Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Daves_nt_here

Pages1 2
#1
25.7 Series / ACME failing because of "OCSP must-staple" even though it's turned off.
September 15, 2025, 10:41:02 PM
I have lots of certs not auto-renewing unless I click on the manual renew icon, then they will renew with no issues.
I've had all these certs in their for a few years and at one point they had the "OSCP must staple" enabled. I turned off that option when Lets Encrypt sent out the notices a while ago. Since then, they keep failing. I now have a routine of checking certs every 30 days manually but it would be nice if they would just auto renew.

Is this a bug or am I missing something?


Code Select
#define WITH_DEFAULT_IPV 4
#define WITH_MSGLEVEL 0 /*debug*/
#undef WITH_DEVTESTS
#define WITH_RETRY 1
#define WITH_FILAN 1
#define WITH_SYCLS 1
#define WITH_LIBWRAP 1
#undef WITH_FIPS
#define WITH_OPENSSL 1
#define WITH_PTY 1
#undef WITH_TUN
#undef WITH_READLINE
#define WITH_EXEC 1
#define WITH_SHELL 1
#define WITH_SYSTEM 1
#define WITH_PROXY 1
#undef WITH_NAMESPACES
#undef WITH_VSOCK
#define WITH_SOCKS5 1
#define WITH_SOCKS4A 1
#define WITH_SOCKS4 1
#undef WITH_POSIXMQ
#define WITH_LISTEN 1
#define WITH_UDPLITE 1
#undef WITH_DCCP
#define WITH_SCTP 1
#define WITH_UDP 1
#define WITH_TCP 1
#undef WITH_INTERFACE
#define WITH_GENERICSOCKET 1
#define WITH_RAWIP 1
#define WITH_IP6 1
#define WITH_IP4 1
#undef WITH_ABSTRACT_UNIXSOCKET
#define WITH_UNIX 1
#define WITH_SOCKETPAIR 1
#define WITH_PIPE 1
#define WITH_TERMIOS 1
#define WITH_GOPEN 1
#define WITH_CREAT 1
#define WITH_FILE 1
#define WITH_FDNUM 1
#define WITH_STDIO 1
#define WITH_STATS 1
#define WITH_HELP 1
features:
running on FreeBSD version FreeBSD 14.3-RELEASE-p2 stable/25.7-n271676-ab2281de1853 SMP, release 14.3-RELEASE-p2, machine amd64
socat version 1.8.0.3 on Jul 22 2025 04:04:52
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat:
nginx doesn't exist.
nginx:
Apache doesn't exist.
Apache:
OpenSSL 3.0.16 11 Feb 2025 (Library: OpenSSL 3.0.16 11 Feb 2025)
openssl:openssl
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] Diagnosis versions:
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] 'dns_porkbun' does not contain 'dns'
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] _chk_vlist
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] Please add '--debug' or '--log' to see more information.
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] _on_issue_err
}
"status": 403
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"type": "urn:ietf:params:acme:error:unauthorized",
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] {
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] Signing failed. Finalize code was not 200.
}'
"status": 403
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"type": "urn:ietf:params:acme:error:unauthorized",
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] response='{
}'
"status": 403
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"type": "urn:ietf:params:acme:error:unauthorized",
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] original='{
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] code='403'
'
replay-nonce: JV8I8jm1k-SFlG22m0vdpHIURKlE9TDQFUvY-w1FnXS-BuqqBTI
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
boulder-requester: 1914230256
content-length: 215
content-type: application/problem+json
date: Mon, 15 Sep 2025 04:01:18 GMT
server: nginx
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] responseHeaders='HTTP/2 403
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] _ret='0'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g '
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Http already initialized.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] body='{"protected": "MIIFADCCAugCAQAwJDEiMCAGA1UEAwwZbG9uZG9ubWVkaWF0aW9uY2VudGVyLmNvbTCCAiIwDQYJKoZIhvcNAQ8k7897k77k7k7979l77546h9h9h98g7754f54f679346hg7"}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/finalize/1914230256/425885133391'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] POST
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] nonce='4389jn7438j90734g9034g734098g7d8907'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use _CACHED_NONCE='4389jn7438j90734g9034g734098g7d8907'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use cached jwk for file: /var/etc/acme-client/accounts/66ce30e8edd682.55394642_prod/account.key
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] payload='{"csr": "MIIFADCCAugCAQAwJDEiMCAGA1UEAwwZbG9uZG9ubWVkaWF0aW9uY2VudGVyLmNvbTCCAiIwDQYJKoZIhvcNAQ8k7897k77k7k7979l77546h9h9h98g7754f54f679346hg7"}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] url='https://acme-v02.api.letsencrypt.org/acme/finalize/1914230256/425885133391'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] =======Sending Signed Request=======
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1914230256/425885133391'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Let's finalize the order.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] j='28'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] i='2'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Verification finished, beginning signing.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Skipping dns.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] dns_entries
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _clearupdns
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] No need to restore nginx config, skipping.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] pid
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] www.*redacted*domain*name*.com is already verified, skipping dns-01.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] *redacted*domain*name*.com is already verified, skipping dns-01.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] OK, let's start verification
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] www.*redacted*domain*name*.com has already been verified, skipping dns-01.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] *redacted*domain*name*.com has already been verified, skipping dns-01.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d='*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] vlist='*redacted*domain*name*.com#verified_ok##dns-01#dns_porkbun#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5,www.*redacted*domain*name*.com#verified_ok##dns-01#dns_porkbun#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937,'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] dvlist='www.*redacted*domain*name*.com#verified_ok##dns-01#dns_porkbun#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] entry='"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] keyauthorization='verified_ok'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] www.*redacted*domain*name*.com is already valid.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _candidates='www.*redacted*domain*name*.com,{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _idn_temp
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _is_idn_d='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _currentRoot='dns_porkbun'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _w='dns_porkbun'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Getting webroot for domain='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] dvlist='*redacted*domain*name*.com#verified_ok##dns-01#dns_porkbun#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] entry='"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] keyauthorization='verified_ok'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] *redacted*domain*name*.com is already valid.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _candidates='*redacted*domain*name*.com,{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _idn_temp
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _is_idn_d='*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _currentRoot='dns_porkbun'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _w='dns_porkbun'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Getting webroot for domain='*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d='*redacted*domain*name*.com'
'
*redacted*domain*name*.com,{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authorizations_map='www.*redacted*domain*name*.com,{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _d='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}'
}'
]
}
]
}
"addressUsed": ""
"hostname": "www.*redacted*domain*name*.com",
{
"validationRecord": [
"token": "g787j7585g675765j55jj576j=87-J3HnNo",
"validated": "2025-08-24T04:39:51Z",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA",
"type": "dns-01",
{
"challenges": [
"expires": "2025-09-23T04:39:52Z",
"status": "valid",
},
"value": "www.*redacted*domain*name*.com"
"type": "dns",
"identifier": {
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] original='{
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] code='200'
'
strict-transport-security: max-age=604800
x-frame-options: DENY
replay-nonce: 4389jn7438j90734g9034g734098g7d8907
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
boulder-requester: 1914230256
content-length: 570
content-type: application/json
date: Mon, 15 Sep 2025 04:01:17 GMT
server: nginx
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] responseHeaders='HTTP/2 200
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _ret='0'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g '
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Http already initialized.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] body='{"protected": "eyJub25jZSI6ICJKVjhJOGptMXlwWV9uMVlsWi0zOEx2QUNjS2ctNFJTSGtHR299d547834h754jd546754g7895467h5467h9g67f54978b5478934o78dmo54byh9875yb054In0", "payload": "", "signature": "50897h54890hh44f7h5089j54f89076jhn54yoooh908nj8954090j804gh"}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] POST
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] nonce='rtuyrtuuyrthy67567h67h67j667h675'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use _CACHED_NONCE='JV8I8jm1ypY_n1YlZ-38LvACcKg-4RSHkGGoinxSgrUPvGAvNAY'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use cached jwk for file: /var/etc/acme-client/accounts/66ce30e8edd682.55394642_prod/account.key
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] payload
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] url='https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] =======Sending Signed Request=======
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _d='*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}'
}'
]
}
]
}
"addressUsed": ""
"hostname": "*redacted*domain*name*.com",
{
"validationRecord": [
"token": "g54g548j54f80j909hf0h54j54fk956j65",
"validated": "2025-08-24T04:39:48Z",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1915454575475675/574574567457k/Ym2Uhw",
"type": "dns-01",
{
"challenges": [
"expires": "2025-09-23T04:39:49Z",
"status": "valid",
},
"value": "*redacted*domain*name*.com"
"type": "dns",
"identifier": {
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] original='{
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] code='200'
'
strict-transport-security: max-age=604800
x-frame-options: DENY
replay-nonce: JV8I8jm1ypY_n1YlZ-g457546745h87j8998j978h67h67h675
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
boulder-requester: 1914230256
content-length: 562
content-type: application/json
date: Mon, 15 Sep 2025 04:01:17 GMT
server: nginx
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] responseHeaders='HTTP/2 200
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _ret='0'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g '
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Http already initialized.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] body='{"protected": "eyJub25jZSI6345g345gggg34g345h345454h54hGptMS1MajRYWUtCUE1GM25RdjdNck9JUHNTenh3454ff43f3345h34h345h345h34h34I1NnZhYkEiLCAidXJsIjogImh0dHBzOi8vYWNth343434hb5667b67vj8vujc6hc7h667cv678HNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE5MTQyMzAyNTYvNv67v67v67v67v67677h554h5454hh5454h3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTE0MjMwMjU2In0", "payload": "", "signature": "fHpnVY4dd34d34ui54f37h346g6g9d"}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] POST
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] nonce='JV8I8jm1-hgkjhgk34og4lh56khnbwelkgh34kgh34lgb54khnv54'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use _CACHED_NONCE='JV8I8jm1-hgkjhgk34og4lh56khnbwelkgh34kgh34lgb54khnv54'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use cached jwk for file: /var/etc/acme-client/accounts/66ce3dfg54t45t4.55r443542_prod/account.key
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] payload
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] url='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] =======Sending Signed Request=======
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] STEP 2, Get the authorizations of each domain
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5,https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"status":"ready","expires":"2025-09-15T04:01:23Z","identifiers":[{"type":"dns","value":"*redacted*domain*name*.com"},{"type":"dns","value":"www.*redacted*domain*name*.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5","https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/435vf454f54/f2542335f5"}'
}'
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/435vf454f54/f2542335f5"
],
"https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5"
"https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5"
"authorizations": [
],
}
"value": "www.*redacted*domain*name*.com"
"type": "dns",
{
},
"value": "*redacted*domain*name*.com"
"type": "dns",
{
"identifiers": [
"expires": "2025-09-15T04:01:23Z",
"status": "ready",
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] original='{
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] code='201'
'
strict-transport-security: max-age=604800
x-frame-options: DENY
replay-nonce: ouy3498734j9oj9oj9oj9oj9og76d54onihnlkjhnnnnnnnn37
location: https://acme-v02.api.letsencrypt.org/acme/order/1914346456/4258545646436
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
boulder-requester: 1914230256
content-length: 517
content-type: application/json
date: Mon, 15 Sep 2025 04:01:17 GMT
server: nginx
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] responseHeaders='HTTP/2 201
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _ret='0'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g '
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Http already initialized.
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] body='{"protected": "L54fjj54fj54fjj54f54f0554hiop7oh54folui54hp87-07854j954fj-057095f7h9078h098-d549876g95gj089f7j89075fj8907h4908jf548n65jhkcfdg=8p3nyfu8w54t7jmc5890uywc54mpu9wnpu8yyync54fo78n5"}'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] POST
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] nonce='j8h7dj754f890h745fj8d3g76'
'
strict-transport-security: max-age=604800
x-frame-options: DENY
replay-nonce: z38KXhlRU4IYMwq4owA
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
date: Mon, 15 Sep 2025 04:01:16 GMT
server: nginx
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _headers='HTTP/2 200
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _ret='0'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g -I '
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] body
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] HEAD
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _URGLY_PRINTF='1'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _URGLY_PRINTF='1'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] RSA key
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] payload='{"identifiers": [{"type":"dns","value":"*redacted*domain*name*.com"},{"type":"dns","value":"www.*redacted*domain*name*.com"}]}'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] =======Sending Signed Request=======
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] STEP 1, Ordering a Certificate
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _notAfter
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _notBefore
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _identifiers='{"type":"dns","value":"*redacted*domain*name*.com"},{"type":"dns","value":"www.*redacted*domain*name*.com"}'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='www'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='*redacted*domain*name*'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Getting domain auth token for each domain
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='*redacted*domain*name*'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _csr_cn='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Multi domain='DNS:*redacted*domain*name*.com,DNS:www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='www'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='*redacted*domain*name*'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] domainlist='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] csrconf='/var/etc/acme-client/cert-home/abc123abc123.12345678/*redacted*domain*name*.com/*redacted*domain*name*.com.csr.conf'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] csr='/var/etc/acme-client/cert-home/abc123abc123.12345678/*redacted*domain*name*.com/*redacted*domain*name*.com.csr'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] csrkey='/var/etc/acme-client/cert-home/abc123abc123.12345678/*redacted*domain*name*.com/*redacted*domain*name*.com.key'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] domainlist='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] domain='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _createcsr
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Read key length: 4096
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _saved_account_key_hash was not changed, skipping account registration.
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _saved_account_key_hash='sg7kURWHmUiGqRbvrQlQkAu3tlYXmiPdviwYYHwH2+g='
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] 'dns_porkbun' does not contain 'apache'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _currentRoot='dns_porkbun'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Checking for domain='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _currentRoot='dns_porkbun'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Checking for domain='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Le_LocalAddress
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] 'dns_porkbun' does not contain 'no'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _chk_alt_domains='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _chk_main_domain='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _on_before_issue
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_NEW_AUTHZ
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
}'
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
},
"website": "https://letsencrypt.org"
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
},
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"classic": "https://letsencrypt.org/docs/profiles#classic",
"profiles": {
],
"letsencrypt.org"
"caaIdentities": [
"meta": {
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"jp3eV-MyBNw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] response='{
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ret='0'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.RipqdYR0CA -g '
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] timeout=
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] url='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] GET
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _init API for server: https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Le_NextRenewTime='1750793328'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] 'dns_porkbun' does not contain 'dns'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] 'dns_porkbun' does not contain 'dns'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _alt_domains='www.*redacted*domain*name*.com'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _main_domain='*redacted*domain*name*.com'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _ACME_SERVER_PATH='directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Using config home: /var/etc/acme-client/home
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] initpath again.
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Le_API='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Renewing: '*redacted*domain*name*.com'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] DOMAIN_PATH='/var/etc/acme-client/cert-home/abc123abc123.12345678/*redacted*domain*name*.com'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _ACME_SERVER_PATH='directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Using config home: /var/etc/acme-client/home
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _renewServer='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Running cmd: renew
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Using server: https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] LE_WORKING_DIR='/var/etc/acme-client/home'
#2
24.7, 24.10 Series / ACME Client not starting
December 12, 2024, 02:42:06 AM
Noticed my certs were not updating.
I'm seeing this error in the audit logs:

action acme-http-challenge.start not found for user root

Any ideas? Haven't touched my ACME client in months.
#3
Tutorials and FAQs / Re: Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
October 02, 2024, 03:58:24 PM
Trying to figure out how to do subfolders.
Followed the steps in page 1 of this topic and everything works beautifully. 8 domains and multiple subdomains.

Now I would like to do this:
foo.example.com --> 192.168.1.10/
bar.example.com --> 192.168.1.10/subfolder/

I've found a handful of posts from other sites but most of them are from '95 and very vague.
#4
24.7, 24.10 Series / Domains STILL cannot be whitelisted with Unbound
September 26, 2024, 04:10:21 PM
Digging up an old post: https://forum.opnsense.org/index.php?topic=35218.0
This still seems to be a problem.
Trying to open up a mail chimp link, click.mailchimp.com is being blocked by seven black list.
After clicking on "Whitelist" in the reports tab it successfully added the link to the whitelist in Unbound but still blocks the site. Doing a DNS search and manually adding the offending CNAME record: mandrillapp.com the mail chimp link works.
Anyone have an idea as to when this will be resolved. We use mail chimp in our company and if at some point the CNAME record changes, I'll have to go through this process again.
#5
General Discussion / Captive portal files location?
August 28, 2024, 08:16:59 PM
Does anyone know where the templates are located in OPNsense?

I have 2 templates for a company's public wifi. One for when they are open and one for when they are closed.
As I can't see any way of setting a timer in the GUI to switch them, I thought of just uploading both sets of templates then use a cron job to rotate them.

Any ideas?
#6
General Discussion / Firewall block not working with alias (List of IP's)
August 27, 2024, 07:29:26 PM
I have a rule setup that blocks access from the LAN(NWIC1-NWIC2) to a vlan(PlexNet).
If I specify a single IP for the source the rule works but I have a dozen ip's to block so I added them to an alias.
Changing the firewall rule from single IP to the defined alias list blocks everything to the vlan.
It should block everything from the lan > vlan except the specified hosts in the list.

Interface- LAN
Direction- in
Protocol- any
Source Invert- Checked
Source- Admin
Destination- vlan
#7
General Discussion / Re: VLAN not working on LAN but works on any other physical interface
August 25, 2024, 12:01:37 AM
I have DHCP configured for the vlan.
#8
General Discussion / VLAN not working on LAN but works on any other physical interface
August 24, 2024, 09:40:32 PM
Hey everyone, been pulling my hair out most of the day now. This is driving me nuts!

I have a 4 port Protectli Vault. igc0=WAN, igc1=LAN and the other 2 (igc3 & igc4) are assigned interfaces.

I can not get a vlan to work on the LAN port but will work on either of the other 2 interfaces.
The VLAN interface will not give out an IP address from DHCP but I can ping it from the LAN IP.
If I setup vlans on either of the other 2 interfaces, they give out IP's, ping and have full access to internal and external networks with proper rules applied.

Testing with a WiFi AP that supports vlan and with my Proxmox server.
#9
Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy
August 18, 2024, 02:30:53 AM
For anyone in the future reading this, here is a summery of what I did to strip the www from the domain name.


  • Condition
    Name: StripWWW
    Condition type: Host starts with
    Host Prefix: www.example.ca
  • Rule
    Name: StripWWW
    Select Conditions: StripWWW
    Execute functions: http-request redirect
    HTTP Redirect: scheme https://example.com
  • Public Services
    Name: StripWWW
    Listen Addresses: 0.0.0.0:443 0.0.0.0:80
    Select Rules: StripWWW
#10
Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy
August 18, 2024, 02:22:15 AM
Yes, I had changed my GUI port.
Been playing around with the rules since I sent my last message.
Figured it out by trial and error. I was looking at the rule for redirecting http > https and it has a "scheme" in the HTTP Redirect so I added it to my rule. "scheme https://example.com"
No backend or real server needed.
#11
Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy
August 18, 2024, 12:26:09 AM
Sorry, still trying to wrap my head around OPNsense, migrateing from Untangle.
I guess that is what I'm missing (Public Service) but this wont apply "HAProxy configtest found critical errors"
#12
Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy
August 17, 2024, 11:41:21 PM
See pic.
#13
Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy
August 17, 2024, 10:20:20 PM
Didn't really want to use the pass through or modify from ssh, but that's what googling for hours has led me to.

I have already tried with no luck:
Condition> Host contains: www.example.com
Rule> if selected conditions, http-request redirect - https://example.com
#14
Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy
August 16, 2024, 09:31:39 PM
How do I go about doing this from the GUI? Or is this something I need to do from the a ssh terminal?
#15
24.7, 24.10 Series / Issue with ACME deleting certs after upgrade to 24.7.1
August 08, 2024, 08:54:15 PM
Just did the update and needed to change the subdomain of one of my domains.
In HAProxy, removed the cert from Public Services, then deleted the cert from ACME and created a new with the different sub.
Went back into HAProxy to change the cert and now I have 2 certs with the same info.
Went through the process again and now I see 3 copies of the same cert.
I tried all 3 and they all show the same old domain sub in Chrome.
Why are the 3 same certs still showing? Only 1 shows in the ACME certs menu.
Checked in System->Settings->Admin->SSL Certificate. All 3 show their too.
Can I remove them from command line?
Pages1 2