ACME failing because of "OCSP must-staple" even though it's turned off.

Started by Daves_nt_here, September 15, 2025, 10:41:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 15, 2025, 10:41:02 PM
I have lots of certs not auto-renewing unless I click on the manual renew icon, then they will renew with no issues.
I've had all these certs in their for a few years and at one point they had the "OSCP must staple" enabled. I turned off that option when Lets Encrypt sent out the notices a while ago. Since then, they keep failing. I now have a routine of checking certs every 30 days manually but it would be nice if they would just auto renew.

Is this a bug or am I missing something?


Code Select
#define WITH_DEFAULT_IPV 4
#define WITH_MSGLEVEL 0 /*debug*/
#undef WITH_DEVTESTS
#define WITH_RETRY 1
#define WITH_FILAN 1
#define WITH_SYCLS 1
#define WITH_LIBWRAP 1
#undef WITH_FIPS
#define WITH_OPENSSL 1
#define WITH_PTY 1
#undef WITH_TUN
#undef WITH_READLINE
#define WITH_EXEC 1
#define WITH_SHELL 1
#define WITH_SYSTEM 1
#define WITH_PROXY 1
#undef WITH_NAMESPACES
#undef WITH_VSOCK
#define WITH_SOCKS5 1
#define WITH_SOCKS4A 1
#define WITH_SOCKS4 1
#undef WITH_POSIXMQ
#define WITH_LISTEN 1
#define WITH_UDPLITE 1
#undef WITH_DCCP
#define WITH_SCTP 1
#define WITH_UDP 1
#define WITH_TCP 1
#undef WITH_INTERFACE
#define WITH_GENERICSOCKET 1
#define WITH_RAWIP 1
#define WITH_IP6 1
#define WITH_IP4 1
#undef WITH_ABSTRACT_UNIXSOCKET
#define WITH_UNIX 1
#define WITH_SOCKETPAIR 1
#define WITH_PIPE 1
#define WITH_TERMIOS 1
#define WITH_GOPEN 1
#define WITH_CREAT 1
#define WITH_FILE 1
#define WITH_FDNUM 1
#define WITH_STDIO 1
#define WITH_STATS 1
#define WITH_HELP 1
features:
running on FreeBSD version FreeBSD 14.3-RELEASE-p2 stable/25.7-n271676-ab2281de1853 SMP, release 14.3-RELEASE-p2, machine amd64
socat version 1.8.0.3 on Jul 22 2025 04:04:52
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat:
nginx doesn't exist.
nginx:
Apache doesn't exist.
Apache:
OpenSSL 3.0.16 11 Feb 2025 (Library: OpenSSL 3.0.16 11 Feb 2025)
openssl:openssl
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] Diagnosis versions:
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] 'dns_porkbun' does not contain 'dns'
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] _chk_vlist
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] Please add '--debug' or '--log' to see more information.
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] _on_issue_err
}
"status": 403
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"type": "urn:ietf:params:acme:error:unauthorized",
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] {
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] Signing failed. Finalize code was not 200.
}'
"status": 403
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"type": "urn:ietf:params:acme:error:unauthorized",
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] response='{
}'
"status": 403
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"type": "urn:ietf:params:acme:error:unauthorized",
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] original='{
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] code='403'
'
replay-nonce: JV8I8jm1k-SFlG22m0vdpHIURKlE9TDQFUvY-w1FnXS-BuqqBTI
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
boulder-requester: 1914230256
content-length: 215
content-type: application/problem+json
date: Mon, 15 Sep 2025 04:01:18 GMT
server: nginx
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] responseHeaders='HTTP/2 403
2025-09-15T00:01:18-04:00acme.sh[Mon Sep 15 00:01:18 EDT 2025] _ret='0'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g '
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Http already initialized.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] body='{"protected": "MIIFADCCAugCAQAwJDEiMCAGA1UEAwwZbG9uZG9ubWVkaWF0aW9uY2VudGVyLmNvbTCCAiIwDQYJKoZIhvcNAQ8k7897k77k7k7979l77546h9h9h98g7754f54f679346hg7"}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/finalize/1914230256/425885133391'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] POST
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] nonce='4389jn7438j90734g9034g734098g7d8907'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use _CACHED_NONCE='4389jn7438j90734g9034g734098g7d8907'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use cached jwk for file: /var/etc/acme-client/accounts/66ce30e8edd682.55394642_prod/account.key
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] payload='{"csr": "MIIFADCCAugCAQAwJDEiMCAGA1UEAwwZbG9uZG9ubWVkaWF0aW9uY2VudGVyLmNvbTCCAiIwDQYJKoZIhvcNAQ8k7897k77k7k7979l77546h9h9h98g7754f54f679346hg7"}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] url='https://acme-v02.api.letsencrypt.org/acme/finalize/1914230256/425885133391'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] =======Sending Signed Request=======
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1914230256/425885133391'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Let's finalize the order.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] j='28'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] i='2'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Verification finished, beginning signing.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Skipping dns.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] dns_entries
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _clearupdns
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] No need to restore nginx config, skipping.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] pid
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] www.*redacted*domain*name*.com is already verified, skipping dns-01.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] *redacted*domain*name*.com is already verified, skipping dns-01.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] OK, let's start verification
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] www.*redacted*domain*name*.com has already been verified, skipping dns-01.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] *redacted*domain*name*.com has already been verified, skipping dns-01.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d='*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] vlist='*redacted*domain*name*.com#verified_ok##dns-01#dns_porkbun#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5,www.*redacted*domain*name*.com#verified_ok##dns-01#dns_porkbun#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937,'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] dvlist='www.*redacted*domain*name*.com#verified_ok##dns-01#dns_porkbun#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] entry='"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] keyauthorization='verified_ok'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] www.*redacted*domain*name*.com is already valid.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _candidates='www.*redacted*domain*name*.com,{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _idn_temp
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _is_idn_d='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _currentRoot='dns_porkbun'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _w='dns_porkbun'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Getting webroot for domain='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] dvlist='*redacted*domain*name*.com#verified_ok##dns-01#dns_porkbun#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] entry='"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] keyauthorization='verified_ok'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] *redacted*domain*name*.com is already valid.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _candidates='*redacted*domain*name*.com,{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _idn_temp
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _is_idn_d='*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _currentRoot='dns_porkbun'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _w='dns_porkbun'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Getting webroot for domain='*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] d='*redacted*domain*name*.com'
'
*redacted*domain*name*.com,{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authorizations_map='www.*redacted*domain*name*.com,{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _d='www.*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"www.*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:52Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA","status":"valid","validated":"2025-08-24T04:39:51Z","token":"EnqaUkdAUh9JHQYzqgGbbUs79zpWwN4j2d1c-J3HnNo","validationRecord":[{"hostname":"www.*redacted*domain*name*.com","addressUsed":""}]}]}'
}'
]
}
]
}
"addressUsed": ""
"hostname": "www.*redacted*domain*name*.com",
{
"validationRecord": [
"token": "g787j7585g675765j55jj576j=87-J3HnNo",
"validated": "2025-08-24T04:39:51Z",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1914230256/573416835937/RgU_DA",
"type": "dns-01",
{
"challenges": [
"expires": "2025-09-23T04:39:52Z",
"status": "valid",
},
"value": "www.*redacted*domain*name*.com"
"type": "dns",
"identifier": {
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] original='{
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] code='200'
'
strict-transport-security: max-age=604800
x-frame-options: DENY
replay-nonce: 4389jn7438j90734g9034g734098g7d8907
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
boulder-requester: 1914230256
content-length: 570
content-type: application/json
date: Mon, 15 Sep 2025 04:01:17 GMT
server: nginx
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] responseHeaders='HTTP/2 200
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _ret='0'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g '
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Http already initialized.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] body='{"protected": "eyJub25jZSI6ICJKVjhJOGptMXlwWV9uMVlsWi0zOEx2QUNjS2ctNFJTSGtHR299d547834h754jd546754g7895467h5467h9g67f54978b5478934o78dmo54byh9875yb054In0", "payload": "", "signature": "50897h54890hh44f7h5089j54f89076jhn54yoooh908nj8954090j804gh"}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] POST
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] nonce='rtuyrtuuyrthy67567h67h67j667h675'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use _CACHED_NONCE='JV8I8jm1ypY_n1YlZ-38LvACcKg-4RSHkGGoinxSgrUPvGAvNAY'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use cached jwk for file: /var/etc/acme-client/accounts/66ce30e8edd682.55394642_prod/account.key
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] payload
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] url='https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] =======Sending Signed Request=======
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/1914230256/573416835937'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _d='*redacted*domain*name*.com'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"identifier":{"type":"dns","value":"*redacted*domain*name*.com"},"status":"valid","expires":"2025-09-23T04:39:49Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/435vf454f54/f2542335f5/Ym2Uhw","status":"valid","validated":"2025-08-24T04:39:48Z","token":"367h347h347j34j8989g709g679h967hd74","validationRecord":[{"hostname":"*redacted*domain*name*.com","addressUsed":""}]}]}'
}'
]
}
]
}
"addressUsed": ""
"hostname": "*redacted*domain*name*.com",
{
"validationRecord": [
"token": "g54g548j54f80j909hf0h54j54fk956j65",
"validated": "2025-08-24T04:39:48Z",
"status": "valid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1915454575475675/574574567457k/Ym2Uhw",
"type": "dns-01",
{
"challenges": [
"expires": "2025-09-23T04:39:49Z",
"status": "valid",
},
"value": "*redacted*domain*name*.com"
"type": "dns",
"identifier": {
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] original='{
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] code='200'
'
strict-transport-security: max-age=604800
x-frame-options: DENY
replay-nonce: JV8I8jm1ypY_n1YlZ-g457546745h87j8998j978h67h67h675
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
boulder-requester: 1914230256
content-length: 562
content-type: application/json
date: Mon, 15 Sep 2025 04:01:17 GMT
server: nginx
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] responseHeaders='HTTP/2 200
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _ret='0'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g '
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Http already initialized.
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] body='{"protected": "eyJub25jZSI6345g345gggg34g345h345454h54hGptMS1MajRYWUtCUE1GM25RdjdNck9JUHNTenh3454ff43f3345h34h345h345h34h34I1NnZhYkEiLCAidXJsIjogImh0dHBzOi8vYWNth343434hb5667b67vj8vujc6hc7h667cv678HNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE5MTQyMzAyNTYvNv67v67v67v67v67677h554h5454hh5454h3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xOTE0MjMwMjU2In0", "payload": "", "signature": "fHpnVY4dd34d34ui54f37h346g6g9d"}'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] POST
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] nonce='JV8I8jm1-hgkjhgk34og4lh56khnbwelkgh34kgh34lgb54khnv54'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use _CACHED_NONCE='JV8I8jm1-hgkjhgk34og4lh56khnbwelkgh34kgh34lgb54khnv54'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Use cached jwk for file: /var/etc/acme-client/accounts/66ce3dfg54t45t4.55r443542_prod/account.key
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] payload
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] url='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] =======Sending Signed Request=======
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] STEP 2, Get the authorizations of each domain
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5,https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/435vf454f54/f2542335f5'
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] response='{"status":"ready","expires":"2025-09-15T04:01:23Z","identifiers":[{"type":"dns","value":"*redacted*domain*name*.com"},{"type":"dns","value":"www.*redacted*domain*name*.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5","https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/435vf454f54/f2542335f5"}'
}'
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/435vf454f54/f2542335f5"
],
"https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5"
"https://acme-v02.api.letsencrypt.org/acme/authz/435vf454f54/f2542335f5"
"authorizations": [
],
}
"value": "www.*redacted*domain*name*.com"
"type": "dns",
{
},
"value": "*redacted*domain*name*.com"
"type": "dns",
{
"identifiers": [
"expires": "2025-09-15T04:01:23Z",
"status": "ready",
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] original='{
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] code='201'
'
strict-transport-security: max-age=604800
x-frame-options: DENY
replay-nonce: ouy3498734j9oj9oj9oj9oj9og76d54onihnlkjhnnnnnnnn37
location: https://acme-v02.api.letsencrypt.org/acme/order/1914346456/4258545646436
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
boulder-requester: 1914230256
content-length: 517
content-type: application/json
date: Mon, 15 Sep 2025 04:01:17 GMT
server: nginx
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] responseHeaders='HTTP/2 201
2025-09-15T00:01:17-04:00acme.sh[Mon Sep 15 00:01:17 EDT 2025] _ret='0'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g '
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Http already initialized.
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] body='{"protected": "L54fjj54fj54fjj54f54f0554hiop7oh54folui54hp87-07854j954fj-057095f7h9078h098-d549876g95gj089f7j89075fj8907h4908jf548n65jhkcfdg=8p3nyfu8w54t7jmc5890uywc54mpu9wnpu8yyync54fo78n5"}'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] POST
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] nonce='j8h7dj754f890h745fj8d3g76'
'
strict-transport-security: max-age=604800
x-frame-options: DENY
replay-nonce: z38KXhlRU4IYMwq4owA
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
date: Mon, 15 Sep 2025 04:01:16 GMT
server: nginx
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _headers='HTTP/2 200
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _ret='0'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.I69IwOgdN9 -g -I '
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _postContentType='application/jose+json'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] body
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] HEAD
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _URGLY_PRINTF='1'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _URGLY_PRINTF='1'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] RSA key
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] payload='{"identifiers": [{"type":"dns","value":"*redacted*domain*name*.com"},{"type":"dns","value":"www.*redacted*domain*name*.com"}]}'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] =======Sending Signed Request=======
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] STEP 1, Ordering a Certificate
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _notAfter
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _notBefore
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _identifiers='{"type":"dns","value":"*redacted*domain*name*.com"},{"type":"dns","value":"www.*redacted*domain*name*.com"}'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='www'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='*redacted*domain*name*'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Getting domain auth token for each domain
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='*redacted*domain*name*'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _csr_cn='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Multi domain='DNS:*redacted*domain*name*.com,DNS:www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='www'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] seg='*redacted*domain*name*'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] domainlist='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _idn_temp
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _is_idn_d='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] csrconf='/var/etc/acme-client/cert-home/abc123abc123.12345678/*redacted*domain*name*.com/*redacted*domain*name*.com.csr.conf'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] csr='/var/etc/acme-client/cert-home/abc123abc123.12345678/*redacted*domain*name*.com/*redacted*domain*name*.com.csr'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] csrkey='/var/etc/acme-client/cert-home/abc123abc123.12345678/*redacted*domain*name*.com/*redacted*domain*name*.com.key'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] domainlist='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] domain='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _createcsr
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Read key length: 4096
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _saved_account_key_hash was not changed, skipping account registration.
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _saved_account_key_hash='sg7kURWHmUiGqRbvrQlQkAu3tlYXmiPdviwYYHwH2+g='
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] 'dns_porkbun' does not contain 'apache'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _currentRoot='dns_porkbun'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Checking for domain='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _currentRoot='dns_porkbun'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Checking for domain='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] d='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Le_LocalAddress
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] 'dns_porkbun' does not contain 'no'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _chk_alt_domains='www.*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _chk_main_domain='*redacted*domain*name*.com'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _on_before_issue
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_NEW_AUTHZ
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
}'
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
},
"website": "https://letsencrypt.org"
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
},
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"classic": "https://letsencrypt.org/docs/profiles#classic",
"profiles": {
],
"letsencrypt.org"
"caaIdentities": [
"meta": {
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"jp3eV-MyBNw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] response='{
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] ret='0'
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.RipqdYR0CA -g '
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:16 EDT 2025] timeout=
2025-09-15T00:01:16-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] url='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] GET
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _init API for server: https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Le_NextRenewTime='1750793328'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] 'dns_porkbun' does not contain 'dns'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] 'dns_porkbun' does not contain 'dns'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _alt_domains='www.*redacted*domain*name*.com'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _main_domain='*redacted*domain*name*.com'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _ACME_SERVER_PATH='directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Using config home: /var/etc/acme-client/home
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] initpath again.
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Le_API='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Renewing: '*redacted*domain*name*.com'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] DOMAIN_PATH='/var/etc/acme-client/cert-home/abc123abc123.12345678/*redacted*domain*name*.com'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _ACME_SERVER_PATH='directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Using config home: /var/etc/acme-client/home
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] _renewServer='https://acme-v02.api.letsencrypt.org/directory'
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Running cmd: renew
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] Using server: https://acme-v02.api.letsencrypt.org/directory
2025-09-15T00:01:15-04:00acme.sh[Mon Sep 15 00:01:15 EDT 2025] LE_WORKING_DIR='/var/etc/acme-client/home'
September 17, 2025, 08:38:36 AM #1
Have you tried deleting the certificate from the UI and creating a new one with the same settings?
September 17, 2025, 03:57:19 PM #2
I've had this issue with nearly all my certificates for quite some time and found that if I re-enable OCSP, save, disable OCSP, save, the next time round it was ok.
Today at 11:08:37 AM #3
I've just had this happen once again to all my certificates this morning

Code Select
2025-11-04T00:05:55acme.sh[Tue Nov 4 00:05:55 CET 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2025-11-04T00:05:55acme.sh[Tue Nov 4 00:05:55 CET 2025] Please add '--debug' or '--log' to see more information.
}
"status": 403
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"type": "urn:ietf:params:acme:error:unauthorized",
2025-11-04T00:05:55acme.sh[Tue Nov 4 00:05:55 CET 2025] {
2025-11-04T00:05:55acme.sh[Tue Nov 4 00:05:55 CET 2025] Signing failed. Finalize code was not 200.
2025-11-04T00:05:54acme.sh[Tue Nov 4 00:05:54 CET 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1458980416/443694241571'
2025-11-04T00:05:54acme.sh[Tue Nov 4 00:05:54 CET 2025] Let's finalize the order.
2025-11-04T00:05:54acme.sh[Tue Nov 4 00:05:54 CET 2025] Verification finished, beginning signing.
2025-11-04T00:05:54acme.sh[Tue Nov 4 00:05:54 CET 2025] kodos.mydomain.com is already verified, skipping http-01.
2025-11-04T00:05:54acme.sh[Tue Nov 4 00:05:54 CET 2025] Getting webroot for domain='kodos.mydomain.com'
2025-11-04T00:05:52acme.sh[Tue Nov 4 00:05:52 CET 2025] Single domain='kodos.mydomain.com'
2025-11-04T00:05:52acme.sh[Tue Nov 4 00:05:52 CET 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
2025-11-04T00:05:52acme.sh[Tue Nov 4 00:05:52 CET 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory
2025-11-04T00:05:52acme.sh[Tue Nov 4 00:05:52 CET 2025] Renewing: 'kodos.mydomain.com'
I already went through every single certificate disabling/enabling OCSP yet once again it still thinks it's enabled when it tries to renew them.

Is it possible that the config file still contains bad values, in which case where are these stored so I can check them out.

As they are all used by HAProxy as I can bet I can't simply recreate each one without breaking HAProxy.
Today at 11:25:20 AM #4
I think I found the problem. Every single conf file for the certificates has a value 
Code Select
Le_OCSP_Staple='1'
even though the GUI clearly shows it's disabled

When I force a renewal it works, but when I check the file it's still enabled

If I change the value in the file to 0 and then renew it also works, but it remains 0
Print
Go Up Pages1
User actions