acme.sh
acme.sh copied to clipboard
acmesh-official
No ecc specified, but domain.com.conf: Le_Keylength='ec-256' and the directory is created: /root/.acme.sh/domain.com_ecc/
acme.sh --issue --force --dns dns_gd --server letsencrypt --dnssleep 10 -d domain.com -d *.domain.com --challenge-alias sampledomainforvalidation.com --renew-hook '/usr/local/bin/hitch-renew-hook'
in /root/.acme.sh/domain.com_ecc/ there are also no ecc related.
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
hehe
acme.sh --issue --force --dns dns_gd --server letsencrypt --dnssleep 10 -d domain.com -d *.domain.com --challenge-alias sampledomainforvalidation.com --renew-hook '/usr/local/bin/hitch-renew-hook'
In domain.com.conf: why there is Le_Keylength='ec-256'???
Le_Domain='domain.com' Le_Alt='*.domain.com' Le_Webroot='dns_gd' Le_PreHook='' Le_PostHook='' Le_RenewHook='XXXXX' Le_ChallengeAlias='somedomainforvalidation.com,' Le_API='https://acme-v02.api.letsencrypt.org/directory' Le_Keylength='ec-256' Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/XXXXXXXXXXXX' Le_DNSSleep='10' Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/XXXXXXXXXXXXXXXXXXXX' Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/XXXXXXXXXXXXXXXXXXXXXX' Le_CertCreateTime='1681037621' Le_CertCreateTimeStr='2023-04-09T10:53:41Z' Le_NextRenewTimeStr='2023-06-07T10:53:41Z' Le_NextRenewTime='1686135221'
https://github.com/acmesh-official/acme.sh v3.0.6 [Sun Apr 9 18:44:03 CST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory [Sun Apr 9 18:44:03 CST 2023] Running cmd: issue [Sun Apr 9 18:44:03 CST 2023] _main_domain='domain.com' [Sun Apr 9 18:44:03 CST 2023] _alt_domains='*.domain.com' [Sun Apr 9 18:44:03 CST 2023] Using config home:/root/.acme.sh [Sun Apr 9 18:44:03 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Sun Apr 9 18:44:03 CST 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Sun Apr 9 18:44:03 CST 2023] _ACME_SERVER_PATH='directory' [Sun Apr 9 18:44:03 CST 2023] DOMAIN_PATH='/root/.acme.sh/domain.com_ecc'
[Sun Apr 9 18:45:08 CST 2023] Your cert is in: /root/.acme.sh/domain.com_ecc/domain.com.cer [Sun Apr 9 18:45:08 CST 2023] Your cert key is in: /root/.acme.sh/domain.com_ecc/domain.com.key [Sun Apr 9 18:45:08 CST 2023] The intermediate CA cert is in: /root/.acme.sh/domain.com_ecc/ca.cer [Sun Apr 9 18:45:08 CST 2023] And the full chain certs is there: /root/.acme.sh/domain.com_ecc/fullchain.cer [Sun Apr 9 18:45:08 CST 2023] _on_issue_success [Sun Apr 9 18:45:08 CST 2023] '' does not contain 'dns'
Remove will use DOMAIN_PATH='/root/.acme.sh/domain.com'
acme.sh --remove --debug 2 -d domain.com [Sun Apr 9 19:15:28 CST 2023] _is_idn_d='domain.com' [Sun Apr 9 19:15:28 CST 2023] _idn_temp [Sun Apr 9 19:15:28 CST 2023] Lets find script dir. [Sun Apr 9 19:15:28 CST 2023] SCRIPT='/root/.acme.sh/acme.sh' [Sun Apr 9 19:15:28 CST 2023] _script='/root/.acme.sh/acme.sh' [Sun Apr 9 19:15:28 CST 2023] _script_home='/root/.acme.sh' [Sun Apr 9 19:15:28 CST 2023] Using config home:/root/.acme.sh [Sun Apr 9 19:15:28 CST 2023] LE_WORKING_DIR='/root/.acme.sh' https://github.com/acmesh-official/acme.sh v3.0.6 [Sun Apr 9 19:15:28 CST 2023] Running cmd: remove [Sun Apr 9 19:15:28 CST 2023] Using config home:/root/.acme.sh [Sun Apr 9 19:15:28 CST 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Sun Apr 9 19:15:28 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Sun Apr 9 19:15:28 CST 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Sun Apr 9 19:15:28 CST 2023] _ACME_SERVER_PATH='directory' [Sun Apr 9 19:15:28 CST 2023] DOMAIN_PATH='/root/.acme.sh/domain.com' [Sun Apr 9 19:15:28 CST 2023] domain.com is removed, the key and cert files are in /root/.acme.sh/domain.com [Sun Apr 9 19:15:28 CST 2023] You can remove them by yourself.
It seems it is set ec-256 as default (by mistake) and produced certs without ecc.
A temp fix is to add --keylength 2048/4096