Jump to content
Froxlor Forum
  • 0
xep22

Einige LE Zertifikate fehlen nach Update

Question

ich habe folgendes Problem, ich habe gerade froxlor upgedatet. danach waren bei Konfiguration -> SSL Zertifikate keine Zertifikate mehr gelistet. sie sind aber noch in /etc/ssl/froxlor/. daher habe ich einfach mal den froxlor-Cronjob laufen lassen :

/usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --force

Nacheinander kamen dann die zertifikate wieder, in der Konsole waren teils aber auch fehlermeldungen.  für eine Domain und eine Subdomain fehlen die Zertifikate jetzt aber noch, ich habe die Haken für SSL in den Domain-Einstellungen rausgenommen und wieder rein gemacht,bei einer Domain half das und das Zert. wurde generiert, bei der letzten geht das jetzt aber nicht... folgender Fehler kommt bei der Domain wenn ich den froxlor-Cronjob neu ausführe :

root@root:/var/www# /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --force
[error] Could not get Let's Encrypt certificate for EXAMPLE.de:
[Fr 6. Mär 11:09:31 CET 2020] Domains not changed.
[Fr 6. Mär 11:09:31 CET 2020] Skip, Next renewal time is: Di 5. Mai 10:01:16 UTC 2020
[Fr 6. Mär 11:09:31 CET 2020] Add '--force' to force to renew.
root@root:/var/www# /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --force
[error] Could not get Let's Encrypt certificate for EXAMPLE.de:
[Fr 6. Mär 11:11:01 CET 2020] Domains not changed.
[Fr 6. Mär 11:11:01 CET 2020] Skip, Next renewal time is: Di 5. Mai 10:01:16 UTC 2020
[Fr 6. Mär 11:11:01 CET 2020] Add '--force' to force to renew.

wo soll ich denn das --force anhängen ? Kann jemand helfen ? Debug ausgabe:

Spoiler

root@root:/var/www# php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Requesting/renewing Let's Encrypt certificates
[information] Creating certificate for EXAMPLE.de
[information] Adding SAN entry: EXAMPLE.de
[information] Adding SAN entry: www.EXAMPLE.de
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Fr 6. Mär 11:28:44 CET 2020] Already uptodate!
[Fr 6. Mär 11:28:44 CET 2020] Upgrade success!
[Fr 6. Mär 11:28:44 CET 2020] Removing cron job
[Fr 6. Mär 11:28:44 CET 2020] Lets find script dir.
[Fr 6. Mär 11:28:44 CET 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fr 6. Mär 11:28:44 CET 2020] _script='/root/.acme.sh/acme.sh'
[Fr 6. Mär 11:28:44 CET 2020] _script_home='/root/.acme.sh'
[Fr 6. Mär 11:28:44 CET 2020] Using default home:/root/.acme.sh
[Fr 6. Mär 11:28:44 CET 2020] Using config home:/root/.acme.sh
[Fr 6. Mär 11:28:44 CET 2020] Using server: https://acme-v02.api.letsencrypt.org/directory
[Fr 6. Mär 11:28:44 CET 2020] Running cmd: issue
[Fr 6. Mär 11:28:44 CET 2020] _main_domain='EXAMPLE.de'
[Fr 6. Mär 11:28:44 CET 2020] _alt_domains='www.EXAMPLE.de'
[Fr 6. Mär 11:28:44 CET 2020] Using config home:/root/.acme.sh
[Fr 6. Mär 11:28:44 CET 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fr 6. Mär 11:28:44 CET 2020] DOMAIN_PATH='/root/.acme.sh/EXAMPLE.de'
[Fr 6. Mär 11:28:44 CET 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fr 6. Mär 11:28:44 CET 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fr 6. Mär 11:28:44 CET 2020] GET
[Fr 6. Mär 11:28:44 CET 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Fr 6. Mär 11:28:44 CET 2020] timeout=
[Fr 6. Mär 11:28:44 CET 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Fr 6. Mär 11:28:44 CET 2020] ret='0'
[Fr 6. Mär 11:28:45 CET 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fr 6. Mär 11:28:45 CET 2020] ACME_NEW_AUTHZ
[Fr 6. Mär 11:28:45 CET 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fr 6. Mär 11:28:45 CET 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fr 6. Mär 11:28:45 CET 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fr 6. Mär 11:28:45 CET 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Fr 6. Mär 11:28:45 CET 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fr 6. Mär 11:28:45 CET 2020] ACME_VERSION='2'
[Fr 6. Mär 11:28:45 CET 2020] Le_NextRenewTime='1588586476'
[Fr 6. Mär 11:28:45 CET 2020] _saved_domain='EXAMPLE.de'
[Fr 6. Mär 11:28:45 CET 2020] _saved_alt='www.EXAMPLE.de'
[debug] https://github.com/acmesh-official/acme.sh
v2.8.6
[Fr 6. Mär 11:28:45 CET 2020] Domains not changed.
[Fr 6. Mär 11:28:45 CET 2020] Skip, Next renewal time is: Di 5. Mai 10:01:16 UTC 2020
[Fr 6. Mär 11:28:45 CET 2020] Add '--force' to force to renew.
[error] Could not get Let's Encrypt certificate for EXAMPLE.de:
https://github.com/acmesh-official/acme.sh
v2.8.6
[Fr 6. Mär 11:28:45 CET 2020] Domains not changed.
[Fr 6. Mär 11:28:45 CET 2020] Skip, Next renewal time is: Di 5. Mai 10:01:16 UTC 2020
[Fr 6. Mär 11:28:45 CET 2020] Add '--force' to force to renew.
[information] No new certificates or certificates due for renewal found
[notice] Checking system's last guid
 

 

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

1) Je nachdem welches Update du gemacht hast wurden die (alten) Zertifikate entfernt da sich die Let's Encrypt Integration geändert hat

2) Die Zertifikate in /etc/ssl/froxlor/ werden automatisch vom cronjob anhand der Daten aus der Datenbank erstellt, daher sind die natürlich auch dennoch noch vorhanden

3) Bei der EXAMPLE.de hat sich acme.sh/let's encrypt vllt "verschluckt". Einfach (sofern vorhanden) in der SSL-Zertifikate Übersicht löschen und auf der console via "/root/.acme.sh/acme.sh remove EXAMPLE.de" dort auch entfernen. Am besten auch den ganzen Ordner /root/.acme.sh/EXAMPLE.de/ - dann neu via froxlor aktivieren und cron abwarten

2 hours ago, xep22 said:

wo soll ich denn das --force anhängen ?

Zum Übergeben an acme.sh - garnicht, sollte eigentlich NIE nötig sein

Share this post


Link to post
Share on other sites
  • 0

gemacht, aber irgendwie kommt in der SSL Übersicht kein Zert. 😕

Debug Befehl sagt immer noch "Domains not changed"

Share this post


Link to post
Share on other sites
  • 0

Dann hast du nicht korrekt gelöscht

Share this post


Link to post
Share on other sites
  • 0

habe jetzt einfach erstmal ein Backup eingespielt...

was mir direkt jetzt auffällt in der Log:

Could not get Let's Encrypt certificate for XXX.de: No authorizations received for www.XXX.de Whole response: {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status":400}

liegt das an der alten froxlor Version (0.9.40.1)?

ich habe da auch noch gar nicht den ordner .acme.sh in /root/

Ich werden froxlor jetzt wie hier gezeigt updaten, richtig ? :D

https://github.com/Froxlor/Froxlor/wiki/Updating-Froxlor

Share this post


Link to post
Share on other sites
  • 0

Erledigt. jetzt wieder der Fehler:

Es wurden keine SSL-Zertifikate gefunden
 
Was nun tun? den .acme.sh Ordner in /root/ habe ich immer noch nicht.

2020-03-06_17.54.18.png

Share this post


Link to post
Share on other sites
  • 0

Dann entweder cron abwarten oder manuell forcieren und am besten mit debug flag gucken was passiert...

Share this post


Link to post
Share on other sites
  • 0

danke, warten hat geholfen. nun fehlen wieder 1 Zertifikat und 1 für eine Subdomain. soll ich das mit dem Löschen nochmal machen? und vorher in froxlor die 3 Haken raus für SSL (unter anderem "SSL Zertifikat erstellen") raus ? 

Share this post


Link to post
Share on other sites
  • 0

Nicht einfach blind.. Guck doch erstmal was in der log steht wieso er das Zertifikat nicht holt

Share this post


Link to post
Share on other sites
  • 0

zur Domain wieder:

Could not get Let's Encrypt certificate for XXX.de: [Fr 6. Mär 18:55:13 CET 2020] Domains not changed. [Fr 6. Mär 18:55:13 CET 2020] Skip, Next renewal time is: Di 5. Mai 17:36:05 UTC 2020 [Fr 6. Mär 18:55:13 CET 2020] Add '--force' to force to renew.

für die eine Subdomain habe ich die Haken mal entfernt, das acme-Script ausgeführt und den Ordner gelöscht. Dann wieder die Haken gesetzt, das Zertifikat ist jetzt zwar da, aber die Browser sagen immer noch "nicht sicher" o.O

Edit: ok bei der Subdomain liegts aber an Bildern oder so. also die geht jetzt.

Share this post


Link to post
Share on other sites
  • 0
13 hours ago, xep22 said:

Edit: ok bei der Subdomain liegts aber an Bildern oder so. also die geht jetzt.

Ich hab da keine Frage erkannt....

Share this post


Link to post
Share on other sites
  • 0
16 hours ago, d00p said:

Dann hast du nicht korrekt gelöscht

Gleiches Spiel

Share this post


Link to post
Share on other sites
  • 0

doch wie dus geschrieben hast... In froxlor die 3 SSL Haken raus, acme-Befehl in Putty, Ordner gelöscht. 3 Haken wieder rein, gewartet. Ordner wurde erstellt, in der SSL Übersicht in Froxlor fehlt es aber. Log sagt diesen Fehler.

Richtig?

Share this post


Link to post
Share on other sites
  • 0

Dann mach doch einfach mal den cron-dienst AUS und starte den cron manuell mit --force und --debug damit du genauere infos bekommst. Siehe:

14 hours ago, d00p said:

Nicht einfach blind.. Guck doch erstmal was in der log steht wieso er das Zertifikat nicht holt

 

Share this post


Link to post
Share on other sites
  • 0

welchen cron soll ich manuell starten? welcher befehl ? Und bei Cronjob-Einstellungen den "Aktualisierung der Let's Encrypt Zertifikate" Cron deaktivieren meinst du ? 

Share this post


Link to post
Share on other sites
  • 0
22 hours ago, xep22 said:

/usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug

php 

Share this post


Link to post
Share on other sites
  • 0

achso den ok. aber vorher "Aktualisierung der Let's Encrypt Zertifikate"  deaktivieren?  Ausgabe sagt:

Spoiler

root@root:~# /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --                                                                                                                                                                              force --debug
[information] TasksCron: Searching for tasks to do
[information] Task4 started - Rebuilding froxlor_bind.conf
[information] Cleaning dns zone files from /etc/bind/domains/
[debug] domId    domain                                  ismainbutsubto parent d                                                                                                                                                                              omain                           list of child domain ids
[debug] 1        XXX.de                             0              -                                                                                                                                                                                     
[debug] 36       XXX.de                                 0              -                                                                                                                                                                                     
[debug] 2        XXX                                 0              -                                                                                                                                                                                     
[debug] 25       admin.XXX.de                       0              -                                                                                                                                                                                     
[debug] 3        XXX                                0              -                                                                                                                                                                                     
[debug] 4        XXX                           0              -                                                                                                                                                                                     
[debug] 5        XXX                           0              -                                                                                                                                                                                     
[information] `/etc/bind/domains/XXX.de.zone` written
[debug] Generating dns config for XXX.de
[information] `/etc/bind/domains/XXX.de.zone` written
[debug] Generating dns config for XXX.de
[information] `/etc/bind/domains/XXX.zone` written
[debug] Generating dns config for XXX
[information] `/etc/bind/domains/admin.XXX.de.zone` written
[debug] Generating dns config for admin.XXX.de
[information] `/etc/bind/domains/XXX.zone` written
[debug] Generating dns config for XXX
[information] `/etc/bind/domains/XXX.zone` written
[debug] Generating dns config for XXX
[information] `/etc/bind/domains/XXX.zone` written
[debug] Generating dns config for XXX
[information] froxlor_bind.conf written
[information] Bind daemon reloaded
[information] Task4 finished
[information] Running Let's Encrypt cronjob prior to regenerating webserver conf                                                                                                                                                                              ig files
[information] Requesting/renewing Let's Encrypt certificates
[information] Creating certificate for XXX.de
[information] Adding SAN entry: XXX.de
[information] Adding SAN entry: www.XXX.de
[information] Checking for LetsEncrypt client upgrades before renewing certifica                                                                                                                                                                              tes:
[Sa 7. Mär 09:35:24 CET 2020] Already uptodate!
[Sa 7. Mär 09:35:24 CET 2020] Upgrade success!
[Sa 7. Mär 09:35:25 CET 2020] Removing cron job
[Sa 7. Mär 09:35:25 CET 2020] Lets find script dir.
[Sa 7. Mär 09:35:25 CET 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sa 7. Mär 09:35:25 CET 2020] _script='/root/.acme.sh/acme.sh'
[Sa 7. Mär 09:35:25 CET 2020] _script_home='/root/.acme.sh'
[Sa 7. Mär 09:35:25 CET 2020] Using default home:/root/.acme.sh
[Sa 7. Mär 09:35:25 CET 2020] Using config home:/root/.acme.sh
[Sa 7. Mär 09:35:25 CET 2020] Using server: https://acme-v02.api.letsencrypt.org                                                                                                                                                                              /directory
[Sa 7. Mär 09:35:25 CET 2020] Running cmd: issue
[Sa 7. Mär 09:35:25 CET 2020] _main_domain='XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] _alt_domains='www.XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] Using config home:/root/.acme.sh
[Sa 7. Mär 09:35:25 CET 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.o                                                                                                                                                                              rg/directory'
[Sa 7. Mär 09:35:25 CET 2020] DOMAIN_PATH='/root/.acme.sh/XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsenc                                                                                                                                                                              rypt.org/directory
[Sa 7. Mär 09:35:25 CET 2020] _init api for server: https://acme-v02.api.letsenc                                                                                                                                                                              rypt.org/directory
[Sa 7. Mär 09:35:25 CET 2020] GET
[Sa 7. Mär 09:35:25 CET 2020] url='https://acme-v02.api.letsencrypt.org/director                                                                                                                                                                              y'
[Sa 7. Mär 09:35:25 CET 2020] timeout=
[Sa 7. Mär 09:35:25 CET 2020] _CURL='curl -L --silent --dump-header /root/.acme.                                                                                                                                                                              sh/http.header  -g '
[Sa 7. Mär 09:35:25 CET 2020] ret='0'
[Sa 7. Mär 09:35:25 CET 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.                                                                                                                                                                              org/acme/key-change'
[Sa 7. Mär 09:35:25 CET 2020] ACME_NEW_AUTHZ
[Sa 7. Mär 09:35:25 CET 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.o                                                                                                                                                                              rg/acme/new-order'
[Sa 7. Mär 09:35:25 CET 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt                                                                                                                                                                              .org/acme/new-acct'
[Sa 7. Mär 09:35:25 CET 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt                                                                                                                                                                              .org/acme/revoke-cert'
[Sa 7. Mär 09:35:25 CET 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/                                                                                                                                                                              LE-SA-v1.2-November-15-2017.pdf'
[Sa 7. Mär 09:35:25 CET 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.o                                                                                                                                                                              rg/acme/new-nonce'
[Sa 7. Mär 09:35:25 CET 2020] ACME_VERSION='2'
[Sa 7. Mär 09:35:25 CET 2020] _on_before_issue
[Sa 7. Mär 09:35:25 CET 2020] _chk_main_domain='XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] _chk_alt_domains='www.XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] Le_LocalAddress
[Sa 7. Mär 09:35:25 CET 2020] d='XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] Check for domain='XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] _currentRoot='/var/www/froxlor'
[Sa 7. Mär 09:35:25 CET 2020] d='www.XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] Check for domain='www.XXX.de'
[Sa 7. Mär 09:35:25 CET 2020] _currentRoot='/var/www/froxlor'
[Sa 7. Mär 09:35:25 CET 2020] d
[Sa 7. Mär 09:35:25 CET 2020] _saved_account_key_hash is not changed, skip regis                                                                                                                                                                              ter account.
[Sa 7. Mär 09:35:26 CET 2020] Read key length:
[Sa 7. Mär 09:35:26 CET 2020] Using config home:/root/.acme.sh
[Sa 7. Mär 09:35:26 CET 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.o                                                                                                                                                                              rg/directory'
[Sa 7. Mär 09:35:26 CET 2020] Use length 4096
[Sa 7. Mär 09:35:26 CET 2020] Using RSA: 4096
[Sa 7. Mär 09:35:26 CET 2020] _createcsr
[Sa 7. Mär 09:35:26 CET 2020] d='www.XXX.de'
[Sa 7. Mär 09:35:26 CET 2020] d
[Sa 7. Mär 09:35:26 CET 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sa 7. Mär 09:35:26 CET 2020] payload='{"identifiers": [{"type":"dns","value":"XXX.de"},{"type":"dns","value":"www.XXX.de"}]}'
[Sa 7. Mär 09:35:26 CET 2020] RSA key
[Sa 7. Mär 09:35:26 CET 2020] HEAD
[Sa 7. Mär 09:35:26 CET 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sa 7. Mär 09:35:26 CET 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g  -I  '
[Sa 7. Mär 09:35:27 CET 2020] _ret='0'
[Sa 7. Mär 09:35:27 CET 2020] POST
[Sa 7. Mär 09:35:27 CET 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sa 7. Mär 09:35:27 CET 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sa 7. Mär 09:35:28 CET 2020] _ret='0'
[Sa 7. Mär 09:35:28 CET 2020] code='201'
[Sa 7. Mär 09:35:28 CET 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/79917584/2565491636'
[Sa 7. Mär 09:35:28 CET 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/79917584/2565491636'
[Sa 7. Mär 09:35:28 CET 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3200022624'
[Sa 7. Mär 09:35:28 CET 2020] payload
[Sa 7. Mär 09:35:28 CET 2020] POST
[Sa 7. Mär 09:35:28 CET 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3200022624'
[Sa 7. Mär 09:35:28 CET 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sa 7. Mär 09:35:28 CET 2020] _ret='0'
[Sa 7. Mär 09:35:28 CET 2020] code='200'
[Sa 7. Mär 09:35:28 CET 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3200022625'
[Sa 7. Mär 09:35:28 CET 2020] payload
[Sa 7. Mär 09:35:28 CET 2020] POST
[Sa 7. Mär 09:35:28 CET 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3200022625'
[Sa 7. Mär 09:35:28 CET 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sa 7. Mär 09:35:29 CET 2020] _ret='0'
[Sa 7. Mär 09:35:29 CET 2020] code='200'
[Sa 7. Mär 09:35:29 CET 2020] d='XXX.de'
[Sa 7. Mär 09:35:29 CET 2020] _w='/var/www/froxlor'
[Sa 7. Mär 09:35:29 CET 2020] _currentRoot='/var/www/froxlor'
[Sa 7. Mär 09:35:29 CET 2020] entry='"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/3200022624/otxj0A","token":"1wZ8dpfFO_rBRuvgdKBjbi5JevlRbjqNkl579rZqTIw","validationRecord":[{"url":"http://XXX.de/.well-known/acme-challenge/1wZ8dpfFO_rBRuvgdKBjbi5JevlRbjqNkl579rZqTIw","hostname":"XXX.de","port":"80","addressesResolved":["XXX.XXX.XX.XX"],"addressUsed":"XXX.XXX.XX.XX"'
[Sa 7. Mär 09:35:29 CET 2020] token='1wZ8dpfFO_rBRuvgdKBjbi5JevlRbjqNkl579rZqTIw'
[Sa 7. Mär 09:35:29 CET 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3200022624/otxj0A'
[Sa 7. Mär 09:35:29 CET 2020] keyauthorization='1wZ8dpfFO_rBRuvgdKBjbi5JevlRbjqNkl579rZqTIw.0MJLmX1ZbvsDBZRpnE6oO8Oe4PF5qkyUMMU7q6T7uVc'
[Sa 7. Mär 09:35:29 CET 2020] XXX.de is already verified.
[Sa 7. Mär 09:35:29 CET 2020] keyauthorization='verified_ok'
[Sa 7. Mär 09:35:29 CET 2020] dvlist='XXX.de#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/3200022624/otxj0A#http-01#/var/www/froxlor'
[Sa 7. Mär 09:35:29 CET 2020] d='www.XXX.de'
[Sa 7. Mär 09:35:29 CET 2020] _w='/var/www/froxlor'
[Sa 7. Mär 09:35:29 CET 2020] _currentRoot='/var/www/froxlor'
[Sa 7. Mär 09:35:29 CET 2020] entry='"type":"http-01","status":"valid","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/3200022625/sBBFig","token":"QE0MkthPjSG9OCadLYi3HAHDIctE7wwpy98thPgdeL4","validationRecord":[{"url":"http://www.XXX.de/.well-known/acme-challenge/QE0MkthPjSG9OCadLYi3HAHDIctE7wwpy98thPgdeL4","hostname":"www.XXX.de","port":"80","addressesResolved":["XXX.XXX.XX.XX"],"addressUsed":"XXX.XXX.XX.XX"'
[Sa 7. Mär 09:35:29 CET 2020] token='QE0MkthPjSG9OCadLYi3HAHDIctE7wwpy98thPgdeL4'
[Sa 7. Mär 09:35:29 CET 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3200022625/sBBFig'
[Sa 7. Mär 09:35:29 CET 2020] keyauthorization='QE0MkthPjSG9OCadLYi3HAHDIctE7wwpy98thPgdeL4.0MJLmX1ZbvsDBZRpnE6oO8Oe4PF5qkyUMMU7q6T7uVc'
[Sa 7. Mär 09:35:29 CET 2020] www.XXX.de is already verified.
[Sa 7. Mär 09:35:29 CET 2020] keyauthorization='verified_ok'
[Sa 7. Mär 09:35:29 CET 2020] dvlist='www.XXX.de#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/3200022625/sBBFig#http-01#/var/www/froxlor'
[Sa 7. Mär 09:35:29 CET 2020] d
[Sa 7. Mär 09:35:29 CET 2020] vlist='XXX.de#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/3200022624/otxj0A#http-01#/var/www/froxlor,www.XXX.de#verified_ok#https://acme-v02.api.letsencrypt.org/acme/chall-v3/3200022625/sBBFig#http-01#/var/www/froxlor,'
[Sa 7. Mär 09:35:29 CET 2020] d='XXX.de'
[Sa 7. Mär 09:35:29 CET 2020] XXX.de is already verified, skip http-01.
[Sa 7. Mär 09:35:29 CET 2020] d='www.XXX.de'
[Sa 7. Mär 09:35:29 CET 2020] www.XXX.de is already verified, skip http-01.
[Sa 7. Mär 09:35:29 CET 2020] ok, let's start to verify
[Sa 7. Mär 09:35:29 CET 2020] pid
[Sa 7. Mär 09:35:29 CET 2020] No need to restore nginx, skip.
[Sa 7. Mär 09:35:29 CET 2020] _clearupdns
[Sa 7. Mär 09:35:29 CET 2020] dns_entries
[Sa 7. Mär 09:35:29 CET 2020] skip dns.
[Sa 7. Mär 09:35:29 CET 2020] i='2'
[Sa 7. Mär 09:35:29 CET 2020] j='26'
[Sa 7. Mär 09:35:29 CET 2020] url='https://acme-v02.api.letsencrypt.org/acme/finalize/79917584/2565491636'
[Sa 7. Mär 09:35:29 CET 2020] payload='{"csr": "MIIEljCCAn4CAQAwEjEQMA4GA1UEAwwHaXR2NC5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1jzxLDiHEKXZJ-3y6sI_wGjH8oP2jiC1n1iAfCi6RdCmUvqE_jIyJcPWNe_Bv9F_MGhjonmR0V0TtPDdJDuLhk7d5O9LGm7hz43jJVPwvnoZfezR_4zib6p3M3G1lsWuJW3Das4rn5_6LN8HUe207i49t-tQ0xt5c435gBFaDD95fSr3Jqp_y0oLv_THprbwlQhZ_TXdnnAEo9kuBp5he9Gmk3-IZJyoo0KCDTot9PZvcVgwtQjOSgY-FLzARV0I3mwH6ulq3_Y5p9NKHbWJa5ADaU5f-uri-xvoHrkcopv0qBKAEqn7J5Dc3Peni_EJyWhPkz0JnJ8n09p7m-KoVXCjplqasV3FAZvIckqCvPsSpTxPQMN7omq0UeAaqf1m2Ab_CFFjhoudIhZL1p8nOZSfDJK1l7n46jpguwxhu1C5gUUuRowRPoncNJn6BeNPyjUJntGgmjLWGloChmGW-j15tyiEfZEcMX_FfwoE60olTkui_rSGzY6aVAE-kiEScXdoNq3oBD7B-JArfYejwLCVd9xrK9kAEpgB8UhRYRqhFR94iJTEmFBFa5Ti0-QFTmzBbcmcwTp2IWY6ynsZ8NRYOht6a85ljROLUXMy79ycJoWLFXmYkg0-fK-fJmS0Ko9VSCYq_iyREHsyDK_F5Ejk_MtrJ1qODoyCixDYKJAgMBAAGgPzA9BgkqhkiG9w0BCQ4xMDAuMAsGA1UdDwQEAwIF4DAfBgNVHREEGDAWggdpdHY0LmRlggt3d3cuaXR2NC5kZTANBgkqhkiG9w0BAQsFAAOCAgEAuuU_ssBsYxInaNDpujD_Pg0chpV4IBNkL5-m2p0FZ4gqHPt97TOoxzwpX0J_ShyYO4CcBlgCnzIsjbkpMB5qNU3j8WJcogOsL2oYzyWVkVC7d7vTDbkKtq-w7T2HB7jfBu7sI0m6fH_PDXjWXrix0l8zrVegqVyFI6OoUhDISxDwum6GLtW7lWAptV6U4vpXgc-uOnqp3V4VYDLMCaW5OR4kq7exWokBoWAXQ1_rha9bRUVMUJuH6HurqU4ruxxiLU9LMndtCvZUmGq1O06bXDRv64CDS31aV6YzOM3VTBElvSgLRrPa4TzVMOIyKnv7mfefyIz1f_Xb3-lfgjWcHtLWLRTMwu_Qu5oHnx7o9gQX2PyAWIGs64Af8xFIot8Rn_o1cksVr1-pJX1sGOaVZAfL8wHvQ0aQ8RMTT_n9tmovA5e8oC3ZcFe8pwMEn3cSST6h6aH6n4cRJhs4R3PXDlYyRCS_UXvWMl9IBGRCSTgxGJT7Pb55Ld5xf_1RkGgXlSxDgL8liESXlMScFMXWJvxTcQgcxEMNl3MkEmM5sebpgu4SdRt9Qfb_8mq1DUAoz_K7IkWNCckh8QsAFFfQz6ojQFFdXea_CziX5VsEPefYJuZokDH-J_gnSVElAJCSIly5QscdbkcdbpxbR9XhomKwFtKBPEA30Fm6AUFqbw8"}'
[Sa 7. Mär 09:35:29 CET 2020] POST
[Sa 7. Mär 09:35:29 CET 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/finalize/79917584/2565491636'
[Sa 7. Mär 09:35:29 CET 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sa 7. Mär 09:35:31 CET 2020] _ret='0'
[Sa 7. Mär 09:35:31 CET 2020] code='200'
[Sa 7. Mär 09:35:31 CET 2020] Order status is valid.
[Sa 7. Mär 09:35:31 CET 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03cac4561dea906507a4cb1a958d9ddbf95f'
[Sa 7. Mär 09:35:31 CET 2020] url='https://acme-v02.api.letsencrypt.org/acme/cert/03cac4561dea906507a4cb1a958d9ddbf95f'
[Sa 7. Mär 09:35:31 CET 2020] payload
[Sa 7. Mär 09:35:31 CET 2020] POST
[Sa 7. Mär 09:35:31 CET 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/cert/03cac4561dea906507a4cb1a958d9ddbf95f'
[Sa 7. Mär 09:35:31 CET 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
[Sa 7. Mär 09:35:32 CET 2020] _ret='0'
[Sa 7. Mär 09:35:32 CET 2020] code='200'
[Sa 7. Mär 09:35:32 CET 2020] Found cert chain
[Sa 7. Mär 09:35:32 CET 2020] _end_n='36'
[Sa 7. Mär 09:35:32 CET 2020] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03cac4561dea906507a4cb1a958d9ddbf95f'
[Sa 7. Mär 09:35:32 CET 2020] v2 chain.
[Sa 7. Mär 09:35:32 CET 2020] _on_issue_success
[debug] https://github.com/acmesh-official/acme.sh
v2.8.6
[Sa 7. Mär 09:35:26 CET 2020] Creating domain key
[Sa 7. Mär 09:35:26 CET 2020] The domain key is here: /root/.acme.sh/XXX.de/XXX.de.key
[Sa 7. Mär 09:35:26 CET 2020] Multi domain='DNS:XXX.de,DNS:www.XXX.de'
[Sa 7. Mär 09:35:26 CET 2020] Getting domain auth token for each domain
[Sa 7. Mär 09:35:29 CET 2020] Getting webroot for domain='XXX.de'
[Sa 7. Mär 09:35:29 CET 2020] Getting webroot for domain='www.XXX.de'
[Sa 7. Mär 09:35:29 CET 2020] XXX.de is already verified, skip http-01.
[Sa 7. Mär 09:35:29 CET 2020] www.XXX.de is already verified, skip http-01.
[Sa 7. Mär 09:35:29 CET 2020] Verify finished, start to sign.
[Sa 7. Mär 09:35:29 CET 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/79917584/2565491636
[Sa 7. Mär 09:35:31 CET 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/03cac4561dea906507a4cb1a958d9ddbf95f
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ca:c4:56:1d:ea:90:65:07:a4:cb:1a:95:8d:9d:db:f9:5f
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Mar  7 07:35:31 2020 GMT
            Not After : Jun  5 07:35:31 2020 GMT
        Subject: CN = XXX.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:bd:63:cf:12:c3:88:71:0a:5d:92:7e:df:2e:ac:
                    23:fc:06:8c:7f:28:3f:68:e2:0b:59:f5:88:07:c2:
                    8b:a4:5d:0a:65:2f:a8:4f:e3:23:22:5c:3d:63:5e:
                    fc:1b:fd:17:f3:06:86:3a:27:99:1d:15:d1:3b:4f:
                    0d:d2:43:b8:b8:64:ed:de:4e:f4:b1:a6:ee:1c:f8:
                    de:32:55:3f:0b:e7:a1:97:de:cd:1f:f8:ce:26:fa:
                    a7:73:37:1b:59:6c:5a:e2:56:dc:36:ac:e2:b9:f9:
                    ff:a2:cd:f0:75:1e:db:4e:e2:e3:db:7e:b5:0d:31:
                    b7:97:38:df:98:01:15:a0:c3:f7:97:d2:af:72:6a:
                    a7:fc:b4:a0:bb:ff:4c:7a:6b:6f:09:50:85:9f:d3:
                    5d:d9:e7:00:4a:3d:92:e0:69:e6:17:bd:1a:69:37:
                    f8:86:49:ca:8a:34:28:20:d3:a2:df:4f:66:f7:15:
                    83:0b:50:8c:e4:a0:63:e1:4b:cc:04:55:d0:8d:e6:
                    c0:7e:ae:96:ad:ff:63:9a:7d:34:a1:db:58:96:b9:
                    00:36:94:e5:ff:ae:ae:2f:b1:be:81:eb:91:ca:29:
                    bf:4a:81:28:01:2a:9f:b2:79:0d:cd:cf:7a:78:bf:
                    10:9c:96:84:f9:33:d0:99:c9:f2:7d:3d:a7:b9:be:
                    2a:85:57:0a:3a:65:a9:ab:15:dc:50:19:bc:87:24:
                    a8:2b:cf:b1:2a:53:c4:f4:0c:37:ba:26:ab:45:1e:
                    01:aa:9f:d6:6d:80:6f:f0:85:16:38:68:b9:d2:21:
                    64:bd:69:f2:73:99:49:f0:c9:2b:59:7b:9f:8e:a3:
                    a6:0b:b0:c6:1b:b5:0b:98:14:52:e4:68:c1:13:e8:
                    9d:c3:49:9f:a0:5e:34:fc:a3:50:99:ed:1a:09:a3:
                    2d:61:a5:a0:28:66:19:6f:a3:d7:9b:72:88:47:d9:
                    11:c3:17:fc:57:f0:a0:4e:b4:a2:54:e4:ba:2f:eb:
                    48:6c:d8:e9:a5:40:13:e9:22:11:27:17:76:83:6a:
                    de:80:43:ec:1f:89:02:b7:d8:7a:3c:0b:09:57:7d:
                    c6:b2:bd:90:01:29:80:1f:14:85:16:11:aa:11:51:
                    f7:88:89:4c:49:85:04:56:b9:4e:2d:3e:40:54:e6:
                    cc:16:dc:99:cc:13:a7:62:16:63:ac:a7:b1:9f:0d:
                    45:83:a1:b7:a6:bc:e6:58:d1:38:b5:17:33:2e:fd:
                    c9:c2:68:58:b1:57:99:89:20:d3:e7:ca:f9:f2:66:
                    4b:42:a8:f5:54:82:62:af:e2:c9:11:07:b3:20:ca:
                    fc:5e:44:8e:4f:cc:b6:b2:75:a8:e0:e8:c8:28:b1:
                    0d:82:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                32:51:0E:00:57:09:A0:2D:5E:52:CF:56:96:AD:8C:6A:0C:6A:A7:97
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:XXX.de, DNS:www.XXX.de
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 5E:A7:73:F9:DF:56:C0:E7:B5:36:48:7D:D0:49:E0:32:
                                7A:91:9A:0C:84:A1:12:12:84:18:75:96:81:71:45:58
                    Timestamp : Mar  7 08:35:31.379 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:48:5A:1A:DA:09:14:AC:B5:9C:5D:34:BA:
                                41:D4:9B:66:C2:55:AE:0D:DD:FF:08:DE:BA:7E:A4:4C:
                                56:CF:AC:C8:02:21:00:8F:25:CE:B6:27:33:A0:E7:9F:
                                FA:8C:AF:6A:5E:A2:EE:5F:DB:03:EE:7D:AD:E3:CE:C4:
                                C8:B3:42:5C:43:32:06
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : B2:1E:05:CC:8B:A2:CD:8A:20:4E:87:66:F9:2B:B9:8A:
                                25:20:67:6B:DA:FA:70:E7:B2:49:53:2D:EF:8B:90:5E
                    Timestamp : Mar  7 08:35:31.368 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:22:C1:E5:FF:1B:BF:B0:20:0B:66:C4:F6:
                                1D:A3:78:AF:48:FC:51:F8:40:07:0D:C8:D1:AE:6E:21:
                                F1:3D:84:97:02:21:00:C0:17:E6:6E:2F:8D:2A:27:75:
                                93:C3:7D:C7:30:FC:8D:E2:9D:B0:0F:C5:AA:4A:4D:96:
                                C2:4D:E0:33:55:F0:40
    Signature Algorithm: sha256WithRSAEncryption
         2c:9a:40:24:39:88:44:32:29:78:c3:17:ff:0c:e7:2a:85:0e:
         1b:9a:5a:00:89:ef:e5:83:fc:7f:be:ce:d8:c5:1d:76:d5:fa:
         60:e3:17:29:33:8d:99:ca:48:4a:6f:0a:1f:5c:3e:c8:94:7c:
         d3:4a:8f:b1:6c:08:ff:10:7c:47:a2:1c:bd:b2:63:f9:35:c0:
         69:07:8b:87:25:3e:4d:6b:f6:ee:7f:7e:40:3f:a5:a3:d1:ca:
         20:0a:39:da:1d:7b:0e:ea:08:9d:d3:f7:08:1c:36:be:f6:dd:
         e8:d5:a9:3b:63:3e:b3:c6:b2:b8:1d:ef:8d:6b:37:dd:90:5f:
         91:b6:31:d7:b0:14:b1:16:d2:94:42:9f:f3:46:fa:df:9f:7f:
         7f:dd:7b:f1:3f:30:d6:9d:8a:e4:45:a3:23:22:d0:bc:03:9f:
         8d:ec:91:4d:f2:06:cd:1e:1a:f3:56:e1:fa:28:e4:b5:b5:af:
         d0:6a:3e:11:46:a0:19:1f:83:23:ee:49:0d:18:76:a8:e7:cf:
         a8:2e:66:74:94:cb:6f:04:98:13:ff:f6:a1:0e:ea:34:91:f9:
         6f:57:b5:50:a7:36:ef:92:bb:f6:1f:6c:74:1c:24:a7:af:cf:
         c5:e8:61:a9:8a:e7:16:da:18:41:36:f1:2d:21:db:13:31:1c:
         29:68:8c:65
[Sa 7. Mär 09:35:32 CET 2020] Cert success.
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
[Sa 7. Mär 09:35:32 CET 2020] Your cert is in  /root/.acme.sh/XXX.de/XXX.de.cer
[Sa 7. Mär 09:35:32 CET 2020] Your cert key is in  /root/.acme.sh/XXX.de/XXX.de.key
[Sa 7. Mär 09:35:32 CET 2020] The intermediate CA cert is in  /root/.acme.sh/XXX.de/ca.cer
[Sa 7. Mär 09:35:32 CET 2020] And the full chain certs is there:  /root/.acme.sh/XXX.de/fullchain.cer
[error] Could not get Let's Encrypt certificate for XXX.de:
https://github.com/acmesh-official/acme.sh
v2.8.6
[Sa 7. Mär 09:35:26 CET 2020] Creating domain key
[Sa 7. Mär 09:35:26 CET 2020] The domain key is here: /root/.acme.sh/XXX.de/XXX.de.key
[Sa 7. Mär 09:35:26 CET 2020] Multi domain='DNS:XXX.de,DNS:www.XXX.de'
[Sa 7. Mär 09:35:26 CET 2020] Getting domain auth token for each domain
[Sa 7. Mär 09:35:29 CET 2020] Getting webroot for domain='XXX.de'
[Sa 7. Mär 09:35:29 CET 2020] Getting webroot for domain='www.XXX.de'
[Sa 7. Mär 09:35:29 CET 2020] XXX.de is already verified, skip http-01.
[Sa 7. Mär 09:35:29 CET 2020] www.XXX.de is already verified, skip http-01.
[Sa 7. Mär 09:35:29 CET 2020] Verify finished, start to sign.
[Sa 7. Mär 09:35:29 CET 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/79917584/2565491636
[Sa 7. Mär 09:35:31 CET 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/03cac4561dea906507a4cb1a958d9ddbf95f
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ca:c4:56:1d:ea:90:65:07:a4:cb:1a:95:8d:9d:db:f9:5f
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Mar  7 07:35:31 2020 GMT
            Not After : Jun  5 07:35:31 2020 GMT
        Subject: CN = XXX.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:bd:63:cf:12:c3:88:71:0a:5d:92:7e:df:2e:ac:
                    23:fc:06:8c:7f:28:3f:68:e2:0b:59:f5:88:07:c2:
                    8b:a4:5d:0a:65:2f:a8:4f:e3:23:22:5c:3d:63:5e:
                    fc:1b:fd:17:f3:06:86:3a:27:99:1d:15:d1:3b:4f:
                    0d:d2:43:b8:b8:64:ed:de:4e:f4:b1:a6:ee:1c:f8:
                    de:32:55:3f:0b:e7:a1:97:de:cd:1f:f8:ce:26:fa:
                    a7:73:37:1b:59:6c:5a:e2:56:dc:36:ac:e2:b9:f9:
                    ff:a2:cd:f0:75:1e:db:4e:e2:e3:db:7e:b5:0d:31:
                    b7:97:38:df:98:01:15:a0:c3:f7:97:d2:af:72:6a:
                    a7:fc:b4:a0:bb:ff:4c:7a:6b:6f:09:50:85:9f:d3:
                    5d:d9:e7:00:4a:3d:92:e0:69:e6:17:bd:1a:69:37:
                    f8:86:49:ca:8a:34:28:20:d3:a2:df:4f:66:f7:15:
                    83:0b:50:8c:e4:a0:63:e1:4b:cc:04:55:d0:8d:e6:
                    c0:7e:ae:96:ad:ff:63:9a:7d:34:a1:db:58:96:b9:
                    00:36:94:e5:ff:ae:ae:2f:b1:be:81:eb:91:ca:29:
                    bf:4a:81:28:01:2a:9f:b2:79:0d:cd:cf:7a:78:bf:
                    10:9c:96:84:f9:33:d0:99:c9:f2:7d:3d:a7:b9:be:
                    2a:85:57:0a:3a:65:a9:ab:15:dc:50:19:bc:87:24:
                    a8:2b:cf:b1:2a:53:c4:f4:0c:37:ba:26:ab:45:1e:
                    01:aa:9f:d6:6d:80:6f:f0:85:16:38:68:b9:d2:21:
                    64:bd:69:f2:73:99:49:f0:c9:2b:59:7b:9f:8e:a3:
                    a6:0b:b0:c6:1b:b5:0b:98:14:52:e4:68:c1:13:e8:
                    9d:c3:49:9f:a0:5e:34:fc:a3:50:99:ed:1a:09:a3:
                    2d:61:a5:a0:28:66:19:6f:a3:d7:9b:72:88:47:d9:
                    11:c3:17:fc:57:f0:a0:4e:b4:a2:54:e4:ba:2f:eb:
                    48:6c:d8:e9:a5:40:13:e9:22:11:27:17:76:83:6a:
                    de:80:43:ec:1f:89:02:b7:d8:7a:3c:0b:09:57:7d:
                    c6:b2:bd:90:01:29:80:1f:14:85:16:11:aa:11:51:
                    f7:88:89:4c:49:85:04:56:b9:4e:2d:3e:40:54:e6:
                    cc:16:dc:99:cc:13:a7:62:16:63:ac:a7:b1:9f:0d:
                    45:83:a1:b7:a6:bc:e6:58:d1:38:b5:17:33:2e:fd:
                    c9:c2:68:58:b1:57:99:89:20:d3:e7:ca:f9:f2:66:
                    4b:42:a8:f5:54:82:62:af:e2:c9:11:07:b3:20:ca:
                    fc:5e:44:8e:4f:cc:b6:b2:75:a8:e0:e8:c8:28:b1:
                    0d:82:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                32:51:0E:00:57:09:A0:2D:5E:52:CF:56:96:AD:8C:6A:0C:6A:A7:97
            X509v3 Authority Key Identifier:
                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1

            Authority Information Access:
                OCSP - URI:http://ocsp.int-x3.letsencrypt.org
                CA Issuers - URI:http://cert.int-x3.letsencrypt.org/

            X509v3 Subject Alternative Name:
                DNS:XXX.de, DNS:www.XXX.de
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 5E:A7:73:F9:DF:56:C0:E7:B5:36:48:7D:D0:49:E0:32:
                                7A:91:9A:0C:84:A1:12:12:84:18:75:96:81:71:45:58
                    Timestamp : Mar  7 08:35:31.379 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:48:5A:1A:DA:09:14:AC:B5:9C:5D:34:BA:
                                41:D4:9B:66:C2:55:AE:0D:DD:FF:08:DE:BA:7E:A4:4C:
                                56:CF:AC:C8:02:21:00:8F:25:CE:B6:27:33:A0:E7:9F:
                                FA:8C:AF:6A:5E:A2:EE:5F:DB:03:EE:7D:AD:E3:CE:C4:
                                C8:B3:42:5C:43:32:06
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : B2:1E:05:CC:8B:A2:CD:8A:20:4E:87:66:F9:2B:B9:8A:
                                25:20:67:6B:DA:FA:70:E7:B2:49:53:2D:EF:8B:90:5E
                    Timestamp : Mar  7 08:35:31.368 2020 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:22:C1:E5:FF:1B:BF:B0:20:0B:66:C4:F6:
                                1D:A3:78:AF:48:FC:51:F8:40:07:0D:C8:D1:AE:6E:21:
                                F1:3D:84:97:02:21:00:C0:17:E6:6E:2F:8D:2A:27:75:
                                93:C3:7D:C7:30:FC:8D:E2:9D:B0:0F:C5:AA:4A:4D:96:
                                C2:4D:E0:33:55:F0:40
    Signature Algorithm: sha256WithRSAEncryption
         2c:9a:40:24:39:88:44:32:29:78:c3:17:ff:0c:e7:2a:85:0e:
         1b:9a:5a:00:89:ef:e5:83:fc:7f:be:ce:d8:c5:1d:76:d5:fa:
         60:e3:17:29:33:8d:99:ca:48:4a:6f:0a:1f:5c:3e:c8:94:7c:
         d3:4a:8f:b1:6c:08:ff:10:7c:47:a2:1c:bd:b2:63:f9:35:c0:
         69:07:8b:87:25:3e:4d:6b:f6:ee:7f:7e:40:3f:a5:a3:d1:ca:
         20:0a:39:da:1d:7b:0e:ea:08:9d:d3:f7:08:1c:36:be:f6:dd:
         e8:d5:a9:3b:63:3e:b3:c6:b2:b8:1d:ef:8d:6b:37:dd:90:5f:
         91:b6:31:d7:b0:14:b1:16:d2:94:42:9f:f3:46:fa:df:9f:7f:
         7f:dd:7b:f1:3f:30:d6:9d:8a:e4:45:a3:23:22:d0:bc:03:9f:
         8d:ec:91:4d:f2:06:cd:1e:1a:f3:56:e1:fa:28:e4:b5:b5:af:
         d0:6a:3e:11:46:a0:19:1f:83:23:ee:49:0d:18:76:a8:e7:cf:
         a8:2e:66:74:94:cb:6f:04:98:13:ff:f6:a1:0e:ea:34:91:f9:
         6f:57:b5:50:a7:36:ef:92:bb:f6:1f:6c:74:1c:24:a7:af:cf:
         c5:e8:61:a9:8a:e7:16:da:18:41:36:f1:2d:21:db:13:31:1c:
         29:68:8c:65
[Sa 7. Mär 09:35:32 CET 2020] Cert success.
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
[Sa 7. Mär 09:35:32 CET 2020] Your cert is in  /root/.acme.sh/XXX.de/XXX.de.cer
[Sa 7. Mär 09:35:32 CET 2020] Your cert key is in  /root/.acme.sh/XXX.de/XXX.de.key
[Sa 7. Mär 09:35:32 CET 2020] The intermediate CA cert is in  /root/.acme.sh/XXX.de/ca.cer
[Sa 7. Mär 09:35:32 CET 2020] And the full chain certs is there:  /root/.acme.sh/XXX.de/fullchain.cer
[information] No new certificates or certificates due for renewal found
[information] apache::createIpPort: creating ip/port settings for  XXX.XXX.XX.XX:80
[notice] XXX.XXX.XX.XX:80 :: namevirtualhost-statement no longer needed for apache-2.4
[debug] XXX.XXX.XX.XX:80 :: inserted vhostcontainer
[information] apache::createIpPort: creating ip/port settings for  XXX.XXX.XX.XX:443
[debug] XXX.XXX.XX.XX:443 :: inserted vhostcontainer
[information] apache::createVirtualHosts: creating vhost container for domain 7, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 35, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 8, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 34, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 9, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 10, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 14, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 11, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 26, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 12, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 33, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 22, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 32, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 15, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 16, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 17, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 18, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 19, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 27, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 37, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 1, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 36, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 2, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 25, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 3, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 4, customer XXX
[information] apache::createVirtualHosts: creating vhost container for domain 5, customer XXX
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] Froxlor\Cron\Http\Apache::reload: reloading Froxlor\Cron\Http\Apache
[notice] Checking system's last guid
root@root:~#

 

Share this post


Link to post
Share on other sites
  • 0

Und danach ist jetzt NICHTS in der froxlor "SSL-Zertifikate" Übersicht?

Share this post


Link to post
Share on other sites
  • 0

richtig. Aber /root/.acme.sh/XXX.de wurde erstellt. Im Froxlor log sehe ich jetzt noch das:

Spoiler

Could not get Let's Encrypt certificate for XXX.de: https://github.com/acmesh-official/acme.sh v2.8.6 [Sa 7. Mär 09:35:26 CET 2020] Creating domain key [Sa 7. Mär 09:35:26 CET 2020] The domain key is here: /root/.acme.sh/XXX.de/XXX.de.key [Sa 7. Mär 09:35:26 CET 2020] Multi domain='DNS:XXX.de,DNS:www.XXX.de' [Sa 7. Mär 09:35:26 CET 2020] Getting domain auth token for each domain [Sa 7. Mär 09:35:29 CET 2020] Getting webroot for domain='XXX.de' [Sa 7. Mär 09:35:29 CET 2020] Getting webroot for domain='www.XXX.de' [Sa 7. Mär 09:35:29 CET 2020] XXX.de is already verified, skip http-01. [Sa 7. Mär 09:35:29 CET 2020] www.XXX.de is already verified, skip http-01. [Sa 7. Mär 09:35:29 CET 2020] Verify finished, start to sign. [Sa 7. Mär 09:35:29 CET 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/79917584/2565491636 [Sa 7. Mär 09:35:31 CET 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/03cac4561dea906507a4cb1a958d9ddbf95f Certificate: Data: Version: 3 (0x2) Serial Number: 03:ca:c4:56:1d:ea:90:65:07:a4:cb:1a:95:8d:9d:db:f9:5f Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Validity Not Before: Mar 7 07:35:31 2020 GMT Not After : Jun 5 07:35:31 2020 GMT Subject: CN = XXX.de Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:bd:63:cf:12:c3:88:71:0a:5d:92:7e:df:2e:ac: 23:fc:06:8c:7f:28:3f:68:e2:0b:59:f5:88:07:c2: 8b:a4:5d:0a:65:2f:a8:4f:e3:23:22:5c:3d:63:5e: fc:1b:fd:17:f3:06:86:3a:27:99:1d:15:d1:3b:4f: 0d:d2:43:b8:b8:64:ed:de:4e:f4:b1:a6:ee:1c:f8: de:32:55:3f:0b:e7:a1:97:de:cd:1f:f8:ce:26:fa: a7:73:37:1b:59:6c:5a:e2:56:dc:36:ac:e2:b9:f9: ff:a2:cd:f0:75:1e:db:4e:e2:e3:db:7e:b5:0d:31: b7:97:38:df:98:01:15:a0:c3:f7:97:d2:af:72:6a: a7:fc:b4:a0:bb:ff:4c:7a:6b:6f:09:50:85:9f:d3: 5d:d9:e7:00:4a:3d:92:e0:69:e6:17:bd:1a:69:37: f8:86:49:ca:8a:34:28:20:d3:a2:df:4f:66:f7:15: 83:0b:50:8c:e4:a0:63:e1:4b:cc:04:55:d0:8d:e6: c0:7e:ae:96:ad:ff:63:9a:7d:34:a1:db:58:96:b9: 00:36:94:e5:ff:ae:ae:2f:b1:be:81:eb:91:ca:29: bf:4a:81:28:01:2a:9f:b2:79:0d:cd:cf:7a:78:bf: 10:9c:96:84:f9:33:d0:99:c9:f2:7d:3d:a7:b9:be: 2a:85:57:0a:3a:65:a9:ab:15:dc:50:19:bc:87:24: a8:2b:cf:b1:2a:53:c4:f4:0c:37:ba:26:ab:45:1e: 01:aa:9f:d6:6d:80:6f:f0:85:16:38:68:b9:d2:21: 64:bd:69:f2:73:99:49:f0:c9:2b:59:7b:9f:8e:a3: a6:0b:b0:c6:1b:b5:0b:98:14:52:e4:68:c1:13:e8: 9d:c3:49:9f:a0:5e:34:fc:a3:50:99:ed:1a:09:a3: 2d:61:a5:a0:28:66:19:6f:a3:d7:9b:72:88:47:d9: 11:c3:17:fc:57:f0:a0:4e:b4:a2:54:e4:ba:2f:eb: 48:6c:d8:e9:a5:40:13:e9:22:11:27:17:76:83:6a: de:80:43:ec:1f:89:02:b7:d8:7a:3c:0b:09:57:7d: c6:b2:bd:90:01:29:80:1f:14:85:16:11:aa:11:51: f7:88:89:4c:49:85:04:56:b9:4e:2d:3e:40:54:e6: cc:16:dc:99:cc:13:a7:62:16:63:ac:a7:b1:9f:0d: 45:83:a1:b7:a6:bc:e6:58:d1:38:b5:17:33:2e:fd: c9:c2:68:58:b1:57:99:89:20:d3:e7:ca:f9:f2:66: 4b:42:a8:f5:54:82:62:af:e2:c9:11:07:b3:20:ca: fc:5e:44:8e:4f:cc:b6:b2:75:a8:e0:e8:c8:28:b1: 0d:82:89 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 32:51:0E:00:57:09:A0:2D:5E:52:CF:56:96:AD:8C:6A:0C:6A:A7:97 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:XXX.de, DNS:www.XXX.de X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 5E:A7:73:F9:DF:56:C0:E7:B5:36:48:7D:D0:49:E0:32: 7A:91:9A:0C:84:A1:12:12:84:18:75:96:81:71:45:58 Timestamp : Mar 7 08:35:31.379 2020 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:48:5A:1A:DA:09:14:AC:B5:9C:5D:34:BA: 41:D4:9B:66:C2:55:AE:0D:DD:FF:08:DE:BA:7E:A4:4C: 56:CF:AC:C8:02:21:00:8F:25:CE:B6:27:33:A0:E7:9F: FA:8C:AF:6A:5E:A2:EE:5F:DB:03:EE:7D:AD:E3:CE:C4: C8:B3:42:5C:43:32:06 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : B2:1E:05:CC:8B:A2:CD:8A:20:4E:87:66:F9:2B:B9:8A: 25:20:67:6B:DA:FA:70:E7:B2:49:53:2D:EF:8B:90:5E Timestamp : Mar 7 08:35:31.368 2020 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:22:C1:E5:FF:1B:BF:B0:20:0B:66:C4:F6: 1D:A3:78:AF:48:FC:51:F8:40:07:0D:C8:D1:AE:6E:21: F1:3D:84:97:02:21:00:C0:17:E6:6E:2F:8D:2A:27:75: 93:C3:7D:C7:30:FC:8D:E2:9D:B0:0F:C5:AA:4A:4D:96: C2:4D:E0:33:55:F0:40 Signature Algorithm: sha256WithRSAEncryption 2c:9a:40:24:39:88:44:32:29:78:c3:17:ff:0c:e7:2a:85:0e: 1b:9a:5a:00:89:ef:e5:83:fc:7f:be:ce:d8:c5:1d:76:d5:fa: 60:e3:17:29:33:8d:99:ca:48:4a:6f:0a:1f:5c:3e:c8:94:7c: d3:4a:8f:b1:6c:08:ff:10:7c:47:a2:1c:bd:b2:63:f9:35:c0: 69:07:8b:87:25:3e:4d:6b:f6:ee:7f:7e:40:3f:a5:a3:d1:ca: 20:0a:39:da:1d:7b:0e:ea:08:9d:d3:f7:08:1c:36:be:f6:dd: e8:d5:a9:3b:63:3e:b3:c6:b2:b8:1d:ef:8d:6b:37:dd:90:5f: 91:b6:31:d7:b0:14:b1:16:d2:94:42:9f:f3:46:fa:df:9f:7f: 7f:dd:7b:f1:3f:30:d6:9d:8a:e4:45:a3:23:22:d0:bc:03:9f: 8d:ec:91:4d:f2:06:cd:1e:1a:f3:56:e1:fa:28:e4:b5:b5:af: d0:6a:3e:11:46:a0:19:1f:83:23:ee:49:0d:18:76:a8:e7:cf: a8:2e:66:74:94:cb:6f:04:98:13:ff:f6:a1:0e:ea:34:91:f9: 6f:57:b5:50:a7:36:ef:92:bb:f6:1f:6c:74:1c:24:a7:af:cf: c5:e8:61:a9:8a:e7:16:da:18:41:36:f1:2d:21:db:13:31:1c: 29:68:8c:65 [Sa 7. Mär 09:35:32 CET 2020] Cert success. -----BEGIN CERTIFICATE----- XXX -----END CERTIFICATE----- [Sa 7. Mär 09:35:32 CET 2020] Your cert is in /root/.acme.sh/XXX.de/XXX.de.cer [Sa 7. Mär 09:35:32 CET 2020] Your cert key is in /root/.acme.sh/XXX.de/XXX.de.key [Sa 7. Mär 09:35:32 CET 2020] The intermediate CA cert is in /root/.acme.sh/XXX.de/ca.cer [Sa 7. Mär 09:35:32 CET 2020] And the full chain certs is there: /root/.acme.sh/XXX.de/fullchain.cer

 

Share this post


Link to post
Share on other sites
  • 0

Also da stimmt doch was nicht bei dir...du führst den cronjob auch als root user aus ja? Mich wundert halt, dass er da zwei Zertifikate bekommt und am Ende sagt "keine renews oder neue gefunden" - das passt nicht zusammen

Share this post


Link to post
Share on other sites
  • 0

Also, dazwischen sind noch errors die von froxlor kommen, die besagen, dass das einlesen der certificates datei wohl nicht geklappt hat, ist die domain vllt eine umlaut-domain? Steht in den Dateien unterhalb von /root/.acme.sh/XXX.de/ was drin? Welche berechtigungen haben sie? Im zweifel kannst du mir auch gern root-Zugang zu der Kiste geben, dann schau ich mal was da nicht stimmt

Share this post


Link to post
Share on other sites
  • 0

Nein, ganz normale Buchstaben. im Ordner sind nur Zertifikats-Dateien und eine .conf. Rechte sind auf 0644 und Besitzer ist root - wie bei allen Ordnern dort.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...