Cezary robię według Twojego poradnika, próbowałem też i z tego https://openwrt.org/docs/guide-user/services/tls/acmesh
i nie idzie mi to na openwrt 23.05. Otwierałem porty i 80 i 443. Wyłączałem uhttpd. Zmieniałem nawet Le_HTTPPort in /usr/lib/acme/acme.sh z 80 na np 8080 i potem na ruterze przekierowanie z 80 na 8080 i nic nie idzie i koniec. Testowo takie logi wali:
Invalid status, rut.strangled.net:Verify error detail:83.9.211.209: Fetching http://rut.strangled.net/.well-known/ac … uax7gK6rQ: Connection refused
Debug: get token url.
GET
url='http://rut.strangled.net/.well-known/acme-challenge/uZsNt607pCrdNle9IiNBm9hSlDqdw39iRTuax7gK6rQ'
timeout=1
Http already initialized.
_WGET='wget -q -d --content-on-error --timeout=1'
Setting --content-on-error (contentonerror) to 1
Setting --timeout (timeout) to 1
Setting --user-agent (useragent) to acme.sh/3.0.7 (https://github.com/acmesh-official/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
DEBUG output created by Wget 1.21.4 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
Caching rut.strangled.net => 83.9.211.209
Closed fd 3
Releasing 0x00078dd0 (new refcount 1).
options='/^[^ ][^ ]/d; /^ *$/d'
No -i support in sed
options='s/^ //g'
No -i support in sed
ret='0'
Debugging, skip removing: /var/run/acme/challenge/.well-known/acme-challenge/uZsNt607pCrdNle9IiNBm9hSlDqdw39iRTuax7gK6rQ
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please add '--debug' or '--log' to check more details.
See: https://github.com/acmesh-official/acme … ug-acme.sh
_chk_vlist='rut.strangled.net#uZsNt607pCrdNle9IiNBm9hSlDqdw39iRTuax7gK6rQ.o9LWsxeTUkhhlJYo_twdGVgGvTschTvDyPPUQRcrdUU#https://acme-v02.api.letsencrypt.org/acme/chall-v3/297887682906/0222Jw#http-01#/var/run/acme/challenge#https://acme-v02.api.letsencrypt.org/acme/authz-v3/297887682906,'
start to deactivate authz
Trigger domain validation.
_t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/297887682906/0222Jw'
_t_key_authz='uZsNt607pCrdNle9IiNBm9hSlDqdw39iRTuax7gK6rQ.o9LWsxeTUkhhlJYo_twdGVgGvTschTvDyPPUQRcrdUU'
_t_vtype
=======Begin Send Signed Request=======
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/297887682906/0222Jw'
payload='{}'
Use cached jwk for file: /etc/acme/ca/acme-v02.api.letsencrypt.org/directory/account.key
Use _CACHED_NONCE='zXX7izQw378yHfCPfsfSY9wMvl1m2iBpKacPGNoOkbfVIgThN0g'
nonce='zXX7izQw378yHfCPfsfSY9wMvl1m2iBpKacPGNoOkbfVIgThN0g'
_URGLY_PRINTF
xargs
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/297887682906/0222Jw'
body='{"protected": "eyJub25jZSI6ICJ6WFg3aXpRdzM3OHlIZkNQZnNmU1k5d012bDFtMmlCcEthY1BHTm9Pa2JmVklnVGhOMGciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5Nzg4NzY4MjkwNi8wMjIySnciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0ODYwODEyNjYifQ", "payload": "e30", "signature": "tNAT144WXvIwiXtEN9wyOsveOFJ2GZWA0BOQtAF7sGgyOurzzOT42x4TOH32XfJHk60acDmf4fx0xXX9BVZpAA"}'
_postContentType='application/jose+json'
Http already initialized.
_WGET='wget -q -d --content-on-error '
wget returns 8, the server returns a 'Bad request' response, lets process the response later.
Setting --content-on-error (contentonerror) to 1
Setting --server-response (serverresponse) to 1
Setting --output-document (outputdocument) to -
Setting --user-agent (useragent) to acme.sh/3.0.7 (https://github.com/acmesh-official/acme.sh)
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to
Setting --header (header) to Content-Type: application/jose+json
Setting --post-data (postdata) to {"protected": "eyJub25jZSI6ICJ6WFg3aXpRdzM3OHlIZkNQZnNmU1k5d012bDFtMmlCcEthY1BHTm9Pa2JmVklnVGhOMGciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5Nzg4NzY4MjkwNi8wMjIySnciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0ODYwODEyNjYifQ", "payload": "e30", "signature": "tNAT144WXvIwiXtEN9wyOsveOFJ2GZWA0BOQtAF7sGgyOurzzOT42x4TOH32XfJHk60acDmf4fx0xXX9BVZpAA"}
Setting --method (method) to POST
Setting --body-data (bodydata) to {"protected": "eyJub25jZSI6ICJ6WFg3aXpRdzM3OHlIZkNQZnNmU1k5d012bDFtMmlCcEthY1BHTm9Pa2JmVklnVGhOMGciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5Nzg4NzY4MjkwNi8wMjIySnciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0ODYwODEyNjYifQ", "payload": "e30", "signature": "tNAT144WXvIwiXtEN9wyOsveOFJ2GZWA0BOQtAF7sGgyOurzzOT42x4TOH32XfJHk60acDmf4fx0xXX9BVZpAA"}
DEBUG output created by Wget 1.21.4 on linux-gnu.
Reading HSTS entries from /root/.wget-hsts
Caching acme-v02.api.letsencrypt.org => 172.65.32.248 2606:4700:60:0:f53d:5624:85c7:3a2c
Created socket 3.
Releasing 0xb6acb650 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0xb6ba8610
certificate:
subject: CN=acme-v02.api.letsencrypt.org
issuer: CN=R3,O=Let's Encrypt,C=US
X509 certificate successfully verified and matches host acme-v02.api.letsencrypt.org
---request begin---
POST /acme/chall-v3/297887682906/0222Jw HTTP/1.1
Host: acme-v02.api.letsencrypt.org
User-Agent: acme.sh/3.0.7 (https://github.com/acmesh-official/acme.sh)
Accept: */*
Accept-Encoding: identity
Connection: Keep-Alive
Content-Type: application/jose+json
Content-Length: 444
---request end---
[BODY data: {"protected": "eyJub25jZSI6ICJ6WFg3aXpRdzM3OHlIZkNQZnNmU1k5d012bDFtMmlCcEthY1BHTm9Pa2JmVklnVGhOMGciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI5Nzg4NzY4MjkwNi8wMjIySnciLCAiYWxnIjogIkVTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE0ODYwODEyNjYifQ", "payload": "e30", "signature": "tNAT144WXvIwiXtEN9wyOsveOFJ2GZWA0BOQtAF7sGgyOurzzOT42x4TOH32XfJHk60acDmf4fx0xXX9BVZpAA"}]
---response begin---
HTTP/1.1 400 Bad Request
Server: nginx
Date: Wed, 27 Dec 2023 09:03:56 GMT
Content-Type: application/problem+json
Content-Length: 144
Connection: keep-alive
Boulder-Requester: 1486081266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: xavOoKHvn13dFwCBfuT5NASgfAjZhH5CYIxVyc23GUQ8i6OZwOg
---response end---
HTTP/1.1 400 Bad Request
Server: nginx
Date: Wed, 27 Dec 2023 09:03:56 GMT
Content-Type: application/problem+json
Content-Length: 144
Connection: keep-alive
Boulder-Requester: 1486081266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: xavOoKHvn13dFwCBfuT5NASgfAjZhH5CYIxVyc23GUQ8i6OZwOg
Registered socket 3 for persistent reuse.
options='/^[^ ][^ ]/d; /^ *$/d'
No -i support in sed
options='s/^ //g'
No -i support in sed
_ret='0'
responseHeaders='subject: CN=acme-v02.api.letsencrypt.org
issuer: CN=R3,O=Let's Encrypt,C=US
HTTP/1.1 400 Bad Request
Server: nginx
Date: Wed, 27 Dec 2023 09:03:56 GMT
Content-Type: application/problem+json
Content-Length: 144
Connection: keep-alive
Boulder-Requester: 1486081266
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: xavOoKHvn13dFwCBfuT5NASgfAjZhH5CYIxVyc23GUQ8i6OZwOg'
code='400'
original='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Unable to update challenge :: authorization must be pending",
"status": 400
}'
response='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Unable to update challenge :: authorization must be pending",
"status": 400
}'
Diagnosis versions:
openssl:openssl
OpenSSL 3.0.12 24 Oct 2023 (Library: OpenSSL 3.0.12 24 Oct 2023)
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.4 on 19 Dec 2023 02:55:03
running on Linux version #0 SMP Wed Nov 15 10:00:19 2023, release 5.15.137, machine armv7l
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_VSOCK 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#undef WITH_READLINE
#define WITH_TUN 1
#define WITH_PTY 1
#undef WITH_OPENSSL
#undef WITH_FIPS
#undef WITH_LIBWRAP
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /*debug*/
/usr/lib/acme/hook: line 144: staging_moved: parameter not set
acme: cleaning up
Możesz przetestować to u siebie lub na czymś co ma 23.05 bo nie wiem czy ja źle coś robię czy jest jakiś bug....