acme.sh Headers Not Passing correctly

Headers Not Passing correctly

Open CyberGhost047 opened this issue 2 years ago • 6 comments

Steps to reproduce

acme.sh --issue --dns dns_cf -d "uploads.domain.com" --server letsencrypt
--key-file /etc/ssl/uploads.domain.com/privkey.pem
--fullchain-file /etc/ssl/uploads.domain.com/fullchain.pem

Debug log

[Tue Oct 10 16:14:35 UTC 2023] _selectServer try snames='zerossl.com,zerossl' [Tue Oct 10 16:14:35 UTC 2023] _selectServer try snames='letsencrypt.org,letsencrypt' [Tue Oct 10 16:14:35 UTC 2023] _selectServer match letsencrypt [Tue Oct 10 16:14:35 UTC 2023] Selected server: https://acme-v02.api.letsencrypt.org/directory [Tue Oct 10 16:14:35 UTC 2023] Lets find script dir. [Tue Oct 10 16:14:35 UTC 2023] SCRIPT='/root/.acme.sh/acme.sh' [Tue Oct 10 16:14:35 UTC 2023] _script='/root/.acme.sh/acme.sh' [Tue Oct 10 16:14:35 UTC 2023] _script_home='/root/.acme.sh' [Tue Oct 10 16:14:35 UTC 2023] Using config home:/root/.acme.sh [Tue Oct 10 16:14:35 UTC 2023] LE_WORKING_DIR='/root/.acme.sh' https://github.com/acmesh-official/acme.sh v3.0.7 [Tue Oct 10 16:14:35 UTC 2023] Using server: https://acme-v02.api.letsencrypt.org/directory [Tue Oct 10 16:14:35 UTC 2023] Running cmd: issue [Tue Oct 10 16:14:35 UTC 2023] _main_domain='uploads.domain.com' [Tue Oct 10 16:14:35 UTC 2023] _alt_domains='no' [Tue Oct 10 16:14:35 UTC 2023] Using config home:/root/.acme.sh [Tue Oct 10 16:14:35 UTC 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Tue Oct 10 16:14:35 UTC 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Tue Oct 10 16:14:35 UTC 2023] _ACME_SERVER_PATH='directory' [Tue Oct 10 16:14:35 UTC 2023] DOMAIN_PATH='/root/.acme.sh/uploads.domain.com_ecc' [Tue Oct 10 16:14:35 UTC 2023] 'dns_cf' does not contain 'dns' [Tue Oct 10 16:14:35 UTC 2023] Le_NextRenewTime [Tue Oct 10 16:14:35 UTC 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Tue Oct 10 16:14:35 UTC 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Tue Oct 10 16:14:35 UTC 2023] GET [Tue Oct 10 16:14:35 UTC 2023] url='https://acme-v02.api.letsencrypt.org/directory' [Tue Oct 10 16:14:35 UTC 2023] timeout= [Tue Oct 10 16:14:35 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.vkliMZL2qK -g ' [Tue Oct 10 16:14:35 UTC 2023] ret='0' [Tue Oct 10 16:14:35 UTC 2023] response='{ "OD-wNxCig-Y": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' [Tue Oct 10 16:14:35 UTC 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Tue Oct 10 16:14:35 UTC 2023] ACME_NEW_AUTHZ [Tue Oct 10 16:14:35 UTC 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Tue Oct 10 16:14:35 UTC 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Tue Oct 10 16:14:35 UTC 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Tue Oct 10 16:14:35 UTC 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf' [Tue Oct 10 16:14:35 UTC 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Tue Oct 10 16:14:35 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory [Tue Oct 10 16:14:35 UTC 2023] _on_before_issue [Tue Oct 10 16:14:35 UTC 2023] _chk_main_domain='uploads.domain.com' [Tue Oct 10 16:14:35 UTC 2023] _chk_alt_domains [Tue Oct 10 16:14:35 UTC 2023] 'dns_cf' does not contain 'no' [Tue Oct 10 16:14:35 UTC 2023] Le_LocalAddress [Tue Oct 10 16:14:35 UTC 2023] d='uploads.domain.com' [Tue Oct 10 16:14:36 UTC 2023] Check for domain='uploads.domain.com' [Tue Oct 10 16:14:36 UTC 2023] _currentRoot='dns_cf' [Tue Oct 10 16:14:36 UTC 2023] d [Tue Oct 10 16:14:36 UTC 2023] 'dns_cf' does not contain 'apache' [Tue Oct 10 16:14:36 UTC 2023] _saved_account_key_hash='zTyZ21Ns+KWtJf9+OompZSf8r8FwmZGQ6r0gnfv9Wpc=' [Tue Oct 10 16:14:36 UTC 2023] _saved_account_key_hash is not changed, skip register account. [Tue Oct 10 16:14:36 UTC 2023] Read key length:ec-256 [Tue Oct 10 16:14:36 UTC 2023] _createcsr [Tue Oct 10 16:14:36 UTC 2023] domain='uploads.domain.com' [Tue Oct 10 16:14:36 UTC 2023] domainlist [Tue Oct 10 16:14:36 UTC 2023] csrkey='/root/.acme.sh/uploads.domain.com_ecc/uploads.domain.com.key' [Tue Oct 10 16:14:36 UTC 2023] csr='/root/.acme.sh/uploads.domain.com_ecc/uploads.domain.com.csr' [Tue Oct 10 16:14:36 UTC 2023] csrconf='/root/.acme.sh/uploads.domain.com_ecc/uploads.domain.com.csr.conf' [Tue Oct 10 16:14:36 UTC 2023] Single domain='uploads.domain.com' [Tue Oct 10 16:14:36 UTC 2023] seg='uploads' [Tue Oct 10 16:14:36 UTC 2023] _is_idn_d='uploads.domain.com' [Tue Oct 10 16:14:36 UTC 2023] _idn_temp [Tue Oct 10 16:14:36 UTC 2023] _is_idn_d='uploads.domain.com' [Tue Oct 10 16:14:36 UTC 2023] _idn_temp [Tue Oct 10 16:14:36 UTC 2023] _csr_cn='uploads.domain.com' [Tue Oct 10 16:14:36 UTC 2023] seg='uploads' [Tue Oct 10 16:14:36 UTC 2023] Getting domain auth token for each domain [Tue Oct 10 16:14:36 UTC 2023] seg='uploads' [Tue Oct 10 16:14:36 UTC 2023] _is_idn_d='uploads.domain.com' [Tue Oct 10 16:14:36 UTC 2023] _idn_temp [Tue Oct 10 16:14:36 UTC 2023] d [Tue Oct 10 16:14:36 UTC 2023] _identifiers='{"type":"dns","value":"uploads.domain.com"}' [Tue Oct 10 16:14:36 UTC 2023] _notBefore [Tue Oct 10 16:14:36 UTC 2023] _notAfter [Tue Oct 10 16:14:36 UTC 2023] =======Begin Send Signed Request======= [Tue Oct 10 16:14:36 UTC 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Tue Oct 10 16:14:36 UTC 2023] payload='{"identifiers": [{"type":"dns","value":"uploads.domain.com"}]}' [Tue Oct 10 16:14:36 UTC 2023] EC key [Tue Oct 10 16:14:36 UTC 2023] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Tue Oct 10 16:14:36 UTC 2023] HEAD [Tue Oct 10 16:14:36 UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Tue Oct 10 16:14:36 UTC 2023] body [Tue Oct 10 16:14:36 UTC 2023] _postContentType='application/jose+json' [Tue Oct 10 16:14:36 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NXrSTaczZ0 -g -I ' [Tue Oct 10 16:14:36 UTC 2023] _ret='0' [Tue Oct 10 16:14:36 UTC 2023] _headers='HTTP/2 200 server: nginx date: Tue, 10 Oct 2023 16:14:36 GMT cache-control: public, max-age=0, no-cache link: https://acme-v02.api.letsencrypt.org/directory;rel="index" replay-nonce: IAvmRRVV8uUDdEMus6vm3zfaMbOEgoejsuEYFgtt2ATyvbRr6c4 x-frame-options: DENY strict-transport-security: max-age=604800 ' [Tue Oct 10 16:14:36 UTC 2023] _CACHED_NONCE='IAvmRRVV8uUDdEMus6vm3zfaMbOEgoejsuEYFgtt2ATyvbRr6c4' [Tue Oct 10 16:14:36 UTC 2023] nonce='IAvmRRVV8uUDdEMus6vm3zfaMbOEgoejsuEYFgtt2ATyvbRr6c4' [Tue Oct 10 16:14:36 UTC 2023] POST [Tue Oct 10 16:14:36 UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Tue Oct 10 16:14:36 UTC 2023] body='{"protected": "eyJub25jZSI6ICJJQXZtUlJWVjh1VURkRU11czZ2bTN6ZmFNYk9FZ29lanN1RVlGZ3R0MkFUeXZiUnI2YzQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVuploadsNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMwNjk1NiJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InVwbG9hZHMudmVpbmdhbWluZy5jb20ifV19", "signature": "qsuyBnKg-XBYIZd9ea8QDl1bXMJW9bSOrpiFqcvEy2L-2gDkU2owm_dDchXUHnNgJOKO4iiwY8P8rCiY0CwsTQ"}' [Tue Oct 10 16:14:36 UTC 2023] _postContentType='application/jose+json' [Tue Oct 10 16:14:37 UTC 2023] Http already initialized. [Tue Oct 10 16:14:37 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NXrSTaczZ0 -g ' [Tue Oct 10 16:14:37 UTC 2023] _ret='0' [Tue Oct 10 16:14:37 UTC 2023] responseHeaders='HTTP/2 201 server: nginx date: Tue, 10 Oct 2023 16:14:37 GMT content-type: application/json content-length: 348 boulder-requester: 1352306956 cache-control: public, max-age=0, no-cache link: https://acme-v02.api.letsencrypt.org/directory;rel="index" location: https://acme-v02.api.letsencrypt.org/acme/order/1352306956/214158112466 replay-nonce: IAvmRRVVPsWbGL0fO6FwCmENqPaxN1j-wGHtbIharVHfJGtwl7o x-frame-options: DENY strict-transport-security: max-age=604800 ' [Tue Oct 10 16:14:37 UTC 2023] code='201' [Tue Oct 10 16:14:37 UTC 2023] original='{ "status": "pending", "expires": "2023-10-17T16:14:37Z", "identifiers": [ { "type": "dns", "value": "uploads.domain.com" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1352306956/214158112466" }' [Tue Oct 10 16:14:37 UTC 2023] response='{"status":"pending","expires":"2023-10-17T16:14:37Z","identifiers":[{"type":"dns","value":"uploads.domain.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1352306956/214158112466"}' [Tue Oct 10 16:14:37 UTC 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1352306956/214158112466' [Tue Oct 10 16:14:37 UTC 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1352306956/214158112466' [Tue Oct 10 16:14:37 UTC 2023] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746' [Tue Oct 10 16:14:37 UTC 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746' [Tue Oct 10 16:14:37 UTC 2023] =======Begin Send Signed Request======= [Tue Oct 10 16:14:37 UTC 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746' [Tue Oct 10 16:14:37 UTC 2023] payload [Tue Oct 10 16:14:37 UTC 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key [Tue Oct 10 16:14:37 UTC 2023] Use _CACHED_NONCE='IAvmRRVVPsWbGL0fO6FwCmENqPaxN1j-wGHtbIharVHfJGtwl7o' [Tue Oct 10 16:14:37 UTC 2023] nonce='IAvmRRVVPsWbGL0fO6FwCmENqPaxN1j-wGHtbIharVHfJGtwl7o' [Tue Oct 10 16:14:37 UTC 2023] POST [Tue Oct 10 16:14:37 UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746' [Tue Oct 10 16:14:37 UTC 2023] body='{"protected": "eyJub25jZSI6ICJJQXZtUlJWVlBzV2JHTDBmTzZGd0NtRU5xUGF4TjFqLXdHSHRiSWhhclZIZkpHdHdsN28iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI3MjU2OTY2Mzc0NiIsICJhbGciOiAiRVuploadsNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTM1MjMwNjk1NiJ9", "payload": "", "signature": "zOAlaLWyeMher-rT7Ggci4VghlPqKfecEA-Gmkua_tGfhaE7WgHCY9dG41KF_2ANvMJXsPHagEo1l0oWAx7CIg"}' [Tue Oct 10 16:14:37 UTC 2023] _postContentType='application/jose+json' [Tue Oct 10 16:14:37 UTC 2023] Http already initialized. [Tue Oct 10 16:14:37 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NXrSTaczZ0 -g ' [Tue Oct 10 16:14:37 UTC 2023] _ret='0' [Tue Oct 10 16:14:37 UTC 2023] responseHeaders='HTTP/2 200 server: nginx date: Tue, 10 Oct 2023 16:14:37 GMT content-type: application/json content-length: 806 boulder-requester: 1352306956 cache-control: public, max-age=0, no-cache link: https://acme-v02.api.letsencrypt.org/directory;rel="index" replay-nonce: IAvmRRVVVgxI6HZzuOVZ31qh4BPKIgXFDNgKayatVISQYXjYmbQ x-frame-options: DENY strict-transport-security: max-age=604800 ' [Tue Oct 10 16:14:37 UTC 2023] code='200' [Tue Oct 10 16:14:37 UTC 2023] original='{ "identifier": { "type": "dns", "value": "uploads.domain.com" }, "status": "pending", "expires": "2023-10-17T16:14:37Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/ldzjuQ", "token": "sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg", "token": "sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/H52iwQ", "token": "sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE" } ] }' [Tue Oct 10 16:14:37 UTC 2023] response='{"identifier":{"type":"dns","value":"uploads.domain.com"},"status":"pending","expires":"2023-10-17T16:14:37Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/ldzjuQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/H52iwQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"}]}' [Tue Oct 10 16:14:37 UTC 2023] response='{"identifier":{"type":"dns","value":"uploads.domain.com"},"status":"pending","expires":"2023-10-17T16:14:37Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/ldzjuQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/H52iwQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"}]}' [Tue Oct 10 16:14:37 UTC 2023] _d='uploads.domain.com' [Tue Oct 10 16:14:37 UTC 2023] _authorizations_map='uploads.domain.com,{"identifier":{"type":"dns","value":"uploads.domain.com"},"status":"pending","expires":"2023-10-17T16:14:37Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/ldzjuQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/H52iwQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746 ' [Tue Oct 10 16:14:37 UTC 2023] d='uploads.domain.com' [Tue Oct 10 16:14:37 UTC 2023] Getting webroot for domain='uploads.domain.com' [Tue Oct 10 16:14:37 UTC 2023] _w='dns_cf' [Tue Oct 10 16:14:37 UTC 2023] _currentRoot='dns_cf' [Tue Oct 10 16:14:37 UTC 2023] _is_idn_d='uploads.domain.com' [Tue Oct 10 16:14:37 UTC 2023] _idn_temp [Tue Oct 10 16:14:37 UTC 2023] _candidates='uploads.domain.com,{"identifier":{"type":"dns","value":"uploads.domain.com"},"status":"pending","expires":"2023-10-17T16:14:37Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/ldzjuQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/H52iwQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746' [Tue Oct 10 16:14:37 UTC 2023] response='{"identifier":{"type":"dns","value":"uploads.domain.com"},"status":"pending","expires":"2023-10-17T16:14:37Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/ldzjuQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/H52iwQ","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"}]}#https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746' [Tue Oct 10 16:14:37 UTC 2023] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746' [Tue Oct 10 16:14:37 UTC 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"' [Tue Oct 10 16:14:37 UTC 2023] token='sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE' [Tue Oct 10 16:14:38 UTC 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg' [Tue Oct 10 16:14:38 UTC 2023] keyauthorization='sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE.iISVbHMwpUjWATOLIRhGWWZjW2O0SgEK1nWFNKiDYq0' [Tue Oct 10 16:14:38 UTC 2023] dvlist='uploads.domain.com#sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE.iISVbHMwpUjWATOLIRhGWWZjW2O0SgEK1nWFNKiDYq0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg#dns-01#dns_cf#https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746' [Tue Oct 10 16:14:38 UTC 2023] d [Tue Oct 10 16:14:38 UTC 2023] vlist='uploads.domain.com#sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE.iISVbHMwpUjWATOLIRhGWWZjW2O0SgEK1nWFNKiDYq0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg#dns-01#dns_cf#https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746,' [Tue Oct 10 16:14:38 UTC 2023] d='uploads.domain.com' [Tue Oct 10 16:14:38 UTC 2023] _d_alias [Tue Oct 10 16:14:38 UTC 2023] txtdomain='_acme-challenge.uploads.domain.com' [Tue Oct 10 16:14:38 UTC 2023] txt='iuOVjWIvgoX9KDpZgKlHzS_9LJ9tImvB6CGm__anyeI' [Tue Oct 10 16:14:38 UTC 2023] d_api='/root/.acme.sh/dnsapi/dns_cf.sh' [Tue Oct 10 16:14:38 UTC 2023] dns_entry='uploads.domain.com,_acme-challenge.uploads.domain.com,,dns_cf,iuOVjWIvgoX9KDpZgKlHzS_9LJ9tImvB6CGm__anyeI,/root/.acme.sh/dnsapi/dns_cf.sh' [Tue Oct 10 16:14:38 UTC 2023] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh [Tue Oct 10 16:14:38 UTC 2023] Adding txt value: iuOVjWIvgoX9KDpZgKlHzS_9LJ9tImvB6CGm__anyeI for domain: _acme-challenge.uploads.domain.com [Tue Oct 10 16:14:38 UTC 2023] First detect the root zone [Tue Oct 10 16:14:38 UTC 2023] h='_acme-challenge.uploads.domain.com' [Tue Oct 10 16:14:38 UTC 2023] zones?name=_acme-challenge.uploads.domain.com&account.id=email.com [Tue Oct 10 16:14:38 UTC 2023] GET [Tue Oct 10 16:14:38 UTC 2023] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.uploads.domain.com&account.id=email.com' [Tue Oct 10 16:14:38 UTC 2023] timeout= [Tue Oct 10 16:14:38 UTC 2023] Http already initialized. [Tue Oct 10 16:14:38 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NXrSTaczZ0 -g ' [Tue Oct 10 16:14:38 UTC 2023] ret='0' [Tue Oct 10 16:14:38 UTC 2023] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}' [Tue Oct 10 16:14:38 UTC 2023] h='uploads.domain.com' [Tue Oct 10 16:14:38 UTC 2023] zones?name=uploads.domain.com&account.id=email.com [Tue Oct 10 16:14:38 UTC 2023] GET [Tue Oct 10 16:14:38 UTC 2023] url='https://api.cloudflare.com/client/v4/zones?name=uploads.domain.com&account.id=email.com' [Tue Oct 10 16:14:38 UTC 2023] timeout= [Tue Oct 10 16:14:38 UTC 2023] Http already initialized. [Tue Oct 10 16:14:38 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NXrSTaczZ0 -g ' [Tue Oct 10 16:14:38 UTC 2023] ret='0' [Tue Oct 10 16:14:38 UTC 2023] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}' [Tue Oct 10 16:14:38 UTC 2023] h='domain.com' [Tue Oct 10 16:14:38 UTC 2023] zones?name=domain.com&account.id=email.com [Tue Oct 10 16:14:38 UTC 2023] GET [Tue Oct 10 16:14:38 UTC 2023] url='https://api.cloudflare.com/client/v4/zones?name=domain.com&account.id=email.com' [Tue Oct 10 16:14:38 UTC 2023] timeout= [Tue Oct 10 16:14:38 UTC 2023] Http already initialized. [Tue Oct 10 16:14:38 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NXrSTaczZ0 -g ' [Tue Oct 10 16:14:39 UTC 2023] ret='0' [Tue Oct 10 16:14:39 UTC 2023] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}' [Tue Oct 10 16:14:39 UTC 2023] h='com' [Tue Oct 10 16:14:39 UTC 2023] zones?name=com&account.id=email.com [Tue Oct 10 16:14:39 UTC 2023] GET [Tue Oct 10 16:14:39 UTC 2023] url='https://api.cloudflare.com/client/v4/zones?name=com&account.id=email.com' [Tue Oct 10 16:14:39 UTC 2023] timeout= [Tue Oct 10 16:14:39 UTC 2023] Http already initialized. [Tue Oct 10 16:14:39 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NXrSTaczZ0 -g ' [Tue Oct 10 16:14:39 UTC 2023] ret='0' [Tue Oct 10 16:14:39 UTC 2023] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}' [Tue Oct 10 16:14:39 UTC 2023] h [Tue Oct 10 16:14:39 UTC 2023] invalid domain [Tue Oct 10 16:14:39 UTC 2023] Error add txt for domain:_acme-challenge.uploads.domain.com [Tue Oct 10 16:14:39 UTC 2023] _on_issue_err [Tue Oct 10 16:14:39 UTC 2023] Please add '--debug' or '--log' to check more details. [Tue Oct 10 16:14:39 UTC 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Tue Oct 10 16:14:39 UTC 2023] _chk_vlist='uploads.domain.com#sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE.iISVbHMwpUjWATOLIRhGWWZjW2O0SgEK1nWFNKiDYq0#https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg#dns-01#dns_cf#https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746,' [Tue Oct 10 16:14:39 UTC 2023] start to deactivate authz [Tue Oct 10 16:14:39 UTC 2023] Trigger domain validation. [Tue Oct 10 16:14:39 UTC 2023] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg' [Tue Oct 10 16:14:39 UTC 2023] _t_key_authz='sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE.iISVbHMwpUjWATOLIRhGWWZjW2O0SgEK1nWFNKiDYq0' [Tue Oct 10 16:14:39 UTC 2023] _t_vtype [Tue Oct 10 16:14:39 UTC 2023] =======Begin Send Signed Request======= [Tue Oct 10 16:14:39 UTC 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg' [Tue Oct 10 16:14:39 UTC 2023] payload='{}' [Tue Oct 10 16:14:39 UTC 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key [Tue Oct 10 16:14:39 UTC 2023] Use _CACHED_NONCE='IAvmRRVVVgxI6HZzuOVZ31qh4BPKIgXFDNgKayatVISQYXjYmbQ' [Tue Oct 10 16:14:39 UTC 2023] nonce='IAvmRRVVVgxI6HZzuOVZ31qh4BPKIgXFDNgKayatVISQYXjYmbQ' [Tue Oct 10 16:14:39 UTC 2023] POST [Tue Oct 10 16:14:39 UTC 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg' [Tue Oct 10 16:14:39 UTC 2023] body='{"protected": "eyJub25jZSI6ICJJQXZtUlJWVlZneEk2SFp6dU9WWjMxcWg0QlBLSWdYRkROZ0theWF0VklTUVlYalltYlEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI3MjU2OTY2Mzc0Ni9KcGRfY2ciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEzNTIzMDY5NTYifQ", "payload": "e30", "signature": "nxNKd8h372lLBDLoe1aq1yv3_Jf3-N6J90BtOAusVSr3ScvgT-H1TswTodmzmQUzCDtplL7md8qU4P3tHDmmxA"}' [Tue Oct 10 16:14:39 UTC 2023] _postContentType='application/jose+json' [Tue Oct 10 16:14:39 UTC 2023] Http already initialized. [Tue Oct 10 16:14:39 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NXrSTaczZ0 -g ' [Tue Oct 10 16:14:39 UTC 2023] _ret='0' [Tue Oct 10 16:14:39 UTC 2023] responseHeaders='HTTP/2 200 server: nginx date: Tue, 10 Oct 2023 16:14:39 GMT content-type: application/json content-length: 186 boulder-requester: 1352306956 cache-control: public, max-age=0, no-cache link: https://acme-v02.api.letsencrypt.org/directory;rel="index" link: https://acme-v02.api.letsencrypt.org/acme/authz-v3/272569663746;rel="up" location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg replay-nonce: _s_5u1NQpkoM9V4jE07BTwOlakM59nnAxrhmOa_SjuhKuickXD4 x-frame-options: DENY strict-transport-security: max-age=604800 ' [Tue Oct 10 16:14:39 UTC 2023] code='200' [Tue Oct 10 16:14:39 UTC 2023] original='{ "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg", "token": "sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE" }' [Tue Oct 10 16:14:39 UTC 2023] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/272569663746/Jpd_cg","token":"sNF6SzfKuxIfWW0qeoRNQEFdwp_57-mgjePzrN-nSdE"}' [Tue Oct 10 16:14:39 UTC 2023] Diagnosis versions: openssl:openssl OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) apache: apache doesn't exist. nginx: nginx version: nginx/1.18.0 (Ubuntu) built with OpenSSL 3.0.2 15 Mar 2022 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-zctdR4/nginx-1.18.0=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --add-dynamic-module=/build/nginx-zctdR4/nginx-1.18.0/debian/modules/http-geoip2 --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org socat version 1.7.4.1 on Mar 25 2022 09:51:32 running on Linux version #96-Ubuntu SMP Wed Sep 20 08:23:49 UTC 2023, release 5.15.0-86-generic, machine x86_64 features: #define WITH_STDIO 1 #define WITH_FDNUM 1 #define WITH_FILE 1 #define WITH_CREAT 1 #define WITH_GOPEN 1 #define WITH_TERMIOS 1 #define WITH_PIPE 1 #define WITH_UNIX 1 #define WITH_ABSTRACT_UNIXSOCKET 1 #define WITH_IP4 1 #define WITH_IP6 1 #define WITH_RAWIP 1 #define WITH_GENERICSOCKET 1 #define WITH_INTERFACE 1 #define WITH_TCP 1 #define WITH_UDP 1 #define WITH_SCTP 1 #define WITH_LISTEN 1 #define WITH_SOCKS4 1 #define WITH_SOCKS4A 1 #define WITH_VSOCK 1 #define WITH_PROXY 1 #define WITH_SYSTEM 1 #define WITH_EXEC 1 #undef WITH_READLINE #define WITH_TUN 1 #define WITH_PTY 1 #define WITH_OPENSSL 1 #undef WITH_FIPS #define WITH_LIBWRAP 1 #define WITH_SYCLS 1 #define WITH_FILAN 1 #define WITH_RETRY 1 #define WITH_MSGLEVEL 0 /debug/ [Tue Oct 10 16:14:39 UTC 2023] pid [Tue Oct 10 16:14:39 UTC 2023] No need to restore nginx, skip. [Tue Oct 10 16:14:39 UTC 2023] _clearupdns [Tue Oct 10 16:14:39 UTC 2023] dns_entries [Tue Oct 10 16:14:39 UTC 2023] skip dns.

I have tried a curl command passing the cf account and global key headers and they were ok. Even generated a fresh global key.

I have ran acme.sh --upgrade already.

Not sure where its going wrong.

Oct 10 '23 16:10 CyberGhost047

Well, I have a similar problem.

# test my cf key: is ok
root@vps2:~# curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
     -H "Authorization: Bearer c********N" \
     -H "Content-Type:application/json"
{"result":{"id":"b5fc06********3b13df","status":"active"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]}
root@vps2:~# export CF_Key="c********N"
root@vps2:~# export CF_Email=**@**.com
root@vps2:~# . ~/.acme.sh/dnsapi/dns_cf.sh
# the test methods from the previous issue
root@vps2:~# which dns_cf_add  && echo ok || echo bad
bad

I suspect if certain crucial parameters are missing in the HTTP request headers of the Cloudflare API. that is my error log:

root@vps2:~# acme.sh --server zerossl --issue -d *.j**c.com --dns dns_cf --debug 2

The previous logs are fine, so I won't paste them.

[Tue Nov 21 02:32:25 AM UTC 2023] _candidates='*.j**c.com,{"identifier":{"type":"dns","value":"*.j**c.com"},"status":"pending","expires":"2023-12-21T02:32:17Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/BSvr6Ql8439aaOW3-qGKig","status":"pending","token":"ra5X6akul-EUgQCzv3ebnDjwjJW49u52NUqnK-SDKts"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA","status":"pending","token":"Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU"}]}#https://acme.zerossl.com/v2/DV90/authz/SkCKfCqJWdcGFzItwKMUiA'
[Tue Nov 21 02:32:25 AM UTC 2023] response='{"identifier":{"type":"dns","value":"*.j**c.com"},"status":"pending","expires":"2023-12-21T02:32:17Z","challenges":[{"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/BSvr6Ql8439aaOW3-qGKig","status":"pending","token":"ra5X6akul-EUgQCzv3ebnDjwjJW49u52NUqnK-SDKts"},{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA","status":"pending","token":"Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU"}]}#https://acme.zerossl.com/v2/DV90/authz/SkCKfCqJWdcGFzItwKMUiA'
[Tue Nov 21 02:32:25 AM UTC 2023] _authz_url='https://acme.zerossl.com/v2/DV90/authz/SkCKfCqJWdcGFzItwKMUiA'
[Tue Nov 21 02:32:25 AM UTC 2023] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA","status":"pending","token":"Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU"'
[Tue Nov 21 02:32:25 AM UTC 2023] token='Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU'
[Tue Nov 21 02:32:25 AM UTC 2023] uri='https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA'
[Tue Nov 21 02:32:25 AM UTC 2023] keyauthorization='Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU.NqGn48UA2eVtUTMH-f7xM7jy74EMNuBbdB3mOZxm-TY'
[Tue Nov 21 02:32:25 AM UTC 2023] dvlist='*.j**c.com#Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU.NqGn48UA2eVtUTMH-f7xM7jy74EMNuBbdB3mOZxm-TY#https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA#dns-01#dns_cf#https://acme.zerossl.com/v2/DV90/authz/SkCKfCqJWdcGFzItwKMUiA'
[Tue Nov 21 02:32:25 AM UTC 2023] d
[Tue Nov 21 02:32:25 AM UTC 2023] vlist='*.j**c.com#Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU.NqGn48UA2eVtUTMH-f7xM7jy74EMNuBbdB3mOZxm-TY#https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA#dns-01#dns_cf#https://acme.zerossl.com/v2/DV90/authz/SkCKfCqJWdcGFzItwKMUiA,'
[Tue Nov 21 02:32:25 AM UTC 2023] d='*.j**c.com'
[Tue Nov 21 02:32:25 AM UTC 2023] _d_alias
[Tue Nov 21 02:32:25 AM UTC 2023] txtdomain='_acme-challenge.*.j**c.com'
[Tue Nov 21 02:32:25 AM UTC 2023] txt='16FvDy89tMbgJo765pRZrVPSu75uUEFG2u6zzTAWvsw'
[Tue Nov 21 02:32:25 AM UTC 2023] d_api='/root/.acme.sh/dnsapi/dns_cf.sh'
[Tue Nov 21 02:32:25 AM UTC 2023] dns_entry='*.j**c.com,_acme-challenge.*.j**c.com,,dns_cf,16FvDy89tMbgJo765pRZrVPSu75uUEFG2u6zzTAWvsw,/root/.acme.sh/dnsapi/dns_cf.sh'
[Tue Nov 21 02:32:25 AM UTC 2023] Found domain api file: /root/.acme.sh/dnsapi/dns_cf.sh
[Tue Nov 21 02:32:25 AM UTC 2023] Adding txt value: 16FvDy89tMbgJo765pRZrVPSu75uUEFG2u6zzTAWvsw for domain:  _acme-challenge.*.j**c.com
[Tue Nov 21 02:32:25 AM UTC 2023] First detect the root zone
[Tue Nov 21 02:32:25 AM UTC 2023] h='_acme-challenge.*.j**c.com'
[Tue Nov 21 02:32:25 AM UTC 2023] zones?name=_acme-challenge.*.j**c.com
[Tue Nov 21 02:32:25 AM UTC 2023] GET
[Tue Nov 21 02:32:25 AM UTC 2023] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.*.j**c.com'
[Tue Nov 21 02:32:25 AM UTC 2023] timeout=
[Tue Nov 21 02:32:25 AM UTC 2023] Http already initialized.
[Tue Nov 21 02:32:25 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.WBc8qrZ0DI  -g '
[Tue Nov 21 02:32:25 AM UTC 2023] ret='0'
[Tue Nov 21 02:32:25 AM UTC 2023] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Nov 21 02:32:25 AM UTC 2023] h='*.j**c.com'
[Tue Nov 21 02:32:25 AM UTC 2023] zones?name=*.j**c.com
[Tue Nov 21 02:32:25 AM UTC 2023] GET
[Tue Nov 21 02:32:25 AM UTC 2023] url='https://api.cloudflare.com/client/v4/zones?name=*.j**c.com'
[Tue Nov 21 02:32:26 AM UTC 2023] timeout=
[Tue Nov 21 02:32:26 AM UTC 2023] Http already initialized.
[Tue Nov 21 02:32:26 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.WBc8qrZ0DI  -g '
[Tue Nov 21 02:32:26 AM UTC 2023] ret='0'
[Tue Nov 21 02:32:26 AM UTC 2023] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Nov 21 02:32:26 AM UTC 2023] h='j**c.com'
[Tue Nov 21 02:32:26 AM UTC 2023] zones?name=j**c.com
[Tue Nov 21 02:32:26 AM UTC 2023] GET
[Tue Nov 21 02:32:26 AM UTC 2023] url='https://api.cloudflare.com/client/v4/zones?name=j**c.com'
[Tue Nov 21 02:32:26 AM UTC 2023] timeout=
[Tue Nov 21 02:32:26 AM UTC 2023] Http already initialized.
[Tue Nov 21 02:32:26 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.WBc8qrZ0DI  -g '
[Tue Nov 21 02:32:26 AM UTC 2023] ret='0'
[Tue Nov 21 02:32:26 AM UTC 2023] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Nov 21 02:32:26 AM UTC 2023] h='cc'
[Tue Nov 21 02:32:26 AM UTC 2023] zones?name=cc
[Tue Nov 21 02:32:26 AM UTC 2023] GET
[Tue Nov 21 02:32:26 AM UTC 2023] url='https://api.cloudflare.com/client/v4/zones?name=cc'
[Tue Nov 21 02:32:26 AM UTC 2023] timeout=
[Tue Nov 21 02:32:26 AM UTC 2023] Http already initialized.
[Tue Nov 21 02:32:26 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.WBc8qrZ0DI  -g '
[Tue Nov 21 02:32:26 AM UTC 2023] ret='0'
[Tue Nov 21 02:32:26 AM UTC 2023] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}'
[Tue Nov 21 02:32:26 AM UTC 2023] h
[Tue Nov 21 02:32:26 AM UTC 2023] invalid domain
[Tue Nov 21 02:32:26 AM UTC 2023] Error add txt for domain:_acme-challenge.*.j**c.com
[Tue Nov 21 02:32:26 AM UTC 2023] _on_issue_err
[Tue Nov 21 02:32:26 AM UTC 2023] Please add '--debug' or '--log' to check more details.
[Tue Nov 21 02:32:26 AM UTC 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Tue Nov 21 02:32:26 AM UTC 2023] _chk_vlist='*.j**c.com#Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU.NqGn48UA2eVtUTMH-f7xM7jy74EMNuBbdB3mOZxm-TY#https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA#dns-01#dns_cf#https://acme.zerossl.com/v2/DV90/authz/SkCKfCqJWdcGFzItwKMUiA,'
[Tue Nov 21 02:32:26 AM UTC 2023] start to deactivate authz
[Tue Nov 21 02:32:26 AM UTC 2023] Trigger domain validation.
[Tue Nov 21 02:32:26 AM UTC 2023] _t_url='https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA'
[Tue Nov 21 02:32:26 AM UTC 2023] _t_key_authz='Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU.NqGn48UA2eVtUTMH-f7xM7jy74EMNuBbdB3mOZxm-TY'
[Tue Nov 21 02:32:26 AM UTC 2023] _t_vtype
[Tue Nov 21 02:32:26 AM UTC 2023] =======Begin Send Signed Request=======
[Tue Nov 21 02:32:26 AM UTC 2023] url='https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA'
[Tue Nov 21 02:32:26 AM UTC 2023] payload='{}'
[Tue Nov 21 02:32:26 AM UTC 2023] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Tue Nov 21 02:32:26 AM UTC 2023] Use _CACHED_NONCE='0moBYXMQUgfVlO66Wkw3zPghckExqYGjcUgNCJmWPk4'
[Tue Nov 21 02:32:26 AM UTC 2023] nonce='0moBYXMQUgfVlO66Wkw3zPghckExqYGjcUgNCJmWPk4'
[Tue Nov 21 02:32:26 AM UTC 2023] POST
[Tue Nov 21 02:32:26 AM UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA'
[Tue Nov 21 02:32:26 AM UTC 2023] body='{"protected": "eyJub25jZSI6ICIwbW9CWVhNUVVnZlZsTzY2V2t3M3pQZ2hja0V4cVlHamNVZ05DSm1XUGs0IiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9jaGFsbC93U3FwRnlxUFA3TXRiLW9wYkV0S0RBIiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9lUTF2eUtPdmtLa21XU0twQUhRY0x3In0", "payload": "e30", "signature": "91sGsMSuCLbBxud-egjOwSN-EM8ednmz-nfGYYSKuzFz02B84oVmb1aSH_eNyBacQ-Z-bzBLfBls52eiGma76Q"}'
[Tue Nov 21 02:32:26 AM UTC 2023] _postContentType='application/jose+json'
[Tue Nov 21 02:32:26 AM UTC 2023] Http already initialized.
[Tue Nov 21 02:32:26 AM UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.WBc8qrZ0DI  -g '
[Tue Nov 21 02:32:33 AM UTC 2023] _ret='0'
[Tue Nov 21 02:32:33 AM UTC 2023] responseHeaders='HTTP/2 200
server: nginx
date: Tue, 21 Nov 2023 02:32:33 GMT
content-type: application/json
content-length: 163
replay-nonce: SZVeX5Lqk00hqoB4VDOmsqMxK4scGBoqpjMkQjX3huI
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90/authz/SkCKfCqJWdcGFzItwKMUiA>;rel="up"
retry-after: 10
strict-transport-security: max-age=15724800; includeSubDomains
'
[Tue Nov 21 02:32:33 AM UTC 2023] code='200'
[Tue Nov 21 02:32:33 AM UTC 2023] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA","status":"processing","token":"Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU"}'
[Tue Nov 21 02:32:33 AM UTC 2023] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/wSqpFyqPP7Mtb-opbEtKDA","status":"processing","token":"Bh8mqoe7cK1Sy3jyMvGtqZILzxp8OyHU4VQ0uisuojU"}'
[Tue Nov 21 02:32:33 AM UTC 2023] Diagnosis versions:
openssl:openssl
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.1 on Mar 25 2022 09:51:32
   running on Linux version #62-Ubuntu SMP Tue Nov 22 19:57:26 UTC 2022, release 5.15.0-56-generic, machine s390x
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_VSOCK 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/

that is the http header

root@vps2:~# cat ~/.acme.sh/http.header
HTTP/2 200
server: nginx
date: Tue, 21 Nov 2023 02:35:56 GMT
content-type: application/json
content-length: 163
replay-nonce: cStLfFWaDM4l-Q_XOojatCYRJUYoxGAi_MG9q-xy75g
cache-control: max-age=0, no-cache, no-store
access-control-allow-origin: *
link: <https://acme.zerossl.com/v2/DV90/authz/neUSxQnfu0oxSdKeSwdGTQ>;rel="up"
retry-after: 10
strict-transport-security: max-age=15724800; includeSubDomains

If you have time, you can help to look at this problem, thank you very much!

Nov 21 '23 03:11 aqshing

Same here.

I just used the certbot with a Cloudflare DNS plugin and it worked fine.

Dec 17 '23 13:12 gdubicki

acme.sh acme.sh copied to clipboard

Headers Not Passing correctly

Steps to reproduce

Debug log

acme.sh
acme.sh copied to clipboard