acme.sh Certificates have issues Fake LE Intermediate X1 without using --staging/--test

Steps to reproduce acme.sh --apache --renew -d prefix.domain.tld --force --staging then when you're happy with the results acme.sh --apache --renew -d prefix.domain.tld --force resulting certificate is still issued by staging, caused by bad config in the domain direction under .acme.sh direction.

[Tue Jul 23 15:12:13 UTC 2019] Lets find script dir. [Tue Jul 23 15:12:13 UTC 2019] SCRIPT='/root/.acme.sh/acme.sh' [Tue Jul 23 15:12:13 UTC 2019] _script='/root/.acme.sh/acme.sh' [Tue Jul 23 15:12:13 UTC 2019] _script_home='/root/.acme.sh' [Tue Jul 23 15:12:13 UTC 2019] Using config home:/root/.acme.sh [Tue Jul 23 15:12:13 UTC 2019] LE_WORKING_DIR='/root/.acme.sh' https://github.com/Neilpang/acme.sh v2.8.2 [Tue Jul 23 15:12:13 UTC 2019] Using config home:/root/.acme.sh [Tue Jul 23 15:12:13 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Tue Jul 23 15:12:13 UTC 2019] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Tue Jul 23 15:12:13 UTC 2019] DOMAIN_PATH='/root/.acme.sh/prefix.domain.tld' [Tue Jul 23 15:12:13 UTC 2019] Renew: 'prefix.domain.tld' [Tue Jul 23 15:12:13 UTC 2019] Le_API='https://acme-staging-v02.api.letsencrypt.org/directory' [Tue Jul 23 15:12:13 UTC 2019] Using config home:/root/.acme.sh [Tue Jul 23 15:12:13 UTC 2019] ACME_DIRECTORY='https://acme-staging-v02.api.letsencrypt.org/directory' [Tue Jul 23 15:12:13 UTC 2019] _ACME_SERVER_HOST='acme-staging-v02.api.letsencrypt.org' [Tue Jul 23 15:12:13 UTC 2019] _main_domain='prefix.domain.tld' [Tue Jul 23 15:12:13 UTC 2019] _alt_domains='no' [Tue Jul 23 15:12:13 UTC 2019] '/usr/local/www/apache24/data' does not contain 'dns' [Tue Jul 23 15:12:13 UTC 2019] Using ACME_DIRECTORY: https://acme-staging-v02.api.letsencrypt.org/directory [Tue Jul 23 15:12:13 UTC 2019] _init api for server: https://acme-staging-v02.api.letsencrypt.org/directory [Tue Jul 23 15:12:13 UTC 2019] GET [Tue Jul 23 15:12:13 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/directory' [Tue Jul 23 15:12:13 UTC 2019] timeout= [Tue Jul 23 15:12:13 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.E8a0daCq -g ' [Tue Jul 23 15:12:14 UTC 2019] ret='0' [Tue Jul 23 15:12:14 UTC 2019] response='{ "CvONaBX7V4A": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org/docs/staging-environment/" }, "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert" }' [Tue Jul 23 15:12:14 UTC 2019] ACME_KEY_CHANGE='https://acme-staging-v02.api.letsencrypt.org/acme/key-change' [Tue Jul 23 15:12:14 UTC 2019] ACME_NEW_AUTHZ [Tue Jul 23 15:12:14 UTC 2019] ACME_NEW_ORDER='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Tue Jul 23 15:12:14 UTC 2019] ACME_NEW_ACCOUNT='https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' [Tue Jul 23 15:12:14 UTC 2019] ACME_REVOKE_CERT='https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert' [Tue Jul 23 15:12:14 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Tue Jul 23 15:12:14 UTC 2019] ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Tue Jul 23 15:12:14 UTC 2019] ACME_VERSION='2' [Tue Jul 23 15:12:14 UTC 2019] Le_NextRenewTime='1568991358' [Tue Jul 23 15:12:14 UTC 2019] _on_before_issue [Tue Jul 23 15:12:14 UTC 2019] _chk_main_domain='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] _chk_alt_domains [Tue Jul 23 15:12:14 UTC 2019] '/usr/local/www/apache24/data' does not contain 'no' [Tue Jul 23 15:12:14 UTC 2019] Le_LocalAddress [Tue Jul 23 15:12:14 UTC 2019] d='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] Check for domain='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] _currentRoot='/usr/local/www/apache24/data' [Tue Jul 23 15:12:14 UTC 2019] d [Tue Jul 23 15:12:14 UTC 2019] '/usr/local/www/apache24/data' does not contain 'apache' [Tue Jul 23 15:12:14 UTC 2019] _saved_account_key_hash='Ga3b/8HTqSLHC7WbWE0pLWGxf1ekkeABhSUre6Fo3sA=' [Tue Jul 23 15:12:14 UTC 2019] _saved_account_key_hash is not changed, skip register account. [Tue Jul 23 15:12:14 UTC 2019] Read key length: [Tue Jul 23 15:12:14 UTC 2019] _createcsr [Tue Jul 23 15:12:14 UTC 2019] domain='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] domainlist [Tue Jul 23 15:12:14 UTC 2019] csrkey='/root/.acme.sh/prefix.domain.tld/prefix.domain.tld.key' [Tue Jul 23 15:12:14 UTC 2019] csr='/root/.acme.sh/prefix.domain.tld/prefix.domain.tld.csr' [Tue Jul 23 15:12:14 UTC 2019] csrconf='/root/.acme.sh/prefix.domain.tld/prefix.domain.tld.csr.conf' [Tue Jul 23 15:12:14 UTC 2019] Single domain='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] _is_idn_d='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] _idn_temp [Tue Jul 23 15:12:14 UTC 2019] _is_idn_d='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] _idn_temp [Tue Jul 23 15:12:14 UTC 2019] _csr_cn='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] Getting domain auth token for each domain [Tue Jul 23 15:12:14 UTC 2019] _is_idn_d='prefix.domain.tld' [Tue Jul 23 15:12:14 UTC 2019] _idn_temp [Tue Jul 23 15:12:14 UTC 2019] d [Tue Jul 23 15:12:14 UTC 2019] _identifiers='{"type":"dns","value":"prefix.domain.tld"}' [Tue Jul 23 15:12:14 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Tue Jul 23 15:12:14 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"prefix.domain.tld"}]}' [Tue Jul 23 15:12:14 UTC 2019] RSA key [Tue Jul 23 15:12:14 UTC 2019] _URGLY_PRINTF='1' [Tue Jul 23 15:12:14 UTC 2019] _URGLY_PRINTF='1' [Tue Jul 23 15:12:15 UTC 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Tue Jul 23 15:12:15 UTC 2019] HEAD [Tue Jul 23 15:12:15 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce' [Tue Jul 23 15:12:15 UTC 2019] body [Tue Jul 23 15:12:15 UTC 2019] _postContentType='application/jose+json' [Tue Jul 23 15:12:15 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.wR40MZqC -g ' [Tue Jul 23 15:12:15 UTC 2019] _ret='0' [Tue Jul 23 15:12:15 UTC 2019] _headers='HTTP/1.1 200 OK Server: nginx Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: c9M-h8s3qYo-yRCKAFQRxa29be4JMZ5eBH2uHsrtHPc X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Content-Length: 0 Expires: Tue, 23 Jul 2019 15:12:15 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 23 Jul 2019 15:12:15 GMT Connection: keep-alive ' [Tue Jul 23 15:12:15 UTC 2019] _CACHED_NONCE='c9M-h8s3qYo-yRCKAFQRxa29be4JMZ5eBH2uHsrtHPc' [Tue Jul 23 15:12:15 UTC 2019] nonce='c9M-h8s3qYo-yRCKAFQRxa29be4JMZ5eBH2uHsrtHPc' [Tue Jul 23 15:12:15 UTC 2019] POST [Tue Jul 23 15:12:15 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/new-order' [Tue Jul 23 15:12:15 UTC 2019] body='{"protected": "eyJub25jZSI6ICJjOU0taDhzM3FZby15UkNLQUZRUnhhMjliZTRKTVo1ZUJIMnVIc3J0SFBjIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xMDIyMDQwOSJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InBrZy5taW1pcm5ldHdvcmtzLmNvbSJ9XX0", "signature": "U92EuMD9jmci1PaSfieTBY6sj-iqrbPzQMzBz9N-fj6-URwmCAQ5lj8oX-2XTYwfNWimjVRd3eN1cfA4ba1FFPCXm2fc7mvOmYTH7LgpoqqJachQ-mzEe_efU22u9aWyk__W5OUInGFNEr-RPyflbks9FjXqlkkm8QXkOOeJ9sQOgk4aWmRvypKPM9in010KcBhneHB2ArNdRL4TxQmF6XVEQue7hr_HG6QPpAm3spONMYKNmj5J05vO6UOSwDC4F72xu_n9lRaebjjVe8L2ML4tx9UUsiM-V8cFJs2OJX9IKTWorAN42FPYMR1lchH76rebfjeYVrI14nbFxgrMTw"}' [Tue Jul 23 15:12:15 UTC 2019] _postContentType='application/jose+json' [Tue Jul 23 15:12:15 UTC 2019] Http already initialized. [Tue Jul 23 15:12:15 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.wR40MZqC -g ' [Tue Jul 23 15:12:15 UTC 2019] _ret='0' [Tue Jul 23 15:12:15 UTC 2019] responseHeaders='HTTP/1.1 201 Created Server: nginx Content-Type: application/json Content-Length: 393 Boulder-Requester: 10220409 Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/10220409/42082659 Replay-Nonce: v8ppCr6vZ5Wy8OiPcqPQAt4lems3TpC460pD-oMhTvY X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 23 Jul 2019 15:12:15 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 23 Jul 2019 15:12:15 GMT Connection: keep-alive ' [Tue Jul 23 15:12:15 UTC 2019] code='201' [Tue Jul 23 15:12:15 UTC 2019] original='{ "status": "ready", "expires": "2019-07-30T15:12:15.780093584Z", "identifiers": [ { "type": "dns", "value": "prefix.domain.tld" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10220409/42082659" }' [Tue Jul 23 15:12:15 UTC 2019] response='{"status":"ready","expires":"2019-07-30T15:12:15.780093584Z","identifiers":[{"type":"dns","value":"prefix.domain.tld"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10220409/42082659"}' [Tue Jul 23 15:12:15 UTC 2019] Le_LinkOrder='https://acme-staging-v02.api.letsencrypt.org/acme/order/10220409/42082659' [Tue Jul 23 15:12:15 UTC 2019] Le_OrderFinalize='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10220409/42082659' [Tue Jul 23 15:12:15 UTC 2019] _authorizations_seg='https://acme-staging-v02.api.letsencrypt.org/acme/authz/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A' [Tue Jul 23 15:12:15 UTC 2019] _authz_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A' [Tue Jul 23 15:12:15 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A' [Tue Jul 23 15:12:15 UTC 2019] payload [Tue Jul 23 15:12:15 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key [Tue Jul 23 15:12:15 UTC 2019] Use _CACHED_NONCE='v8ppCr6vZ5Wy8OiPcqPQAt4lems3TpC460pD-oMhTvY' [Tue Jul 23 15:12:15 UTC 2019] nonce='v8ppCr6vZ5Wy8OiPcqPQAt4lems3TpC460pD-oMhTvY' [Tue Jul 23 15:12:15 UTC 2019] POST [Tue Jul 23 15:12:15 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/authz/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A' [Tue Jul 23 15:12:15 UTC 2019] body='{"protected": "eyJub25jZSI6ICJ2OHBwQ3I2dlo1V3k4T2lQY3FQUUF0NGxlbXMzVHBDNDYwcEQtb01oVHZZIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzZrZ09kTl8zTFdEUDZMZ2s1Z05kV1pVRlVOUWhXNGgtanE0UUQ1VXVJNUEiLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAyMjA0MDkifQ", "payload": "", "signature": "RJDKUYmvAkKJvHi1b-4PnyLnudmUPZpQffh459_D5hRjV0ko5vT2keFkpuz8zpTZixyBH-bGnnJFILiQBHTpGZNbzE-kcoWRQn2RD-fzG5ZCCHvWSmgFoYIziujc9NQple1kY83FLo0l4Mn5ajzPqhVqHAFdo5EufwWD53Wp6MR7pN9V5U3HG-XywCRwfdAIvFAmNEVW11y3-mdaVhaM5GesnW7F4iRtjYdI0fcj6HElTLBLJ2rS5SThBrXWtzdrLHeF2UIbyNerD9us3uuoBj2oKPPRr1dE-kjjhmL-XCB2uzNUNPea1rylV0OYPWaMdhY9mGsp2COasxMbfDmXNA"}' [Tue Jul 23 15:12:16 UTC 2019] _postContentType='application/jose+json' [Tue Jul 23 15:12:16 UTC 2019] Http already initialized. [Tue Jul 23 15:12:16 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.wR40MZqC -g ' [Tue Jul 23 15:12:16 UTC 2019] _ret='0' [Tue Jul 23 15:12:16 UTC 2019] responseHeaders='HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 1297 Boulder-Requester: 10220409 Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: aZc9vYok9XuccBB9tFhJsYK6CmvaNqmvnyLPVo9PG_I X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 23 Jul 2019 15:12:16 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 23 Jul 2019 15:12:16 GMT Connection: keep-alive ' [Tue Jul 23 15:12:16 UTC 2019] code='200' [Tue Jul 23 15:12:16 UTC 2019] original='{ "identifier": { "type": "dns", "value": "prefix.domain.tld" }, "status": "valid", "expires": "2019-08-22T14:50:27Z", "challenges": [ { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385866", "token": "hoLmLElCX03TmCj42LTagW52wKmu84ijLBNcN5-Mcns" }, { "type": "http-01", "status": "valid", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867", "token": "Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ", "validationRecord": [ { "url": "http://prefix.domain.tld/.well-known/acme-challenge/Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ", "hostname": "prefix.domain.tld", "port": "80", "addressesResolved": [ "199.188.172.130" ], "addressUsed": "199.188.172.130" } ] }, { "type": "dns-01", "status": "pending", "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385868", "token": "avxOvgpDRmUMMteMY1eH2Vd1J3qI4We4Hh_fcERng28" } ] }' [Tue Jul 23 15:12:16 UTC 2019] response='{"identifier":{"type":"dns","value":"prefix.domain.tld"},"status":"valid","expires":"2019-08-22T14:50:27Z","challenges":[{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385866","token":"hoLmLElCX03TmCj42LTagW52wKmu84ijLBNcN5-Mcns"},{"type":"http-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867","token":"Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","validationRecord":[{"url":"http://prefix.domain.tld/.well-known/acme-challenge/Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","hostname":"prefix.domain.tld","port":"80","addressesResolved":["199.188.172.130"],"addressUsed":"199.188.172.130"}]},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385868","token":"avxOvgpDRmUMMteMY1eH2Vd1J3qI4We4Hh_fcERng28"}]}' [Tue Jul 23 15:12:16 UTC 2019] response='{"identifier":{"type":"dns","value":"prefix.domain.tld"},"status":"valid","expires":"2019-08-22T14:50:27Z","challenges":[{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385866","token":"hoLmLElCX03TmCj42LTagW52wKmu84ijLBNcN5-Mcns"},{"type":"http-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867","token":"Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","validationRecord":[{"url":"http://prefix.domain.tld/.well-known/acme-challenge/Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","hostname":"prefix.domain.tld","port":"80","addressesResolved":["199.188.172.130"],"addressUsed":"199.188.172.130"}]},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385868","token":"avxOvgpDRmUMMteMY1eH2Vd1J3qI4We4Hh_fcERng28"}]}' [Tue Jul 23 15:12:16 UTC 2019] _d='prefix.domain.tld' [Tue Jul 23 15:12:16 UTC 2019] _authorizations_map='prefix.domain.tld,{"identifier":{"type":"dns","value":"prefix.domain.tld"},"status":"valid","expires":"2019-08-22T14:50:27Z","challenges":[{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385866","token":"hoLmLElCX03TmCj42LTagW52wKmu84ijLBNcN5-Mcns"},{"type":"http-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867","token":"Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","validationRecord":[{"url":"http://prefix.domain.tld/.well-known/acme-challenge/Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","hostname":"prefix.domain.tld","port":"80","addressesResolved":["199.188.172.130"],"addressUsed":"199.188.172.130"}]},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385868","token":"avxOvgpDRmUMMteMY1eH2Vd1J3qI4We4Hh_fcERng28"}]} ' [Tue Jul 23 15:12:16 UTC 2019] d='prefix.domain.tld' [Tue Jul 23 15:12:16 UTC 2019] Getting webroot for domain='prefix.domain.tld' [Tue Jul 23 15:12:16 UTC 2019] _w='/usr/local/www/apache24/data' [Tue Jul 23 15:12:16 UTC 2019] _currentRoot='/usr/local/www/apache24/data' [Tue Jul 23 15:12:16 UTC 2019] _is_idn_d='prefix.domain.tld' [Tue Jul 23 15:12:16 UTC 2019] _idn_temp [Tue Jul 23 15:12:16 UTC 2019] response='{"identifier":{"type":"dns","value":"prefix.domain.tld"},"status":"valid","expires":"2019-08-22T14:50:27Z","challenges":[{"type":"tls-alpn-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385866","token":"hoLmLElCX03TmCj42LTagW52wKmu84ijLBNcN5-Mcns"},{"type":"http-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867","token":"Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","validationRecord":[{"url":"http://prefix.domain.tld/.well-known/acme-challenge/Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","hostname":"prefix.domain.tld","port":"80","addressesResolved":["199.188.172.130"],"addressUsed":"199.188.172.130"}]},{"type":"dns-01","status":"pending","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385868","token":"avxOvgpDRmUMMteMY1eH2Vd1J3qI4We4Hh_fcERng28"}]}' [Tue Jul 23 15:12:16 UTC 2019] entry='"type":"http-01","status":"valid","url":"https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867","token":"Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","validationRecord":[{"url":"http://prefix.domain.tld/.well-known/acme-challenge/Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ","hostname":"prefix.domain.tld","port":"80","addressesResolved":["199.188.172.130"],"addressUsed":"199.188.172.130"' [Tue Jul 23 15:12:16 UTC 2019] token='Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ' [Tue Jul 23 15:12:16 UTC 2019] uri='https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867' [Tue Jul 23 15:12:16 UTC 2019] keyauthorization='Z1kiGn_05SQg7nz7XqFJTS9UouqCExlVJGww-4-O6LQ.YLrBt3gB65pbs9Zh756ZiSaWjVZ0IUISi75tboS2k2c' [Tue Jul 23 15:12:16 UTC 2019] prefix.domain.tld is already verified. [Tue Jul 23 15:12:16 UTC 2019] keyauthorization='verified_ok' [Tue Jul 23 15:12:16 UTC 2019] dvlist='prefix.domain.tld#verified_ok#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867#http-01#/usr/local/www/apache24/data' [Tue Jul 23 15:12:16 UTC 2019] d [Tue Jul 23 15:12:16 UTC 2019] vlist='prefix.domain.tld#verified_ok#https://acme-staging-v02.api.letsencrypt.org/acme/challenge/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A/333385867#http-01#/usr/local/www/apache24/data,' [Tue Jul 23 15:12:16 UTC 2019] d='prefix.domain.tld' [Tue Jul 23 15:12:16 UTC 2019] prefix.domain.tld is already verified, skip http-01. [Tue Jul 23 15:12:16 UTC 2019] ok, let's start to verify [Tue Jul 23 15:12:16 UTC 2019] prefix.domain.tld is already verified, skip http-01. [Tue Jul 23 15:12:16 UTC 2019] pid [Tue Jul 23 15:12:16 UTC 2019] No need to restore nginx, skip. [Tue Jul 23 15:12:16 UTC 2019] _clearupdns [Tue Jul 23 15:12:16 UTC 2019] dns_entries [Tue Jul 23 15:12:16 UTC 2019] skip dns. [Tue Jul 23 15:12:16 UTC 2019] Verify finished, start to sign. [Tue Jul 23 15:12:16 UTC 2019] i='2' [Tue Jul 23 15:12:16 UTC 2019] j='16' [Tue Jul 23 15:12:16 UTC 2019] Lets finalize the order, Le_OrderFinalize: https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10220409/42082659 [Tue Jul 23 15:12:16 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10220409/42082659' [Tue Jul 23 15:12:16 UTC 2019] payload='{"csr": "MIICpTCCAY0CAQAwIDEeMBwGA1UEAwwVcGtnLm1pbWlybmV0d29ya3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2enBU9kXZLfM8_qVrbXPIC81CBNT3Z9MqyRUSAX8wY_5SNhi7aAFomneIE1LnfLHaH9rxIBNTC1OG6LjoVZd8EGLxA7Kyub-rtuQWgHUOq37ssu9EisoVHaN2dPUg6HlMKirH75TaQEvBWCTlp0z-fznvjTXoA9UO61OrLX55F8qDM4jOlNCZ8eHHMMMaQq9pKwzIGm2pUWmmuK5Rj8prHo68KAdTZpP7Nre9t2j2_DdLE6Km2_ziZbmNWPl4MItIhlD0jzu4AHuRJLAsC0UK5f38uIAihPQNQE4Hd1HEzhhBeM3ipj9hsHxidUh_PNcaOVNVSr6Cetx57QTxArQIDAQABoEAwPgYJKoZIhvcNAQkOMTEwLzALBgNVHQ8EBAMCBeAwIAYDVR0RBBkwF4IVcGtnLm1pbWlybmV0d29ya3MuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQA3e7SSGGLKZG0SvVZ-DnN1D5Y50GzKtcPLksZ6LSRmucYuVs3HEmQOMLRPx1tnuHuJwR_YXJGQkdSUwiekSyCSz1u0lflbSTwvSrjZiqHGj_ECh9eMDnbYXMFnActp-1Frj7ZKdsRDlvDIt4G6iC9_AQjvjH91WSWNZxl0Z2AkCD6HDozaq5pHtWxvMHblXJoLMophMh9-zCqsCRXzGDBu4NopqeqXnIlMFF8IYdh6ULrhAo6ii-XjWWOVrhgKDyIqXSB11-s2zwvx2AXaXzFRsmNB4O0DUywULwmwUzsF3WiGIJqoATllmKqnM1hnAExiF4-XenAQXSL9edXtyq1d"}' [Tue Jul 23 15:12:16 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key [Tue Jul 23 15:12:16 UTC 2019] Use _CACHED_NONCE='aZc9vYok9XuccBB9tFhJsYK6CmvaNqmvnyLPVo9PG_I' [Tue Jul 23 15:12:16 UTC 2019] nonce='aZc9vYok9XuccBB9tFhJsYK6CmvaNqmvnyLPVo9PG_I' [Tue Jul 23 15:12:16 UTC 2019] POST [Tue Jul 23 15:12:16 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10220409/42082659' [Tue Jul 23 15:12:16 UTC 2019] body='{"protected": "eyJub25jZSI6ICJhWmM5dllvazlYdWNjQkI5dEZoSnNZSzZDbXZhTnFtdm55TFBWbzlQR19JIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2ZpbmFsaXplLzEwMjIwNDA5LzQyMDgyNjU5IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEwMjIwNDA5In0", "payload": "eyJjc3IiOiAiTUlJQ3BUQ0NBWTBDQVFBd0lERWVNQndHQTFVRUF3d1ZjR3RuTG0xcGJXbHlibVYwZDI5eWEzTXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEyZW5CVTlrWFpMZk04X3FWcmJYUElDODFDQk5UM1o5TXF5UlVTQVg4d1lfNVNOaGk3YUFGb21uZUlFMUxuZkxIYUg5cnhJQk5UQzFPRzZMam9WWmQ4RUdMeEE3S3l1Yi1fcnR1UVdnSFVPcTM3c3N1OUVpc29WSGFOMmRQVWc2SGxNS2lySDc1VGFRRXZCV0NUbHAwel8tZnpudmpUWG9BOVVPNjFPckxYNTVGOHFETTRqT2xOQ1o4ZUhITU1NYVFxOXBLd3pJR20ycFVXbW11SzVSajhwckhvNjhLQWRUWnBQN05yZTl0MmoyX0RkTEU2S20yX3ppWmJtTldQbDRNSXRJaGxEMGp6dTRBSHVSSkxBc0MwVUs1ZjM4dUlBaWhQUU5RRTRIZDFIRXpoaEJlTTNpcGo5aHNIeGlkVWhfUE5jYU9WTlZTcjZDZXR4NTdRVHhBclFJREFRQUJvRUF3UGdZSktvWklodmNOQVFrT01URXdMekFMQmdOVkhROEVCQU1DQmVBd0lBWURWUjBSQkJrd0Y0SVZjR3RuTG0xcGJXbHlibVYwZDI5eWEzTXVZMjl0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBM2U3U1NHR0xLWkcwU3ZWWi1Ebk4xRDVZNTBHekt0Y1BMa3NaNkxTUm11Y1l1VnMzSEVtUU9NTFJQeDF0bnVIdUp3Ul9ZWEpHUWtkU1V3aWVrU3lDU3oxdTBsZmxiU1R3dlNyalppcUhHal9FQ2g5ZU1EbmJZWE1GbkFjdHAtMUZyajdaS2RzUkRsdkRJdDRHNmlDOV9BUWp2akg5MVdTV05aeGwwWjJBa0NENkhEb3phcTVwSHRXeHZNSGJsWEpvTE1vcGhNaDktekNxc0NSWHpHREJ1NE5vcHFlcVhuSWxNRkY4SVlkaDZVTHJoQW82aWktWGpXV09WcmhnS0R5SXFYU0IxMS1zMnp3dngyQVhhWHpGUnNtTkI0TzBEVXl3VUx3bXdVenNGM1dpR0lKcW9BVGxsbUtxbk0xaG5BRXhpRjQtWGVuQVFYU0w5ZWRYdHlxMWQifQ", "signature": "QAsqcQiI8UQG-fQhEXpX3zC4XBQPpCByZUsaw4CIG43WGhTq9NZLsSC8uv6FKvlPpE6RWibPaDR0B_nx6yP7qve4vKvGoCVAES3_Up3REBtq_4cYm1Pcnzl8KY-fvt3dLb8DOAd680iKU7kPE0gev0nzTUxICdV9QgA58cdcczK5Ojt7oPIxQ_Ij0mCTrED-91JH9ts9tP1gk_c1GfYgnxZ9UR6TSjkGySCFJZEhUVO4e2xwDQe25_UPYz7dN0Z3nA6PnzHFCrdywpF3B2pBzd9wv5PILcnGhMhuJzjX3payCOZWLj0HvVOUq9wWtl7I5HGiY2pajo5UkaQxpNBCrw"}' [Tue Jul 23 15:12:16 UTC 2019] _postContentType='application/jose+json' [Tue Jul 23 15:12:16 UTC 2019] Http already initialized. [Tue Jul 23 15:12:16 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.wR40MZqC -g ' [Tue Jul 23 15:12:18 UTC 2019] _ret='0' [Tue Jul 23 15:12:18 UTC 2019] responseHeaders='HTTP/1.1 100 Continue Expires: Tue, 23 Jul 2019 15:12:16 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache

HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 495 Boulder-Requester: 10220409 Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/10220409/42082659 Replay-Nonce: cjVieQUY1rudWrNy2P3I0QLMp9KjC19hO3I_hpKQoOg X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 23 Jul 2019 15:12:18 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 23 Jul 2019 15:12:18 GMT Connection: keep-alive ' [Tue Jul 23 15:12:18 UTC 2019] code='200' [Tue Jul 23 15:12:18 UTC 2019] original='{ "status": "valid", "expires": "2019-07-30T15:12:15Z", "identifiers": [ { "type": "dns", "value": "prefix.domain.tld" } ], "authorizations": [ "https://acme-staging-v02.api.letsencrypt.org/acme/authz/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A" ], "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10220409/42082659", "certificate": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa2ddb86d78c55d383dd9b998a4006389e58" }' [Tue Jul 23 15:12:18 UTC 2019] response='{"status":"valid","expires":"2019-07-30T15:12:15Z","identifiers":[{"type":"dns","value":"prefix.domain.tld"}],"authorizations":["https://acme-staging-v02.api.letsencrypt.org/acme/authz/6kgOdN_3LWDP6Lgk5gNdWZUFUNQhW4h-jq4QD5UuI5A"],"finalize":"https://acme-staging-v02.api.letsencrypt.org/acme/finalize/10220409/42082659","certificate":"https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa2ddb86d78c55d383dd9b998a4006389e58"}' [Tue Jul 23 15:12:18 UTC 2019] Order status is valid. [Tue Jul 23 15:12:18 UTC 2019] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa2ddb86d78c55d383dd9b998a4006389e58' [Tue Jul 23 15:12:18 UTC 2019] Download cert, Le_LinkCert: https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa2ddb86d78c55d383dd9b998a4006389e58 [Tue Jul 23 15:12:18 UTC 2019] url='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa2ddb86d78c55d383dd9b998a4006389e58' [Tue Jul 23 15:12:18 UTC 2019] payload [Tue Jul 23 15:12:18 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-staging-v02.api.letsencrypt.org/account.key [Tue Jul 23 15:12:18 UTC 2019] Use _CACHED_NONCE='cjVieQUY1rudWrNy2P3I0QLMp9KjC19hO3I_hpKQoOg' [Tue Jul 23 15:12:18 UTC 2019] nonce='cjVieQUY1rudWrNy2P3I0QLMp9KjC19hO3I_hpKQoOg' [Tue Jul 23 15:12:18 UTC 2019] POST [Tue Jul 23 15:12:18 UTC 2019] _post_url='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa2ddb86d78c55d383dd9b998a4006389e58' [Tue Jul 23 15:12:18 UTC 2019] body='{"protected": "eyJub25jZSI6ICJjalZpZVFVWTFydWRXck55MlAzSTBRTE1wOUtqQzE5aE8zSV9ocEtRb09nIiwgInVybCI6ICJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NlcnQvZmEyZGRiODZkNzhjNTVkMzgzZGQ5Yjk5OGE0MDA2Mzg5ZTU4IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzEwMjIwNDA5In0", "payload": "", "signature": "s_VKsytWpUoE3WCbctmS3wuDRI3yktbqfR9NkfHE0EMF_9dZgUyWfWTnaqhLlWV65obBw7sVbgHSZoaZ-hV85BtvurQsqZyu6Lrq4OEW1-cFUHW9vm2Xo56VUFaUf4JbuLzPrBqGMdza8yESMN-moYjTBSpNsv5gZ59YPT0jR6IxoDzzVHuc03yn7Oh-gtMPJQ9p5RF8Ac0WxaVgR5jX9CsI8wCcqigUtFwCecogi9Wn0GpBO8U1EgJ2VrQu1dKycuunj_qoOG-2KmjlTS4zQkJxVqKGoiKREAfztRZGEW8knZuoGmhD_l077IPudPLtJPn4eRGcP08-vE1urTBUgw"}' [Tue Jul 23 15:12:18 UTC 2019] _postContentType='application/jose+json' [Tue Jul 23 15:12:18 UTC 2019] Http already initialized. [Tue Jul 23 15:12:18 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.wR40MZqC -g ' [Tue Jul 23 15:12:18 UTC 2019] _ret='0' [Tue Jul 23 15:12:18 UTC 2019] responseHeaders='HTTP/1.1 200 OK Server: nginx Content-Type: application/pem-certificate-chain Content-Length: 3567 Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index" Replay-Nonce: q9RmPoAK4Uh34V982ODH9fJ-_ijhIVSyHAdPIxd7BtU X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 23 Jul 2019 15:12:18 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 23 Jul 2019 15:12:18 GMT Connection: keep-alive ' [Tue Jul 23 15:12:18 UTC 2019] code='200' [Tue Jul 23 15:12:18 UTC 2019] original='-----BEGIN CERTIFICATE----- MIIFQzCCBCugAwIBAgITAPot24bXjFXTg92bmYpABjieWDANBgkqhkiG9w0BAQsF ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xOTA3MjMx NDEyMTdaFw0xOTEwMjExNDEyMTdaMCAxHjAcBgNVBAMTFXBrZy5taW1pcm5ldHdv cmtzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnpwVPZF2S3 zPP6la21zyAvNQgTU92fTKskVEgF/MGP+UjYYu2gBaJp3iBNS53yx2h/a8SATUwt Thui46FWXfBBi8QOysrm/v67bkFoB1Dqt+7LLvRIrKFR2jdnT1IOh5TCoqx++U2k BLwVgk5adM//n8574016APVDutTqy1+eRfKgzOIzpTQmfHhxzDDGkKvaSsMyBptq VFppriuUY/Kax6OvCgHU2aT+za3vbdo9vw3SxOiptv84mW5jVj5eDCLSIZQ9I87u AB7kSSwLAtFCuX9/LiAIoT0DUBOB3dRxM4YQXjN4qY/YbB8YnVIfzzXGjlTVUq+g nrcee0E8QK0CAwEAAaOCAnIwggJuMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUmpyz IKIj+6/9Saz/SFwEQJG4Ly0wHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7LIKb1 aDowdwYIKwYBBQUHAQEEazBpMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5zdGct aW50LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQu c3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMCAGA1UdEQQZMBeCFXBrZy5taW1p cm5ldHdvcmtzLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEB ATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQG CisGAQQB1nkCBAIEgfUEgfIA8AB3AISfX39Y0r97VOy9dGEc6kXEnJjx1kgbxvae jBdPJPPPAAABbB9j6rsAAAQDAEgwRgIhAIT+FF23uwDRt7iTjMI5w4gikCumoAvu HcngokIhlxyHAiEAssRAclXsUdV/JPqifW9ZOFB0+FvfY4OUN00jBuoLRFsAdQCw zIPlpfl9a698CcwoSQSHKsfoixMsY1C3xv0m4WxsdwAAAWwfY+rXAAAEAwBGMEQC IGQGOXMuEcQtzXnJFlNWUpGIJEaQehMeeUH113cdQzNWAiAlSEblMycOutLch7iS kZYYL5ucXDpprKsCAcRQ6sHdETANBgkqhkiG9w0BAQsFAAOCAQEAIIszAit+O6Gq 7Y3Cw6K8JHPc02WzL8WtkA+9czY2SLU/dXnmuz0fN6XspEP2kHttz5tfg8EK2mWU Sve7JK1b3vPnzdnoR2goiNvfh6oUzC362CjDLB7ytkurpSMoUyPa84VNe8qCGlwD YPK9ROGPFjhCR8EukN1eyyErx6HYAi3GDoaJEl8Wol8gFqE/WQv24dXOK1GaC8z/ Mm26vN1gGv7qprOyGQjZl46vxDaRZ+q9FUqUchEdakYw+CZrJ2053dTP0YJllyqB i2te2RLvZG5n4ymU1Px2R6EWdzRnti735V1Zc/8Zx7pXeNSOj2lIGUSstoIdQARh J023QEN9DQ== -----END CERTIFICATE-----

-----BEGIN CERTIFICATE----- MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2 MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0 8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0 ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56 dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9 AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0 BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9 AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7 IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em 2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0 WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= -----END CERTIFICATE-----' [Tue Jul 23 15:12:18 UTC 2019] Found cert chain [Tue Jul 23 15:12:18 UTC 2019] _end_n='31' [Tue Jul 23 15:12:18 UTC 2019] Le_LinkCert='https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa2ddb86d78c55d383dd9b998a4006389e58' Certificate: Data: Version: 3 (0x2) Serial Number: fa:2d:db:86:d7:8c:55:d3:83:dd:9b:99:8a:40:06:38:9e:58 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Fake LE Intermediate X1 Validity Not Before: Jul 23 14:12:17 2019 GMT Not After : Oct 21 14:12:17 2019 GMT Subject: CN=prefix.domain.tld Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d9:e9:c1:53:d9:17:64:b7:cc:f3:fa:95:ad:b5: cf:20:2f:35:08:13:53:dd:9f:4c:ab:24:54:48:05: fc:c1:8f:f9:48:d8:62:ed:a0:05:a2:69:de:20:4d: 4b:9d:f2:c7:68:7f:6b:c4:80:4d:4c:2d:4e:1b:a2: e3:a1:56:5d:f0:41:8b:c4:0e:ca:ca:e6:fe:fe:bb: 6e:41:68:07:50:ea:b7:ee:cb:2e:f4:48:ac:a1:51: da:37:67:4f:52:0e:87:94:c2:a2:ac:7e:f9:4d:a4: 04:bc:15:82:4e:5a:74:cf:ff:9f:ce:7b:e3:4d:7a: 00:f5:43:ba:d4:ea:cb:5f:9e:45:f2:a0:cc:e2:33: a5:34:26:7c:78:71:cc:30:c6:90:ab:da:4a:c3:32: 06:9b:6a:54:5a:69:ae:2b:94:63:f2:9a:c7:a3:af: 0a:01:d4:d9:a4:fe:cd:ad:ef:6d:da:3d:bf:0d:d2: c4:e8:a9:b6:ff:38:99:6e:63:56:3e:5e:0c:22:d2: 21:94:3d:23:ce:ee:00:1e:e4:49:2c:0b:02:d1:42: b9:7f:7f:2e:20:08:a1:3d:03:50:13:81:dd:d4:71: 33:86:10:5e:33:78:a9:8f:d8:6c:1f:18:9d:52:1f: cf:35:c6:8e:54:d5:52:af:a0:9e:b7:1e:7b:41:3c: 40:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 9A:9C:B3:20:A2:23:FB:AF:FD:49:AC:FF:48:5C:04:40:91:B8:2F:2D X509v3 Authority Key Identifier: keyid:C0:CC:03:46:B9:58:20:CC:5C:72:70:F3:E1:2E:CB:20:A6:F5:68:3A

        Authority Information Access: 
            OCSP - URI:http://ocsp.stg-int-x1.letsencrypt.org
            CA Issuers - URI:http://cert.stg-int-x1.letsencrypt.org/

        X509v3 Subject Alternative Name: 
            DNS:prefix.domain.tld
        X509v3 Certificate Policies: 
            Policy: 2.23.140.1.2.1
            Policy: 1.3.6.1.4.1.44947.1.1.1
              CPS: http://cps.letsencrypt.org

        CT Precertificate SCTs: 
            Signed Certificate Timestamp:
                Version   : v1(0)
                Log ID    : 84:9F:5F:7F:58:D2:BF:7B:54:EC:BD:74:61:1C:EA:45:
                            C4:9C:98:F1:D6:48:1B:C6:F6:9E:8C:17:4F:24:F3:CF
                Timestamp : Jul 23 15:12:17.595 2019 GMT
                Extensions: none
                Signature : ecdsa-with-SHA256
                            30:46:02:21:00:84:FE:14:5D:B7:BB:00:D1:B7:B8:93:
                            8C:C2:39:C3:88:22:90:2B:A6:A0:0B:EE:1D:C9:E0:A2:
                            42:21:97:1C:87:02:21:00:B2:C4:40:72:55:EC:51:D5:
                            7F:24:FA:A2:7D:6F:59:38:50:74:F8:5B:DF:63:83:94:
                            37:4D:23:06:EA:0B:44:5B
            Signed Certificate Timestamp:
                Version   : v1(0)
                Log ID    : B0:CC:83:E5:A5:F9:7D:6B:AF:7C:09:CC:28:49:04:87:
                            2A:C7:E8:8B:13:2C:63:50:B7:C6:FD:26:E1:6C:6C:77
                Timestamp : Jul 23 15:12:17.623 2019 GMT
                Extensions: none
                Signature : ecdsa-with-SHA256
                            30:44:02:20:64:06:39:73:2E:11:C4:2D:CD:79:C9:16:
                            53:56:52:91:88:24:46:90:7A:13:1E:79:41:F5:D7:77:
                            1D:43:33:56:02:20:25:48:46:E5:33:27:0E:BA:D2:DC:
                            87:B8:92:91:96:18:2F:9B:9C:5C:3A:69:AC:AB:02:01:
                            C4:50:EA:C1:DD:11
Signature Algorithm: sha256WithRSAEncryption
     20:8b:33:02:2b:7e:3b:a1:aa:ed:8d:c2:c3:a2:bc:24:73:dc:
     d3:65:b3:2f:c5:ad:90:0f:bd:73:36:36:48:b5:3f:75:79:e6:
     bb:3d:1f:37:a5:ec:a4:43:f6:90:7b:6d:cf:9b:5f:83:c1:0a:
     da:65:94:4a:f7:bb:24:ad:5b:de:f3:e7:cd:d9:e8:47:68:28:
     88:db:df:87:aa:14:cc:2d:fa:d8:28:c3:2c:1e:f2:b6:4b:ab:
     a5:23:28:53:23:da:f3:85:4d:7b:ca:82:1a:5c:03:60:f2:bd:
     44:e1:8f:16:38:42:47:c1:2e:90:dd:5e:cb:21:2b:c7:a1:d8:
     02:2d:c6:0e:86:89:12:5f:16:a2:5f:20:16:a1:3f:59:0b:f6:
     e1:d5:ce:2b:51:9a:0b:cc:ff:32:6d:ba:bc:dd:60:1a:fe:ea:
     a6:b3:b2:19:08:d9:97:8e:af:c4:36:91:67:ea:bd:15:4a:94:
     72:11:1d:6a:46:30:f8:26:6b:27:6d:39:dd:d4:cf:d1:82:65:
     97:2a:81:8b:6b:5e:d9:12:ef:64:6e:67:e3:29:94:d4:fc:76:
     47:a1:16:77:34:67:b6:2e:f7:e5:5d:59:73:ff:19:c7:ba:57:
     78:d4:8e:8f:69:48:19:44:ac:b6:82:1d:40:04:61:27:4d:b7:
     40:43:7d:0d

[Tue Jul 23 15:12:18 UTC 2019] Cert success. -----BEGIN CERTIFICATE----- MIIFQzCCBCugAwIBAgITAPot24bXjFXTg92bmYpABjieWDANBgkqhkiG9w0BAQsF ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xOTA3MjMx NDEyMTdaFw0xOTEwMjExNDEyMTdaMCAxHjAcBgNVBAMTFXBrZy5taW1pcm5ldHdv cmtzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANnpwVPZF2S3 zPP6la21zyAvNQgTU92fTKskVEgF/MGP+UjYYu2gBaJp3iBNS53yx2h/a8SATUwt Thui46FWXfBBi8QOysrm/v67bkFoB1Dqt+7LLvRIrKFR2jdnT1IOh5TCoqx++U2k BLwVgk5adM//n8574016APVDutTqy1+eRfKgzOIzpTQmfHhxzDDGkKvaSsMyBptq VFppriuUY/Kax6OvCgHU2aT+za3vbdo9vw3SxOiptv84mW5jVj5eDCLSIZQ9I87u AB7kSSwLAtFCuX9/LiAIoT0DUBOB3dRxM4YQXjN4qY/YbB8YnVIfzzXGjlTVUq+g nrcee0E8QK0CAwEAAaOCAnIwggJuMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUmpyz IKIj+6/9Saz/SFwEQJG4Ly0wHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7LIKb1 aDowdwYIKwYBBQUHAQEEazBpMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5zdGct aW50LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQu c3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMCAGA1UdEQQZMBeCFXBrZy5taW1p cm5ldHdvcmtzLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEB ATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQG CisGAQQB1nkCBAIEgfUEgfIA8AB3AISfX39Y0r97VOy9dGEc6kXEnJjx1kgbxvae jBdPJPPPAAABbB9j6rsAAAQDAEgwRgIhAIT+FF23uwDRt7iTjMI5w4gikCumoAvu HcngokIhlxyHAiEAssRAclXsUdV/JPqifW9ZOFB0+FvfY4OUN00jBuoLRFsAdQCw zIPlpfl9a698CcwoSQSHKsfoixMsY1C3xv0m4WxsdwAAAWwfY+rXAAAEAwBGMEQC IGQGOXMuEcQtzXnJFlNWUpGIJEaQehMeeUH113cdQzNWAiAlSEblMycOutLch7iS kZYYL5ucXDpprKsCAcRQ6sHdETANBgkqhkiG9w0BAQsFAAOCAQEAIIszAit+O6Gq 7Y3Cw6K8JHPc02WzL8WtkA+9czY2SLU/dXnmuz0fN6XspEP2kHttz5tfg8EK2mWU Sve7JK1b3vPnzdnoR2goiNvfh6oUzC362CjDLB7ytkurpSMoUyPa84VNe8qCGlwD YPK9ROGPFjhCR8EukN1eyyErx6HYAi3GDoaJEl8Wol8gFqE/WQv24dXOK1GaC8z/ Mm26vN1gGv7qprOyGQjZl46vxDaRZ+q9FUqUchEdakYw+CZrJ2053dTP0YJllyqB i2te2RLvZG5n4ymU1Px2R6EWdzRnti735V1Zc/8Zx7pXeNSOj2lIGUSstoIdQARh J023QEN9DQ== -----END CERTIFICATE----- [Tue Jul 23 15:12:18 UTC 2019] Your cert is in /root/.acme.sh/prefix.domain.tld/prefix.domain.tld.cer [Tue Jul 23 15:12:18 UTC 2019] Your cert key is in /root/.acme.sh/prefix.domain.tld/prefix.domain.tld.key [Tue Jul 23 15:12:18 UTC 2019] v2 chain. [Tue Jul 23 15:12:18 UTC 2019] The intermediate CA cert is in /root/.acme.sh/prefix.domain.tld/ca.cer [Tue Jul 23 15:12:18 UTC 2019] And the full chain certs is there: /root/.acme.sh/prefix.domain.tld/fullchain.cer [Tue Jul 23 15:12:18 UTC 2019] Installing cert to:/usr/local/etc/apache24/prefix.domain.tld.cert.pem [Tue Jul 23 15:12:18 UTC 2019] Installing key to:/usr/local/etc/apache24/prefix.domain.tld.key.pem [Tue Jul 23 15:12:18 UTC 2019] Installing full chain to:/usr/local/etc/apache24/prefix.domain.tld.fullchain.pem [Tue Jul 23 15:12:18 UTC 2019] Run reload cmd: service apache24 restart Performing sanity check on apache24 configuration: AH00557: httpd: apr_sockaddr_info_get() failed for solo AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message [Tue Jul 23 15:12:19.190295 2019] [core:error] [pid 98710] (EAI 8)hostname nor servname provided, or not known: AH00549: Failed to resolve server name for <LAN IP> (check DNS) -- or specify an explicit ServerName Syntax OK Stopping apache24. Waiting for PIDS: 96820. Performing sanity check on apache24 configuration: AH00557: httpd: apr_sockaddr_info_get() failed for solo AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message [Tue Jul 23 15:12:19.440985 2019] [core:error] [pid 98720] (EAI 8)hostname nor servname provided, or not known: AH00549: Failed to resolve server name for <LAN IP> (check DNS) -- or specify an explicit ServerName Syntax OK Starting apache24. AH00557: httpd: apr_sockaddr_info_get() failed for solo AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message [Tue Jul 23 15:12:19.656924 2019] [core:error] [pid 98721] (EAI 8)hostname nor servname provided, or not known: AH00549: Failed to resolve server name for <LAN IP> (check DNS) -- or specify an explicit ServerName [Tue Jul 23 15:12:19 UTC 2019] Reload success [Tue Jul 23 15:12:19 UTC 2019] _on_issue_success [Tue Jul 23 15:12:19 UTC 2019] '/usr/local/www/apache24/data' does not contain 'dns'

acme.sh --apache --renew -d prefix.domain.tld --force --debug 2

Jul 23 '19 15:07 Wayne-II

I had a moment of clarity and I checked the config file in the domain. It turns out, the config was set to use the staging servers. I was using the staging servers in order to fix a network issue.

The issue was correct the first 5 times I tried, which is when I learned about the rate limit. After that I started using --staging. Once I resolved my network errors, I removed the --staging flag, but it appears to have gotten stuck in staging mode, so all requests were sent to the staging api. I believe this is a bug, but I'm not certain.

Jul 23 '19 15:07 Wayne-II

--renew doesn't change the cert from staging to production or from production to staging.

please --issue a new one.

Jul 24 '19 13:07 Neilpang

I find it unintuitive that --staging will convey from production to staging.

I manually removed the staging from the url on the configs, which seems to have solved the issue.

Jul 24 '19 13:07 Wayne-II

@Neilpang please reopen. this is really counterintutive and really can lead to downtimes on prod server.

the usecase is:

you have a running prod server with a working letsencrypt cert for many month (>6)
the cert fails to renew
you go to the server to debug
to not lock you out from letsencrypt by requesting to many new certificates you run acme with --test
acme switches from le prod env to le stage env (so its ok to switch from a prod! env cert to a stage env but not in the oposite direction?)
having it up and running again i would assume to simple remove the --test from my renew call to get a prod cert again.

please rethink your position and create a better DX/UX by allowing to simply remove --test to bring me back to prod

Oct 26 '20 14:10 c33s

also it takes the power of --test, normally a test or a dry run is applied to the exact command i want to test and when i really want to run the command i remove the --dry-run and the program really executes

this should be the same for --test i want to debug against the staging api until everything works and then remove the --test to "really" run the command (run the call against the prod le api)

Oct 26 '20 14:10 c33s

i used --issue, after having used --staging and acme.sh keeps using the staging server

Jan 02 '21 19:01 tilllt

Its taken me hours to work out what was going wrong with my production system! Fortunately I came across this error here which explained why I kept getting staging certs issued when I was not using --staging ! Very very confusing and unexpected behavior.

Mar 30 '22 12:03 speleolinux

let me think about it again.

Mar 30 '22 15:03 Neilpang

I find it completely unintuitive that my staging urls arbitrarily changed to production just because I needed to test what would happen with the cron command.

My opinion is that there shouldn't even be --staging or --test flags. I never used them and explicitly set my server to use the staging api so I wouldn't hit any limits now I have to wait 3 days before I can issue a legitimate cert for my domain.

As removing the --staging/--test flags will probably not happen I would propose that the --staging/--test url switching is entirely dynamic and the urls loaded from the config file not be touched.

In other words load the url from either the config file or the command line and then if --staging/--test is set change it to the staging url only for the actual request but do not save it. If --staging/--test is not set use whatever url is loaded from the config file or the command line verbatim.

Nov 03 '22 18:11 gwelch-contegix

acme.sh acme.sh copied to clipboard

Certificates have issues Fake LE Intermediate X1 without using --staging/--test

Steps to reproduce acme.sh --apache --renew -d prefix.domain.tld --force --staging then when you're happy with the results acme.sh --apache --renew -d prefix.domain.tld --force resulting certificate is still issued by staging, caused by bad config in the domain direction under .acme.sh direction.

acme.sh
acme.sh copied to clipboard