glatzert / acme-server-adcs Goto Github PK

View Code? Open in Web Editor NEW

79.0 2.0 12.0 174 KB

ACME (RFC 8555) Server compatible implementation, connecting to Active Directory Certificate Services (ADCS)

License: Other

C# 100.00%

acme-server certificate

acme-server-adcs's People

Contributors

Stargazers

Watchers

Forkers

unix68 golubenkoff joeangry chaozmc dijker teadur rakasatria itninja04 moschlar jacob-morgan yp-docker boc-chi-no

acme-server-adcs's Issues

.NET LTS Version

From the readme:

"Install the LTS Version of .NET. You'll need the hosting bundle from the .NET Runtime section."

Problem:

The current LTS Version is 8.0.0 and it looks like the application requires .NET 6 LTS..

Question about Account endpoint implementation

First of all, I'd like to thank you for your work, this application is amazing!

I made a PoC integration with your application for one of my clients: I wanted to integrate it with cert-manager (https://cert-manager.io/). If you are not familiar with it, it can request and renew certificates in a Kubernetes environment with ACME protocol.

I was able to integrate it with your application, but when I wanted to request a new certificate, I found in the IIS logs, that the app throws a NotImplemented exception for the Account endpoints. I'm not familiar with the implementation details of ACME protocol (I don't know that these endpoints are neccessary or not), but I would like to ask: will you implement these endpoints as well in the future?

Thanks for your answer in advance

Exception has been raised during certificate issuance.

Hello,

After I install and configure ACME-Server-ADCS I get this error in the logs and I don't know where does that come from.... Can someone have this error and help resolve it ?

Thanks by advance !

Add support for ES384 and ES512 algorithms

Add support for ES384 and ES512 algorithms.

ACME-Server-ADCS/src/ACME.Protocol/RequestServices/DefaultRequestValidationService.cs

Line 22 in 32b81e5

private readonly string[] _supportedAlgs = new[] { "RS256", "ES256" };

https://www.rfc-editor.org/rfc/rfc7518#section-3.1

Downloading Certificate Format

Hello @glatzert ! Thanks for the great work!

I've tried this project today and it seems like I manage to get it going, but when downloading the certificate as at last stage ("POST /order/B-GwLBdUqUGIoHSntp-1Qw/certificate) , certificate chain is not in PEM format. I don't have that much experience with Microsoft/c#. Am I missing something ?

The content type is set right "Content-Type: application/pem-certificate-chain"
I believe, that where the conversion should happen: https://github.com/glatzert/ACME-Server-ACDS/blob/862a12fd95a0c68f818844cfccb19ec5620f0aed/src/ACME.CertProvider.ACDS/CertificateIssuer.cs#L36

I'm using certbot as a test client.
https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html#rfc.section.9.1

Response:

Thank you in advance

Some proposals for the README

or you want a maintenance contract, feel free to contact me and we most likely will find a way.

you should add a contact here (mail?)

Grant full rights to the account used above

Why full permissions? Read/Write is not enough?

"Modify the IIS-AppPool, to not use .NET Framework (new .NET is loaded via another mechanism) and set it's identity to either a custom account (recommended) or "NetworkService"."

The recommended account type should be a managed service account.
And any type of custom account will need the permission "Log on as a batch job"

Validation of CSR failed with exception

Hi,

I'm running ACME-Server-ADCS v1.3beta for a couple of months now. However since a couple of day I get the following error when renewing a certificate via win-acme client. This certificate has been renewed a 3-4 times successfully before, but now it comes with this error. Not sure yet where to look for a solution.

The eventlog shows the following:

Category: TGIT.ACME.Protocol.IssuanceServices.ADCS.CsrValidator
EventId: 0
SpanId: 4f8c2da89a5bfffa
TraceId: 970b2936470d66ba5139c64cf68e11df
ParentId: 0000000000000000
RequestId: 80000034-0000-f300-b63f-84710c7967bb
RequestPath: /order/Kd6P3KmC70mDSzUvx-wW_Q/finalize
ActionId: 9b73504d-7647-4590-8172-5af40a4e0ebc
ActionName: TGIT.ACME.Server.Controllers.OrderController.FinalizeOrder (TGIT.ACME.Server.Core)

Validation of CSR failed with exception.

Exception: 
System.Runtime.InteropServices.COMException (0x80093102): CertEnroll::CX509CertificateRequestPkcs10::InitializeDecode: ASN1 unexpected end of data. 0x80093102 (ASN: 258 CRYPT_E_ASN1_EOD)
   at CERTENROLLLib.CX509CertificateRequestPkcs10Class.InitializeDecode(String strEncodedData, EncodingType Encoding)
   at TGIT.ACME.Protocol.IssuanceServices.ADCS.CsrValidator.ValidateCsrAsync(Order order, String csr, CancellationToken cancellationToken) in E:\Dev\ACME-Server-ADCS\src\ACME.CertProvider.ADCS\CsrValidator.cs:line 30

And the log for the most recent renewal:

20231026.json

Any suggestions what could be the cause?
Between the last succesful renewal and now the server has been rebooted and patches to latest Windows service packs. These are the only "relevant" changes I can think of right now.

Peter

Commercial License

Where could we buy a commercial license and what price range should we expect?

acme.sh badCSR SAN Invalid Error

I was testing with acme.sh and noticed there is an error caused by acmesh-official/acme.sh#1335, acmesh-official/acme.sh@f8ca6d9.

Due to acme.sh adding the extendedKeyUsage extension to the automatically generated CSR, the CsrValidator.cs SubjectAlternateNamesAreValid function returns false since x509Ext.ObjectId.Name is now equal to XCN_OID_ENHANCED_KEY_USAGE first.

ACME-Server-ADCS/src/ACME.CertProvider.ADCS/CsrValidator.cs

Line 88 in 3b45df3

    
           if (x509Ext.ObjectId.Name != CertEnroll.CERTENROLL_OBJECTID.XCN_OID_SUBJECT_ALT_NAME2)

Removing extendedKeyUsage=serverAuth,clientAuth from the acme.sh script (part that generates the CSR file) fixes the issue. Not sure if this needs to be addressed here or with acme.sh.

[Thu 06 Apr 2023 04:50:20 AM UTC] Sign error, wrong status
[Thu 06 Apr 2023 04:50:20 AM UTC] {"status":"invalid","identifiers":[{"type":"dns","value":"test.example.local"}],"error":{"type":"urn:ietf:params:acme:error:badCSR","detail":"SAN Invalid."},"authorizations":["https://caissueadcs.example.local/order/RqaBOEM7pUG0wnxYNc_INg/auth/Cpi4l4UtRkCiiJaoTd5nFA"],"finalize":"https://acme.example.local/order/RqaBOEM7pUG0wnxYNc_INg/finalize"}

Set up to ACME-Server-ACDS

Hello,

I want to set up Server ACDS for ACME for my server Windows 2019 but, i did not understand how to set it up with the instructions on the forum.

Do you have any documentation, or installation instruction that can help me ? Thank you

Best regards,
Kamel

Subject empty

Firstly thanks for making this tool available, awesome work!

I've followed the installation instructions and I'm able to request a working SSL certificate from an MS CA, but even though the certificate appears as valid, the subject value is empty while the subject alternative name is populated. I'm trying to populate both values with the same hostname.

I've tried different value combinations at the json config level and tried passing multiple values through certbot without success - it either fails or works but is still missing the subject value.

I'm sure this is a simple problem that I shouldn't need to ask for assistance on, but if you could spare a moment to share your knowledge, I'd really appreciate it.

Works with Autoenroll?

Hi
I've successfully installed everything as per the instructions and it was initially working fine until I encountered a minor issue which necessitated the installation of .NET 6. This might be an important detail worth mentioning in the installation guide.

For my test, I aim to ensure that any server joining the domain or already a domain member automatically receives a certificate from ADCS via the ACME server. My configuration follows the guidelines provided, including a supplementary guide from StarWind Software on server certificate auto-enrollment (https://www.starwindsoftware.com/blog/server-certificate-auto-enrollment).

However, I suspect the problem might be because I've only installed the ADCS-Cert-Authority role without the ADCS-Enroll-* roles. Is it possible to integrate autoenrollment with this ACME project, and if so, how can it be achieved?

Use of "ADCS" and "ACDS" is very confusing and leads to errors

When setting up the ACME server on my home lab windows server 2019 it failed, because there was no working directory although I'd already created it.
Please excuse my complaint, but it is very annoying when troubleshooting and not being sure about using ACDS or ADCS,
For example in your readme you want me to create a folder named "ACME-ACDS" for the working directory, but in the config file the value is set to "C:\ACME-ADCS". Obviously that doesn't work that way, because there is no working directory named like that, which was exactly my error. This fault even exists in your repos title. Please fix that, because it makes live a lot harder in many ways.

CSR Validation failed due to invalid CN.

Hello,

When I try using a custom csr to generate a certificate I got this error. I have looking in the code to see what's my error and I saw that in my CSR all the subject data have a space. Exemple : I have CN = mydomain.local.

Can this be fixed or am i doing something wrong ?

Thanks for your response.

Challenge Validation and Issuance Timing

Hey,

i try to get the certificates with traefik and its acme provider. They have a hardcoded 30 sec timeout.
My installation take between 40 and 60 sec. to successfully rollout a Certificate.

Is this time "normal" or should i debug my Infrastructure. And if yes on which parts should is look? Webserver for ACME service or the Issueing CA? The Server are all on the same Switch, so also no Delay on the Wire.

HTTPS support

I am testing ACME-ADCS, for use with https://developer.apple.com/documentation/devicemanagement/acmecertificate

Apple requires that the ACME server uses HTTPS.

When I deployed the ACME-ADCS server, http://server/ works fine, and displays the service description.
Whereas, https://server/ gives "site cannot be reached" (a valid and trusted TLS certificate has already been bound to port 443 at IIS)

Is there some other setting that controls the behavior/support of HTTPS?

Not working with acme.sh

Hi there.

I use this acme server in my homelab environment and just stumbled across a problem with acme.sh. But see for yourself:

[Sun Dec 18 11:40:55 CET 2022] Lets find script dir.
[Sun Dec 18 11:40:55 CET 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun Dec 18 11:40:55 CET 2022] _script='/root/.acme.sh/acme.sh'
[Sun Dec 18 11:40:55 CET 2022] _script_home='/root/.acme.sh'
[Sun Dec 18 11:40:55 CET 2022] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.5
[Sun Dec 18 11:40:55 CET 2022] Using server: acme.loens2.com
[Sun Dec 18 11:40:55 CET 2022] Running cmd: issue
[Sun Dec 18 11:40:55 CET 2022] _main_domain='test.test'
[Sun Dec 18 11:40:55 CET 2022] _alt_domains='no'
[Sun Dec 18 11:40:55 CET 2022] Using config home:/root/.acme.sh
[Sun Dec 18 11:40:55 CET 2022] ACME_DIRECTORY='acme.loens2.com'
[Sun Dec 18 11:40:55 CET 2022] DOMAIN_PATH='/root/.acme.sh/test.test'
[Sun Dec 18 11:40:55 CET 2022] Le_NextRenewTime
[Sun Dec 18 11:40:55 CET 2022] Using ACME_DIRECTORY: acme.loens2.com
[Sun Dec 18 11:40:55 CET 2022] _init api for server: acme.loens2.com
[Sun Dec 18 11:40:55 CET 2022] GET
[Sun Dec 18 11:40:55 CET 2022] url='acme.loens2.com'
[Sun Dec 18 11:40:55 CET 2022] timeout=
[Sun Dec 18 11:40:55 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Dec 18 11:40:55 CET 2022] ret='0'
[Sun Dec 18 11:40:55 CET 2022] ACME_KEY_CHANGE
[Sun Dec 18 11:40:55 CET 2022] ACME_NEW_AUTHZ
[Sun Dec 18 11:40:55 CET 2022] ACME_NEW_ORDER='http://acme.loens2.com/new-order'
[Sun Dec 18 11:40:55 CET 2022] ACME_NEW_ACCOUNT='http://acme.loens2.com/new-account'
[Sun Dec 18 11:40:55 CET 2022] ACME_REVOKE_CERT
[Sun Dec 18 11:40:55 CET 2022] ACME_AGREEMENT
[Sun Dec 18 11:40:55 CET 2022] ACME_NEW_NONCE='http://acme.loens2.com/new-nonce'
[Sun Dec 18 11:40:55 CET 2022] Using CA: acme.loens2.com
[Sun Dec 18 11:40:55 CET 2022] _on_before_issue
[Sun Dec 18 11:40:55 CET 2022] _chk_main_domain='test.test'
[Sun Dec 18 11:40:55 CET 2022] _chk_alt_domains
[Sun Dec 18 11:40:55 CET 2022] Le_LocalAddress
[Sun Dec 18 11:40:55 CET 2022] d='test.test'
[Sun Dec 18 11:40:55 CET 2022] Check for domain='test.test'
[Sun Dec 18 11:40:55 CET 2022] _currentRoot='no'
[Sun Dec 18 11:40:55 CET 2022] Standalone mode.
[Sun Dec 18 11:40:55 CET 2022] _checkport='80'
[Sun Dec 18 11:40:55 CET 2022] _checkaddr
[Sun Dec 18 11:40:55 CET 2022] Using: ss
[Sun Dec 18 11:40:55 CET 2022] d
[Sun Dec 18 11:40:55 CET 2022] _saved_account_key_hash is not changed, skip register account.
[Sun Dec 18 11:40:55 CET 2022] Read key length:2048
[Sun Dec 18 11:40:55 CET 2022] _createcsr
[Sun Dec 18 11:40:55 CET 2022] Single domain='test.test'
[Sun Dec 18 11:40:55 CET 2022] Getting domain auth token for each domain
[Sun Dec 18 11:40:55 CET 2022] d
[Sun Dec 18 11:40:55 CET 2022] url='http://acme.loens2.com/new-order'
[Sun Dec 18 11:40:55 CET 2022] payload='{"identifiers": [{"type":"dns","value":"test.test"}]}'
[Sun Dec 18 11:40:55 CET 2022] RSA key
[Sun Dec 18 11:40:55 CET 2022] HEAD
[Sun Dec 18 11:40:55 CET 2022] _post_url='http://acme.loens2.com/new-nonce'
[Sun Dec 18 11:40:55 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Sun Dec 18 11:40:55 CET 2022] _ret='0'
[Sun Dec 18 11:40:55 CET 2022] POST
[Sun Dec 18 11:40:55 CET 2022] _post_url='http://acme.loens2.com/new-order'
[Sun Dec 18 11:40:55 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Dec 18 11:40:55 CET 2022] _ret='0'
[Sun Dec 18 11:40:55 CET 2022] code='201'
[Sun Dec 18 11:40:55 CET 2022] Le_LinkOrder='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw'
[Sun Dec 18 11:40:55 CET 2022] Le_OrderFinalize='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/finalize'
[Sun Dec 18 11:40:55 CET 2022] url='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g'
[Sun Dec 18 11:40:55 CET 2022] payload
[Sun Dec 18 11:40:55 CET 2022] POST
[Sun Dec 18 11:40:55 CET 2022] _post_url='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g'
[Sun Dec 18 11:40:55 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Dec 18 11:40:55 CET 2022] _ret='0'
[Sun Dec 18 11:40:55 CET 2022] code='200'
[Sun Dec 18 11:40:55 CET 2022] d='test.test'
[Sun Dec 18 11:40:55 CET 2022] Getting webroot for domain='test.test'
[Sun Dec 18 11:40:55 CET 2022] _w='no'
[Sun Dec 18 11:40:55 CET 2022] _currentRoot='no'
[Sun Dec 18 11:40:55 CET 2022] entry='"type":"http-01","token":"pAFAKLCP1mfmrWg9JUdctnLu2GDrbLYRJXJ177bk21csnz-JCNb8Qs8R3lmeveOd","status":"pending","url":"http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ"'
[Sun Dec 18 11:40:55 CET 2022] token='pAFAKLCP1mfmrWg9JUdctnLu2GDrbLYRJXJ177bk21csnz-JCNb8Qs8R3lmeveOd'
[Sun Dec 18 11:40:55 CET 2022] uri='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ'
[Sun Dec 18 11:40:55 CET 2022] keyauthorization='pAFAKLCP1mfmrWg9JUdctnLu2GDrbLYRJXJ177bk21csnz-JCNb8Qs8R3lmeveOd.FG6-J0vpiqAyTkYO7NB7Hhr0CnFoCwaSgeqE5u9EasU'
[Sun Dec 18 11:40:55 CET 2022] dvlist='test.test#pAFAKLCP1mfmrWg9JUdctnLu2GDrbLYRJXJ177bk21csnz-JCNb8Qs8R3lmeveOd.FG6-J0vpiqAyTkYO7NB7Hhr0CnFoCwaSgeqE5u9EasU#http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ#http-01#no'
[Sun Dec 18 11:40:55 CET 2022] d
[Sun Dec 18 11:40:55 CET 2022] vlist='test.test#pAFAKLCP1mfmrWg9JUdctnLu2GDrbLYRJXJ177bk21csnz-JCNb8Qs8R3lmeveOd.FG6-J0vpiqAyTkYO7NB7Hhr0CnFoCwaSgeqE5u9EasU#http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ#http-01#no,'
[Sun Dec 18 11:40:55 CET 2022] d='test.test'
[Sun Dec 18 11:40:55 CET 2022] ok, let's start to verify
[Sun Dec 18 11:40:55 CET 2022] Verifying: test.test
[Sun Dec 18 11:40:55 CET 2022] d='test.test'
[Sun Dec 18 11:40:55 CET 2022] keyauthorization='pAFAKLCP1mfmrWg9JUdctnLu2GDrbLYRJXJ177bk21csnz-JCNb8Qs8R3lmeveOd.FG6-J0vpiqAyTkYO7NB7Hhr0CnFoCwaSgeqE5u9EasU'
[Sun Dec 18 11:40:55 CET 2022] uri='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ'
[Sun Dec 18 11:40:55 CET 2022] _currentRoot='no'
[Sun Dec 18 11:40:55 CET 2022] Standalone mode server
[Sun Dec 18 11:40:55 CET 2022] content='pAFAKLCP1mfmrWg9JUdctnLu2GDrbLYRJXJ177bk21csnz-JCNb8Qs8R3lmeveOd.FG6-J0vpiqAyTkYO7NB7Hhr0CnFoCwaSgeqE5u9EasU'
[Sun Dec 18 11:40:55 CET 2022] ncaddr
[Sun Dec 18 11:40:55 CET 2022] startserver: 2170
[Sun Dec 18 11:40:55 CET 2022] Le_HTTPPort='80'
[Sun Dec 18 11:40:55 CET 2022] Le_Listen_V4
[Sun Dec 18 11:40:55 CET 2022] Le_Listen_V6
[Sun Dec 18 11:40:55 CET 2022] _content_len='108'
[Sun Dec 18 11:40:55 CET 2022] _NC='socat TCP-LISTEN:80,crlf,reuseaddr,fork'
[Sun Dec 18 11:40:56 CET 2022] serverproc='3064'
[Sun Dec 18 11:40:56 CET 2022] url='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ'
[Sun Dec 18 11:40:56 CET 2022] payload='{}'
[Sun Dec 18 11:40:56 CET 2022] POST
[Sun Dec 18 11:40:56 CET 2022] _post_url='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ'
[Sun Dec 18 11:40:56 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Dec 18 11:40:56 CET 2022] _ret='0'
[Sun Dec 18 11:40:56 CET 2022] code='200'
[Sun Dec 18 11:40:56 CET 2022] trigger validation code: 200
[Sun Dec 18 11:40:56 CET 2022] Processing, The CA is processing your order, please just wait. (1/30)
[Sun Dec 18 11:40:56 CET 2022] sleep 2 secs to verify again
[Sun Dec 18 11:40:59 CET 2022] checking
[Sun Dec 18 11:40:59 CET 2022] url='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ'
[Sun Dec 18 11:40:59 CET 2022] payload
[Sun Dec 18 11:40:59 CET 2022] POST
[Sun Dec 18 11:40:59 CET 2022] _post_url='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ'
[Sun Dec 18 11:40:59 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Dec 18 11:40:59 CET 2022] _ret='0'
[Sun Dec 18 11:40:59 CET 2022] code='409'
[Sun Dec 18 11:40:59 CET 2022] test.test:Verify error:{"type":"urn:ietf:params:acme:error:malformed","detail":"The order used in this request did not have the expected status 'Pending' but had 'Ready'."}
[Sun Dec 18 11:40:59 CET 2022] Skip for removelevel:
[Sun Dec 18 11:40:59 CET 2022] pid='3064'
[Sun Dec 18 11:40:59 CET 2022] No need to restore nginx, skip.
[Sun Dec 18 11:40:59 CET 2022] _clearupdns
[Sun Dec 18 11:40:59 CET 2022] dns_entries
[Sun Dec 18 11:40:59 CET 2022] skip dns.
[Sun Dec 18 11:40:59 CET 2022] _on_issue_err
[Sun Dec 18 11:40:59 CET 2022] Please add '--debug' or '--log' to check more details.
[Sun Dec 18 11:40:59 CET 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sun Dec 18 11:40:59 CET 2022] url='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ'
[Sun Dec 18 11:40:59 CET 2022] payload='{}'
[Sun Dec 18 11:40:59 CET 2022] POST
[Sun Dec 18 11:40:59 CET 2022] _post_url='http://acme.loens2.com/order/PmGuXwClD0in8liQDZEOIw/auth/fySczzPIu0-0CYhhPQIL8g/chall/lR9H5m5zO0-Rvar-iuiigQ'
[Sun Dec 18 11:40:59 CET 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Dec 18 11:40:59 CET 2022] _ret='0'
[Sun Dec 18 11:40:59 CET 2022] code='409'
[Sun Dec 18 11:41:00 CET 2022] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1f  31 Mar 2020
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.3 on Oct 26 2019 17:42:04
   running on Linux version #1 SMP Wed Nov 23 01:01:46 UTC 2022, release 5.15.79.1-microsoft-standard-WSL2, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/

acme.loens2.com is my local acme server. As you can see, the script fails with error "The order used in this request did not have the expected status 'Pending' but had 'Ready'.". Unfortunately I have to use acme.sh because it's the only one supported by OPNsense. On my other Servers with certbot, everything works as expected.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.