[BUG]The certificate is not up-to-date after renewal

[shiningstarts]

Steps to reproduce

1. we use Dns manual mode to renew cert, configuration
2. we renew 7 days in advance, and it works well
3. but certificate content not updated even if retry many times
4. the certificate is about to expire
5. it works when delete original document

Debug log

Renew
```bash
./acme.sh --force --issue -d "*..***.com" --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --debug 2
./acme.sh --force --renew -d "*..***.com" --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --debug 2

Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:2f:04:e6:c0:80:26:4e:ee:c7:c1:f9:1b:30:fb:a5
    Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA
        Validity
            Not Before: Jan 24 00:00:00 2022 GMT
            Not After : Apr 24 23:59:59 2022 GMT
        Subject: CN=*.***.com
....

Renew Debug

[Mon Apr 18 17:20:43 CST 2022] Lets find script dir.
[Mon Apr 18 17:20:43 CST 2022] _SCRIPT_='./acme.sh'
[Mon Apr 18 17:20:43 CST 2022] _script='/root/.acme.sh/acme.sh'
[Mon Apr 18 17:20:43 CST 2022] _script_home='/root/.acme.sh'
[Mon Apr 18 17:20:43 CST 2022] Using config home:/root/.acme.sh
[Mon Apr 18 17:20:43 CST 2022] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.2
[Mon Apr 18 17:20:43 CST 2022] Running cmd: renew
[Mon Apr 18 17:20:43 CST 2022] Using config home:/root/.acme.sh
[Mon Apr 18 17:20:43 CST 2022] default_acme_server
[Mon Apr 18 17:20:43 CST 2022] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Mon Apr 18 17:20:43 CST 2022] _ACME_SERVER_HOST='acme.zerossl.com'
[Mon Apr 18 17:20:43 CST 2022] _ACME_SERVER_PATH='v2/DV90'
[Mon Apr 18 17:20:43 CST 2022] DOMAIN_PATH='/root/.acme.sh/*.***.com'
[Mon Apr 18 17:20:43 CST 2022] Renew: '*.***.com'
[Mon Apr 18 17:20:43 CST 2022] Le_API='https://acme.zerossl.com/v2/DV90'
[Mon Apr 18 17:20:43 CST 2022] Using config home:/root/.acme.sh
[Mon Apr 18 17:20:43 CST 2022] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Mon Apr 18 17:20:43 CST 2022] _ACME_SERVER_HOST='acme.zerossl.com'
[Mon Apr 18 17:20:43 CST 2022] _ACME_SERVER_PATH='v2/DV90'
[Mon Apr 18 17:20:43 CST 2022] _main_domain='*.***.com'
[Mon Apr 18 17:20:43 CST 2022] _alt_domains='no'
[Mon Apr 18 17:20:43 CST 2022] 'dns' contains 'dns'
[Mon Apr 18 17:20:43 CST 2022] 'dns' contains 'dns'
[Mon Apr 18 17:20:43 CST 2022] Le_NextRenewTime='1655351840'
[Mon Apr 18 17:20:43 CST 2022] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Mon Apr 18 17:20:43 CST 2022] _init api for server: https://acme.zerossl.com/v2/DV90
[Mon Apr 18 17:20:43 CST 2022] Retrying GET
[Mon Apr 18 17:20:43 CST 2022] GET
[Mon Apr 18 17:20:43 CST 2022] url='https://acme.zerossl.com/v2/DV90'
[Mon Apr 18 17:20:43 CST 2022] timeout=
[Mon Apr 18 17:20:43 CST 2022] displayError='1'
[Mon Apr 18 17:20:43 CST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.yDG0zVBozF  -g '
[Mon Apr 18 17:20:48 CST 2022] ret='0'
[Mon Apr 18 17:20:48 CST 2022] _hcode='0'
[Mon Apr 18 17:20:48 CST 2022] response='{
  "newNonce": "https://acme.zerossl.com/v2/DV90/newNonce",
  "newAccount": "https://acme.zerossl.com/v2/DV90/newAccount",
  "newOrder": "https://acme.zerossl.com/v2/DV90/newOrder",
  "revokeCert": "https://acme.zerossl.com/v2/DV90/revokeCert",
  "keyChange": "https://acme.zerossl.com/v2/DV90/keyChange",
  "meta": {
    "termsOfService": "https://secure.trust-provider.com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf",
    "website": "https://zerossl.com",
    "caaIdentities": ["sectigo.com", "trust-provider.com", "usertrust.com", "comodoca.com", "comodo.com"],
    "externalAccountRequired": true
  }
}'
[Mon Apr 18 17:20:48 CST 2022] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Mon Apr 18 17:20:48 CST 2022] ACME_NEW_AUTHZ
[Mon Apr 18 17:20:48 CST 2022] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Mon Apr 18 17:20:48 CST 2022] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Mon Apr 18 17:20:48 CST 2022] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Mon Apr 18 17:20:48 CST 2022] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf'
[Mon Apr 18 17:20:48 CST 2022] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Mon Apr 18 17:20:48 CST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Mon Apr 18 17:20:48 CST 2022] _on_before_issue
[Mon Apr 18 17:20:48 CST 2022] _chk_main_domain='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] _chk_alt_domains
[Mon Apr 18 17:20:48 CST 2022] 'dns' does not contain 'no'
[Mon Apr 18 17:20:48 CST 2022] Le_LocalAddress
[Mon Apr 18 17:20:48 CST 2022] d='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] Check for domain='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] _currentRoot='dns'
[Mon Apr 18 17:20:48 CST 2022] d
[Mon Apr 18 17:20:48 CST 2022] 'dns' does not contain 'apache'
[Mon Apr 18 17:20:48 CST 2022] _saved_account_key_hash='jZ2iIGU3J7W7crw0hl0ba8SxHLNQAwcEFZjZyXrVvhw='
[Mon Apr 18 17:20:48 CST 2022] _saved_account_key_hash is not changed, skip register account.
[Mon Apr 18 17:20:48 CST 2022] Read key length:
[Mon Apr 18 17:20:48 CST 2022] _createcsr
[Mon Apr 18 17:20:48 CST 2022] domain='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] domainlist
[Mon Apr 18 17:20:48 CST 2022] csrkey='/root/.acme.sh/*.***.com/*.***.com.key'
[Mon Apr 18 17:20:48 CST 2022] csr='/root/.acme.sh/*.***.com/*.***.com.csr'
[Mon Apr 18 17:20:48 CST 2022] csrconf='/root/.acme.sh/*.***.com/*.***.com.csr.conf'
[Mon Apr 18 17:20:48 CST 2022] Single domain='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] _is_idn_d='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] _idn_temp
[Mon Apr 18 17:20:48 CST 2022] _is_idn_d='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] _idn_temp
[Mon Apr 18 17:20:48 CST 2022] _csr_cn='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] Getting domain auth token for each domain
[Mon Apr 18 17:20:48 CST 2022] ok, let's start to verify
[Mon Apr 18 17:20:48 CST 2022] Verifying: *.***.com
[Mon Apr 18 17:20:48 CST 2022] d='*.***.com'
[Mon Apr 18 17:20:48 CST 2022] keyauthorization='NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ.VILe6EE57kPOQ24URq2lPwEl_4bgp7i5nG-1GImZvtI'
[Mon Apr 18 17:20:48 CST 2022] uri='https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w'
[Mon Apr 18 17:20:48 CST 2022] _currentRoot='dns'
[Mon Apr 18 17:20:48 CST 2022] Trigger domain validation.
[Mon Apr 18 17:20:48 CST 2022] _t_url='https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w'
[Mon Apr 18 17:20:48 CST 2022] _t_key_authz='NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ.VILe6EE57kPOQ24URq2lPwEl_4bgp7i5nG-1GImZvtI'
[Mon Apr 18 17:20:48 CST 2022] _t_vtype='dns-01'
[Mon Apr 18 17:20:48 CST 2022] url='https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w'
[Mon Apr 18 17:20:48 CST 2022] payload='{}'
[Mon Apr 18 17:20:48 CST 2022] RSA key
[Mon Apr 18 17:20:49 CST 2022] Get nonce with HEAD. ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Mon Apr 18 17:20:49 CST 2022] Retrying post
[Mon Apr 18 17:20:49 CST 2022] HEAD
[Mon Apr 18 17:20:49 CST 2022] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Mon Apr 18 17:20:49 CST 2022] body
[Mon Apr 18 17:20:49 CST 2022] _postContentType='application/jose+json'
[Mon Apr 18 17:20:49 CST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.N2wPXNzZdG  -g  -I  '
[Mon Apr 18 17:20:53 CST 2022] _ret='0'
[Mon Apr 18 17:20:53 CST 2022] _hcode='0'
[Mon Apr 18 17:20:53 CST 2022] _headers='HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Apr 2022 09:20:52 GMT
Content-Type: application/octet-stream
Connection: keep-alive
Replay-Nonce: x2O2dKp0dzDV8vg1TUgSO2bDN7LpFphJbrlwBSO9Ppo
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Strict-Transport-Security: max-age=15552000
'
[Mon Apr 18 17:20:53 CST 2022] _CACHED_NONCE='x2O2dKp0dzDV8vg1TUgSO2bDN7LpFphJbrlwBSO9Ppo'
[Mon Apr 18 17:20:53 CST 2022] nonce='x2O2dKp0dzDV8vg1TUgSO2bDN7LpFphJbrlwBSO9Ppo'
[Mon Apr 18 17:20:53 CST 2022] Retrying post
[Mon Apr 18 17:20:53 CST 2022] POST
[Mon Apr 18 17:20:53 CST 2022] _post_url='https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w'
[Mon Apr 18 17:20:53 CST 2022] body='{"protected": "eyJub25jZSI6ICJ4Mk8yZEtwMGR6RFY4dmcxVFVnU08yYkRON0xwRnBoSmJybHdCU085UHBvIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9jaGFsbC9YS0RVZW9YaG5RUkp3NWhJQTl5UzN3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9namJCLXd0MkFOYnd5c2VLRHRfaXl3In0", "payload": "e30", "signature": "DfJCaU--eM4u7sXBXqKY1gGMYfGYBI1hZ4_nZHr99wEbIYYJ7kwM16yRyDpPdMaRyvixF6bBK4IKSXIVKTso0gX7efvSL4EoicH2zi8hJ4sUDZ8WKQGkDcju6JiILJk3RFAVi-kCXrsknAf9u0BC4mvopV-GUqKs8IfjmTv_vR0WioDXr6JYR1wETJrzlUPK1y4si2_saBfnU2-lTc0ycWx--soxSZdEhDJ7TSgXERr1i01AJo_3YR3BcwiUUqLBkWyFjFCZ24kltrch4n9iU7kcff4khi1c1K9bbWpjzSZHvpXATKLRw4SjDeAjeEeZS67t3E6-s3l5CfJQb2OEhA"}'
[Mon Apr 18 17:20:53 CST 2022] _postContentType='application/jose+json'
[Mon Apr 18 17:20:53 CST 2022] Http already initialized.
[Mon Apr 18 17:20:53 CST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.N2wPXNzZdG  -g '
[Mon Apr 18 17:20:57 CST 2022] _ret='0'
[Mon Apr 18 17:20:57 CST 2022] _hcode='0'
[Mon Apr 18 17:20:57 CST 2022] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Apr 2022 09:20:57 GMT
Content-Type: application/json
Content-Length: 163
Connection: keep-alive
Replay-Nonce: vaD8kKubf5Let2YAriTqhv3rfEitgh7IR_bJyFi6tb4
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Link: <https://acme.zerossl.com/v2/DV90/authz/RR7U1szGYYe4rv1fq6zbQw>;rel="up"
Retry-After: 10
Strict-Transport-Security: max-age=15552000
'
[Mon Apr 18 17:20:57 CST 2022] code='200'
[Mon Apr 18 17:20:57 CST 2022] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w","status":"processing","token":"NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ"}'
[Mon Apr 18 17:20:57 CST 2022] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w","status":"processing","token":"NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ"}'
[Mon Apr 18 17:20:57 CST 2022] trigger validation code: 200
[Mon Apr 18 17:20:57 CST 2022] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w","status":"processing","token":"NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ"}'
[Mon Apr 18 17:20:57 CST 2022] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w","status":"processing","token":"NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ"}'
[Mon Apr 18 17:20:57 CST 2022] status='processing'
[Mon Apr 18 17:20:57 CST 2022] Processing, The CA is processing your order, please just wait. (1/30)
[Mon Apr 18 17:20:57 CST 2022] sleep 2 secs to verify again
[Mon Apr 18 17:20:59 CST 2022] checking
[Mon Apr 18 17:20:59 CST 2022] url='https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w'
[Mon Apr 18 17:20:59 CST 2022] payload
[Mon Apr 18 17:20:59 CST 2022] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Mon Apr 18 17:20:59 CST 2022] Use _CACHED_NONCE='vaD8kKubf5Let2YAriTqhv3rfEitgh7IR_bJyFi6tb4'
[Mon Apr 18 17:20:59 CST 2022] nonce='vaD8kKubf5Let2YAriTqhv3rfEitgh7IR_bJyFi6tb4'
[Mon Apr 18 17:20:59 CST 2022] Retrying post
[Mon Apr 18 17:20:59 CST 2022] POST
[Mon Apr 18 17:20:59 CST 2022] _post_url='https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w'
[Mon Apr 18 17:20:59 CST 2022] body='{"protected": "eyJub25jZSI6ICJ2YUQ4a0t1YmY1TGV0MllBcmlUcWh2M3JmRWl0Z2g3SVJfYkp5Rmk2dGI0IiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9jaGFsbC9YS0RVZW9YaG5RUkp3NWhJQTl5UzN3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9namJCLXd0MkFOYnd5c2VLRHRfaXl3In0", "payload": "", "signature": "U9kBFgXkm4C5M9DBLmG6D1vGei5DbiZNGBUvkDP69uLgHUx8o5uNA1a6q_b6zQNcxyuLmYr1DSUK1yI0DnEDJBhalZGA1F0G0Q-x3tx-wqvrEYIElpAsHp1vxOiBqs3JxxNaokmWcyS8DJ3iE9K3sF9bkRsrp-woLhuPxe52l3rnBPwkNdZw5ZSD0bdG-bruVcUHr5v8z7Nx_53Wy01NnrN-zA0Y8Xah87P8NbV7F8ygmPT5h1khYtZuRAXoh15UY_xZnOM02tsdmj15i9lDT54fam4PSUYnLZzn-ZoCaYnRUSNEI9hze7EqQAdDHG2xJDz3HRCrs5a5ETLbfVl1GQ"}'
[Mon Apr 18 17:20:59 CST 2022] _postContentType='application/jose+json'
[Mon Apr 18 17:20:59 CST 2022] Http already initialized.
[Mon Apr 18 17:20:59 CST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.N2wPXNzZdG  -g '
[Mon Apr 18 17:21:06 CST 2022] _ret='0'
[Mon Apr 18 17:21:06 CST 2022] _hcode='0'
[Mon Apr 18 17:21:06 CST 2022] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Apr 2022 09:21:06 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Replay-Nonce: 4icR5g7AlrIxuJo_-tYSA38kyJjZQaE79JdIg8i1yKs
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Link: <https://acme.zerossl.com/v2/DV90/authz/RR7U1szGYYe4rv1fq6zbQw>;rel="up"
Retry-After: 10
Strict-Transport-Security: max-age=15552000
'
[Mon Apr 18 17:21:06 CST 2022] code='200'
[Mon Apr 18 17:21:06 CST 2022] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w","status":"valid","validated":"2022-04-18T09:21:00Z","token":"NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ"}'
[Mon Apr 18 17:21:06 CST 2022] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w","status":"valid","validated":"2022-04-18T09:21:00Z","token":"NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ"}'
[Mon Apr 18 17:21:06 CST 2022] original='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w","status":"valid","validated":"2022-04-18T09:21:00Z","token":"NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ"}'
[Mon Apr 18 17:21:06 CST 2022] response='{"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/XKDUeoXhnQRJw5hIA9yS3w","status":"valid","validated":"2022-04-18T09:21:00Z","token":"NOAr5uz8SgX6-tSUXF5ZM6jQqdYqOT3L_hptEz13MbQ"}'
[Mon Apr 18 17:21:06 CST 2022] status='valid'
[Mon Apr 18 17:21:06 CST 2022] Success
[Mon Apr 18 17:21:06 CST 2022] pid
[Mon Apr 18 17:21:06 CST 2022] Skip for removelevel:
[Mon Apr 18 17:21:06 CST 2022] pid
[Mon Apr 18 17:21:06 CST 2022] No need to restore nginx, skip.
[Mon Apr 18 17:21:06 CST 2022] _clearupdns
[Mon Apr 18 17:21:06 CST 2022] dns_entries
[Mon Apr 18 17:21:06 CST 2022] skip dns.
[Mon Apr 18 17:21:06 CST 2022] Verify finished, start to sign.
[Mon Apr 18 17:21:06 CST 2022] i='2'
[Mon Apr 18 17:21:06 CST 2022] j='15'
[Mon Apr 18 17:21:06 CST 2022] Lets finalize the order.
[Mon Apr 18 17:21:06 CST 2022] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/PeURHT1rd926Odz9IP4Utg/finalize'
[Mon Apr 18 17:21:06 CST 2022] url='https://acme.zerossl.com/v2/DV90/order/PeURHT1rd926Odz9IP4Utg/finalize'
[Mon Apr 18 17:21:06 CST 2022] payload='{"csr": "MIIChjCCAW4CAQAwFzEVMBMGA1UEAwwMKi45MXR0bWouY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1_W_eUTpH_qYjx_ejrhqF74ciqROCxcKzqehlH9EKGTHwEn2cV4p8pkSlsyToUYvn9LhdXMF0h5Dat3dXWRf6RjzC_TRJqHfNZVv1kCUbPaaMs3SsQYK2O-mdBB8xCqelOxlP3vUeLKMn2NQx5bHtIrvp2VwJmZ8NOP_U4wbg34NL7KKILwa9wXR9Ikuuo2JvjxxJQaTjSdmsP-9dpOHSoV1UDSGehoAqDfkOkP8K6nzObVYPXg1YVgq6tLIrA1bKGOJlYvVhF-6tlDRknTVUfxq9Ayc2xQY1UR0qW90JPvOjS-Ok5fGvbKX2A4kglEuSQu2d0eNevEb1vxGP7oQwIDAQABoCowKAYJKoZIhvcNAQkOMRswGTAXBgNVHREEEDAOggwqLjkxdHRtai5jb20wDQYJKoZIhvcNAQELBQADggEBABL75QIOFmA8l1SX7t_rSworgRJaZ1wQtWtu7p64GmQtVCs5P6hiHb9rixhX3IvApLxVH2xC8ZOvT_qO-NidvsSAJXsWR-a2JMzT9JoeCgCCbkmhEpASoGleEtzfFns2NgbUnOroxtpFWn9a1_nyyGCzS8xyKeOhweKIcYLR_AElVvFPdpojzYuMu8xHY16lMZmmDd3wotLpkX807haYsqgOmAFhUXN7BQpuhJJruLTZqElxGN0uP31uWqyqZjNEw3Mv2uuAo-9NV9kDw8TDMaD3rvb-7QaQiPynLqijUZVk0fnb109nXReewVm7jTKIsqRzZit_7XmSmbL8OKYghEA"}'
[Mon Apr 18 17:21:06 CST 2022] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Mon Apr 18 17:21:06 CST 2022] Use _CACHED_NONCE='4icR5g7AlrIxuJo_-tYSA38kyJjZQaE79JdIg8i1yKs'
[Mon Apr 18 17:21:06 CST 2022] nonce='4icR5g7AlrIxuJo_-tYSA38kyJjZQaE79JdIg8i1yKs'
[Mon Apr 18 17:21:06 CST 2022] Retrying post
[Mon Apr 18 17:21:06 CST 2022] POST
[Mon Apr 18 17:21:06 CST 2022] _post_url='https://acme.zerossl.com/v2/DV90/order/PeURHT1rd926Odz9IP4Utg/finalize'
[Mon Apr 18 17:21:06 CST 2022] body='{"protected": "eyJub25jZSI6ICI0aWNSNWc3QWxySXh1Sm9fLXRZU0EzOGt5SmpaUWFFNzlKZElnOGkxeUtzIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9vcmRlci9QZVVSSFQxcmQ5MjZPZHo5SVA0VXRnL2ZpbmFsaXplIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9namJCLXd0MkFOYnd5c2VLRHRfaXl3In0", "payload": "eyJjc3IiOiAiTUlJQ2hqQ0NBVzRDQVFBd0Z6RVZNQk1HQTFVRUF3d01LaTQ1TVhSMGJXb3VZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1MV9XX2VVVHBIX3FZanhfZWpyaHFGNzRjaXFST0N4Y0t6cWVobEg5RUtHVEh3RW4yY1Y0cDhwa1Nsc3lUb1VZdm45TGhkWE1GMGg1RGF0M2RYV1JmNlJqekNfVFJKcUhmTlpWdjFrQ1ViUGFhTXMzU3NRWUsyTy1tZEJCOHhDcWVsT3hsUDN2VWVMS01uMk5ReDViSHRJcnZwMlZ3Sm1aOE5PUF9VNHdiZzM0Tkw3S0tJTHdhOXdYUjlJa3V1bzJKdmp4eEpRYVRqU2Rtc1AtOWRwT0hTb1YxVURTR2Vob0FxRGZrT2tQOEs2bnpPYlZZUFhnMVlWZ3E2dExJckExYktHT0psWXZWaEYtNnRsRFJrblRWVWZ4cTlBeWMyeFFZMVVSMHFXOTBKUHZPalMtT2s1Zkd2YktYMkE0a2dsRXVTUXUyZDBlTmV2RWIxdnhHUDdvUXdJREFRQUJvQ293S0FZSktvWklodmNOQVFrT01Sc3dHVEFYQmdOVkhSRUVFREFPZ2d3cUxqa3hkSFJ0YWk1amIyMHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQkw3NVFJT0ZtQThsMVNYN3RfclN3b3JnUkphWjF3UXRXdHU3cDY0R21RdFZDczVQNmhpSGI5cml4aFgzSXZBcEx4VkgyeEM4Wk92VF9xTy1OaWR2c1NBSlhzV1ItYTJKTXpUOUpvZUNnQ0Nia21oRXBBU29HbGVFdHpmRm5zMk5nYlVuT3JveHRwRlduOWExX255eUdDelM4eHlLZU9od2VLSWNZTFJfQUVsVnZGUGRwb2p6WXVNdTh4SFkxNmxNWm1tRGQzd290THBrWDgwN2hhWXNxZ09tQUZoVVhON0JRcHVoSkpydUxUWnFFbHhHTjB1UDMxdVdxeXFaak5FdzNNdjJ1dUFvLTlOVjlrRHc4VERNYUQzcnZiLTdRYVFpUHluTHFpalVaVmswZm5iMTA5blhSZWV3Vm03alRLSXNxUnpaaXRfN1htU21iTDhPS1lnaEVBIn0", "signature": "pifg2xV2zyNTzs0NrDNXrmlTdTa8ZH46yMroXuGkxGiSX9eHJg2lKRHdMbgQ-dNWcAQPFonVUw4TUkQ_ybz4-xRZoMCOCT3FUaF9xy_obCecUBBEtJWG8cQxKJbI47KUKyOdUgbuzmqVESfAxXpsc5qQ9-dWBl2KPAZ5oyNLZLrLH_JjmCAKZ4z3JEnHsSZ3JoFez9a7u7rNI7z4ApxLu_SfpWf5td8_z5tPhB9bWcPzxPScma_DrA8ZDmF5_UOT4hpFfqVI0XaM-a1FRGHeX6Yn1KtkI8wlGm6FnHTjr9mgLqRIjXPsTPsLNIHlOFyQRmZPuC7hpudKjKwHwYUWUw"}'
[Mon Apr 18 17:21:06 CST 2022] _postContentType='application/jose+json'
[Mon Apr 18 17:21:06 CST 2022] Http already initialized.
[Mon Apr 18 17:21:06 CST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.N2wPXNzZdG  -g '
[Mon Apr 18 17:21:12 CST 2022] _ret='0'
[Mon Apr 18 17:21:12 CST 2022] _hcode='0'
[Mon Apr 18 17:21:12 CST 2022] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Apr 2022 09:21:12 GMT
Content-Type: application/json
Content-Length: 277
Connection: keep-alive
Status:
Replay-Nonce: kBN7WPFYon2e6iIdQQSyHFmLgoI-pRpByZdzcU-fgJE
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Location: https://acme.zerossl.com/v2/DV90/order/PeURHT1rd926Odz9IP4Utg
Retry-After: 15
Strict-Transport-Security: max-age=15552000
'
[Mon Apr 18 17:21:12 CST 2022] code='200'
[Mon Apr 18 17:21:12 CST 2022] original='{"status":"processing","expires":"2022-07-17T09:18:42Z","identifiers":[{"type":"dns","value":"*.***.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/RR7U1szGYYe4rv1fq6zbQw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/PeURHT1rd926Odz9IP4Utg/finalize"}'
[Mon Apr 18 17:21:12 CST 2022] response='{"status":"processing","expires":"2022-07-17T09:18:42Z","identifiers":[{"type":"dns","value":"*.***.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/RR7U1szGYYe4rv1fq6zbQw"],"finalize":"https://acme.zerossl.com/v2/DV90/order/PeURHT1rd926Odz9IP4Utg/finalize"}'
[Mon Apr 18 17:21:12 CST 2022] Order status is processing, lets sleep and retry.
[Mon Apr 18 17:21:12 CST 2022] _retryafter='15'
[Mon Apr 18 17:21:12 CST 2022] Retry after: 15
[Mon Apr 18 17:21:28 CST 2022] Polling order status: https://acme.zerossl.com/v2/DV90/order/6JZOjCcJ1OnCQISFHu45vA
[Mon Apr 18 17:21:28 CST 2022] url='https://acme.zerossl.com/v2/DV90/order/6JZOjCcJ1OnCQISFHu45vA'
[Mon Apr 18 17:21:28 CST 2022] payload
[Mon Apr 18 17:21:28 CST 2022] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Mon Apr 18 17:21:28 CST 2022] Use _CACHED_NONCE='kBN7WPFYon2e6iIdQQSyHFmLgoI-pRpByZdzcU-fgJE'
[Mon Apr 18 17:21:28 CST 2022] nonce='kBN7WPFYon2e6iIdQQSyHFmLgoI-pRpByZdzcU-fgJE'
[Mon Apr 18 17:21:28 CST 2022] Retrying post
[Mon Apr 18 17:21:28 CST 2022] POST
[Mon Apr 18 17:21:28 CST 2022] _post_url='https://acme.zerossl.com/v2/DV90/order/6JZOjCcJ1OnCQISFHu45vA'
[Mon Apr 18 17:21:28 CST 2022] body='{"protected": "eyJub25jZSI6ICJrQk43V1BGWW9uMmU2aUlkUVFTeUhGbUxnb0ktcFJwQnlaZHpjVS1mZ0pFIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9vcmRlci82SlpPakNjSjFPbkNRSVNGSHU0NXZBIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLnplcm9zc2wuY29tL3YyL0RWOTAvYWNjb3VudC9namJCLXd0MkFOYnd5c2VLRHRfaXl3In0", "payload": "", "signature": "X_ZsqgnsJan1baZBHCoI-BtNI-J-DmRTVoWN6lz_QBK8EWoZfL7JbI2BTPy63r3OxSA4wkuvDt6D34o5vVt5ILUXGVCfcS4_ALF7DLx3_a0mC9OWi67DzrGvNW9rp2dwdK3-8c-8ItFZDE8SeQXdAnSsExcolqOUvunVMVQT_hZ9EY-yeAsnmnbAUFD7lq4sl_h5vbm9guO0ibP_RkW4NxXoxFJ8o0ozmwJdFgUzLNX-IE889XW_YwHOxN5C0jf_Hevd3FOwuapSugabYdYZ_npuAopIp0913uAUAfqx2lFHxzPPIBtCnBlp4z4YXItkWwsxXQ3vU7T4a3Xs9QRb7Q"}'
[Mon Apr 18 17:21:28 CST 2022] _postContentType='application/jose+json'
[Mon Apr 18 17:21:28 CST 2022] Http already initialized.
[Mon Apr 18 17:21:28 CST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.N2wPXNzZdG  -g '
[Mon Apr 18 17:21:32 CST 2022] _ret='0'
[Mon Apr 18 17:21:32 CST 2022] _hcode='0'
[Mon Apr 18 17:21:32 CST 2022] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Apr 2022 09:21:32 GMT
Content-Type: application/json
Content-Length: 349
Connection: keep-alive
Status:
Replay-Nonce: pNjXROKq7viKbplTUEnXJcuAuE1R-tgrvfo3QSQKPls
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Location: https://acme.zerossl.com/v2/DV90/order/6JZOjCcJ1OnCQISFHu45vA
Strict-Transport-Security: max-age=15552000
'
[Mon Apr 18 17:21:32 CST 2022] code='200'
[Mon Apr 18 17:21:32 CST 2022] original='{"status":"valid","expires":"2022-04-24T10:27:36Z","identifiers":[{"type":"dns","value":"*.***.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/MMHVJJ0GjiRl2naM6HQ3Yg"],"finalize":"https://acme.zerossl.com/v2/DV90/order/6JZOjCcJ1OnCQISFHu45vA/finalize","certificate":"https://acme.zerossl.com/v2/DV90/cert/eS1rNDk7ZQ7KfWgiTIf-og"}'
[Mon Apr 18 17:21:32 CST 2022] response='{"status":"valid","expires":"2022-04-24T10:27:36Z","identifiers":[{"type":"dns","value":"*.***.com"}],"authorizations":["https://acme.zerossl.com/v2/DV90/authz/MMHVJJ0GjiRl2naM6HQ3Yg"],"finalize":"https://acme.zerossl.com/v2/DV90/order/6JZOjCcJ1OnCQISFHu45vA/finalize","certificate":"https://acme.zerossl.com/v2/DV90/cert/eS1rNDk7ZQ7KfWgiTIf-og"}'
[Mon Apr 18 17:21:32 CST 2022] Order status is valid.
[Mon Apr 18 17:21:32 CST 2022] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/eS1rNDk7ZQ7KfWgiTIf-og'
[Mon Apr 18 17:21:32 CST 2022] Downloading cert.
[Mon Apr 18 17:21:32 CST 2022] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/eS1rNDk7ZQ7KfWgiTIf-og'
[Mon Apr 18 17:21:32 CST 2022] url='https://acme.zerossl.com/v2/DV90/cert/eS1rNDk7ZQ7KfWgiTIf-og'
[Mon Apr 18 17:21:32 CST 2022] payload
[Mon Apr 18 17:21:32 CST 2022] Use cached jwk for file: /root/.acme.sh/ca/acme.zerossl.com/v2/DV90/account.key
[Mon Apr 18 17:21:32 CST 2022] Use _CACHED_NONCE='pNjXROKq7viKbplTUEnXJcuAuE1R-tgrvfo3QSQKPls'
[Mon Apr 18 17:21:32 CST 2022] nonce='pNjXROKq7viKbplTUEnXJcuAuE1R-tgrvfo3QSQKPls'
[Mon Apr 18 17:21:32 CST 2022] Retrying post
[Mon Apr 18 17:21:32 CST 2022] POST
[Mon Apr 18 17:21:32 CST 2022] _post_url='https://acme.zerossl.com/v2/DV90/cert/eS1rNDk7ZQ7KfWgiTIf-og'
[Mon Apr 18 17:21:32 CST 2022] body='{"protected": "eyJub25jZSI6ICJwTmpYUk9LcTd2aUticGxUVUVuWEpjdUF1RTFSLXRncnZmbzNRU1FLUGxzIiwgInVybCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9jZXJ0L2VTMXJORGs3WlE3S2ZXZ2lUSWYtb2ciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUuemVyb3NzbC5jb20vdjIvRFY5MC9hY2NvdW50L2dqYkItd3QyQU5id3lzZUtEdF9peXcifQ", "payload": "", "signature": "GNg216moYDYx2-ZOf57zndL66XKry8c0FJUCYyNlfZ5yYn5tsnYHUsn5DzikOTZIj-9q79Gi9LvgOuhvDnN54sn7l0JqmnPB-4NDrVFhO794jzonsr0mqNHUZo-2g_TQESE42yCGiMsDVTWxy0VLHcvf9QdNF2EC-CZ15dUI5rh9HrvkdO9FyQ495gWmds48oAYyr27sGgCAnX7lBnj2r3joHuFA8_0o-IgmlAow7xRhv1TEpl72srSdI9G-Q5Bu5mqhrEpIhQnZcwMJti03lE6r_CO-AxhSsBBTm6H2dueqTlt3iHbu69979yeZ7uq9sOF4bfgX2JE-j7VvefPY_A"}'
[Mon Apr 18 17:21:32 CST 2022] _postContentType='application/jose+json'
[Mon Apr 18 17:21:32 CST 2022] Http already initialized.
[Mon Apr 18 17:21:32 CST 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.N2wPXNzZdG  -g '
[Mon Apr 18 17:21:36 CST 2022] _ret='0'
[Mon Apr 18 17:21:36 CST 2022] _hcode='0'
[Mon Apr 18 17:21:36 CST 2022] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Apr 2022 09:21:36 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 6680
Connection: keep-alive
Replay-Nonce: QyqqqJqXEIs8Uj57n6UfOTHIXRjGGeLqiQcdUWNNCpc
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Strict-Transport-Security: max-age=15552000
'
[Mon Apr 18 17:21:36 CST 2022] code='200'
[Mon Apr 18 17:21:36 CST 2022] original='-----BEGIN CERTIFICATE-----
MIIGZjCCBE6gAwIBAgIQZS8E5sCAJk7ux8H5GzD7pTANBgkqhkiG9w0BAQwFADBL
...
-----END CERTIFICATE-----'
[Mon Apr 18 17:21:36 CST 2022] Found cert chain
[Mon Apr 18 17:21:36 CST 2022] _end_n='37'
[Mon Apr 18 17:21:36 CST 2022] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/eS1rNDk7ZQ7KfWgiTIf-og'
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:2f:04:e6:c0:80:26:4e:ee:c7:c1:f9:1b:30:fb:a5
    Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA
        Validity
            Not Before: Jan 24 00:00:00 2022 GMT
            Not After : Apr 24 23:59:59 2022 GMT
        Subject: CN=*.***.com
....

[Mon Apr 18 17:21:36 CST 2022] Your cert is in: /root/.acme.sh/*.***.com/*.***.com.cer
[Mon Apr 18 17:21:36 CST 2022] Your cert key is in: /root/.acme.sh/*.***.com/*.***.com.key
[Mon Apr 18 17:21:36 CST 2022] The intermediate CA cert is in: /root/.acme.sh/*.***.com/ca.cer
[Mon Apr 18 17:21:36 CST 2022] And the full chain certs is there: /root/.acme.sh/*.***.com/fullchain.cer
[Mon Apr 18 17:21:36 CST 2022] _on_issue_success
[Mon Apr 18 17:21:36 CST 2022] 'dns' contains 'dns'

[mangelozzi]

Newbie here: When you did the install did you specify the reloadcmd parameter? If nginx is not reloaded it will continue to use the old certs.

acme.sh --install-cert -d example.com \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"

[shiningstarts]

Newbie here: When you did the install did you specify the reloadcmd parameter? If nginx is not reloaded it will continue to use the old certs.

acme.sh --install-cert -d example.com \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"

We use Dns manual mode to renew cert, and download manualy

[shiningstarts]

Newbie here: When you did the install did you specify the reloadcmd parameter? If nginx is not reloaded it will continue to use the old certs.

acme.sh --install-cert -d example.com \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"

[Mon Apr 18 17:21:36 CST 2022] responseHeaders='HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Apr 2022 09:21:36 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 6680
Connection: keep-alive
Replay-Nonce: QyqqqJqXEIs8Uj57n6UfOTHIXRjGGeLqiQcdUWNNCpc
Cache-Control: max-age=-1
Access-Control-Allow-Origin: *
Link: <https://acme.zerossl.com/v2/DV90>;rel="index"
Strict-Transport-Security: max-age=15552000
'
[Mon Apr 18 17:21:36 CST 2022] code='200'
[Mon Apr 18 17:21:36 CST 2022] original='-----BEGIN CERTIFICATE-----
MIIGZjCCBE6gAwIBAgIQZS8E5sCAJk7ux8H5GzD7pTANBgkqhkiG9w0BAQwFADBL
...
-----END CERTIFICATE-----'
[Mon Apr 18 17:21:36 CST 2022] Found cert chain
[Mon Apr 18 17:21:36 CST 2022] _end_n='37'
[Mon Apr 18 17:21:36 CST 2022] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/eS1rNDk7ZQ7KfWgiTIf-og'
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:2f:04:e6:c0:80:26:4e:ee:c7:c1:f9:1b:30:fb:a5
    Signature Algorithm: sha384WithRSAEncryption
        Issuer: C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA
        Validity
            Not Before: Jan 24 00:00:00 2022 GMT
            Not After : Apr 24 23:59:59 2022 GMT
        Subject: CN=*.***.com
....

it renewed successfuly, but certificate returned is not up-to-date.

[bernhardmiller]

I had the same problem after adding a new SAN to my certificate. acme.sh verified all the SANs (including the new one), but the certificate it returned in the end was the one I generated over a month ago.

I have worked around this problem for now by editing the .conf file (~/.acme.sh/yourdomain/yourdomain.conf) and removed these entries:

• Le_OrderFinalize
• Le_LinkOrder
• Le_LinkCert
• Le_CertCreateTime
• Le_CertCreateTimeStr
• Le_NextRenewTimeStr
• Le_NextRenewTime

After re-running acme.sh, I got a new certificate.

So it appears to me like the certificate is generated correctly, but then somehow an old version of it is downloaded. I don't know if this is a bug in acme.sh or on the server.

[pydr]

Same problem.

[mirmire]

same issue and it's annoying.

[TristanH]

Had the same issue, but @bernhardmiller's solution fixed it (thank you!!)

[annizal]

I had the same problem after adding a new SAN to my certificate. acme.sh verified all the SANs (including the new one), but the certificate it returned in the end was the one I generated over a month ago.

I have worked around this problem for now by editing the .conf file (~/.acme.sh/yourdomain/yourdomain.conf) and removed these entries:

• Le_OrderFinalize
• Le_LinkOrder
• Le_LinkCert
• Le_CertCreateTime
• Le_CertCreateTimeStr
• Le_NextRenewTimeStr
• Le_NextRenewTime

After re-running acme.sh, I got a new certificate.

So it appears to me like the certificate is generated correctly, but then somehow an old version of it is downloaded. I don't know if this is a bug in acme.sh or on the server.

Thank you very much. I solved the problem in your way.

[shiningstarts]

您好，来信已收到，我会尽快回复的。

[WainWong]

I had the same problem after adding a new SAN to my certificate. acme.sh verified all the SANs (including the new one), but the certificate it returned in the end was the one I generated over a month ago.

I have worked around this problem for now by editing the .conf file (~/.acme.sh/yourdomain/yourdomain.conf) and removed these entries:

• Le_OrderFinalize
• Le_LinkOrder
• Le_LinkCert
• Le_CertCreateTime
• Le_CertCreateTimeStr
• Le_NextRenewTimeStr
• Le_NextRenewTime

After re-running acme.sh, I got a new certificate.

So it appears to me like the certificate is generated correctly, but then somehow an old version of it is downloaded. I don't know if this is a bug in acme.sh or on the server.

Solved with your method, you are great!

[bernhardmiller]

@shiningstarts Why did you close the issue? It looks to me like it is not fixed yet, I just had the same problem again.

[jenlampton]

I also just ran into this, it's still a problem. @shiningstarts can you please re-open this issue?

[shiningstarts]

seems unresolved

[shiningstarts]

seems unresolved

@shiningstarts Why did you close the issue? It looks to me like it is not fixed yet, I just had the same problem again.

reopen

[lacek]

Got the same issue with acme.sh v3.0.5 on several certificates.

One of the configuration was linked to ZeroSSL web app, so I could simply download the new certificates from https://app.zerossl.com/certificates/issued.

The rest were not linked, so I cannot download the certificates from the web app (tried register the EAB credentials but the renewed certificate just won't appear on the web app anyway). Tried the workaround in https://github.com/acmesh-official/acme.sh/issues/4041#issuecomment-1114579352 and it works.

[MakselPr]

I have worked around this problem for now by editing the .conf file (~/.acme.sh/yourdomain/yourdomain.conf) and removed these entries:

* Le_OrderFinalize

* Le_LinkOrder

* Le_LinkCert

* Le_CertCreateTime

* Le_CertCreateTimeStr

* Le_NextRenewTimeStr

* Le_NextRenewTime

acme.sh --version v3.0.6 same problem and your method worked

[felixsanz]

happened to me too, and annizal instructions worked! thanks!

[Mimiz06]

I had the same problem after adding a new SAN to my certificate. acme.sh verified all the SANs (including the new one), but the certificate it returned in the end was the one I generated over a month ago.

I have worked around this problem for now by editing the .conf file (~/.acme.sh/yourdomain/yourdomain.conf) and removed these entries:

• Le_OrderFinalize
• Le_LinkOrder
• Le_LinkCert
• Le_CertCreateTime
• Le_CertCreateTimeStr
• Le_NextRenewTimeStr
• Le_NextRenewTime

After re-running acme.sh, I got a new certificate.

So it appears to me like the certificate is generated correctly, but then somehow an old version of it is downloaded. I don't know if this is a bug in acme.sh or on the server.

NICE !!!!!

[marc0adam]

Just had the same issue. Thanks for the manual work-around, but it'd be nice if the bug could be fixed.

[fernvenue]

Hi @Neilpang, why you just close this issue? Is there any update related to this?

[Neilpang]

I just got 2 different certs in manual mode(issue + renew first cert, and then deactivate, then issue +renew for the second cert). Worked as expected.

[mnik247]

Just had the same issue with 3.0.7. Use tmp manual work-around,

[MakselPr]

3.0.7 same problem using the command: /root/.acme.sh/acme.sh --renew -d *.xxx.xxx --yes-I-know-dns-manual-mode-enough-go-ahead-please

[sedgwickz]

Just had the same issue.

[ltraveler]

This is the Bash solution: sed -i '/^\(Le_OrderFinalize\|Le_LinkOrderor\|Le_LinkCert\|Le_CertCreateTime\|Le_CertCreateTimeStr\|Le_NextRenewTimeStr\|Le_NextRenewTime\|Le_LinkOrder\)/d' ~/.acme.sh/your_domain/your_domain.conf Please replace 'your_domain' to your actual domain that you intend to renew.