You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
root@haproxy:~# sudo -u acme /usr/local/bin/acme-cert.sh xxx.xx.com
export DEPLOY_HAPROXY_HOT_UPDATE=yes
+ export DEPLOY_HAPROXY_HOT_UPDATE=yes
+ DEPLOY_HAPROXY_HOT_UPDATE=yes
export DEPLOY_HAPROXY_STATS_SOCKET=/var/run/haproxy/admin.sock
+ export DEPLOY_HAPROXY_STATS_SOCKET=/var/run/haproxy/admin.sock
+ DEPLOY_HAPROXY_STATS_SOCKET=/var/run/haproxy/admin.sock
export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs
+ export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs
+ DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs
/usr/local/bin/acme.sh --issue -d $1 --stateless --server letsencrypt
+ /usr/local/bin/acme.sh --issue -d xx.xxx.com --stateless --server letsencrypt
[Tue Dec 17 12:55:09 PM UTC 2024] Domains not changed.
[Tue Dec 17 12:55:09 PM UTC 2024] Skipping. Next renewal time is: 2025-02-14T12:42:14Z
[Tue Dec 17 12:55:09 PM UTC 2024] Add '--force' to force renewal.
/usr/local/bin/acme.sh --deploy -d $1 --deploy-hook haproxy --debug 2
+ /usr/local/bin/acme.sh --deploy -d xxx.xxx.com --deploy-hook haproxy --debug 2
[Tue Dec 17 12:55:09 PM UTC 2024] Let's find the script directory.
[Tue Dec 17 12:55:09 PM UTC 2024] _SCRIPT_='/usr/local/bin/acme.sh'
[Tue Dec 17 12:55:09 PM UTC 2024] _script='/usr/local/share/acme.sh/acme.sh'
[Tue Dec 17 12:55:09 PM UTC 2024] _script_home='/usr/local/share/acme.sh'
[Tue Dec 17 12:55:09 PM UTC 2024] Using default home: /var/lib/acme/.acme.sh
[Tue Dec 17 12:55:09 PM UTC 2024] Using config home: /var/lib/acme/.acme.sh
[Tue Dec 17 12:55:09 PM UTC 2024] LE_WORKING_DIR='/var/lib/acme/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.1.0
[Tue Dec 17 12:55:09 PM UTC 2024] Running cmd: deploy
[Tue Dec 17 12:55:09 PM UTC 2024] Using config home: /var/lib/acme/.acme.sh
[Tue Dec 17 12:55:09 PM UTC 2024] default_acme_server
[Tue Dec 17 12:55:09 PM UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Tue Dec 17 12:55:09 PM UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Tue Dec 17 12:55:09 PM UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Tue Dec 17 12:55:09 PM UTC 2024] The domain 'xxx.xxx.com' seems to already have an ECC cert, let's use it.
[Tue Dec 17 12:55:09 PM UTC 2024] DOMAIN_PATH='/var/lib/acme/.acme.sh/xxx.xxx.com_ecc'
[Tue Dec 17 12:55:09 PM UTC 2024] DOMAIN_CONF='/var/lib/acme/.acme.sh/xxx.xxx.xxx_ecc/xxx.xxx.com_.conf'
[Tue Dec 17 12:55:09 PM UTC 2024] _deployApi='/usr/local/share/acme.sh/deploy/haproxy.sh'
[Tue Dec 17 12:55:09 PM UTC 2024] _cdomain='xxx.xxx.com_'
[Tue Dec 17 12:55:09 PM UTC 2024] _ckey='/var/lib/acme/.acme.sh/xxx.xxx.com_ecc/xxx.xxx.com.key'
[Tue Dec 17 12:55:09 PM UTC 2024] _ccert='/var/lib/acme/.acme.sh/xxx.xxx.com_ecc/xxx.xxx.com.cer'
[Tue Dec 17 12:55:09 PM UTC 2024] _cca='/var/lib/acme/.acme.sh/xxx.xxx.com_ecc/ca.cer'
[Tue Dec 17 12:55:09 PM UTC 2024] _cfullchain='/var/lib/acme/.acme.sh/xxx.xxx.coms_ecc/fullchain.cer'
[Tue Dec 17 12:55:09 PM UTC 2024] DEPLOY_HAPROXY_PEM_PATH='/etc/haproxy/certs'
[Tue Dec 17 12:55:09 PM UTC 2024] PEM_PATH /etc/haproxy/certs exists
[Tue Dec 17 12:55:09 PM UTC 2024] DEPLOY_HAPROXY_PEM_NAME
[Tue Dec 17 12:55:09 PM UTC 2024] DEPLOY_HAPROXY_BUNDLE
[Tue Dec 17 12:55:09 PM UTC 2024] DEPLOY_HAPROXY_ISSUER
[Tue Dec 17 12:55:09 PM UTC 2024] DEPLOY_HAPROXY_RELOAD
[Tue Dec 17 12:55:09 PM UTC 2024] DEPLOY_HAPROXY_HOT_UPDATE='yes'
[Tue Dec 17 12:55:09 PM UTC 2024] DEPLOY_HAPROXY_STATS_SOCKET='/var/run/haproxy/admin.sock'
[Tue Dec 17 12:55:09 PM UTC 2024] DEPLOY_HAPROXY_MASTER_CLI
[Tue Dec 17 12:55:09 PM UTC 2024] _suffix
[Tue Dec 17 12:55:09 PM UTC 2024] Deploying PEM file
[Tue Dec 17 12:55:09 PM UTC 2024] _temppem='/tmp/tmp.hAlrpMM70V'
[Tue Dec 17 12:55:09 PM UTC 2024] Moving new certificate into place
[Tue Dec 17 12:55:09 PM UTC 2024] _pem='/etc/haproxy/certs/xxx.xxx.com.pem'
[Tue Dec 17 12:55:09 PM UTC 2024] _socat_cert_cmd='echo 'show ssl cert' | socat '/var/run/haproxy/admin.sock' - | grep -q '^/etc/haproxy/certs/xxx.xxx.com.pem$''
[Tue Dec 17 12:55:09 PM UTC 2024] Update existing certificate '/etc/haproxy/certs/xxx.xxx.com.pem' over HAProxy stats socket.
[Tue Dec 17 12:55:09 PM UTC 2024] _socat_cert_set_cmd='echo -e 'set ssl cert /etc/haproxy/certs/xxx.xxx.com.pem <<\n-----BEGIN CERTIFICATE-----
MIIDizCCAxGgAwIBAgISAzoZ44KlBxpEnXp22JbCzytNMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNDEyMTcxMTQzNDNaFw0yNTAzMTcxMTQzNDJaMCAxHjAcBgNVBAMTFXRp
bWVwcm8ucGF5ZXJuZS5zd2lzczBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPJ4
H38gxPoSFKDc9bph5VhvwrmNU6qUg0a2WLx8nzpCnZx/5q2FGoGa/jtXzUFlmjfA
xxx
xxxx
xxxx
5uDJHK6iQTItLBQAWA0CDmwen8jqSKbWpzAKBggqhkjOPQQDAwNoADBlAjEA562z
DmQZOmwhhmEjgRAOkNqfKYbDIZMhv5AfLuMr4OFjC8hDpGdVVxb5Spy7+t7pAjAH
JLxQskEeSQPqS+OiP5dD1rzR32LuJthKazz5kA7uvrcK6z41i+oV69I1o0Oq7nI=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
xxxx
xxxx
xxxx
K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
VQD9F6Na/+zmXCc=
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIMs4tSuTqBFPsTwVDvPmU2+9zfprjRTn/p9EaQWWvkJNoAoGCCqGSM49
AwEHoUQDQgAE8ngffyDE+hIUoNz1umHlWG/CuY1TqpSDRrZYvHyfOkKdnH/mrYUa
gZr+O1fNQWWaN8BKHe6nkOcAD8mMTG14uw==
-----END EC PRIVATE KEY-----\n' | socat '/var/run/haproxy/admin.sock' - | grep -q 'Transaction created''
[Tue Dec 17 12:55:09 PM UTC 2024] Can't update '/etc/haproxy/certs/xxx.xxx.com.pem' in haproxy
[Tue Dec 17 12:55:09 PM UTC 2024] Error deploying for domain: xxx.xxx.com
[Tue Dec 17 12:55:09 PM UTC 2024] Error encountered while deploying.
The text was updated successfully, but these errors were encountered:
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
Steps to reproduce
We are configuring new site with your script as follow:
:~# sudo -u acme /usr/local/bin/acme-cert.sh xxx.xxx.com (example)
Content of script acme-cert.sh
#! /usr/bin/bash
set -xv
export DEPLOY_HAPROXY_HOT_UPDATE=yes
export DEPLOY_HAPROXY_STATS_SOCKET=/var/run/haproxy/admin.sock
export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy/certs
/usr/local/bin/acme.sh --issue -d $1 --stateless --server letsencrypt
/usr/local/bin/acme.sh --deploy -d $1 --deploy-hook haproxy --debug 2
Debug log
The text was updated successfully, but these errors were encountered: