[BlueOnyx:24681] 6109R SSL renewal problem
Michael Aronoff
maronoff at gmail.com
Mon Dec 28 09:03:39 -05 2020
I have an Aventurine 6109R which has been failing to renew the server
SSL certificate. The error email says to check the error log but I do
not understand what is failing. I have attached the log. I hope someone
might be able to point me in the right direction.
I changed the server address in the attached log file but I have checked
the DNS and the a record is working properly.
Thanks,
________________________________
M Aronoff Out – maronoff at gmail.com
I'm a great believer in luck, and I find
the harder I work the more I have of it.
- Thomas Jefferson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20201228/5369389c/attachment.html>
-------------- next part --------------
[Mon Dec 28 03:19:11 PST 2020] Lets find script dir.
[Mon Dec 28 03:19:11 PST 2020] _SCRIPT_='/usr/sausalito/acme/acme.sh'
[Mon Dec 28 03:19:11 PST 2020] _script='/usr/sausalito/acme/acme.sh'
[Mon Dec 28 03:19:11 PST 2020] _script_home='/usr/sausalito/acme'
[Mon Dec 28 03:19:11 PST 2020] Using config home:/usr/sausalito/acme/data
[Mon Dec 28 03:19:11 PST 2020] Running cmd: issue
[Mon Dec 28 03:19:11 PST 2020] _main_domain='dedicated1.ciic.com'
[Mon Dec 28 03:19:11 PST 2020] _alt_domains='no'
[Mon Dec 28 03:19:11 PST 2020] Using config home:/usr/sausalito/acme/data
[Mon Dec 28 03:19:11 PST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Dec 28 03:19:11 PST 2020] DOMAIN_PATH='/usr/sausalito/acme/certs/dedicated1.ciic.com'
[Mon Dec 28 03:19:11 PST 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon Dec 28 03:19:11 PST 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Dec 28 03:19:11 PST 2020] GET
[Mon Dec 28 03:19:11 PST 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Dec 28 03:19:11 PST 2020] timeout=
[Mon Dec 28 03:19:11 PST 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g '
[Mon Dec 28 03:19:12 PST 2020] ret='0'
[Mon Dec 28 03:19:12 PST 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon Dec 28 03:19:12 PST 2020] ACME_NEW_AUTHZ
[Mon Dec 28 03:19:12 PST 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Dec 28 03:19:12 PST 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon Dec 28 03:19:12 PST 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Dec 28 03:19:12 PST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Dec 28 03:19:12 PST 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Dec 28 03:19:12 PST 2020] ACME_VERSION='2'
[Mon Dec 28 03:19:12 PST 2020] Le_NextRenewTime='1608634158'
[Mon Dec 28 03:19:12 PST 2020] _on_before_issue
[Mon Dec 28 03:19:12 PST 2020] _chk_main_domain='dedicated1.ciic.com'
[Mon Dec 28 03:19:12 PST 2020] _chk_alt_domains
[Mon Dec 28 03:19:12 PST 2020] Le_LocalAddress
[Mon Dec 28 03:19:12 PST 2020] d='dedicated1.ciic.com'
[Mon Dec 28 03:19:12 PST 2020] Check for domain='dedicated1.ciic.com'
[Mon Dec 28 03:19:12 PST 2020] _currentRoot='/home/.acme/'
[Mon Dec 28 03:19:12 PST 2020] d
[Mon Dec 28 03:19:12 PST 2020] _saved_account_key_hash is not changed, skip register account.
[Mon Dec 28 03:19:12 PST 2020] Read key length:4096
[Mon Dec 28 03:19:12 PST 2020] _createcsr
[Mon Dec 28 03:19:12 PST 2020] Single domain='dedicated1.ciic.com'
[Mon Dec 28 03:19:12 PST 2020] Getting domain auth token for each domain
[Mon Dec 28 03:19:12 PST 2020] d
[Mon Dec 28 03:19:12 PST 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Dec 28 03:19:12 PST 2020] payload='{"identifiers": [{"type":"dns","value":"dedicated1.ciic.com"}]}'
[Mon Dec 28 03:19:12 PST 2020] RSA key
[Mon Dec 28 03:19:12 PST 2020] HEAD
[Mon Dec 28 03:19:12 PST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Dec 28 03:19:12 PST 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g -I '
[Mon Dec 28 03:19:13 PST 2020] _ret='0'
[Mon Dec 28 03:19:13 PST 2020] POST
[Mon Dec 28 03:19:13 PST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Dec 28 03:19:13 PST 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g '
[Mon Dec 28 03:19:13 PST 2020] _ret='0'
[Mon Dec 28 03:19:13 PST 2020] code='201'
[Mon Dec 28 03:19:13 PST 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/94779380/6989001865'
[Mon Dec 28 03:19:13 PST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/94779380/6989001865'
[Mon Dec 28 03:19:13 PST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/9640457795'
[Mon Dec 28 03:19:13 PST 2020] payload
[Mon Dec 28 03:19:13 PST 2020] POST
[Mon Dec 28 03:19:13 PST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/9640457795'
[Mon Dec 28 03:19:13 PST 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g '
[Mon Dec 28 03:19:14 PST 2020] _ret='0'
[Mon Dec 28 03:19:14 PST 2020] code='200'
[Mon Dec 28 03:19:14 PST 2020] d='dedicated1.ciic.com'
[Mon Dec 28 03:19:14 PST 2020] Getting webroot for domain='dedicated1.ciic.com'
[Mon Dec 28 03:19:14 PST 2020] _w='/home/.acme/'
[Mon Dec 28 03:19:14 PST 2020] _currentRoot='/home/.acme/'
[Mon Dec 28 03:19:14 PST 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3$
[Mon Dec 28 03:19:14 PST 2020] token='kHI7WKLQjLGjv8NFe9daUXxJ2mGNOiTT8pOtqj8_-r8'
[Mon Dec 28 03:19:14 PST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9640457795/L3eu9A'
[Mon Dec 28 03:19:14 PST 2020] keyauthorization='kHI7WKLQjLGjv8NFe9daUXxJ2mGNOiTT8pOtqj8_-r8.6ktqluQ7TEVERCsaSq4zPWnrBQoYrH8lAiwTOH$
[Mon Dec 28 03:19:14 PST 2020] dvlist='dedicated1.ciic.com#kHI7WKLQjLGjv8NFe9daUXxJ2mGNOiTT8pOtqj8_-r8.6ktqluQ7TEVERCsaSq4zPWnrBQ$
[Mon Dec 28 03:19:14 PST 2020] d
[Mon Dec 28 03:19:14 PST 2020] vlist='dedicated1.ciic.com#kHI7WKLQjLGjv8NFe9daUXxJ2mGNOiTT8pOtqj8_-r8.6ktqluQ7TEVERCsaSq4zPWnrBQo$
[Mon Dec 28 03:19:14 PST 2020] d='dedicated1.ciic.com'
[Mon Dec 28 03:19:14 PST 2020] ok, let's start to verify
[Mon Dec 28 03:19:14 PST 2020] Verifying: dedicated1.ciic.com
[Mon Dec 28 03:19:14 PST 2020] d='dedicated1.ciic.com'
[Mon Dec 28 03:19:14 PST 2020] keyauthorization='kHI7WKLQjLGjv8NFe9daUXxJ2mGNOiTT8pOtqj8_-r8.6ktqluQ7TEVERCsaSq4zPWnrBQoYrH8lAiwTOH$
[Mon Dec 28 03:19:14 PST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9640457795/L3eu9A'
[Mon Dec 28 03:19:14 PST 2020] _currentRoot='/home/.acme/'
[Mon Dec 28 03:19:14 PST 2020] wellknown_path='/home/.acme//.well-known/acme-challenge'
[Mon Dec 28 03:19:14 PST 2020] writing token:kHI7WKLQjLGjv8NFe9daUXxJ2mGNOiTT8pOtqj8_-r8 to /home/.acme//.well-known/acme-challenge$
[Mon Dec 28 03:19:14 PST 2020] Changing owner/group of .well-known to root:root
[Mon Dec 28 03:19:14 PST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9640457795/L3eu9A'
[Mon Dec 28 03:19:14 PST 2020] payload='{}'
[Mon Dec 28 03:19:14 PST 2020] POST
[Mon Dec 28 03:19:14 PST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9640457795/L3eu9A'
[Mon Dec 28 03:19:14 PST 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g '
[Mon Dec 28 03:19:14 PST 2020] _ret='0'
[Mon Dec 28 03:19:14 PST 2020] code='200'
[Mon Dec 28 03:19:14 PST 2020] trigger validation code: 200
[Mon Dec 28 03:19:14 PST 2020] sleep 2 secs to verify
[Mon Dec 28 03:19:16 PST 2020] checking
[Mon Dec 28 03:19:16 PST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9640457795/L3eu9A'
[Mon Dec 28 03:19:16 PST 2020] payload
[Mon Dec 28 03:19:16 PST 2020] POST
[Mon Dec 28 03:19:16 PST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9640457795/L3eu9A'
[Mon Dec 28 03:19:16 PST 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g '
[Mon Dec 28 03:19:17 PST 2020] _ret='0'
[Mon Dec 28 03:19:17 PST 2020] code='200'
[Mon Dec 28 03:19:17 PST 2020] dedicated1.ciic.com:Verify error:Invalid response from http://dedicated1.ciic.com/.well-known/ac$
[Mon Dec 28 03:19:17 PST 2020] Debug: get token url.
[Mon Dec 28 03:19:17 PST 2020] GET
[Mon Dec 28 03:19:17 PST 2020] url='http://dedicated1.ciic.com/.well-known/acme-challenge/kHI7WKLQjLGjv8NFe9daUXxJ2mGNOiTT8pOtqj8$
[Mon Dec 28 03:19:17 PST 2020] timeout=1
[Mon Dec 28 03:19:17 PST 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g --connect-timeout 1'
[Mon Dec 28 03:19:17 PST 2020] ret='0'
[Mon Dec 28 03:19:17 PST 2020] Debugging, skip removing: /home/.acme//.well-known/acme-challenge/kHI7WKLQjLGjv8NFe9daUXxJ2mGNOiTT8p$
[Mon Dec 28 03:19:17 PST 2020] pid
[Mon Dec 28 03:19:17 PST 2020] No need to restore nginx, skip.
[Mon Dec 28 03:19:17 PST 2020] _clearupdns
[Mon Dec 28 03:19:17 PST 2020] dns_entries
[Mon Dec 28 03:19:17 PST 2020] skip dns.
[Mon Dec 28 03:19:17 PST 2020] _on_issue_err
[Mon Dec 28 03:19:17 PST 2020] Please check log file for more details: /var/log/letsencrypt/letsencrypt.log
[Mon Dec 28 03:19:17 PST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9640457795/L3eu9A'
[Mon Dec 28 03:19:17 PST 2020] payload='{}'
[Mon Dec 28 03:19:17 PST 2020] POST
[Mon Dec 28 03:19:17 PST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/9640457795/L3eu9A'
[Mon Dec 28 03:19:17 PST 2020] _CURL='curl -L --silent --dump-header /usr/sausalito/acme/data/http.header -g '
[Mon Dec 28 03:19:17 PST 2020] _ret='0'
[Mon Dec 28 03:19:17 PST 2020] code='400'
[Mon Dec 28 03:19:17 PST 2020] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2k-fips 26 Jan 2017
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
readline groups=FD,READLINE,TERMIOS
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
More information about the Blueonyx
mailing list