acme.sh broken with cloudflare

Morta · August 01, 2023, 04:43:17 PM

hi

I can't renew my certs.... validation failed always was working with opnsense 23.1.11

2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] skip dns.
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] dns_entries
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _clearupdns
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] No need to restore nginx, skip.
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] pid
 	 	#define WITH_MSGLEVEL 0 /*debug*/
 	 	#define WITH_RETRY 1
 	 	#define WITH_FILAN 1
 	 	#define WITH_SYCLS 1
 	 	#define WITH_LIBWRAP 1
 	 	#undef WITH_FIPS
 	 	#define WITH_OPENSSL 1
 	 	#define WITH_PTY 1
 	 	#undef WITH_TUN
 	 	#undef WITH_READLINE
 	 	#define WITH_EXEC 1
 	 	#define WITH_SYSTEM 1
 	 	#define WITH_PROXY 1
 	 	#undef WITH_VSOCK
 	 	#define WITH_SOCKS4A 1
 	 	#define WITH_SOCKS4 1
 	 	#define WITH_LISTEN 1
 	 	#define WITH_SCTP 1
 	 	#define WITH_UDP 1
 	 	#define WITH_TCP 1
 	 	#undef WITH_INTERFACE
 	 	#define WITH_GENERICSOCKET 1
 	 	#define WITH_RAWIP 1
 	 	#define WITH_IP6 1
 	 	#define WITH_IP4 1
 	 	#undef WITH_ABSTRACT_UNIXSOCKET
 	 	#define WITH_UNIX 1
 	 	#define WITH_PIPE 1
 	 	#define WITH_TERMIOS 1
 	 	#define WITH_GOPEN 1
 	 	#define WITH_CREAT 1
 	 	#define WITH_FILE 1
 	 	#define WITH_FDNUM 1
 	 	#define WITH_STDIO 1
 	 	features:
 	 	running on FreeBSD version FreeBSD 13.2-RELEASE-p1 stable/23.7-n254737-f223233eef4 SMP, release 13.2-RELEASE-p1, machine amd64
 	 	socat version 1.7.4.4 on Jul 28 2023 02:30:20
 	 	socat by Gerhard Rieger and contributors - see www.dest-unreach.org
 	 	socat:
 	 	nginx doesn't exist.
 	 	nginx:
 	 	apache doesn't exist.
 	 	apache:
 	 	OpenSSL 1.1.1t-freebsd 7 Feb 2023
 	 	openssl:openssl
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] Diagnosis versions:
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] code='200'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _ret='0'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] POST
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] payload='{}'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] code='200'
2023-08-01T16:26:38	acme.sh	[Tue Aug 1 16:26:38 CEST 2023] _ret='0'
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] POST
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] payload='{}'
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] Please add '--debug' or '--log' to check more details.
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] _on_issue_err
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] Error add txt for domain:_acme-challenge.xxx.ch
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] invalid domain
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] h
2023-08-01T16:26:37	acme.sh	[Tue Aug 1 16:26:37 CEST 2023] ret='0'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] timeout=
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] GET
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] zones?name=ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] h='ch'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] ret='0'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] timeout=
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] GET
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] zones?name=xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] h='xxx.ch'
2023-08-01T16:26:36	acme.sh	[Tue Aug 1 16:26:36 CEST 2023] ret='0'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] timeout=
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] GET
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] zones?name=_acme-challenge.xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] h='_acme-challenge.xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] First detect the root zone
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] Adding txt value: vBGqNBwnBNPub-yg8pwc16AL0Sa3-kLgeOuU332S0p0 for domain: _acme-challenge.xxx.ch
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] txt='vBGqNBwnBNPub-yg8pwc16AL0Sa3-kLgeOuU332S0p0'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] txtdomain='_acme-challenge.xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _d_alias
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d='xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] vlist='xxx.ch#ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q#dns-01#dns_cf,*.xxx.ch#W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg#dns-01#dns_cf,'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] dvlist='*.xxx.ch#W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg#dns-01#dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] keyauthorization='W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] token='W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg","token":"W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI"'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _w='dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] Getting webroot for domain='*.xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] dvlist='xxx.ch#ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q#dns-01#dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] keyauthorization='ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] token='ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q","token":"ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4"'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _w='dns_cf'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] Getting webroot for domain='xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] d='xxx.ch'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] code='200'
2023-08-01T16:26:35	acme.sh	[Tue Aug 1 16:26:35 CEST 2023] _ret='0'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615786'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] POST
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] payload
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615786'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] code='200'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _ret='0'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615776'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] POST
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] payload
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615776'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/406092430/198736715916'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/406092430/198736715916'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] code='201'
2023-08-01T16:26:34	acme.sh	[Tue Aug 1 16:26:34 CEST 2023] _ret='0'
2023-08-01T16:26:33	acme.sh	[Tue Aug 1 16:26:33 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:33	acme.sh	[Tue Aug 1 16:26:33 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:33	acme.sh	[Tue Aug 1 16:26:33 CEST 2023] POST
2023-08-01T16:26:33	acme.sh	[Tue Aug 1 16:26:33 CEST 2023] _ret='0'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g -I '
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] HEAD
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] RSA key
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] payload='{"identifiers": [{"type":"dns","value":"xxx.ch"},{"type":"dns","value":"*.xxx.ch"}]}'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Getting domain auth token for each domain
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Multi domain='DNS:xxx.ch,DNS:*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _createcsr
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Read key length:ec-384
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _saved_account_key_hash is not changed, skip register account.
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Check for domain='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Check for domain='xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] d='xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Le_LocalAddress
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _chk_alt_domains='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _chk_main_domain='xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _on_before_issue
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_AUTHZ
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ret='0'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] timeout=
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] GET
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Le_NextRenewTime
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] DOMAIN_PATH='/var/etc/acme-client/home/xxx.ch_ecc'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Using config home:/var/etc/acme-client/home
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _alt_domains='*.xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] _main_domain='xxx.ch'
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Running cmd: issue
2023-08-01T16:26:32	acme.sh	[Tue Aug 1 16:26:32 CEST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory

Code Select

 2023-08-01T16:26:38	opnsense	AcmeClient: validation for certificate failed: xxx.ch
2023-08-01T16:26:38	opnsense	AcmeClient: domain validation failed (dns01)
2023-08-01T16:26:32	opnsense	AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 7 --debug --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/cert.pem' --keypath '/var/etc/acme-client/keys/621d15ce2aa0d1.02076547/private.key' --capath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/chain.pem' --fullchainpath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/fullchain.pem' --domain 'xxx.ch' --domain '*.xxx.ch' --days '1' --force --ocsp --keylength 'ec-384' --accountconf '/var/etc/acme-client/accounts/6207d3f1b10373.66815486_prod/account.conf'
2023-08-01T16:26:32	opnsense	AcmeClient: using challenge type: Cloudflare
2023-08-01T16:26:32	opnsense	AcmeClient: account is registered: xxx
2023-08-01T16:26:32	opnsense	AcmeClient: using CA: letsencrypt
2023-08-01T16:26:32	opnsense	AcmeClient: issue certificate:xxx.ch
2023-08-01T16:26:32	opnsense	AcmeClient: certificate must be issued/renewed:xx.ch
2023-08-01T16:26:27	opnsense	AcmeClient: ignoring revocation request for certificate xx.ch (not issued yet)

julsssark · August 01, 2023, 04:53:23 PM

It's working fine for me using the CloudFlare API token and the OPNsense backend.

Morta · August 01, 2023, 05:01:14 PM

Have you a wildcard cert with haproxy?

julsssark · August 01, 2023, 05:07:41 PM

I am not using wildcard certs or HAProxy.

Morta · August 01, 2023, 05:31:02 PM

I'm do. So is there the error?

IsaacFL · August 01, 2023, 05:38:11 PM

Quote from: Morta on August 01, 2023, 05:01:14 PM
Have you a wildcard cert with haproxy?

I just did a force update and mine worked fine. I am not using either of these though.

I did notice the date column is not wide enough to show the date.

Morta · August 01, 2023, 06:02:43 PM

false flag... i could fix it. sorry!

tuananh · May 08, 2024, 04:34:25 PM

ah glad it's not just me. it's driving me crazy

i'm getting "AcmeClient: validation for certificate failed" no matter how i tried. it used to work

acme.sh broken with cloudflare

Morta

August 01, 2023, 04:43:17 PM

julsssark

August 01, 2023, 04:53:23 PM #1

Morta

August 01, 2023, 05:01:14 PM #2

julsssark

August 01, 2023, 05:07:41 PM #3

Morta

August 01, 2023, 05:31:02 PM #4

IsaacFL

August 01, 2023, 05:38:11 PM #5

Morta

August 01, 2023, 06:02:43 PM #6

tuananh

May 08, 2024, 04:34:25 PM #7