acme.sh
acme.sh copied to clipboard
acmesh-official
Deploy Error
Hi all, I am following this guide for setting up ACME.SH to renew my Synology cert automatically in Docker. I was able to get the cert renewed but it just keep failed to deploy. Can any pros shed me some light?
Steps to reproduce
- Batch job failed to run
- Manually use terminal to run renew cert command
acme.sh --issue -d xxx.xxx.com -d xxx.xxx.com -d xxx.xxx.com -d xxx.xxx.com --dns 'dns_cf' --force
acme.sh --deploy -d xxx.xxx.com -d xxx.xxx.com -d xxx.xxx.com -d xxx.xxx.com --deploy-hook acme --debug 2
- Failed to deploy with error below
Debug log
Terminal SH > acme.sh --deploy -d ‘xxx.xxx.com’ -d ‘xxx.xxx.com’ -d ‘xxx.xxx.com’ -d ‘xxx.xxx.com’ --deploy-hook acme --debug 2
[Mon Jan 30 05:44:29 UTC 2023] Lets find script dir.
[Mon Jan 30 05:44:29 UTC 2023] _SCRIPT_=’/usr/local/bin/acme.sh’
[Mon Jan 30 05:44:29 UTC 2023] _script=’/root/.acme.sh/acme.sh’
[Mon Jan 30 05:44:29 UTC 2023] _script_home=’/root/.acme.sh’
[Mon Jan 30 05:44:29 UTC 2023] Using default home:/root/.acme.sh
[Mon Jan 30 05:44:29 UTC 2023] Using config home:/acme.sh
[Mon Jan 30 05:44:29 UTC 2023] LE_WORKING_DIR=’/root/.acme.sh’
https://github.com/acmesh-official/acme.sh
v3.0.6
[Mon Jan 30 05:44:29 UTC 2023] Running cmd: deploy
[Mon Jan 30 05:44:29 UTC 2023] Using config home:/acme.sh
[Mon Jan 30 05:44:29 UTC 2023] default_acme_server
[Mon Jan 30 05:44:29 UTC 2023] ACME_DIRECTORY=’https://acme.zerossl.com/v2/DV90′
[Mon Jan 30 05:44:29 UTC 2023] _ACME_SERVER_HOST=’acme.zerossl.com’
[Mon Jan 30 05:44:29 UTC 2023] _ACME_SERVER_PATH=’v2/DV90′
[Mon Jan 30 05:44:29 UTC 2023] DOMAIN_PATH=’/acme.sh/xxx.xxx.com’
[Mon Jan 30 05:44:29 UTC 2023] _deployApi=’/root/.acme.sh/acme.sh’
/usr/local/bin/acme.sh: /root/.acme.sh/acme.sh: line 7974: xx.xxx.com: not found
[Mon Jan 30 05:44:29 UTC 2023] Load file /root/.acme.sh/acme.sh error. Please check your api file and try again.
[Mon Jan 30 05:44:29 UTC 2023] Deploy error.
/ # acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.6
account.conf
export CF_Key="XXX"
export CF_Email="XXX"
export SYNO_Scheme="XXX"
export SYNO_Port="XXX"
export SYNO_Hostname="XXX"
export SYNO_Username="XXX"
export SYNO_Certificate="XXX"
export SYNO_Password="XXX"
export SYNO_DID="XXX"
export SYNO_Create=1
AUTO_UPGRADE="XXX"
SAVED_CF_Key="XXX"
SAVED_CF_Email="XXX"
USER_PATH="XXX"
UPGRADE_HASH="XXX"
DEFAULT_ACME_SERVER="XXX"
Terminal SH ls -la on acme.sh directory
/ # ls -la acme.sh/*
-rwxr-xr-x 1 root root 671 Jan 30 06:31 acme.sh/account.conf
-rwxr-xr-x 1 root root 490 Jan 30 06:29 acme.sh/http.header
acme.sh/ca:
total 0
drwxr-xr-x 1 root root 88 Jan 30 06:28 .
drwxr-xr-x 1 1026 users 146 Jan 30 05:13 ..
drwxr-xr-x 1 root root 18 Jan 30 06:28 acme-v02.api.letsencrypt.org
drwxr-xr-x 1 root root 4 Oct 26 16:03 acme.zerossl.com
acme.sh/xxx.xxx.com:
total 36
drwxr-xr-x 1 root root 310 Oct 26 16:07 .
drwxr-xr-x 1 1026 users 146 Jan 30 05:13 ..
-rwxr-xr-x 1 root root 4399 Dec 25 01:00 ca.cer
-rwxr-xr-x 1 root root 6793 Dec 25 01:00 fullchain.cer
-rwxr-xr-x 1 root root 2394 Dec 25 01:00 xxx.xxx.com.cer
-rwxr-xr-x 1 root root 1024 Jan 30 06:31 xxx.xxx.com.conf
-rwxr-xr-x 1 root root 1115 Dec 25 00:57 xxx.xxx.com.csr
-rwxr-xr-x 1 root root 268 Dec 25 00:57 xxx.xxx.com.csr.conf
-rw------- 1 root root 1675 Oct 26 16:04 xxx.xxx.com.key
acme.sh/xxx.xxx.com_ecc:
total 32
drwxr-xr-x 1 root root 310 Jan 30 05:16 .
drwxr-xr-x 1 1026 users 146 Jan 30 05:13 ..
-rwxr-xr-x 1 root root 3751 Jan 30 06:29 ca.cer
-rwxr-xr-x 1 root root 5426 Jan 30 06:29 fullchain.cer
-rwxr-xr-x 1 root root 1675 Jan 30 06:29 xxx.xxx.com.cer
-rwxr-xr-x 1 root root 673 Jan 30 06:29 xxx.xxx.com.conf
-rwxr-xr-x 1 root root 582 Jan 30 06:28 xxx.xxx.com.csr
-rwxr-xr-x 1 root root 268 Jan 30 06:28 xxx.xxx.com.csr.conf
-rw------- 1 root root 227 Jan 30 05:13 xxx.xxx.com.key
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I've tried to spin up another docker follow the guide, the result is same, showing deploy error Issue Cert successful
....(Lots of signing messages)
[Mon Jan 30 12:32:57 UTC 2023] Removed: Success
[Mon Jan 30 12:32:57 UTC 2023] Verify finished, start to sign.
[Mon Jan 30 12:32:57 UTC 2023] Lets finalize the order.
[Mon Jan 30 12:32:57 UTC 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/xxx/finalize'
[Mon Jan 30 12:33:01 UTC 2023] Order status is processing, lets sleep and retry.
[Mon Jan 30 12:33:01 UTC 2023] Retry after: 15
[Mon Jan 30 12:33:17 UTC 2023] Polling order status: https://acme.zerossl.com/v2/DV90/order/xxx
[Mon Jan 30 12:33:21 UTC 2023] Downloading cert.
[Mon Jan 30 12:33:21 UTC 2023] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/xxx'
[Mon Jan 30 12:33:25 UTC 2023] Cert success.
-----BEGIN CERTIFICATE-----
xxx==
-----END CERTIFICATE-----
[Mon Jan 30 12:33:25 UTC 2023] Your cert is in: /acme.sh/rxxx.kxxx.com_ecc/rxxx.kxxx.com.cer
[Mon Jan 30 12:33:25 UTC 2023] Your cert key is in: /acme.sh/rxxx.kxxx.com_ecc/rxxx.kxxx.com.key
[Mon Jan 30 12:33:25 UTC 2023] The intermediate CA cert is in: /acme.sh/rxxx.kxxx.com_ecc/ca.cer
[Mon Jan 30 12:33:25 UTC 2023] And the full chain certs is there: /acme.sh/rxxx.kxxx.com_ecc/fullchain.cer
Deploy Cert
/ # acme.sh --deploy --deploy-hook acme -d rxxx.kxxx.com -d rxxx.bxxx.com -d pxxx.bxxx.com -d pxxx.kxxx.com --debug 2
[Mon Jan 30 12:48:21 UTC 2023] Lets find script dir.
[Mon Jan 30 12:48:21 UTC 2023] _SCRIPT_='/usr/local/bin/acme.sh'
[Mon Jan 30 12:48:21 UTC 2023] _script='/root/.acme.sh/acme.sh'
[Mon Jan 30 12:48:21 UTC 2023] _script_home='/root/.acme.sh'
[Mon Jan 30 12:48:21 UTC 2023] Using default home:/root/.acme.sh
[Mon Jan 30 12:48:21 UTC 2023] Using config home:/acme.sh
[Mon Jan 30 12:48:21 UTC 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.6
[Mon Jan 30 12:48:21 UTC 2023] Running cmd: deploy
[Mon Jan 30 12:48:21 UTC 2023] Using config home:/acme.sh
[Mon Jan 30 12:48:21 UTC 2023] default_acme_server
[Mon Jan 30 12:48:21 UTC 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Mon Jan 30 12:48:21 UTC 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Mon Jan 30 12:48:21 UTC 2023] _ACME_SERVER_PATH='v2/DV90'
[Mon Jan 30 12:48:21 UTC 2023] The domain 'rxxx.kxxx.com' seems to have a ECC cert already, lets use ecc cert.
[Mon Jan 30 12:48:21 UTC 2023] DOMAIN_PATH='/acme.sh/rxxx.kxxx.com_ecc'
[Mon Jan 30 12:48:21 UTC 2023] _deployApi='/root/.acme.sh/acme.sh'
/usr/local/bin/acme.sh: /root/.acme.sh/acme.sh: line 7974: rxxx.kxxx.com: not found
[Mon Jan 30 12:48:21 UTC 2023] Load file /root/.acme.sh/acme.sh error. Please check your api file and try again.
[Mon Jan 30 12:48:21 UTC 2023] Deploy error.
/ # ^C
@kavierkoo
The guide you linked to shows --deploy-hook synology_dsm which I believe is correct.
Looks like you typo'ed it with --deploy-hook acme
I believe by passing acme it is creating a recursive call to the acme.sh script for the deploy rather than calling the synology deploy hook.
@kavierkoo The guide you linked to shows
--deploy-hook synology_dsmwhich I believe is correct. Looks like you typo'ed it with--deploy-hook acmeI believe by passing acme it is creating a recursive call to theacme.shscript for the deploy rather than calling the synology deploy hook.
Hey Daniel, thanks for replying. I posted the typo-ed one here but when I tried to use --deploy-hook synology-dsm, I got the same error.
I see during issue, it was given an _ecc cert but during deploy it cant find the non _ecc directory. Will this be the cause of issue?
Issue
/ # acme.sh --issue -d rxxx.kxxxx.com -d rxxx.bxxx.com -d pxxx.bxxx.com -d pxxx.kxxx.com --dns 'dns_cf' --force
[Tue Feb 21 05:30:50 UTC 2023] Using CA: https://acme.zerossl.com/v2/DV90
[Tue Feb 21 05:30:50 UTC 2023] Creating domain key
[Tue Feb 21 05:30:50 UTC 2023] The domain key is here: /acme.sh/rxxx.kxxxx.com_ecc/rxxx.kxxx.com.key
[Tue Feb 21 05:30:50 UTC 2023] Multi domain='DNS:rxxx.kxxxx.com,DNS:rxxx.bxxx.com,DNS:pxxx.bxxx.com,DNS:pxxx.kxxxx.com'
[Tue Feb 21 05:30:50 UTC 2023] Getting domain auth token for each domain
[Tue Feb 21 05:31:06 UTC 2023] Getting webroot for domain='rxxx.kxxxx.com'
[Tue Feb 21 05:31:06 UTC 2023] Getting webroot for domain='rxxx.bxxx.com'
[Tue Feb 21 05:31:06 UTC 2023] Getting webroot for domain='pxxx.bxxx.com'
[Tue Feb 21 05:31:06 UTC 2023] Getting webroot for domain='pxxx.kxxxx.com'
[Tue Feb 21 05:33:24 UTC 2023] Cert success.
[Tue Feb 21 05:33:24 UTC 2023] Your cert is in: /acme.sh/rxxx.kxxxx.com_ecc/rxxx.kxxxx.com.cer
[Tue Feb 21 05:33:24 UTC 2023] Your cert key is in: /acme.sh/rxxx.kxxxx.com_ecc/rxxx.kxxx.com.key
[Tue Feb 21 05:33:24 UTC 2023] The intermediate CA cert is in: /acme.sh/rxxx.kxxxx.com_ecc/ca.cer
[Tue Feb 21 05:33:24 UTC 2023] And the full chain certs is there: /acme.sh/rxxx.kxxxx.com_ecc/fullchain.cer
Deploy
/ # acme.sh --deploy -d rxxx.kxxx.com -d rxxx.bxxx.com -d pxxx.kxxx.com -d pxxx.bxxx.com --deploy-hook synology_dsm --debug 2
[Tue Feb 21 05:44:00 UTC 2023] Lets find script dir.
[Tue Feb 21 05:44:00 UTC 2023] _SCRIPT_='/usr/local/bin/acme.sh'
[Tue Feb 21 05:44:00 UTC 2023] _script='/root/.acme.sh/acme.sh'
[Tue Feb 21 05:44:00 UTC 2023] _script_home='/root/.acme.sh'
[Tue Feb 21 05:44:00 UTC 2023] Using default home:/root/.acme.sh
[Tue Feb 21 05:44:00 UTC 2023] Using config home:/acme.sh
[Tue Feb 21 05:44:00 UTC 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.6
[Tue Feb 21 05:44:00 UTC 2023] Running cmd: deploy
[Tue Feb 21 05:44:00 UTC 2023] Using config home:/acme.sh
[Tue Feb 21 05:44:00 UTC 2023] default_acme_server
[Tue Feb 21 05:44:00 UTC 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Tue Feb 21 05:44:00 UTC 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Tue Feb 21 05:44:00 UTC 2023] _ACME_SERVER_PATH='v2/DV90'
[Tue Feb 21 05:44:00 UTC 2023] DOMAIN_PATH='/acme.sh/rxxx.kxxx.com'
/usr/local/bin/acme.sh: .: line 5775: can't open '/acme.sh/rxxx.kxxx.com/rxxx.kxxx.com.
conf': No such file or directory
It's not the same error. Previously it showed
/usr/local/bin/acme.sh: /root/.acme.sh/acme.sh: line 7974: rxxx.kxxx.com: not found
[Mon Jan 30 12:48:21 UTC 2023] Load file /root/.acme.sh/acme.sh error. Please check your api file and try again.
Now it's complaining that it can't find the config file:
/usr/local/bin/acme.sh: .: line 5775: can't open '/acme.sh/rxxx.kxxx.com/rxxx.kxxx.com.
conf': No such file or directory
That output looks off - it appears there's a carriage return or line feed in the config file name it's trying to open.
To confirm, make a backup copy of acme.sh, then edit it and just before line 5775 put a debug statement, like this:
_debug2 DOMAIN_CONF "$DOMAIN_CONF"
. "$DOMAIN_CONF"
Run that same command again with debug 2 and let's see what the config file variable is set to. Additionally, you might have a weird variable inside your shell from different attempts to run/troubleshoot that could be throwing this off? Maybe try ensuring that variable is clear before running acme:
export DOMAIN_CONF=""
acme.sh --deploy -d rxxx.kxxx.com -d rxxx.bxxx.com -d pxxx.kxxx.com -d pxxx.bxxx.com --deploy-hook synology_dsm --debug 2
Added PR https://github.com/acmesh-official/acme.sh/pull/4515 to add this debug statement for future use as well.
vi /root/.acme.sh/acme.sh
_debug2 DOMAIN_CONF "$DOMAIN_CONF"
. "$DOMAIN_CONF"
re-run
~/.acme.sh # acme.sh --deploy -d rxxx.kxxx.com -d rxxx.bxxx.com -d pxxx.bxxx.com -d pxxx.kxxx.com --deploy-hook
synology_dsm --debug 2
[Fri May 5 14:42:22 UTC 2023] Lets find script dir.
[Fri May 5 14:42:22 UTC 2023] _SCRIPT_='/usr/local/bin/acme.sh'
[Fri May 5 14:42:22 UTC 2023] _script='/root/.acme.sh/acme.sh'
[Fri May 5 14:42:22 UTC 2023] _script_home='/root/.acme.sh'
[Fri May 5 14:42:22 UTC 2023] Using default home:/root/.acme.sh
[Fri May 5 14:42:22 UTC 2023] Using config home:/acme.sh
[Fri May 5 14:42:22 UTC 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.6
[Fri May 5 14:42:22 UTC 2023] Running cmd: deploy
[Fri May 5 14:42:22 UTC 2023] Using config home:/acme.sh
[Fri May 5 14:42:22 UTC 2023] default_acme_server
[Fri May 5 14:42:22 UTC 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri May 5 14:42:22 UTC 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri May 5 14:42:22 UTC 2023] _ACME_SERVER_PATH='v2/DV90'
[Fri May 5 14:42:22 UTC 2023] DOMAIN_PATH='/acme.sh/rxxx.kxxx.com'
[Fri May 5 14:42:22 UTC 2023] DOMAIN_CONF='/acme.sh/rxxx.kxxx.com/rxxx.kxxx.com.conf'
/usr/local/bin/acme.sh: .: line 5790: can't open '/acme.sh/rxxx.kxxx.com/rxxx.kxxx.com.conf': No such file or directory
I can see it is trying to find /acme.sh/rxxx.kxxx.com/rxxx.kxxx.com.conf but it is not exists
~/.acme.sh # ls /acme.sh/rxxx.kxxx.com/
ca.cer rxxx.kxxx.com.cer rxxx.kxxx.com.csr rxxx.kxxx.com.key
fullchain.cer rxxx.kxxx.com.conf.back rxxx.kxxx.com.csr.conf
whereas .conf file is in _ecc folder
~/.acme.sh # ls /acme.sh/rxxx.kxxx.com_ecc/
ca.cer rxxx.kxxx.com.cer rxxx.kxxx.com.conf.back rxxx.kxxx.com.csr.conf
fullchain.cer rxxx.kxxx.com.conf rxxx.kxxx.com.csr rxxx.kxxx.com.key