[Bug]: Most of the time certificates can't be issued: failure saving error to acme challenge: error saving acme challenge; changed since last read #2121

LokiMidgard · 2024-12-24T15:36:27Z

Steps to Reproduce

I was able to issue a valid certificate once, but normally it fails.

It happens on a brand new docker setup. For reproduction I pushed my reproduction in this repo

deleting all containers and volums dose not fix it…

step-ca  | time="2024-12-24T14:40:45Z" level=error duration=3.770407848s duration-ns=3770407848 error="error validating challenge: failure saving error to acme challenge: error saving acme challenge: failed to commit badger transaction: Transaction Conflict. Please retry" fields.time="2024-12-24T14:40:41Z" method=POST name=ca nonce=dFlaWGtYVHRTSzJmT2FNYjNDVXBpaXE0QkJkN25zWmc path=/acme/acme/challenge/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS/XumTdhu9LvKPIzFtmNC1oQ7oKaygZOmJ protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=47d800c0-e3fc-42b8-8c58-41627a615504 response="{\"type\":\"urn:ietf:params:acme:error:serverInternal\",\"detail\":\"The server experienced an internal error\"}" size=105 status=500 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=

this is the complete log:

step-ca  | 2024/12/24 14:39:58 Starting Smallstep CA/0.28.1 (linux/arm64)
step-ca  | 2024/12/24 14:39:58 Documentation: https://u.step.sm/docs/ca
step-ca  | 2024/12/24 14:39:58 Community Discord: https://u.step.sm/discord
step-ca  | 2024/12/24 14:39:58 Config file: /home/step/config/ca.json
step-ca  | 2024/12/24 14:39:58 The primary server URL is https://step.home:9000
step-ca  | 2024/12/24 14:39:58 Root certificates are available at https://step.home:9000/roots.pem
step-ca  | 2024/12/24 14:39:58 X.509 Root Fingerprint: 1c91fb8a845588d6fc121309467f2e6b4efed4ca420c927594d1cb95b7fdbf20
step-ca  | 2024/12/24 14:39:58 Serving HTTPS on :9000 ...
step-ca  | time="2024-12-24T14:40:05Z" level=info duration="722.498<C2><B5>s" duration-ns=722498 fields.time="2024-12-24T14:40:05Z" method=GET name=ca path=/acme/acme/directory protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=be49e6d1-cf61-410f-8a90-a7050797c125 response="{\"newNonce\":\"https://step.home:9000/acme/acme/new-nonce\",\"newAccount\":\"https://step.home:9000/acme/acme/new-account\",\"newOrder\":\"https://step.home:9000/acme/acme/new-order\",\"revokeCert\":\"https://step.home:9000/acme/acme/revoke-cert\",\"keyChange\":\"https://step.home:9000/acme/acme/key-change\"}" size=292 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:06Z" level=info duration=20.662606ms duration-ns=20662606 fields.time="2024-12-24T14:40:06Z" method=HEAD name=ca nonce=T1RpbWJSM055d1FCSFp5dXdlNVd6V1Iza1NiTGc4ZzY path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=e982e951-e8e2-4b5f-be0e-266e07bcf3d9 size=0 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:06Z" level=info duration=42.568646ms duration-ns=42568646 fields.time="2024-12-24T14:40:06Z" method=POST name=ca nonce=N0M3REc5VWlQTDlHZzVSTU9PZVZwRHd5enNhaURQTVE path=/acme/acme/new-account protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=50310159-5a12-4354-b8c0-cc8739ea9f0e response="{\"contact\":[\"mailto:[email protected]\"],\"status\":\"valid\",\"orders\":\"https://step.home:9000/acme/acme/account/wCm5LMhgldgqNtQDivQoiaUVHPPuhOSh/orders\"}" size=153 status=201 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:08Z" level=info duration="308.645<C2><B5>s" duration-ns=308645 fields.time="2024-12-24T14:40:08Z" method=GET name=ca path=/acme/acme/directory protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=1f49b232-2af7-4692-b9b8-9b6e0f7a33e7 response="{\"newNonce\":\"https://step.home:9000/acme/acme/new-nonce\",\"newAccount\":\"https://step.home:9000/acme/acme/new-account\",\"newOrder\":\"https://step.home:9000/acme/acme/new-order\",\"revokeCert\":\"https://step.home:9000/acme/acme/revoke-cert\",\"keyChange\":\"https://step.home:9000/acme/acme/key-change\"}" size=292 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:22Z" level=info duration=15.754285ms duration-ns=15754285 fields.time="2024-12-24T14:40:22Z" method=HEAD name=ca nonce=SDFLZEU2bmMyVEl0a1BEVElnVFkzT3JPZ0EyZ2ZsZ0s path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=11588208-c625-45a4-b756-c6574a3a3e71 size=0 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:23Z" level=info duration=86.250781ms duration-ns=86250781 fields.time="2024-12-24T14:40:23Z" method=POST name=ca nonce=MzBtQ2NYaFhSWHZlUEpXM1dvWmd0b2VuY0M1MjBrZjg path=/acme/acme/new-order protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=3fcf3302-9ad2-46dc-aa6a-be5bb7e2f46a response="{\"id\":\"6jwwNAaSZMk36FHGWiBH2PtgsPUdjxQ6\",\"status\":\"pending\",\"expires\":\"2024-12-25T14:40:23Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"pi.hole\"}],\"notBefore\":\"2024-12-24T14:39:23Z\",\"notAfter\":\"2025-03-04T14:40:23Z\",\"authorizations\":[\"https://step.home:9000/acme/acme/authz/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS\"],\"finalize\":\"https://step.home:9000/acme/acme/order/6jwwNAaSZMk36FHGWiBH2PtgsPUdjxQ6/finalize\"}" size=399 status=201 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:24Z" level=info duration=23.527287ms duration-ns=23527287 fields.time="2024-12-24T14:40:24Z" method=POST name=ca nonce=UDduZ3VKOUtwQlQ0WW5OUjY3bXRUTVNCZjd4cFZQRGY path=/acme/acme/authz/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=c21b2263-5db3-4345-9e2e-52ea093f02be response="{\"identifier\":{\"type\":\"dns\",\"value\":\"pi.hole\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"gbrQ241GMPwWB1XKYELgvqoQcg8MKI7b\",\"url\":\"https://step.home:9000/acme/acme/challenge/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS/hUqiMu5Uw83NEOobz9HlcYIXcnZYXDEJ\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"gbrQ241GMPwWB1XKYELgvqoQcg8MKI7b\",\"url\":\"https://step.home:9000/acme/acme/challenge/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS/XumTdhu9LvKPIzFtmNC1oQ7oKaygZOmJ\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"gbrQ241GMPwWB1XKYELgvqoQcg8MKI7b\",\"url\":\"https://step.home:9000/acme/acme/challenge/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS/5kaR3qCN3xPaEcXdHIjLZZh7wKvaBDA1\"}],\"wildcard\":false,\"expires\":\"2024-12-25T14:40:23Z\"}" size=729 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:27Z" level=info duration="231.197<C2><B5>s" duration-ns=231197 fields.time="2024-12-24T14:40:27Z" method=GET name=ca path=/health protocol=HTTP/2.0 referer= remote-address=172.18.0.2 request-id=9e5403d1-35c1-4f55-9004-fb18e493dbbf size=16 status=200 user-agent="Smallstep CLI/0.28.2 (linux/arm64)" user-id=
step-ca  | time="2024-12-24T14:40:41Z" level=info duration=18.811413ms duration-ns=18811413 fields.time="2024-12-24T14:40:41Z" method=HEAD name=ca nonce=TjRndEpHTGg3RmFldWZBUXlPenQwMHlIb0p6S1hxQVM path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=705e1f38-30dd-4620-a6a0-30776e53de91 size=0 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:45Z" level=error duration=3.770407848s duration-ns=3770407848 error="error validating challenge: failure saving error to acme challenge: error saving acme challenge: failed to commit badger transaction: Transaction Conflict. Please retry" fields.time="2024-12-24T14:40:41Z" method=POST name=ca nonce=dFlaWGtYVHRTSzJmT2FNYjNDVXBpaXE0QkJkN25zWmc path=/acme/acme/challenge/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS/XumTdhu9LvKPIzFtmNC1oQ7oKaygZOmJ protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=47d800c0-e3fc-42b8-8c58-41627a615504 response="{\"type\":\"urn:ietf:params:acme:error:serverInternal\",\"detail\":\"The server experienced an internal error\"}" size=105 status=500 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:45Z" level=info duration=20.064366776s duration-ns=20064366776 fields.time="2024-12-24T14:40:25Z" method=POST name=ca nonce=V3RZSGY2aWplQWtGOFEyQjVBS3BOd1ZiR0NGaGV4T0Y path=/acme/acme/challenge/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS/XumTdhu9LvKPIzFtmNC1oQ7oKaygZOmJ protocol=HTTP/2.0 referer= remote-address=172.18.0.3 request-id=14f5f4f5-965f-4c89-9a11-60e4eeda5b2e response="{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"gbrQ241GMPwWB1XKYELgvqoQcg8MKI7b\",\"url\":\"https://step.home:9000/acme/acme/challenge/uQbnnnQDj99Epf4SOjC3h1Jhg9elqYYS/XumTdhu9LvKPIzFtmNC1oQ7oKaygZOmJ\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}" size=316 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-24T14:40:58Z" level=info duration="58.802<C2><B5>s" duration-ns=58802 fields.time="2024-12-24T14:40:58Z" method=GET name=ca path=/health protocol=HTTP/2.0 referer= remote-address=172.18.0.2 request-id=0efcb3f4-0a85-4fd8-b10b-44a53395ad69 size=16 status=200 user-agent="Smallstep CLI/0.28.2 (linux/arm64)" user-id=

Your Environment

OS : Debian GNU/Linux 12 (bookworm)
step-ca Version - smallstep/step-ca:latest (0.28.1 if I see that correctly)

Expected Behavior

issue certificate

Actual Behavior

no certificate issued

Additional Context

the nginx (acme-companion) outputs

[Tue Dec 24 15:02:42 UTC 2024] Using CA: https://step.home:9000/acme/acme/directory
[Tue Dec 24 15:02:43 UTC 2024] Using pre-generated key: /etc/acme.sh/[email protected]/pi.hole/pi.hole.key.next
[Tue Dec 24 15:02:43 UTC 2024] Generating next pre-generate key.
[Tue Dec 24 15:02:49 UTC 2024] Single domain='pi.hole'
[Tue Dec 24 15:02:52 UTC 2024] Getting webroot for domain='pi.hole'
[Tue Dec 24 15:02:52 UTC 2024] Verifying: pi.hole
[Tue Dec 24 15:03:08 UTC 2024] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 92

I set STEPDEBUG=1 in the docker compose file, but it seems not to print more infos.

the pi.hole is actually my dns server, but since it exposes port 53 directly I have no problems resolving dns names in the host machine. howerver nslookup can't resolve inside the step-ca container even when providing the ip of the resolver (host) is this expected? ping works, so the ip is reachable.

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

The text was updated successfully, but these errors were encountered:

hslatman · 2024-12-24T16:58:31Z

Hey @LokiMidgard, what does your Docker storage setup look like? It sounds like BadgerDB can't commit file operation transactions. You could try the FileIO mode: https://smallstep.com/docs/step-ca/configuration/#badger

LokiMidgard · 2024-12-24T23:13:42Z

Thanks for the fast response :)

I changed the config to fileIO:

        "db": {
                "type": "badgerv2",
                "dataSource": "/home/step/db",
                "badgerFileLoadingMode": "FileIO"
        },

the db is created (the home directory is a mounted volume next to the docker compose)

~/step-ca $ ls data/db/
000000.vlog  000008.sst  KEYREGISTRY  LOCK  MANIFEST

Memory could be a problem since I running it for tests on a pi and I just checked it seems to be one with only 1 GB RAM.

I could search if i get another device with more RAM, but that may take some time.

hslatman · 2024-12-27T09:22:37Z

@LokiMidgard with the change to FileIO, the issue still persists?

In the logs I also saw some time indications with<C2><B5>s. That looks weird. It could be related to character encoding. Is your environment using some special kind of configuration when it comes to character settings?

LokiMidgard · 2024-12-27T16:12:38Z

Yes it persisted after I set FileIo, I did restart the contaner after that, to reload. The characters are from the combination of docker compose logs and less It did not bother me enough to look up how to correcly encode it.

LokiMidgard · 2024-12-27T18:31:04Z

~~I'm getting the feeling it is a problem I face is unrelated to the transaction conflict. I was able (maybe by chance) to not get it, and it still faild.~~

~~I will need to look more in that direction.~~

Or I'm too dumb to look through the logs ¬_¬

LokiMidgard · 2024-12-27T19:21:21Z

I tried to enable debug log by setting the enviroment variable STEPDEBUG=1 but it dose not seem to yeald more output.

on the Acme client I noticed following error:

letsencrypt-1  | == Info: HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)

when posting to POST /acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL

I'll assume that is when the transaction error occures.

logs for later reference

step-ca

step-ca  | badger 2024/12/27 18:54:57 INFO: Storing value log head: {Fid:0 Len:30 Offset:1575}
step-ca  | badger 2024/12/27 18:54:57 INFO: [Compactor: 173] Running compaction: {level:0 score:1.73 dropPrefixes:[]} for level: 0
step-ca  | badger 2024/12/27 18:54:57 INFO: LOG Compact 0->1, del 1 tables, add 1 tables, took 109.280827ms
step-ca  | badger 2024/12/27 18:54:57 INFO: [Compactor: 173] Compaction for level: 0 DONE
step-ca  | badger 2024/12/27 18:54:57 INFO: Force compaction on level 0 done
step-ca  | badger 2024/12/27 18:54:59 INFO: All 1 tables opened in 2ms
step-ca  | badger 2024/12/27 18:54:59 INFO: Replaying file id: 0 at offset: 1605
step-ca  | badger 2024/12/27 18:54:59 INFO: Replay took: 8.75µs
step-ca  | 2024/12/27 18:55:00 Building new tls configuration using step-ca x509 Signer Interface
step-ca  | 2024/12/27 18:55:00 Starting Smallstep CA/0.28.1 (linux/arm64)
step-ca  | 2024/12/27 18:55:00 Documentation: https://u.step.sm/docs/ca
step-ca  | 2024/12/27 18:55:00 Community Discord: https://u.step.sm/discord
step-ca  | 2024/12/27 18:55:00 Config file: /home/step/config/ca.json
step-ca  | 2024/12/27 18:55:00 The primary server URL is https://step.home:9000
step-ca  | 2024/12/27 18:55:00 Root certificates are available at https://step.home:9000/roots.pem
step-ca  | 2024/12/27 18:55:00 X.509 Root Fingerprint: c127516e03c52ec43c98268d21d4d85b7042e7b634fc842fffc858f5cc35c776
step-ca  | 2024/12/27 18:55:00 Serving HTTPS on :9000 ...

step-ca  | time="2024-12-27T18:55:29Z" level=info duration="272.135µs" duration-ns=272135 fields.time="2024-12-27T18:55:29Z" method=GET name=ca path=/health protocol=HTTP/2.0 referer= remote-address=172.22.0.2 request-id=4afdbace-6ae2-47df-83bb-e141ff73e50f size=16 status=200 user-agent="Smallstep CLI/0.28.2 (linux/arm64)" user-id=
step-ca  | time="2024-12-27T18:55:48Z" level=info duration=1.622914ms duration-ns=1622914 fields.time="2024-12-27T18:55:48Z" method=GET name=ca path=/acme/acme/directory protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=d85ad2f4-5d94-41ab-8097-93455e5e2af7 response="{\"newNonce\":\"https://step.home:9000/acme/acme/new-nonce\",\"newAccount\":\"https://step.home:9000/acme/acme/new-account\",\"newOrder\":\"https://step.home:9000/acme/acme/new-order\",\"revokeCert\":\"https://step.home:9000/acme/acme/revoke-cert\",\"keyChange\":\"https://step.home:9000/acme/acme/key-change\"}" size=292 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:55:50Z" level=info duration=15.350914ms duration-ns=15350914 fields.time="2024-12-27T18:55:50Z" method=HEAD name=ca nonce=b1pTS3BGSGs2WVk3eFZ0YVRJaEJ1MUlKT2xkQTBoSm4 path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=3ffb77c2-783c-410a-ab6a-4a52f16bda32 size=0 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:55:50Z" level=info duration=44.188213ms duration-ns=44188213 fields.time="2024-12-27T18:55:50Z" method=POST name=ca nonce=YzlpaVpzcURSbXoxd2VXRGhsSlpmSW05U3Z2N1ZUVWo path=/acme/acme/new-account protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=3acba573-3664-4aae-bcc2-d689bf358f04 response="{\"status\":\"valid\",\"orders\":\"https://step.home:9000/acme/acme/account/H8bY2dc5CMP425EDXpUfAqYmnRvcndM9/orders\"}" size=111 status=201 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:55:52Z" level=info duration="394.53µs" duration-ns=394530 fields.time="2024-12-27T18:55:52Z" method=GET name=ca path=/acme/acme/directory protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=a2328ce5-470f-40f4-ae72-a3c9bac49140 response="{\"newNonce\":\"https://step.home:9000/acme/acme/new-nonce\",\"newAccount\":\"https://step.home:9000/acme/acme/new-account\",\"newOrder\":\"https://step.home:9000/acme/acme/new-order\",\"revokeCert\":\"https://step.home:9000/acme/acme/revoke-cert\",\"keyChange\":\"https://step.home:9000/acme/acme/key-change\"}" size=292 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:56:00Z" level=info duration="74.115µs" duration-ns=74115 fields.time="2024-12-27T18:56:00Z" method=GET name=ca path=/health protocol=HTTP/2.0 referer= remote-address=172.22.0.2 request-id=55b01b7a-277f-426e-bd1e-023496034b93 size=16 status=200 user-agent="Smallstep CLI/0.28.2 (linux/arm64)" user-id=
step-ca  | time="2024-12-27T18:56:04Z" level=info duration=15.698257ms duration-ns=15698257 fields.time="2024-12-27T18:56:03Z" method=HEAD name=ca nonce=UmR0Y0JhTFo4blE2T1ZBdXpoZkkxV2NuTlZpVGtxU0M path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=4506020e-afe1-4556-b961-c3f9fb688b05 size=0 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:56:04Z" level=info duration=84.843463ms duration-ns=84843463 fields.time="2024-12-27T18:56:04Z" method=POST name=ca nonce=MjNJMmk3bkltSkhwdW9TQUFXeVozVXBYclZoNHkwMEM path=/acme/acme/new-order protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=f3a0f48d-029a-41f4-967d-797611ce03f7 response="{\"id\":\"t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf\",\"status\":\"pending\",\"expires\":\"2024-12-28T18:56:04Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"pi.hole\"}],\"notBefore\":\"2024-12-27T18:55:04Z\",\"notAfter\":\"2025-03-07T18:56:04Z\",\"authorizations\":[\"https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG\"],\"finalize\":\"https://step.home:9000/acme/acme/order/t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf/finalize\"}" size=399 status=201 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:56:05Z" level=info duration=24.881733ms duration-ns=24881733 fields.time="2024-12-27T18:56:05Z" method=POST name=ca nonce=dUhmNFVnTEFKOFgzZFpCNWgwYjZEZW5tQWg1QzlyZmM path=/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=4f45a410-0a4e-483e-8d36-43f01b30f114 response="{\"identifier\":{\"type\":\"dns\",\"value\":\"pi.hole\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8\",\"url\":\"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/PNmDSHHnvRK4ZD0sHMds5pZfumrXobXU\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8\",\"url\":\"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8\",\"url\":\"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/8paUKN9cOY3i0CtwfIKhF2rhWUk1tAn2\"}],\"wildcard\":false,\"expires\":\"2024-12-28T18:56:04Z\"}" size=729 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:56:24Z" level=info duration=13.136907ms duration-ns=13136907 fields.time="2024-12-27T18:56:24Z" method=HEAD name=ca nonce=SUc1a1BHS1dyd3NMSFo2VmR1TU4xQXhObHBNU3NtTE4 path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=0dd012fc-cf30-4f89-bffe-758680527a2e size=0 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:56:27Z" level=error duration=20.028636175s duration-ns=20028636175 error="error validating challenge: failure saving error to acme challenge: error saving acme challenge: failed to commit badger transaction: Transaction Conflict. Please retry" fields.time="2024-12-27T18:56:07Z" method=POST name=ca nonce=U0ladmdhOGFRN2MzWllibUx3UHM4RXNBdjczUE84T00 path=/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=b016cd08-aa28-4ceb-ab62-cb60c3ceb3ae response="{\"type\":\"urn:ietf:params:acme:error:serverInternal\",\"detail\":\"The server experienced an internal error\"}" size=105 status=500 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=
step-ca  | time="2024-12-27T18:56:27Z" level=info duration=2.995388997s duration-ns=2995388997 fields.time="2024-12-27T18:56:24Z" method=POST name=ca nonce=YnJMSTF1VjRHQ1NucmhxQTBvUWhkbldiS2pGUjc4eVI path=/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA protocol=HTTP/2.0 referer= remote-address=172.22.0.5 request-id=67cce0d1-77ea-456e-abe6-16bb9c61d94a response="{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8\",\"url\":\"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}" size=316 status=200 user-agent="nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)" user-id=

.well-known

cat .well-known/acme-challenge/jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8 
jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8.fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc

acme-client

proxy          | Info: running nginx-proxy version 1.6.4-51-gc60eff5
proxy          | Setting up DH Parameters..
proxy          | Warning: TRUST_DOWNSTREAM_PROXY is not set; defaulting to "true". For security, you should explicitly set TRUST_DOWNSTREAM_PROXY to "false" if there is not a trusted reverse proxy in front of this proxy.
proxy          | Warning: The default value of TRUST_DOWNSTREAM_PROXY might change to "false" in a future version of nginx-proxy. If you require TRUST_DOWNSTREAM_PROXY to be enabled, explicitly set it to "true".
proxy          | forego      | starting dockergen.1 on port 5000
proxy          | forego      | starting nginx.1 on port 5100
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: using the "epoll" event method
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: nginx/1.27.3
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: built by gcc 12.2.0 (Debian 12.2.0-14) 
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: OS: Linux 6.6.62+rpt-rpi-v8
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: getrlimit(RLIMIT_NOFILE): 1048576:1048576
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker processes
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker process 26
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker process 27
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker process 28
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker process 29
proxy          | dockergen.1 | 2024/12/27 18:55:44 Generated '/etc/nginx/conf.d/default.conf' from 3 containers
proxy          | dockergen.1 | 2024/12/27 18:55:44 Running 'nginx -s reload'
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: signal 1 (SIGHUP) received from 32, reconfiguring
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: reconfiguring
proxy          | dockergen.1 | 2024/12/27 18:55:44 Watching docker events
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: using the "epoll" event method
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker processes
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker process 36
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker process 37
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker process 38
proxy          | nginx.1     | 2024/12/27 18:55:44 [notice] 21#21: start worker process 39
letsencrypt-1  | Info: running acme-companion version v2.5.1-6-gea11f22
proxy          | dockergen.1 | 2024/12/27 18:55:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
proxy          | dockergen.1 | 2024/12/27 18:55:45 Received event start for container 48bd80f87f32
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 26#26: gracefully shutting down
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 29#29: gracefully shutting down
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 28#28: gracefully shutting down
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 26#26: exiting
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 29#29: exiting
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 28#28: exiting
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 26#26: exit
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 28#28: exit
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 29#29: exit
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 27#27: gracefully shutting down
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 27#27: exiting
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 27#27: exit
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: signal 17 (SIGCHLD) received from 26
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: worker process 26 exited with code 0
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: signal 29 (SIGIO) received
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: signal 17 (SIGCHLD) received from 29
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: worker process 29 exited with code 0
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: signal 29 (SIGIO) received
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: signal 17 (SIGCHLD) received from 28
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: worker process 28 exited with code 0
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: worker process 27 exited with code 0
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: signal 29 (SIGIO) received
proxy          | nginx.1     | 2024/12/27 18:55:45 [notice] 21#21: signal 17 (SIGCHLD) received from 27
proxy          | dockergen.1 | 2024/12/27 18:55:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
letsencrypt-1  | Warning: '/etc/acme.sh' does not appear to be a mounted volume.
letsencrypt-1  | Info: Setting up 4096 bits RFC7919 Diffie-Hellman group...
letsencrypt-1  | Debug: checking /etc/nginx/certs/dhparam.pem ownership and permissions.
letsencrypt-1  | Debug: numeric ID of user root is 0.
letsencrypt-1  | Debug: numeric ID of group root is 0.
letsencrypt-1  | Reloading nginx proxy (proxy)...
letsencrypt-1  | 2024/12/27 18:55:46 Generated '/etc/nginx/conf.d/default.conf' from 4 containers
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 1 (SIGHUP) received from 53, reconfiguring
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: reconfiguring
letsencrypt-1  | 2024/12/27 18:55:46 [notice] 53#53: signal process started
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: using the "epoll" event method
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: start worker processes
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: start worker process 54
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: start worker process 55
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: start worker process 56
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: start worker process 57
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 38#38: gracefully shutting down
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 37#37: gracefully shutting down
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 39#39: gracefully shutting down
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 38#38: exiting
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 39#39: exiting
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 37#37: exiting
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 36#36: gracefully shutting down
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 36#36: exiting
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 38#38: exit
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 37#37: exit
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 36#36: exit
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 39#39: exit
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 17 (SIGCHLD) received from 37
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: worker process 37 exited with code 0
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 29 (SIGIO) received
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 17 (SIGCHLD) received from 38
letsencrypt-1  | 2024/12/27 18:55:46 Generated '/app/letsencrypt_service_data' from 4 containers
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: worker process 38 exited with code 0
letsencrypt-1  | 2024/12/27 18:55:46 Running '/app/signal_le_service'
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 29 (SIGIO) received
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 17 (SIGCHLD) received from 39
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: worker process 39 exited with code 0
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 29 (SIGIO) received
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 17 (SIGCHLD) received from 36
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: worker process 36 exited with code 0
proxy          | nginx.1     | 2024/12/27 18:55:46 [notice] 21#21: signal 29 (SIGIO) received
letsencrypt-1  | 2024/12/27 18:55:46 Watching docker events
letsencrypt-1  | 2024/12/27 18:55:46 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
letsencrypt-1  | Calling acme.sh --register-account with the following parameters : --log /dev/null --useragent nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0) --debug 2 --server https://step.home:9000/acme/acme/directory --config-home /etc/acme.sh/default
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _selectServer try snames='zerossl.com,zerossl'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _selectServer try snames='letsencrypt.org,letsencrypt'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _selectServer try snames='letsencrypt.org_test,letsencrypt_test,letsencrypttest'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _selectServer try snames='buypass.com,buypass'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _selectServer try snames='buypass.com_test,buypass_test,buypasstest'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _selectServer try snames='ssl.com,sslcom'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _selectServer try snames='google.com,google'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _selectServer try snames='google.com_test,googletest,google_test'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] Let's find the script directory.
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _SCRIPT_='/app/acme.sh'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _script='/app/acme.sh'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _script_home='/app'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] Using default home: /root/.acme.sh
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] Using config home: /etc/acme.sh/default
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
letsencrypt-1  | https://github.com/acmesh-official/acme.sh
letsencrypt-1  | v3.1.0
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] Using server: https://step.home:9000/acme/acme/directory
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] Running cmd: registeraccount
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] Using config home: /etc/acme.sh/default
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] ACME_DIRECTORY='https://step.home:9000/acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:47 UTC 2024] _ACME_SERVER_HOST='step.home'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] _ACME_SERVER_PATH='acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] Using config home: /etc/acme.sh/default
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_DIRECTORY='https://step.home:9000/acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] _ACME_SERVER_HOST='step.home'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] _ACME_SERVER_PATH='acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] _init API for server: https://step.home:9000/acme/acme/directory
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] GET
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] url='https://step.home:9000/acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] timeout=
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.YxiInXNt4s  -g '
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ret='0'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] response='{"newNonce":"https://step.home:9000/acme/acme/new-nonce","newAccount":"https://step.home:9000/acme/acme/new-account","newOrder":"https://step.home:9000/acme/acme/new-order","revokeCert":"https://step.home:9000/acme/acme/revoke-cert","keyChange":"https://step.home:9000/acme/acme/key-change"}'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_KEY_CHANGE='https://step.home:9000/acme/acme/key-change'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_NEW_AUTHZ
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_NEW_ORDER='https://step.home:9000/acme/acme/new-order'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_NEW_ACCOUNT='https://step.home:9000/acme/acme/new-account'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_REVOKE_CERT='https://step.home:9000/acme/acme/revoke-cert'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_AGREEMENT
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_NEW_NONCE='https://step.home:9000/acme/acme/new-nonce'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] length='ec-256'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] Using config home: /etc/acme.sh/default
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] ACME_DIRECTORY='https://step.home:9000/acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] _ACME_SERVER_HOST='step.home'
letsencrypt-1  | [Fri Dec 27 18:55:48 UTC 2024] _ACME_SERVER_PATH='acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] _createkey for file:/etc/acme.sh/default/ca/step.home/acme/acme/directory/account.key
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Using length 256
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Using EC name: prime256v1
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Account key creation OK.
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] EC key
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Config file is empty, cannot read CA_EAB_KEY_ID
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Config file is empty, cannot read CA_EAB_HMAC_KEY
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Config file is empty, cannot read CA_EMAIL
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Registering account: https://step.home:9000/acme/acme/directory
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] =======Sending Signed Request=======
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] url='https://step.home:9000/acme/acme/new-account'
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] payload='{"termsOfServiceAgreed": true}'
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Use cached jwk for file: /etc/acme.sh/default/ca/step.home/acme/acme/directory/account.key
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://step.home:9000/acme/acme/new-nonce'
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] HEAD
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] _post_url='https://step.home:9000/acme/acme/new-nonce'
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] body
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] _postContentType='application/jose+json'
letsencrypt-1  | [Fri Dec 27 18:55:49 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.jjRlimMiFe  -g  -I  '
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] _ret='0'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] _headers='HTTP/2 200 
letsencrypt-1  | cache-control: no-store
letsencrypt-1  | link: <https://step.home:9000/acme/acme/directory>;rel="index"
letsencrypt-1  | replay-nonce: b1pTS3BGSGs2WVk3eFZ0YVRJaEJ1MUlKT2xkQTBoSm4
letsencrypt-1  | x-request-id: 3ffb77c2-783c-410a-ab6a-4a52f16bda32
letsencrypt-1  | date: Fri, 27 Dec 2024 18:55:50 GMT
'etsencrypt-1  | 
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] nonce='b1pTS3BGSGs2WVk3eFZ0YVRJaEJ1MUlKT2xkQTBoSm4'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] POST
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] _post_url='https://step.home:9000/acme/acme/new-account'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] body='{"protected": "eyJub25jZSI6ICJiMXBUUzNCR1NHczJXVmszZUZaMFlWUkphRUoxTVVsS1QyeGtRVEJvU200IiwgInVybCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvYWNtZS9uZXctYWNjb3VudCIsICJhbGciOiAiRVMyNTYiLCAiandrIjogeyJjcnYiOiAiUC0yNTYiLCAia3R5IjogIkVDIiwgIngiOiAiNk1UZ1BUcXpOQ1dGdWxmY0JTMWdoTFltLTBnWURvY1AxWnNhd0x6RWszbyIsICJ5IjogIm10cGpqME84cVNSeGhFS3VCVXlTT3RtV1RfcUMwdlNiSVp2VWtyUUwyZFUifX0", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "e41EZzpatiJuKx8S8-lH2O1CyUguPy8a_-1YEV4MIxaLxQZaZSqIQ-wJG5oYF7pH4qcaGb5h2rhWfF7zWf8Bjg"}'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] _postContentType='application/jose+json'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] Http already initialized.
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.jjRlimMiFe  -g '
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] _ret='0'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] responseHeaders='HTTP/2 201 
letsencrypt-1  | cache-control: no-store
letsencrypt-1  | content-type: application/json
letsencrypt-1  | link: <https://step.home:9000/acme/acme/directory>;rel="index"
letsencrypt-1  | location: https://step.home:9000/acme/acme/account/H8bY2dc5CMP425EDXpUfAqYmnRvcndM9
letsencrypt-1  | replay-nonce: YzlpaVpzcURSbXoxd2VXRGhsSlpmSW05U3Z2N1ZUVWo
letsencrypt-1  | x-request-id: 3acba573-3664-4aae-bcc2-d689bf358f04
letsencrypt-1  | content-length: 111
letsencrypt-1  | date: Fri, 27 Dec 2024 18:55:50 GMT
'etsencrypt-1  | 
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] code='201'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] original='{"status":"valid","orders":"https://step.home:9000/acme/acme/account/H8bY2dc5CMP425EDXpUfAqYmnRvcndM9/orders"}'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] response='{"status":"valid","orders":"https://step.home:9000/acme/acme/account/H8bY2dc5CMP425EDXpUfAqYmnRvcndM9/orders"}'
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] Registered
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] responseHeaders='HTTP/2 201 
letsencrypt-1  | cache-control: no-store
letsencrypt-1  | content-type: application/json
letsencrypt-1  | link: <https://step.home:9000/acme/acme/directory>;rel="index"
letsencrypt-1  | location: https://step.home:9000/acme/acme/account/H8bY2dc5CMP425EDXpUfAqYmnRvcndM9
letsencrypt-1  | replay-nonce: YzlpaVpzcURSbXoxd2VXRGhsSlpmSW05U3Z2N1ZUVWo
letsencrypt-1  | x-request-id: 3acba573-3664-4aae-bcc2-d689bf358f04
letsencrypt-1  | content-length: 111
letsencrypt-1  | date: Fri, 27 Dec 2024 18:55:50 GMT
'etsencrypt-1  | 
letsencrypt-1  | [Fri Dec 27 18:55:50 UTC 2024] _accUri='https://step.home:9000/acme/acme/account/H8bY2dc5CMP425EDXpUfAqYmnRvcndM9'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] Calc CA_KEY_HASH='s09nyYTpEOSnhATOnb0hLQHXd3e9TNsdtIeJUotGPns='
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] ACCOUNT_THUMBPRINT='fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc'
letsencrypt-1  | Debug: checking /etc/nginx/certs/pi.hole ownership and permissions.
letsencrypt-1  | Debug: numeric ID of user root is 0.
letsencrypt-1  | Debug: numeric ID of group root is 0.
letsencrypt-1  | Calling acme.sh --issue with the following parameters : --log /dev/null --useragent nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0) --debug 2 --server https://step.home:9000/acme/acme/directory --config-home /etc/acme.sh/default --webroot /usr/share/nginx/html --keylength 4096 --cert-file /etc/nginx/certs/pi.hole/cert.pem --key-file /etc/nginx/certs/pi.hole/key.pem --ca-file /etc/nginx/certs/pi.hole/chain.pem --fullchain-file /etc/nginx/certs/pi.hole/fullchain.pem --always-force-new-domain-key --domain pi.hole
letsencrypt-1  | Creating/renewal pi.hole certificates... (pi.hole)
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _is_idn_d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _idn_temp
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _selectServer try snames='zerossl.com,zerossl'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _selectServer try snames='letsencrypt.org,letsencrypt'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _selectServer try snames='letsencrypt.org_test,letsencrypt_test,letsencrypttest'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _selectServer try snames='buypass.com,buypass'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _selectServer try snames='buypass.com_test,buypass_test,buypasstest'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _selectServer try snames='ssl.com,sslcom'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _selectServer try snames='google.com,google'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _selectServer try snames='google.com_test,googletest,google_test'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] Let's find the script directory.
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _SCRIPT_='/app/acme.sh'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _script='/app/acme.sh'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] _script_home='/app'
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] Using default home: /root/.acme.sh
letsencrypt-1  | [Fri Dec 27 18:55:51 UTC 2024] Using config home: /etc/acme.sh/default
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
letsencrypt-1  | https://github.com/acmesh-official/acme.sh
letsencrypt-1  | v3.1.0
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] Using server: https://step.home:9000/acme/acme/directory
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] Running cmd: issue
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] _main_domain='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] _alt_domains='no'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] Using config home: /etc/acme.sh/default
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ACME_DIRECTORY='https://step.home:9000/acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] _ACME_SERVER_HOST='step.home'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] _ACME_SERVER_PATH='acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] DOMAIN_PATH='/etc/acme.sh/default/pi.hole'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] '/usr/share/nginx/html' does not contain 'dns'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] Using ACME_DIRECTORY: https://step.home:9000/acme/acme/directory
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] _init API for server: https://step.home:9000/acme/acme/directory
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] GET
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] url='https://step.home:9000/acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] timeout=
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.KIjFP8gDBB  -g '
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ret='0'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] response='{"newNonce":"https://step.home:9000/acme/acme/new-nonce","newAccount":"https://step.home:9000/acme/acme/new-account","newOrder":"https://step.home:9000/acme/acme/new-order","revokeCert":"https://step.home:9000/acme/acme/revoke-cert","keyChange":"https://step.home:9000/acme/acme/key-change"}'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ACME_KEY_CHANGE='https://step.home:9000/acme/acme/key-change'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ACME_NEW_AUTHZ
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ACME_NEW_ORDER='https://step.home:9000/acme/acme/new-order'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ACME_NEW_ACCOUNT='https://step.home:9000/acme/acme/new-account'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ACME_REVOKE_CERT='https://step.home:9000/acme/acme/revoke-cert'
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ACME_AGREEMENT
letsencrypt-1  | [Fri Dec 27 18:55:52 UTC 2024] ACME_NEW_NONCE='https://step.home:9000/acme/acme/new-nonce'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] Using CA: https://step.home:9000/acme/acme/directory
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _on_before_issue
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _chk_main_domain='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _chk_alt_domains
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] '/usr/share/nginx/html' does not contain 'no'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] Le_LocalAddress
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] Checking for domain='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _currentRoot='/usr/share/nginx/html'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] d
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] '/usr/share/nginx/html' does not contain 'apache'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _saved_account_key_hash='s09nyYTpEOSnhATOnb0hLQHXd3e9TNsdtIeJUotGPns='
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _saved_account_key_hash was not changed, skipping account registration.
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] Read key length: 2048
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] Creating domain key
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] Using config home: /etc/acme.sh/default
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] ACME_DIRECTORY='https://step.home:9000/acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _ACME_SERVER_HOST='step.home'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _ACME_SERVER_PATH='acme/acme/directory'
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] _createkey for file:/etc/acme.sh/default/pi.hole/pi.hole.key
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] Using length 4096
letsencrypt-1  | [Fri Dec 27 18:55:53 UTC 2024] Using RSA: 4096
letsencrypt-1  | [Fri Dec 27 18:55:58 UTC 2024] The domain key is here: /etc/acme.sh/default/pi.hole/pi.hole.key
letsencrypt-1  | [Fri Dec 27 18:55:58 UTC 2024] Generating next pre-generate key.
letsencrypt-1  | [Fri Dec 27 18:55:58 UTC 2024] _createkey for file:/etc/acme.sh/default/pi.hole/pi.hole.key.next
letsencrypt-1  | [Fri Dec 27 18:55:58 UTC 2024] Using length 4096
letsencrypt-1  | [Fri Dec 27 18:55:58 UTC 2024] Using RSA: 4096
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] _createcsr
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] domain='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] domainlist
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] csrkey='/etc/acme.sh/default/pi.hole/pi.hole.key'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] csr='/etc/acme.sh/default/pi.hole/pi.hole.csr'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] csrconf='/etc/acme.sh/default/pi.hole/pi.hole.csr.conf'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] Single domain='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] seg='pi'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] _is_idn_d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] _idn_temp
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] _is_idn_d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] _idn_temp
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] _csr_cn='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] seg='pi'
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] Getting domain auth token for each domain
letsencrypt-1  | [Fri Dec 27 18:56:02 UTC 2024] seg='pi'
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] _is_idn_d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] _idn_temp
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] d
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] _identifiers='{"type":"dns","value":"pi.hole"}'
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] _notBefore
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] _notAfter
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] STEP 1, Ordering a Certificate
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] =======Sending Signed Request=======
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] url='https://step.home:9000/acme/acme/new-order'
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] payload='{"identifiers": [{"type":"dns","value":"pi.hole"}]}'
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] EC key
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://step.home:9000/acme/acme/new-nonce'
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] HEAD
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] _post_url='https://step.home:9000/acme/acme/new-nonce'
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] body
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] _postContentType='application/jose+json'
letsencrypt-1  | [Fri Dec 27 18:56:03 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.U4khLvrhcT  -g  -I  '
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] _ret='0'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] _headers='HTTP/2 200 
letsencrypt-1  | cache-control: no-store
letsencrypt-1  | link: <https://step.home:9000/acme/acme/directory>;rel="index"
letsencrypt-1  | replay-nonce: UmR0Y0JhTFo4blE2T1ZBdXpoZkkxV2NuTlZpVGtxU0M
letsencrypt-1  | x-request-id: 4506020e-afe1-4556-b961-c3f9fb688b05
letsencrypt-1  | date: Fri, 27 Dec 2024 18:56:04 GMT
'etsencrypt-1  | 
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] nonce='UmR0Y0JhTFo4blE2T1ZBdXpoZkkxV2NuTlZpVGtxU0M'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] POST
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] _post_url='https://step.home:9000/acme/acme/new-order'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] body='{"protected": "eyJub25jZSI6ICJVbVIwWTBKaFRGbzRibEUyVDFaQmRYcG9aa2t4VjJOdVRsWnBWR3R4VTBNIiwgInVybCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvYWNtZS9uZXctb3JkZXIiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvYWNtZS9hY2NvdW50L0g4YlkyZGM1Q01QNDI1RURYcFVmQXFZbW5SdmNuZE05In0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InBpLmhvbGUifV19", "signature": "5Lj9clzhdDxBCbM88-xNmzBNC63MRhK3KsAAtdhH-nDt36zsoBxSXnCS1G3TWLBUyDgssazk_xQimjaLHdhouw"}'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] _postContentType='application/jose+json'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] Http already initialized.
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.U4khLvrhcT  -g '
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] _ret='0'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] responseHeaders='HTTP/2 201 
letsencrypt-1  | cache-control: no-store
letsencrypt-1  | content-type: application/json
letsencrypt-1  | link: <https://step.home:9000/acme/acme/directory>;rel="index"
letsencrypt-1  | location: https://step.home:9000/acme/acme/order/t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf
letsencrypt-1  | replay-nonce: MjNJMmk3bkltSkhwdW9TQUFXeVozVXBYclZoNHkwMEM
letsencrypt-1  | x-request-id: f3a0f48d-029a-41f4-967d-797611ce03f7
letsencrypt-1  | content-length: 399
letsencrypt-1  | date: Fri, 27 Dec 2024 18:56:04 GMT
'etsencrypt-1  | 
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] code='201'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] original='{"id":"t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf","status":"pending","expires":"2024-12-28T18:56:04Z","identifiers":[{"type":"dns","value":"pi.hole"}],"notBefore":"2024-12-27T18:55:04Z","notAfter":"2025-03-07T18:56:04Z","authorizations":["https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG"],"finalize":"https://step.home:9000/acme/acme/order/t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf/finalize"}'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] response='{"id":"t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf","status":"pending","expires":"2024-12-28T18:56:04Z","identifiers":[{"type":"dns","value":"pi.hole"}],"notBefore":"2024-12-27T18:55:04Z","notAfter":"2025-03-07T18:56:04Z","authorizations":["https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG"],"finalize":"https://step.home:9000/acme/acme/order/t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf/finalize"}'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] Le_LinkOrder='https://step.home:9000/acme/acme/order/t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf'
letsencrypt-1  | [Fri Dec 27 18:56:04 UTC 2024] Le_OrderFinalize='https://step.home:9000/acme/acme/order/t9pDiCWoOz9UCNfx0rLtvq7vzuYGD4jf/finalize'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] _authorizations_seg='https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] STEP 2, Get the authorizations of each domain
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] _authz_url='https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] =======Sending Signed Request=======
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] url='https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] payload
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] Use cached jwk for file: /etc/acme.sh/default/ca/step.home/acme/acme/directory/account.key
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] Use _CACHED_NONCE='MjNJMmk3bkltSkhwdW9TQUFXeVozVXBYclZoNHkwMEM'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] nonce='MjNJMmk3bkltSkhwdW9TQUFXeVozVXBYclZoNHkwMEM'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] POST
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] _post_url='https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] body='{"protected": "eyJub25jZSI6ICJNak5KTW1rM2JrbHRTa2h3ZFc5VFFVRlhlVm96VlhCWWNsWm9OSGt3TUVNIiwgInVybCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvYWNtZS9hdXRoei9YRk9WVDhiazZJWG9zZ3pFRW1aNFlVV1pQZUx6clJVRyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vc3RlcC5ob21lOjkwMDAvYWNtZS9hY21lL2FjY291bnQvSDhiWTJkYzVDTVA0MjVFRFhwVWZBcVltblJ2Y25kTTkifQ", "payload": "", "signature": "A4vhTS-1lVdEQ_SK2y8wT4vkC6nkRJwMmGnCLhW6RYtoQLQ6TJtN4Syh-L_Pbn6bz0dkBLJ60nxItYgcqNeWuw"}'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] _postContentType='application/jose+json'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] Http already initialized.
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.U4khLvrhcT  -g '
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] _ret='0'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] responseHeaders='HTTP/2 200 
letsencrypt-1  | cache-control: no-store
letsencrypt-1  | content-type: application/json
letsencrypt-1  | link: <https://step.home:9000/acme/acme/directory>;rel="index"
letsencrypt-1  | location: https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG
letsencrypt-1  | replay-nonce: dUhmNFVnTEFKOFgzZFpCNWgwYjZEZW5tQWg1QzlyZmM
letsencrypt-1  | x-request-id: 4f45a410-0a4e-483e-8d36-43f01b30f114
letsencrypt-1  | content-length: 729
letsencrypt-1  | date: Fri, 27 Dec 2024 18:56:05 GMT
'etsencrypt-1  | 
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] code='200'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] original='{"identifier":{"type":"dns","value":"pi.hole"},"status":"pending","challenges":[{"type":"dns-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/PNmDSHHnvRK4ZD0sHMds5pZfumrXobXU"},{"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA"},{"type":"tls-alpn-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/8paUKN9cOY3i0CtwfIKhF2rhWUk1tAn2"}],"wildcard":false,"expires":"2024-12-28T18:56:04Z"}'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] response='{"identifier":{"type":"dns","value":"pi.hole"},"status":"pending","challenges":[{"type":"dns-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/PNmDSHHnvRK4ZD0sHMds5pZfumrXobXU"},{"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA"},{"type":"tls-alpn-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/8paUKN9cOY3i0CtwfIKhF2rhWUk1tAn2"}],"wildcard":false,"expires":"2024-12-28T18:56:04Z"}'
letsencrypt-1  | [Fri Dec 27 18:56:05 UTC 2024] response='{"identifier":{"type":"dns","value":"pi.hole"},"status":"pending","challenges":[{"type":"dns-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/PNmDSHHnvRK4ZD0sHMds5pZfumrXobXU"},{"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA"},{"type":"tls-alpn-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/8paUKN9cOY3i0CtwfIKhF2rhWUk1tAn2"}],"wildcard":false,"expires":"2024-12-28T18:56:04Z"}'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _authorizations_map='pi.hole,{"identifier":{"type":"dns","value":"pi.hole"},"status":"pending","challenges":[{"type":"dns-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/PNmDSHHnvRK4ZD0sHMds5pZfumrXobXU"},{"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA"},{"type":"tls-alpn-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/8paUKN9cOY3i0CtwfIKhF2rhWUk1tAn2"}],"wildcard":false,"expires":"2024-12-28T18:56:04Z"}#https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG
letsencrypt-1  | '
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] Getting webroot for domain='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _w='/usr/share/nginx/html'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _currentRoot='/usr/share/nginx/html'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _is_idn_d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _idn_temp
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _candidates='pi.hole,{"identifier":{"type":"dns","value":"pi.hole"},"status":"pending","challenges":[{"type":"dns-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/PNmDSHHnvRK4ZD0sHMds5pZfumrXobXU"},{"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA"},{"type":"tls-alpn-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/8paUKN9cOY3i0CtwfIKhF2rhWUk1tAn2"}],"wildcard":false,"expires":"2024-12-28T18:56:04Z"}#https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] response='{"identifier":{"type":"dns","value":"pi.hole"},"status":"pending","challenges":[{"type":"dns-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/PNmDSHHnvRK4ZD0sHMds5pZfumrXobXU"},{"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA"},{"type":"tls-alpn-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/8paUKN9cOY3i0CtwfIKhF2rhWUk1tAn2"}],"wildcard":false,"expires":"2024-12-28T18:56:04Z"}#https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _authz_url='https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] entry='"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA"'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] token='jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] uri='https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] keyauthorization='jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8.fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] dvlist='pi.hole#jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8.fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc#https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA#http-01#/usr/share/nginx/html#https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] d
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] vlist='pi.hole#jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8.fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc#https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA#http-01#/usr/share/nginx/html#https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG,'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] OK, let's start verification
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] Verifying: pi.hole
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] d='pi.hole'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] keyauthorization='jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8.fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] uri='https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _authz_url='https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] _currentRoot='/usr/share/nginx/html'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] wellknown_path='/usr/share/nginx/html/.well-known/acme-challenge'
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] Writing token: jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8 to /usr/share/nginx/html/.well-known/acme-challenge/jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8
letsencrypt-1  | [Fri Dec 27 18:56:06 UTC 2024] Trigger domain validation.
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] _t_url='https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] _t_key_authz='jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8.fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] _t_vtype='http-01'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] =======Sending Signed Request=======
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] url='https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] payload='{}'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] Use cached jwk for file: /etc/acme.sh/default/ca/step.home/acme/acme/directory/account.key
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] Use _CACHED_NONCE='dUhmNFVnTEFKOFgzZFpCNWgwYjZEZW5tQWg1QzlyZmM'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] nonce='dUhmNFVnTEFKOFgzZFpCNWgwYjZEZW5tQWg1QzlyZmM'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] POST
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] _post_url='https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] body='{"protected": "eyJub25jZSI6ICJkVWhtTkZWblRFRktPRmd6WkZwQ05XZ3dZalpFWlc1dFFXZzFRemx5Wm1NIiwgInVybCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvYWNtZS9jaGFsbGVuZ2UvWEZPVlQ4Yms2SVhvc2d6RUVtWjRZVVdaUGVMenJSVUcvSUQ4REw3NVlRamtJUFNnWkRDTDNnbXZVOFJmN3BSZEEiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvYWNtZS9hY2NvdW50L0g4YlkyZGM1Q01QNDI1RURYcFVmQXFZbW5SdmNuZE05In0", "payload": "e30", "signature": "fKNdR3GcG_AL7hbf4QT5WupvINnW5KrT9S-qwaFrOQQN4htOyZBTHwEC5hOkJtGmpFaZoUvOKzw2By7niXOsFA"}'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] _postContentType='application/jose+json'
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] Http already initialized.
letsencrypt-1  | [Fri Dec 27 18:56:07 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.U4khLvrhcT  -g '
letsencrypt-1  | [Fri Dec 27 18:56:22 UTC 2024] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 92
letsencrypt-1  | [Fri Dec 27 18:56:22 UTC 2024] Here is the curl dump log:
letsencrypt-1  | [Fri Dec 27 18:56:22 UTC 2024] == Info: Host step.home:9000 was resolved.
letsencrypt-1  | == Info: IPv6: (none)
letsencrypt-1  | == Info: IPv4: 172.22.0.2
letsencrypt-1  | == Info:   Trying 172.22.0.2:9000...
letsencrypt-1  | == Info: ALPN: curl offers h2,http/1.1
letsencrypt-1  | => Send SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | == Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
letsencrypt-1  | => Send SSL data, 512 bytes (0x200)
letsencrypt-1  | 0000: .......Q.$....1~.2.n.'..+v...b.....Z.o ..Vt0..N.I5[..X...W...$..
letsencrypt-1  | 0040: ...d....>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
letsencrypt-1  | 0080: <.5./.....u.........step.home...................................
letsencrypt-1  | 00c0: ......h2.http/1.1.........1.....0...............................
letsencrypt-1  | 0100: ..................+........-.....3.&.$... 4_&...=.W..++.......xR
letsencrypt-1  | 0140: ^...J+..........................................................
letsencrypt-1  | 0180: ................................................................
letsencrypt-1  | 01c0: ................................................................
letsencrypt-1  | == Info:  CAfile: /etc/ssl/cert.pem
letsencrypt-1  | == Info:  CApath: none
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: ....z
letsencrypt-1  | == Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
letsencrypt-1  | <= Recv SSL data, 122 bytes (0x7a)
letsencrypt-1  | 0000: ...v......k...}......=........D.o...`. ..Vt0..N.I5[..X...W...$..
letsencrypt-1  | 0040: ...d.........+.....3.$... y8b/.ZvQ".`|.....a}U.9..^A..j.#Q
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .... 
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
letsencrypt-1  | <= Recv SSL data, 15 bytes (0xf)
letsencrypt-1  | 0000: .............h2
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: TLSv1.3 (IN), TLS handshake, Request CERT (13):
letsencrypt-1  | <= Recv SSL data, 151 bytes (0x97)
letsencrypt-1  | 0000: ............................................../.f.d.,0*1.0...U..
letsencrypt-1  | 0040: ..yugmeu1.0...U....yugmeu Root CA.4021.0...U....yugmeu1.0...U...
letsencrypt-1  | 0080: .yugmeu Intermediate CA
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
letsencrypt-1  | <= Recv SSL data, 941 bytes (0x3ad)
letsencrypt-1  | 0000: ...........0...0..x.......O.G.....RD..h...0...*.H.=...021.0...U.
letsencrypt-1  | 0040: ...yugmeu1.0...U....yugmeu Intermediate CA0...241227185400Z..241
letsencrypt-1  | 0080: 228185500Z0.1.0...U....Step Online CA0Y0...*.H.=....*.H.=....B..
letsencrypt-1  | 00c0: ...e...5....E1.....(.a....*,l...o.q,..lhR...,.~8.w.. .k.#.......
letsencrypt-1  | 0100: ...0..0...U...........0...U.%..0...+.........+.......0...U......
letsencrypt-1  | 0140: }`...o..u.(..|...X.70...U.#..0...p......43AX._?5.+. N0...U....0.
letsencrypt-1  | 0180: ..step.home0...*.H.=....I.0F.!.....m....R...l..BJ..R.q!.6....P!.
letsencrypt-1  | 01c0: !...M.&[email protected]..;k.K.`O.....;.......F.....0...0..f........\.x.j....
letsencrypt-1  | 0200: li..Qp0...*.H.=...0*1.0...U....yugmeu1.0...U....yugmeu Root CA0.
letsencrypt-1  | 0240: ..241227185350Z..341225185350Z021.0...U....yugmeu1.0...U....yugm
letsencrypt-1  | 0280: eu Intermediate CA0Y0...*.H.=....*.H.=....B..d..w.N...Q-z...8..<
letsencrypt-1  | 02c0: ]G..}F..'D..1M.1..fnOj?XB...^..8..)..J....Lr..f0d0...U..........
letsencrypt-1  | 0300: .0...U.......0.......0...U......p......43AX._?5.+. N0...U.#..0..
letsencrypt-1  | 0340: ..E......V.../j..g...0...*.H.=....H.0E. ;..a_..<..b0......B.zT.*
letsencrypt-1  | 0380: ..#c.6)..!........&.SGUD.\......W....VNU.....
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: ....`
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
letsencrypt-1  | <= Recv SSL data, 79 bytes (0x4f)
letsencrypt-1  | 0000: ...K...G0E.!..........kE.n...e.."..{l].n5g.i.. u^(`y......S.....
letsencrypt-1  | 0040: [email protected]
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: ....5
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: TLSv1.3 (IN), TLS handshake, Finished (20):
letsencrypt-1  | <= Recv SSL data, 36 bytes (0x24)
letsencrypt-1  | 0000: ... .-..2e../%..p.d\...b.=M..]..c.61
letsencrypt-1  | => Send SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | == Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
letsencrypt-1  | => Send SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | => Send SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | => Send SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: TLSv1.3 (OUT), TLS handshake, Certificate (11):
letsencrypt-1  | => Send SSL data, 8 bytes (0x8)
letsencrypt-1  | 0000: ........
letsencrypt-1  | => Send SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: ....5
letsencrypt-1  | => Send SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
letsencrypt-1  | => Send SSL data, 36 bytes (0x24)
letsencrypt-1  | 0000: ... ...\..V].....$.p.........>O...).
letsencrypt-1  | == Info: SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 / x25519 / id-ecPublicKey
letsencrypt-1  | == Info: ALPN: server accepted h2
letsencrypt-1  | == Info: Server certificate:
letsencrypt-1  | == Info:  subject: CN=Step Online CA
letsencrypt-1  | == Info:  start date: Dec 27 18:54:00 2024 GMT
letsencrypt-1  | == Info:  expire date: Dec 28 18:55:00 2024 GMT
letsencrypt-1  | == Info:  subjectAltName: host "step.home" matched cert's "step.home"
letsencrypt-1  | == Info:  issuer: O=yugmeu; CN=yugmeu Intermediate CA
letsencrypt-1  | == Info:  SSL certificate verify ok.
letsencrypt-1  | == Info:   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
letsencrypt-1  | == Info:   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
letsencrypt-1  | == Info:   Certificate level 2: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
letsencrypt-1  | == Info: Connected to step.home (172.22.0.2) port 9000
letsencrypt-1  | == Info: using HTTP/2
letsencrypt-1  | == Info: [HTTP/2] [1] OPENED stream for https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA
letsencrypt-1  | == Info: [HTTP/2] [1] [:method: POST]
letsencrypt-1  | == Info: [HTTP/2] [1] [:scheme: https]
letsencrypt-1  | == Info: [HTTP/2] [1] [:authority: step.home:9000]
letsencrypt-1  | == Info: [HTTP/2] [1] [:path: /acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA]
letsencrypt-1  | == Info: [HTTP/2] [1] [user-agent: nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.sh/3.1.0)]
letsencrypt-1  | == Info: [HTTP/2] [1] [accept: */*]
letsencrypt-1  | == Info: [HTTP/2] [1] [content-type: application/jose+json]
letsencrypt-1  | == Info: [HTTP/2] [1] [content-length: 505]
letsencrypt-1  | => Send SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | => Send SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | => Send header, 269 bytes (0x10d)
letsencrypt-1  | 0000: POST /acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL
letsencrypt-1  | 0040: 75YQjkIPSgZDCL3gmvU8Rf7pRdA HTTP/2
letsencrypt-1  | 0064: Host: step.home:9000
letsencrypt-1  | 007a: User-Agent: nginx-proxy/acme-companion/v2.5.1-6-gea11f22 (acme.s
letsencrypt-1  | 00ba: h/3.1.0)
letsencrypt-1  | 00c4: Accept: */*
letsencrypt-1  | 00d1: Content-Type: application/jose+json
letsencrypt-1  | 00f6: Content-Length: 505
letsencrypt-1  | 010b: 
letsencrypt-1  | => Send data, 505 bytes (0x1f9)
letsencrypt-1  | 0000: {"protected": "eyJub25jZSI6ICJkVWhtTkZWblRFRktPRmd6WkZwQ05XZ3dZa
letsencrypt-1  | 0040: lpFWlc1dFFXZzFRemx5Wm1NIiwgInVybCI6ICJodHRwczovL3N0ZXAuaG9tZTo5M
letsencrypt-1  | 0080: DAwL2FjbWUvYWNtZS9jaGFsbGVuZ2UvWEZPVlQ4Yms2SVhvc2d6RUVtWjRZVVdaU
letsencrypt-1  | 00c0: GVMenJSVUcvSUQ4REw3NVlRamtJUFNnWkRDTDNnbXZVOFJmN3BSZEEiLCAiYWxnI
letsencrypt-1  | 0100: jogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvY
letsencrypt-1  | 0140: WNtZS9hY2NvdW50L0g4YlkyZGM1Q01QNDI1RURYcFVmQXFZbW5SdmNuZE05In0",
letsencrypt-1  | 0180:  "payload": "e30", "signature": "fKNdR3GcG_AL7hbf4QT5WupvINnW5Kr
letsencrypt-1  | 01c0: T9S-qwaFrOQQN4htOyZBTHwEC5hOkJtGmpFaZoUvOKzw2By7niXOsFA"}
letsencrypt-1  | == Info: upload completely sent off: 505 bytes
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
letsencrypt-1  | <= Recv SSL data, 122 bytes (0x7a)
letsencrypt-1  | 0000: ...v..:...3...i....7......._.<...B."k.._.C..ug.=....CJ..X...H...
letsencrypt-1  | 0040: .Lq.....M....A....q...K|...a...G................(.........
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: ....8
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: ....'
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | => Send SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | => Send SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | <= Recv SSL data, 5 bytes (0x5)
letsencrypt-1  | 0000: .....
letsencrypt-1  | <= Recv SSL data, 1 bytes (0x1)
letsencrypt-1  | 0000: .
letsencrypt-1  | == Info: HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)
letsencrypt-1  | == Info: Connection #0 to host step.home left intact
letsencrypt-1  | [Fri Dec 27 18:56:22 UTC 2024] _ret='92'
letsencrypt-1  | [Fri Dec 27 18:56:22 UTC 2024] responseHeaders
letsencrypt-1  | [Fri Dec 27 18:56:22 UTC 2024] code
letsencrypt-1  | [Fri Dec 27 18:56:22 UTC 2024] original
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] response
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] Let's check the authz status
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] original
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] response
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] status
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] pi.hole: Unknown status: . Verification error: 
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] Debugging, not removing: /usr/share/nginx/html/.well-known
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] pid
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] No need to restore nginx config, skipping.
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] _clearupdns
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] dns_entries
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] Skipping dns.
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] _on_issue_err
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] Please check log file for more details: /dev/null
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] _chk_vlist='pi.hole#jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8.fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc#https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA#http-01#/usr/share/nginx/html#https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG,'
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] start to deactivate authz
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] Trigger domain validation.
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] _t_url='https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA'
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] _t_key_authz='jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8.fu92GM5iIdcMCRmoFNCi_4HB7jLD0ZQ_-MwZfDXpidc'
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] _t_vtype
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] =======Sending Signed Request=======
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] url='https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA'
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] payload='{}'
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] Use cached jwk for file: /etc/acme.sh/default/ca/step.home/acme/acme/directory/account.key
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] Get nonce with HEAD. ACME_NEW_NONCE='https://step.home:9000/acme/acme/new-nonce'
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] HEAD
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] _post_url='https://step.home:9000/acme/acme/new-nonce'
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] body
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] _postContentType='application/jose+json'
letsencrypt-1  | [Fri Dec 27 18:56:23 UTC 2024] Http already initialized.
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.U4khLvrhcT  -g  -I  '
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] _ret='0'
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] _headers='HTTP/2 200 
letsencrypt-1  | cache-control: no-store
letsencrypt-1  | link: <https://step.home:9000/acme/acme/directory>;rel="index"
letsencrypt-1  | replay-nonce: SUc1a1BHS1dyd3NMSFo2VmR1TU4xQXhObHBNU3NtTE4
letsencrypt-1  | x-request-id: 0dd012fc-cf30-4f89-bffe-758680527a2e
letsencrypt-1  | date: Fri, 27 Dec 2024 18:56:24 GMT
'etsencrypt-1  | 
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] nonce='SUc1a1BHS1dyd3NMSFo2VmR1TU4xQXhObHBNU3NtTE4'
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] POST
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] _post_url='https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA'
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] body='{"protected": "eyJub25jZSI6ICJTVWMxYTFCSFMxZHlkM05NU0ZvMlZtUjFUVTR4UVhoT2JIQk5VM050VEU0IiwgInVybCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvYWNtZS9jaGFsbGVuZ2UvWEZPVlQ4Yms2SVhvc2d6RUVtWjRZVVdaUGVMenJSVUcvSUQ4REw3NVlRamtJUFNnWkRDTDNnbXZVOFJmN3BSZEEiLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL3N0ZXAuaG9tZTo5MDAwL2FjbWUvYWNtZS9hY2NvdW50L0g4YlkyZGM1Q01QNDI1RURYcFVmQXFZbW5SdmNuZE05In0", "payload": "e30", "signature": "NQKzwOG73fhPCkSf7yvWCMCM67a3jA1gbSFPoOirK6wzG2VB_Sz6oRUA2Do4QOuH5Irw4Ch2uhjU5_v_WKXQtw"}'
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] _postContentType='application/jose+json'
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] Http already initialized.
letsencrypt-1  | [Fri Dec 27 18:56:24 UTC 2024] _CURL='curl --silent --dump-header /etc/acme.sh/default/http.header  -L  --trace-ascii /tmp/tmp.U4khLvrhcT  -g '
letsencrypt-1  | [Fri Dec 27 18:56:27 UTC 2024] _ret='0'
letsencrypt-1  | [Fri Dec 27 18:56:27 UTC 2024] responseHeaders='HTTP/2 200 
letsencrypt-1  | cache-control: no-store
letsencrypt-1  | content-type: application/json
letsencrypt-1  | link: <https://step.home:9000/acme/acme/directory>;rel="index"
letsencrypt-1  | link: <https://step.home:9000/acme/acme/authz/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG>;rel="up"
letsencrypt-1  | location: https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA
letsencrypt-1  | replay-nonce: YnJMSTF1VjRHQ1NucmhxQTBvUWhkbldiS2pGUjc4eVI
letsencrypt-1  | x-request-id: 67cce0d1-77ea-456e-abe6-16bb9c61d94a
letsencrypt-1  | content-length: 316
letsencrypt-1  | date: Fri, 27 Dec 2024 18:56:27 GMT
'etsencrypt-1  | 
letsencrypt-1  | [Fri Dec 27 18:56:27 UTC 2024] code='200'
letsencrypt-1  | [Fri Dec 27 18:56:27 UTC 2024] original='{"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA","error":{"type":"urn:ietf:params:acme:error:connection","detail":"The server could not connect to validation target"}}'
letsencrypt-1  | [Fri Dec 27 18:56:27 UTC 2024] response='{"type":"http-01","status":"pending","token":"jRmLaOukyN6Tj4YVt3DRvIDFXqvVkCd8","url":"https://step.home:9000/acme/acme/challenge/XFOVT8bk6IXosgzEEmZ4YUWZPeLzrRUG/ID8DL75YQjkIPSgZDCL3gmvU8Rf7pRdA","error":{"type":"urn:ietf:params:acme:error:connection","detail":"The server could not connect to validation target"}}'
letsencrypt-1  | [Fri Dec 27 18:56:28 UTC 2024] Diagnosis versions: 
letsencrypt-1  | openssl:openssl
letsencrypt-1  | OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024)
letsencrypt-1  | Apache:
letsencrypt-1  | Apache doesn't exist.
letsencrypt-1  | nginx:
letsencrypt-1  | nginx doesn't exist.
letsencrypt-1  | socat:
letsencrypt-1  | socat by Gerhard Rieger and contributors - see www.dest-unreach.org
letsencrypt-1  | socat version 1.8.0.1 on 25 Aug 2024 01:40:47
letsencrypt-1  |    running on Linux version #1 SMP PREEMPT Debian 1:6.6.62-1+rpt1 (2024-11-25), release 6.6.62+rpt-rpi-v8, machine aarch64
letsencrypt-1  | features:
letsencrypt-1  |   #define WITH_HELP 1
letsencrypt-1  |   #define WITH_STATS 1
letsencrypt-1  |   #define WITH_STDIO 1
letsencrypt-1  |   #define WITH_FDNUM 1
letsencrypt-1  |   #define WITH_FILE 1
letsencrypt-1  |   #define WITH_CREAT 1
letsencrypt-1  |   #define WITH_GOPEN 1
letsencrypt-1  |   #define WITH_TERMIOS 1
letsencrypt-1  |   #define WITH_PIPE 1
letsencrypt-1  |   #define WITH_SOCKETPAIR 1
letsencrypt-1  |   #define WITH_UNIX 1
letsencrypt-1  |   #define WITH_ABSTRACT_UNIXSOCKET 1
letsencrypt-1  |   #define WITH_IP4 1
letsencrypt-1  |   #define WITH_IP6 1
letsencrypt-1  |   #define WITH_RAWIP 1
letsencrypt-1  |   #define WITH_GENERICSOCKET 1
letsencrypt-1  |   #define WITH_INTERFACE 1
letsencrypt-1  |   #define WITH_TCP 1
letsencrypt-1  |   #define WITH_UDP 1
letsencrypt-1  |   #define WITH_SCTP 1
letsencrypt-1  |   #define WITH_DCCP 1
letsencrypt-1  |   #define WITH_UDPLITE 1
letsencrypt-1  |   #define WITH_LISTEN 1
letsencrypt-1  |   #define WITH_POSIXMQ 1
letsencrypt-1  |   #define WITH_SOCKS4 1
letsencrypt-1  |   #define WITH_SOCKS4A 1
letsencrypt-1  |   #define WITH_SOCKS5 1
letsencrypt-1  |   #define WITH_VSOCK 1
letsencrypt-1  |   #define WITH_NAMESPACES 1
letsencrypt-1  |   #define WITH_PROXY 1
letsencrypt-1  |   #define WITH_SYSTEM 1
letsencrypt-1  |   #define WITH_SHELL 1
letsencrypt-1  |   #define WITH_EXEC 1
letsencrypt-1  |   #define WITH_READLINE 1
letsencrypt-1  |   #define WITH_TUN 1
letsencrypt-1  |   #define WITH_PTY 1
letsencrypt-1  |   #define WITH_OPENSSL 1
letsencrypt-1  |   #undef WITH_FIPS
letsencrypt-1  |   #undef WITH_LIBWRAP
letsencrypt-1  |   #define WITH_SYCLS 1
letsencrypt-1  |   #define WITH_FILAN 1
letsencrypt-1  |   #define WITH_RETRY 1
letsencrypt-1  |   #undef WITH_DEVTESTS
letsencrypt-1  |   #define WITH_MSGLEVEL 0 /*debug*/
letsencrypt-1  |   #define WITH_DEFAULT_IPV 4
letsencrypt-1  | Symlinked domains: 
letsencrypt-1  | Enabled domains: pi.hole
letsencrypt-1  | Disabled domains: 
letsencrypt-1  | Sleep for 3600s

hslatman · 2025-01-03T11:45:48Z

I'm not sure why there's an error related to the badger transaction yet, but I do see that the process fails to validate the challenge for the pi.hole domain. Does that properly resolve to the machine the ACME client is running on? How is your DNS configured? You could try starting step-ca with the --resolver option to specify a DNS resolver.

The badger transaction error looks like a red herring for this specific issue (but, it does look like something is off, so we may need to look into that separately).

hslatman · 2025-01-03T14:12:36Z

On second thought, maybe it's not an issue with the DNS, and still something related with the badger transaction. But it's an unusual case that I haven't observed before.

LokiMidgard added bug needs triage Waiting for discussion / prioritization by team labels Dec 24, 2024

hslatman self-assigned this Dec 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: Most of the time certificates can't be issued: failure saving error to acme challenge: error saving acme challenge; changed since last read #2121

[Bug]: Most of the time certificates can't be issued: failure saving error to acme challenge: error saving acme challenge; changed since last read #2121

LokiMidgard commented Dec 24, 2024

hslatman commented Dec 24, 2024

LokiMidgard commented Dec 24, 2024 •

edited

Loading

hslatman commented Dec 27, 2024

LokiMidgard commented Dec 27, 2024

LokiMidgard commented Dec 27, 2024 •

edited

Loading

LokiMidgard commented Dec 27, 2024

hslatman commented Jan 3, 2025

hslatman commented Jan 3, 2025

[Bug]: Most of the time certificates can't be issued: failure saving error to acme challenge: error saving acme challenge; changed since last read #2121

[Bug]: Most of the time certificates can't be issued: failure saving error to acme challenge: error saving acme challenge; changed since last read #2121

Comments

LokiMidgard commented Dec 24, 2024

Steps to Reproduce

Your Environment

Expected Behavior

Actual Behavior

Additional Context

Contributing

hslatman commented Dec 24, 2024

LokiMidgard commented Dec 24, 2024 • edited Loading

hslatman commented Dec 27, 2024

LokiMidgard commented Dec 27, 2024

LokiMidgard commented Dec 27, 2024 • edited Loading

LokiMidgard commented Dec 27, 2024

hslatman commented Jan 3, 2025

hslatman commented Jan 3, 2025

LokiMidgard commented Dec 24, 2024 •

edited

Loading

LokiMidgard commented Dec 27, 2024 •

edited

Loading