] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Thu Mar 14 20:53:33 CET 2019] _ret='0'
[Thu Mar 14 20:53:33 CET 2019] code='409'
[Thu Mar 14 20:53:33 CET 2019] Already registered
[Thu Mar 14 20:53:33 CET 2019] _accUri='https://acme-staging.api.letsencrypt.org/acme/reg/8515816'
[Thu Mar 14 20:53:33 CET 2019] Calc CA_KEY_HASH='SI+4xbtobRKxjABPnGXUKCA5Lr1X8nIoSzJkCh85l3k='
[Thu Mar 14 20:53:33 CET 2019] ACCOUNT_THUMBPRINT='YmG2C6mxhwu8rY6a5FiexjHHt388iH0qaQBpjMNfgKk'
I deactivated the LE plugind, tried to overcome the 409 error by deleting old files in /var/etc/acme-client , resetting  the client and reactivating LE - no success ...

the contents of /var/etc/acme-client:
Code: [Select]
root@OPNsense:/var/etc/acme-client # ls -lR
total 24
drwxr-x---  3 root  wheel  512 Mar 14 21:19 accounts
drwxr-x---  2 root  wheel  512 Mar 14 21:14 certs
drwxr-x---  3 root  wheel  512 Mar 13 21:10 challenges
drwxr-x---  2 root  wheel  512 Mar 14 21:14 configs
drwxr-x---  3 root  wheel  512 Mar 14 21:19 home
drwxr-x---  2 root  wheel  512 Mar 14 21:14 keys

./accounts:
total 4
drwx------  2 root  wheel  512 Mar 14 21:19 5c85689e2b8f90.16361956

./accounts/5c85689e2b8f90.16361956:
total 12
-rw-------  1 root  wheel   360 Mar 14 21:19 account.conf
-rw-------  1 root  wheel  3243 Mar 14 21:19 account.key
-rw-r-----  1 root  wheel   131 Mar 14 21:19 ca.conf

./certs:
total 0

./challenges:
total 4
drwxr-x---  3 root  wheel  512 Mar 13 21:10 .well-known

./challenges/.well-known:
total 4
drwxr-x---  2 root  wheel  512 Mar 14 19:48 acme-challenge

./challenges/.well-known/acme-challenge:
total 4
-rwxr-x---  1 root  wheel  4 Mar 14 19:48 test.txt

./configs:
total 0

./home:
total 8
drwxr-x---  3 root  wheel  512 Mar 14 21:19 ca
-rw-r-----  1 root  wheel  546 Mar 14 21:19 http.header

./home/ca:
total 4
drwxr-x---  2 root  wheel  512 Mar 14 21:19 acme-staging.api.letsencrypt.org

./home/ca/acme-staging.api.letsencrypt.org:
total 0

./keys:
total 0


... where should I search to find the cause of my problem?

... no clue

TIA

Thomas

In the dashboard I find an error
Code: [Select]
System Information:

User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0
FreeBSD 11.2-RELEASE-p9-HBSD  f083bc4f8a0(stable/19.1) amd64
OPNsense 19.1.4 736dc49c3
Plugins os-acme-client-1.20 os-dyndns-1.13 os-haproxy-2.15 os-iperf-1.0 os-nut-1.4 os-smart-1.5
Time Thu, 14 Mar 2019 21:27:27 +0100
OpenSSL 1.0.2r  26 Feb 2019
PHP 7.1.27

PHP Errors:

[14-Mar-2019 20:53:33 Europe/Berlin] PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 171
[14-Mar-2019 20:53:33 Europe/Berlin] PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 243
[14-Mar-2019 20:53:33 Europe/Berlin] PHP Warning:  SimpleXMLElement::attributes(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1181
[14-Mar-2019 20:53:33 Europe/Berlin] PHP Warning:  log_cert_acme_status(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1181
[14-Mar-2019 20:53:33 Europe/Berlin] PHP Warning:  log_cert_acme_status(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1189
[14-Mar-2019 20:53:33 Europe/Berlin] PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 118
[14-Mar-2019 21:19:48 Europe/Berlin] PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 171
[14-Mar-2019 21:19:48 Europe/Berlin] PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 243
[14-Mar-2019 21:19:48 Europe/Berlin] PHP Warning:  SimpleXMLElement::attributes(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1181
[14-Mar-2019 21:19:48 Europe/Berlin] PHP Warning:  log_cert_acme_status(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1181
[14-Mar-2019 21:19:48 Europe/Berlin] PHP Warning:  log_cert_acme_status(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 1189
[14-Mar-2019 21:19:48 Europe/Berlin] PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 118

dmesg.boot:

Copyright (c) 2013-2018 The HardenedBSD Project.
Copyright (c) 1992-2018 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.2-RELEASE-p9-HBSD  f083bc4f8a0(stable/19.1) amd64
FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
VT(vga): resolution 640x480
HardenedBSD: initialize and check features (__HardenedBSD_version 1100056 __FreeBSD_version 1102000).
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ (2194.11-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x40fb2  Family=0xf  Model=0x4b  Stepping=2
  Features=0x178bfbff
  Features2=0x2001
  AMD Features=0xea500800
  AMD Features2=0x1f
  SVM: NAsids=64
real memory  = 4294967296 (4096 MB)
avail memory = 3594555392 (3428 MB)
Event timer "LAPIC" quality 100
ACPI APIC Table:
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
ioapic0  irqs 0-23 on motherboard
SMP: AP CPU #1 Launched!
random: entropy device external interface
wlan: mac acl policy registered
netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0xffffffff8113fb40, 0) error 19
kbd1 at kbdmux0
nexus0
vtvga0:  on motherboard
cryptosoft0:  on motherboard
acpi0:  on motherboard
acpi0: Power Button (fixed)
cpu0:  on acpi0
cpu1:  on acpi0
attimer0:  port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
atrtc0:  port 0x70-0x71 irq 8 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pcib0: _OSC returned error 0x10
pci0:  on pcib0
pcib1:  at device 5.0 on pci0
pci1:  on pcib1
re0:  port 0xd800-0xd8ff mem 0xfeaff000-0xfeafffff irq 17 at device 0.0 on pci1
re0: Using Memory Mapping!
re0: Using line-based interrupt
re0: version:1.95.00
re0: Ethernet address: 00:19:66:a7:e8:0e

This product is covered by one or more of the following patents:           
US6,570,884, US6,115,776, and US6,327,625.
re0: Ethernet address: 00:19:66:a7:e8:0e
ahci0:  port 0xc000-0xc007,0xb000-0xb003,0xa000-0xa007,0x9000-0x9003,0x8000-0x800f mem 0xfe9ff800-0xfe9ffbff irq 22 at device 18.0 on pci0
ahci0: AHCI v1.10 with 4 3Gbps ports, Port Multiplier supported
ahci0: quirks=0x7000
ahcich0:  at channel 0 on ahci0
ahcich1:  at channel 1 on ahci0
ahcich2:  at channel 2 on ahci0
ahcich3:  at channel 3 on ahci0
ohci0:  mem 0xfe9fe000-0xfe9fefff irq 16 at device 19.0 on pci0
usbus0 on ohci0
usbus0: 12Mbps Full Speed USB v1.0
ohci1:  mem 0xfe9fd000-0xfe9fdfff irq 17 at device 19.1 on pci0
usbus1 on ohci1
usbus1: 12Mbps Full Speed USB v1.0
ohci2:  mem 0xfe9fc000-0xfe9fcfff irq 18 at device 19.2 on pci0
usbus2 on ohci2
usbus2: 12Mbps Full Speed USB v1.0
ohci3:  mem 0xfe9fb000-0xfe9fbfff irq 17 at device 19.3 on pci0
usbus3 on ohci3
usbus3: 12Mbps Full Speed USB v1.0
ohci4:  mem 0xfe9fa000-0xfe9fafff irq 18 at device 19.4 on pci0
usbus4 on ohci4
usbus4: 12Mbps Full Speed USB v1.0
ehci0:  mem 0xfe9ff000-0xfe9ff0ff irq 19 at device 19.5 on pci0
ehci0: AMD SB600/700 quirk applied
usbus5: EHCI version 1.0
usbus5 on ehci0
usbus5: 480Mbps High Speed USB v2.0
atapci0:  port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xff00-0xff0f at device 20.1 on pci0
ata0:  at channel 0 on atapci0
isab0:  at device 20.3 on pci0
isa0:  on isab0
pcib2:  at device 20.4 on pci0
pci2:  on pcib2
re1:  port 0xe800-0xe8ff mem 0xfebffc00-0xfebffcff irq 20 at device 5.0 on pci2
re1: Using Memory Mapping!
re1: Using line-based interrupt
re1: version:1.95.00
re1: Ethernet address: 00:e0:53:18:02:84

This product is covered by one or more of the following patents:           
US6,570,884, US6,115,776, and US6,327,625.
re1: Ethernet address: 00:e0:53:18:02:84
re2:  port 0xe400-0xe4ff mem 0xfebff800-0xfebff8ff irq 21 at device 6.0 on pci2
re2: Using Memory Mapping!
re2: Using line-based interrupt
re2: version:1.95.00
re2: Ethernet address: 00:e0:53:18:01:ae

This product is covered by one or more of the following patents:           
US6,570,884, US6,115,776, and US6,327,625.
re2: Ethernet address: 00:e0:53:18:01:ae
acpi_button0:  on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
atkbdc0:  at port 0x60,0x64 on isa0
atkbd0:  irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
ppc0: cannot reserve I/O port range
powernow0:  on cpu0
powernow1:  on cpu1
Timecounters tick every 1.000 msec
ugen4.1:  at usbus4
ugen5.1:  at usbus5
uhub0:  on usbus4
uhub1:  on usbus5
ugen1.1:  at usbus1
ugen3.1:  at usbus3
uhub2:  on usbus1
uhub3:  on usbus3
ugen2.1:  at usbus2
uhub4:  on usbus2
ugen0.1:  at usbus0
(aprobe0:ahcich0:0:15:0): NOP FLUSHQUEUE. ACB: 00 00 00 00 00 00 00 00 00 00 00 00
uhub5: (aprobe0:ahcich0:0:15:0): CAM status: Command timeout
 on usbus0
(aprobe0:ahcich0:0:15:0): Error 5, Retries exhausted
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0:  ACS-2 ATA SATA 3.x device
uhub0: 2 ports with 2 removable, self powered
ada0: Serial Number 153430408362
ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
uhub2: ada0: 114473MB (234441648 512 byte sectors)
2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
Trying to mount root from ufs:/dev/ufs/OPNsense [rw]...
uhub4: 2 ports with 2 removable, self powered
uhub5: 2 ports with 2 removable, self powered
random: unblocking device.

Title: Re: Stuck with let's encrypt validation
Post by: astromeier on March 20, 2019, 07:54:00 pm
Hi all!
I removed the plugins "Let's encrypt" and "HaProxy".
Then I deleted all the associated files and folders manually via the shell.
I reinstalled the two plugins, made some manual corrections via shell and now have all running.
The HowTo you can find in the corresponding   Tutorials and FAQs Subforum (https://forum.opnsense.org/index.php?topic=12126.0)

cheers
Thomas

Last issue is:
Even when a certificate validation is successful the GUI Menu "Services: Let's Encrypt: Certificates"
list a "validation failed".....
Title: Re: [solved] Stuck with let's encrypt validation
Post by: nivok on May 08, 2019, 11:35:11 am
Hi all,
Same issue here... after once "validation failed", even on success, it stays on "validation failed"...
Title: Re: [solved] Stuck with let's encrypt validation
Post by: Deku on May 09, 2019, 12:06:16 am
I also have the "validation failed" message in the Last Acme Status for let's encrypt even though it appears to be a success.  I turned on debug logging using the staging.  Here is my output.. redacted.  It issues for the root domain and a couple alias hosts, which all properly resolve.  Also tried it with just the two hosts.

Quote
[Wed May 8 21:51:32 UTC 2019]   '' does not contain 'dns'
[Wed May 8 21:51:32 UTC 2019]   _on_issue_success
[Wed May 8 21:51:32 UTC 2019]   Installing full chain to:/var/etc/acme-client/certs/...redacted.../fullchain.pem
[Wed May 8 21:51:32 UTC 2019]   Installing key to:/var/etc/acme-client/keys/...redacted.../private.key
[Wed May 8 21:51:32 UTC 2019]   Installing CA to:/var/etc/acme-client/certs/...redacted.../chain.pem
[Wed May 8 21:51:32 UTC 2019]   Installing cert to:/var/etc/acme-client/certs/...redacted.../cert.pem
[Wed May 8 21:51:32 UTC 2019]   And the full chain certs is there: /var/etc/acme-client/home/...redacted...
[Wed May 8 21:51:32 UTC 2019]   The intermediate CA cert is in /var/etc/acme-client/home/...redacted...
[Wed May 8 21:51:32 UTC 2019]   ret='0'
[Wed May 8 21:51:32 UTC 2019]   _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Wed May 8 21:51:32 UTC 2019]   timeout=
[Wed May 8 21:51:32 UTC 2019]   url='https://acme-staging.api.letsencrypt.org/acme/issuer-cert'
[Wed May 8 21:51:32 UTC 2019]   GET
[Wed May 8 21:51:32 UTC 2019]   _link_issuer_retry='0'
[Wed May 8 21:51:32 UTC 2019]   Le_LinkIssuer='https://acme-staging.api.letsencrypt.org/acme/issuer-cert'
[Wed May 8 21:51:32 UTC 2019]   Your cert key is in /var/etc/acme-client/home/...redacted...
[Wed May 8 21:51:32 UTC 2019]   Your cert is in /var/etc/acme-client/home/...redacted...
[Wed May 8 21:51:32 UTC 2019]   Cert success.
[Wed May 8 21:51:32 UTC 2019]   Le_LinkCert='https://acme-staging.api.letsencrypt.org/acme/cert/...redacted...'
[Wed May 8 21:51:32 UTC 2019]   code='201'
[Wed May 8 21:51:32 UTC 2019]   response='...redacted...'
Date: Wed, 08 May 2019 21:51:32   GMT