starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

DNS-01 failed with multiple -d calls #383

New Issue
Closed
opened 2025-12-29 01:24:11 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:24:11 +01:00
Owner
Copy Link

Originally created by @TB1234 on GitHub (Oct 4, 2018).

I call dehydrated from the command line for every domain. If I try to get a wildard certificate this failed with the message "Challenge is invalid".

That's my call:
/opt/dehydrated/dehydrated -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh

I have a hook script which sets the token to the nameserver. This works and make no problems if you have only a single domain.

So you can see, I have the domain twice in the call. Once alone and once with wildcard. The result of this call looks like that:

Processing domain.info with alternative names: *.domain.info
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for domain.info
 + Handling authorization for domain.info
 + 2 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for domain.info authorization...
 + Cleaning challenge tokens...
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.domain.info",
    "status": 400
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/sIuPB8ocWGvOy_2-01tST_k8OY5cyz0wBPABASwvSFg/7932386848",
  "token": "AjNkNX6i-Nv8j8bpbTU6u3X6Fs0S4r7x4b4Sgr76cqY"
})

For me, it looks like dehydrated call the hook script twice and in this case the wildcard (*.) is removed. So both challenges have the same name which will result in the problem, that the frist challenge will be deleted if the second one is added. So the first one is invalid.

I called the script with bash -x:

 bash -x /opt/dehydrated/dehydrated -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh
+ set -e
+ set -u
+ set -o pipefail
+ [[ -n '' ]]
+ [[ -z '' ]]
+ shopt -s nullglob
+ set -f
+ umask 077
+ exec
+ exec
+ VERSION=git-master-after-0.6.2
+ SOURCE=/opt/dehydrated/dehydrated
+ '[' -h /opt/dehydrated/dehydrated ']'
+++ dirname /opt/dehydrated/dehydrated
++ cd -P /opt/dehydrated
++ pwd
+ SCRIPTDIR=/opt/dehydrated
+ BASEDIR=/opt/dehydrated
+ ORIGARGS='-c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh'
++ uname
+ OSTYPE=Linux
+ [[ ! '' = \N\O\O\P ]]
+ main -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d '*.domain.info' -k /opt/dehydrated/hook.sh
+ COMMAND=
+ [[ -z -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh ]]
+ ((  13  ))
+ case "${1}" in
+ set_command sign_domains
+ [[ -z '' ]]
+ COMMAND=sign_domains
+ shift 1
+ ((  12  ))
+ case "${1}" in
+ shift 1
+ check_parameters dns-01
+ [[ -z dns-01 ]]
+ [[ d = \- ]]
+ PARAM_CHALLENGETYPE=dns-01
+ shift 1
+ ((  10  ))
+ case "${1}" in
+ shift 1
+ check_parameters /etc/ssl/reksys
+ [[ -z /etc/ssl/reksys ]]
+ [[ / = \- ]]
+ PARAM_CERTDIR=/etc/ssl/reksys
+ shift 1
+ ((  8  ))
+ case "${1}" in
+ shift 1
+ check_parameters secp384r1
+ [[ -z secp384r1 ]]
+ [[ s = \- ]]
+ PARAM_KEY_ALGO=secp384r1
+ shift 1
+ ((  6  ))
+ case "${1}" in
+ shift 1
+ check_parameters domain.info
+ [[ -z domain.info ]]
+ [[ s = \- ]]
+ [[ -z '' ]]
+ PARAM_DOMAIN=domain.info
+ shift 1
+ ((  4  ))
+ case "${1}" in
+ shift 1
+ check_parameters '*.domain.info'
+ [[ -z *.domain.info ]]
+ [[ * = \- ]]
+ [[ -z domain.info ]]
+ PARAM_DOMAIN='domain.info *.domain.info'
+ shift 1
+ ((  2  ))
+ case "${1}" in
+ shift 1
+ check_parameters /opt/dehydrated/hook.sh
+ [[ -z /opt/dehydrated/hook.sh ]]
+ [[ / = \- ]]
+ PARAM_HOOK=/opt/dehydrated/hook.sh
+ shift 1
+ ((  0  ))
+ case "${COMMAND}" in
+ command_sign_domains
+ init_system
+ load_config
+ [[ -z '' ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /usr/local/etc/dehydrated/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/reksys/webserver/config ]]
+ for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"
+ [[ -f /opt/dehydrated/config ]]
+ BASEDIR=/opt/dehydrated
+ CONFIG=/opt/dehydrated/config
+ break
+ CA=https://acme-v02.api.letsencrypt.org/directory
+ OLDCA=
+ CERTDIR=
+ ALPNCERTDIR=
+ ACCOUNTDIR=
+ CHALLENGETYPE=http-01
+ CONFIG_D=
+ CURL_OPTS=
+ DOMAINS_D=
+ DOMAINS_TXT=
+ HOOK=
+ HOOK_CHAIN=no
+ RENEW_DAYS=30
+ KEYSIZE=4096
+ WELLKNOWN=
+ PRIVATE_KEY_RENEW=yes
+ PRIVATE_KEY_ROLLOVER=no
+ KEY_ALGO=rsa
+ OPENSSL=openssl
+ OPENSSL_CNF=
+ CONTACT_EMAIL=
+ LOCKFILE=
+ OCSP_MUST_STAPLE=no
+ OCSP_FETCH=no
+ OCSP_DAYS=5
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP=no
+ DEHYDRATED_USER=
+ DEHYDRATED_GROUP=
+ API=auto
+ [[ -z /opt/dehydrated/config ]]
+ [[ -f /opt/dehydrated/config ]]
+ echo '# INFO: Using main config file /opt/dehydrated/config'
# INFO: Using main config file /opt/dehydrated/config
++ dirname /opt/dehydrated/config
+ BASEDIR=/opt/dehydrated
+ . /opt/dehydrated/config
++ CHALLENGETYPE=http-01
++ WELLKNOWN=/srv/http/dehydrated
++ KEYSIZE=4096
++ PRIVATE_KEY_RENEW=yes
++ KEY_ALGO=secp384r1
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ check_dependencies
+ openssl version
+ _sed ''
+ command -v grep
+ command -v mktemp
+ command -v diff
+ set +e
++ curl -V
++ head -n1
++ awk '{print $2}'
+ CURL_VERSION=7.61.1
+ retcode=0
+ set -e
+ [[ ! 0 = \0 ]]
+ [[ /opt/dehydrated != \/ ]]
+ BASEDIR=/opt/dehydrated
+ [[ -d /opt/dehydrated ]]
+ [[ -z '' ]]
+ [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]]
+ OLDCA=https://acme-v01.api.letsencrypt.org/directory
++ echo https://acme-v02.api.letsencrypt.org/directory
++ urlbase64
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ openssl base64 -e
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo
+ [[ -z '' ]]
+ ACCOUNTDIR=/opt/dehydrated/accounts
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]]
+ [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]]
+ ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+ ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
+ [[ -f /opt/dehydrated/private_key.pem ]]
+ [[ -f /opt/dehydrated/private_key.json ]]
+ [[ -z '' ]]
+ CERTDIR=/opt/dehydrated/certs
+ [[ -z '' ]]
+ ALPNCERTDIR=/opt/dehydrated/alpn-certs
+ [[ -z '' ]]
+ CHAINCACHE=/opt/dehydrated/chains
+ [[ -z '' ]]
+ DOMAINS_TXT=/opt/dehydrated/domains.txt
+ [[ -z /srv/http/dehydrated ]]
+ [[ -z '' ]]
+ LOCKFILE=/opt/dehydrated/lock
+ [[ -z '' ]]
++ openssl version -d
++ cut '-d"' -f2
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ HOOK=/opt/dehydrated/hook.sh
+ [[ -n /etc/ssl/reksys ]]
+ CERTDIR=/etc/ssl/reksys
+ [[ -n '' ]]
+ [[ -n dns-01 ]]
+ CHALLENGETYPE=dns-01
+ [[ -n secp384r1 ]]
+ KEY_ALGO=secp384r1
+ [[ -n '' ]]
+ [[ -n '' ]]
+ '[' '!' '' = noverify ']'
+ verify_config
+ [[ dns-01 == \h\t\t\p\-\0\1 ]]
+ [[ dns-01 == \d\n\s\-\0\1 ]]
+ [[ dns-01 = \d\n\s\-\0\1 ]]
+ [[ -z /opt/dehydrated/hook.sh ]]
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ auto == \a\u\t\o ]]
+ [[ 5 =~ ^[0-9]+$ ]]
+ store_configvars
+ __KEY_ALGO=secp384r1
+ __OCSP_MUST_STAPLE=no
+ __PRIVATE_KEY_RENEW=yes
+ __KEYSIZE=4096
+ __CHALLENGETYPE=dns-01
+ __HOOK=/opt/dehydrated/hook.sh
+ __WELLKNOWN=/srv/http/dehydrated
+ __HOOK_CHAIN=no
+ __OPENSSL_CNF=/etc/ssl/openssl.cnf
+ __RENEW_DAYS=30
+ __IP_VERSION=
+ [[ -n /opt/dehydrated/lock ]]
++ dirname /opt/dehydrated/lock
+ LOCKDIR=/opt/dehydrated
+ [[ -w /opt/dehydrated ]]
+ trap remove_lock EXIT
++ http_request get https://acme-v02.api.letsencrypt.org/directory
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-q9EtsQ
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-I1e4lX
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-q9EtsQ -D /tmp/dehydrated-I1e4lX https://acme-v02.api.letsencrypt.org/directory
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-q9EtsQ
++ rm -f /tmp/dehydrated-q9EtsQ
++ rm -f /tmp/dehydrated-I1e4lX
+ CA_DIRECTORY='{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
+ [[ auto = \a\u\t\o ]]
+ grep -q newOrder
+ API=2
+ [[ 2 -eq 1 ]]
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newOrder
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newOrder
++ filter='s/.*"newOrder": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newOrder": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newNonce
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newNonce
++ filter='s/.*"newNonce": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newNonce": *"\([^"]*\)".*/\1/p'
+ CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value newAccount
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newAccount
++ filter='s/.*"newAccount": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"newAccount": *"\([^"]*\)".*/\1/p'
+ CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value termsOfService
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' termsOfService
++ filter='s/.*"termsOfService": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"termsOfService": *"\([^"]*\)".*/\1/p'
+ CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
++ printf %s '{
  "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
++ get_json_string_value revokeCert
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' revokeCert
++ filter='s/.*"revokeCert": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"revokeCert": *"\([^"]*\)".*/\1/p'
+ CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert
+ CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct
+ export WELLKNOWN BASEDIR CERTDIR ALPNCERTDIR CONFIG COMMAND
+ register_new_key=no
+ [[ -n '' ]]
+ [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]]
+ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check
++ hex2bin
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
+++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text
+++ awk '/publicExponent/ {print $2}'
++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ cat
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf %x 65537
++ printf -- '\x01\x00\x01'
+ pubExponent64=AQAB
++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus
++ hex2bin
++ cut -d= -f2
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
+++ cat
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
+++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g'
++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3'
+ pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM
++ openssl dgst -sha256 -binary
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ [[ no = \y\e\s ]]
+ [[ sign_domains = \r\e\g\i\s\t\e\r ]]
+ [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]]
++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json
++ get_json_int_value id
++ local filter
+++ printf 's/.*"%s": *\([0-9]*\).*/\\1/p' id
++ filter='s/.*"id": *\([0-9]*\).*/\1/p'
++ sed -n 's/.*"id": *\([0-9]*\).*/\1/p'
+ ACCOUNT_ID=4935574
+ [[ 2 -eq 1 ]]
+ ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574
+ hookscript_bricker_hook
+ [[ -n /opt/dehydrated/hook.sh ]]
+ /opt/dehydrated/hook.sh this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
+ [[ -n /opt/dehydrated/hook.sh ]]
+ /opt/dehydrated/hook.sh startup_hook
+ '[' '!' -d /opt/dehydrated/chains ']'
+ [[ -n domain.info *.domain.info ]]
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ DOMAINS_TXT=/tmp/dehydrated-C5wIKt
+ [[ -n '' ]]
+ printf -- 'domain.info *.domain.info'
+ ORIGIFS='
'
+ IFS='
'
++ tr -d '\r'
++ awk '{print tolower($0)}'
++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
++ [[ Linux = \L\i\n\u\x ]]
++ grep -vE '^(#|$)'
++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g'
+ for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true))
+ reset_configvars
+ KEY_ALGO=secp384r1
+ OCSP_MUST_STAPLE=no
+ PRIVATE_KEY_RENEW=yes
+ KEYSIZE=4096
+ CHALLENGETYPE=dns-01
+ HOOK=/opt/dehydrated/hook.sh
+ WELLKNOWN=/srv/http/dehydrated
+ HOOK_CHAIN=no
+ OPENSSL_CNF=/etc/ssl/openssl.cnf
+ RENEW_DAYS=30
+ IP_VERSION=
+ IFS='
'
++ grep -Eo '>[^ ]+'
++ true
+ alias=
++ _sed -e 's/>[^ ]+[ ]*//g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/>[^ ]+[ ]*//g'
+ line='domain.info *.domain.info'
++ grep -Eo '>'
++ awk 'END {print NR}'
++ true
+ aliascount=0
+ '[' 0 -gt 1 ']'
++ printf '%s\n' 'domain.info *.domain.info'
++ cut '-d ' -f1
+ domain=domain.info
++ printf '%s\n' 'domain.info *.domain.info'
++ cut -s '-d ' -f2-
+ morenames='*.domain.info'
+ '[' 0 -lt 1 ']'
+ alias=domain.info
+ export alias
+ [[ -z *.domain.info ]]
+ echo 'Processing domain.info with alternative names: *.domain.info'
Processing domain.info with alternative names: *.domain.info
+ '[' sw = '*.' ']'
+ local certdir=/etc/ssl/reksys/domain.info
+ cert=/etc/ssl/reksys/domain.info/cert.pem
+ chain=/etc/ssl/reksys/domain.info/chain.pem
+ force_renew=no
++ date +%s
+ timestamp=1538635752
+ [[ ! -e /etc/ssl/reksys/domain.info ]]
+ [[ -n '' ]]
+ certconfig=/etc/ssl/reksys/domain.info/config
+ '[' -f /etc/ssl/reksys/domain.info/config ']'
+ verify_config
+ [[ dns-01 == \h\t\t\p\-\0\1 ]]
+ [[ dns-01 == \d\n\s\-\0\1 ]]
+ [[ dns-01 = \d\n\s\-\0\1 ]]
+ [[ -z /opt/dehydrated/hook.sh ]]
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ secp384r1 == \r\s\a ]]
+ [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]]
+ [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]]
+ [[ -n '' ]]
+ [[ 2 == \a\u\t\o ]]
+ [[ 2 == \1 ]]
+ [[ 2 == \2 ]]
+ [[ 5 =~ ^[0-9]+$ ]]
+ hookscript_bricker_hook
+ [[ -n /opt/dehydrated/hook.sh ]]
+ /opt/dehydrated/hook.sh this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
+ export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER
+ skip=no
+ local csr=
+ [[ -n /opt/dehydrated/hook.sh ]]
++ /opt/dehydrated/hook.sh generate_csr domain.info /etc/ssl/reksys/domain.info 'domain.info *.domain.info'
+ csr=
+ grep -qE '\-----BEGIN (NEW )?CERTIFICATE REQUEST-----'
+ csr=
+ [[ -e /etc/ssl/reksys/domain.info/cert.pem ]]
+ [[ -e /etc/ssl/reksys/domain.info/cert.pem ]]
+ local update_ocsp
+ update_ocsp=no
+ [[ ! no = \y\e\s ]]
+ update_ocsp=yes
+ [[ -z '' ]]
+ [[ '' = \y\e\s ]]
+ sign_domain /etc/ssl/reksys/domain.info 1538635752 domain.info '*.domain.info'
+ local certdir=/etc/ssl/reksys/domain.info
+ shift
+ timestamp=1538635752
+ shift
+ domain=domain.info
+ altnames='domain.info *.domain.info'
+ export altnames
+ echo ' + Signing domains...'
 + Signing domains...
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ local privkey=privkey.pem
+ [[ ! -e /etc/ssl/reksys/domain.info/cert-1538635752.csr ]]
+ [[ ! -r /etc/ssl/reksys/domain.info/privkey.pem ]]
+ echo ' + Generating private key...'
 + Generating private key...
+ privkey=privkey-1538635752.pem
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ local tmp_privkey=/tmp/dehydrated-erQcHt
+ case "${KEY_ALGO}" in
+ _openssl ecparam -genkey -name secp384r1 -out /tmp/dehydrated-erQcHt
+ set +e
++ openssl ecparam -genkey -name secp384r1 -out /tmp/dehydrated-erQcHt
+ out=
+ res=0
+ set -e
+ [[ 0 -ne 0 ]]
+ cat /tmp/dehydrated-erQcHt
+ rm /tmp/dehydrated-erQcHt
+ [[ -r /etc/ssl/reksys/domain.info/privkey.pem ]]
+ [[ ! -r /etc/ssl/reksys/domain.info/privkey.roll.pem ]]
+ [[ no = \y\e\s ]]
+ [[ -r /etc/ssl/reksys/domain.info/privkey.roll.pem ]]
+ echo ' + Generating signing request...'
 + Generating signing request...
+ SAN=
+ for altname in ${altnames}
+ SAN='DNS:domain.info, '
+ for altname in ${altnames}
+ SAN='DNS:domain.info, DNS:*.domain.info, '
+ SAN='DNS:domain.info, DNS:*.domain.info'
+ local tmp_openssl_cnf
++ _mktemp
++ mktemp /tmp/dehydrated-XXXXXX
+ tmp_openssl_cnf=/tmp/dehydrated-FdLi0a
+ cat /etc/ssl/openssl.cnf
+ printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.info, DNS:*.domain.info'
+ '[' no = yes ']'
+ SUBJ=/CN=domain.info/
+ [[ Linux = \M\I\N\G\W ]]
+ openssl req -new -sha256 -key /etc/ssl/reksys/domain.info/privkey-1538635752.pem -out /etc/ssl/reksys/domain.info/cert-1538635752.csr -subj /CN=domain.info/ -reqexts SAN -config /tmp/dehydrated-FdLi0a
+ rm -f /tmp/dehydrated-FdLi0a
+ crt_path=/etc/ssl/reksys/domain.info/cert-1538635752.pem
+ sign_csr '-----BEGIN CERTIFICATE REQUEST-----
MIIBVTCB3AIBADAbMRkwFwYDVQQDDBBzd2ltZmFzaGlvbi5pbmZvMHYwEAYHKoZI
zj0CAQYFK4EEACIDYgAE4XM95dlmHTEKy96G3nLeYRW4x2OU3KnWBnIdikveLi/W
ngWKw/F6iaCSM/eofPEUVR3ZBdx2v4WspNkV28APuMh93uxStFvs5I5+W04kxkQN
o16Qb9/fM+KBBXv/N5G+oEIwQAYJKoZIhvcNAQkOMTMwMTAvBgNVHREEKDAmghBz
d2ltZmFzaGlvbi5pbmZvghIqLnN3aW1mYXNoaW9uLmluZm8wCgYIKoZIzj0EAwID
aAAwZQIxAPAQVmH9m3/ETU8A3VGFPPVAQlVakggyQCk8Dz+4iG2sUrBtW8R+2BzA
fIRKengLEgIwdPcf47ST5vNdsLouM1foospAQk3nP/70Atp8kkvPwICxm86lJVtW
IM6urT5EnbAZ
-----END CERTIFICATE REQUEST-----' domain.info '*.domain.info'
+ csr='-----BEGIN CERTIFICATE REQUEST-----
MIIBVTCB3AIBADAbMRkwFwYDVQQDDBBzd2ltZmFzaGlvbi5pbmZvMHYwEAYHKoZI
zj0CAQYFK4EEACIDYgAE4XM95dlmHTEKy96G3nLeYRW4x2OU3KnWBnIdikveLi/W
ngWKw/F6iaCSM/eofPEUVR3ZBdx2v4WspNkV28APuMh93uxStFvs5I5+W04kxkQN
o16Qb9/fM+KBBXv/N5G+oEIwQAYJKoZIhvcNAQkOMTMwMTAvBgNVHREEKDAmghBz
d2ltZmFzaGlvbi5pbmZvghIqLnN3aW1mYXNoaW9uLmluZm8wCgYIKoZIzj0EAwID
aAAwZQIxAPAQVmH9m3/ETU8A3VGFPPVAQlVakggyQCk8Dz+4iG2sUrBtW8R+2BzA
fIRKengLEgIwdPcf47ST5vNdsLouM1foospAQk3nP/70Atp8kkvPwICxm86lJVtW
IM6urT5EnbAZ
-----END CERTIFICATE REQUEST-----'
+ :
+ shift 1
+ export 'altnames=domain.info *.domain.info'
+ altnames='domain.info *.domain.info'
+ [[ 2 -eq 1 ]]
+ [[ 2 -eq 2 ]]
+ [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]]
+ [[ -n '' ]]
+ local -a challenge_names challenge_uris challenge_tokens authorizations keyauths deploy_args
+ [[ 2 -eq 2 ]]
+ local challenge_identifiers=
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' domain.info
+ challenge_identifiers+='{"type": "dns", "value": "domain.info"}, '
+ for altname in ${altnames}
++ printf '{"type": "dns", "value": "%s"}, ' '*.domain.info'
+ challenge_identifiers+='{"type": "dns", "value": "*.domain.info"}, '
+ challenge_identifiers='[{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]'
+ echo ' + Requesting new certificate order from CA...'
 + Requesting new certificate order from CA...
++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]}'
+++ urlbase64
+++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]}'
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19
++ [[ 2 -eq 1 ]]
+++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce
+++ grep -i '^Replay-Nonce:'
+++ awk -F ': ' '{print $2}'
+++ tr -d '\n\r'
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempcont=/tmp/dehydrated-GAc3dP
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempheaders=/tmp/dehydrated-oStB4S
+++ [[ -n '' ]]
+++ set +e
+++ [[ head = \h\e\a\d ]]
++++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-GAc3dP https://acme-v02.api.letsencrypt.org/acme/new-nonce -I
+++ statuscode=204
+++ touch /tmp/dehydrated-oStB4S
+++ curlret=0
+++ set -e
+++ [[ ! 0 = \0 ]]
+++ [[ ! 2 = \2 ]]
+++ cat /tmp/dehydrated-GAc3dP
+++ rm -f /tmp/dehydrated-GAc3dP
+++ rm -f /tmp/dehydrated-oStB4S
++ nonce=LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0
++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}'
++ [[ 2 -eq 1 ]]
++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]]
++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0"}'
+++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0"}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ
+++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19
+++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ signed64=SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s
++ [[ 2 -eq 1 ]]
++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}'
++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}'
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-mv4uct
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-1U874i
++ [[ -n '' ]]
++ set +e
++ [[ post = \h\e\a\d ]]
++ [[ post = \g\e\t ]]
++ [[ post = \p\o\s\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-mv4uct https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-1U874i -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}'
++ statuscode=201
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-mv4uct
++ rm -f /tmp/dehydrated-mv4uct
++ rm -f /tmp/dehydrated-1U874i
+ result='{
  "status": "pending",
  "expires": "2018-10-11T06:46:25Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.domain.info"
    },
    {
      "type": "dns",
      "value": "domain.info"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",
    "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627"
}'
++ echo '{' '"status":' '"pending",' '"expires":' '"2018-10-11T06:46:25Z",' '"identifiers":' '[' '{' '"type":' '"dns",' '"value":' '"*.domain.info"' '},' '{' '"type":' '"dns",' '"value":' '"domain.info"' '}' '],' '"authorizations":' '[' '"https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",' '"https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"' '],' '"finalize":' '"https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627"' '}'
++ get_json_array_value authorizations
++ local filter
+++ printf 's/.*"%s": *\\[\([^]]*\)\\].*/\\1/p' authorizations
++ filter='s/.*"authorizations": *\[\([^]]*\)\].*/\1/p'
++ sed -n 's/.*"authorizations": *\[\([^]]*\)\].*/\1/p'
+ order_authorizations=' "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ", "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc" '
++ echo '{
  "status": "pending",
  "expires": "2018-10-11T06:46:25Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.domain.info"
    },
    {
      "type": "dns",
      "value": "domain.info"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",
    "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627"
}'
++ get_json_string_value finalize
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' finalize
++ filter='s/.*"finalize": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"finalize": *"\([^"]*\)".*/\1/p'
+ finalize=https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627
+ local idx=0
+ for uri in ${order_authorizations}
++ echo '"https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",'
++ _sed -e 's/\"(.*)".*/\1/'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/\"(.*)".*/\1/'
+ authorizations[${idx}]=https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ
+ idx=1
+ for uri in ${order_authorizations}
++ echo '"https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"'
++ _sed -e 's/\"(.*)".*/\1/'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/\"(.*)".*/\1/'
+ authorizations[${idx}]=https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc
+ idx=2
+ echo ' + Received 2 authorizations URLs from the CA'
 + Received 2 authorizations URLs from the CA
+ local idx=0
+ for authorization in ${authorizations[*]}
+ [[ 2 -eq 2 ]]
++ clean_json
++ tr -d '\r\n'
++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
++ [[ Linux = \L\i\n\u\x ]]
+++ echo https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ
++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+++ _sed -e 's/\"(.*)".*/\1/'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/\"(.*)".*/\1/'
++ http_request get https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-rmwFTE
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-K7COFr
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-rmwFTE -D /tmp/dehydrated-K7COFr https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-rmwFTE
++ rm -f /tmp/dehydrated-rmwFTE
++ rm -f /tmp/dehydrated-K7COFr
+ response='{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}'
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}'
++ get_json_dict_value identifier
++ local filter
++ get_json_string_value value
++ local filter
+++ printf 's/.*"%s": *{\([^}]*\)}.*/\\1/p' identifier
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' value
++ filter='s/.*"identifier": *{\([^}]*\)}.*/\1/p'
++ sed -n 's/.*"identifier": *{\([^}]*\)}.*/\1/p'
++ filter='s/.*"value": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"value": *"\([^"]*\)".*/\1/p'
+ identifier=domain.info
+ echo ' + Handling authorization for domain.info'
 + Handling authorization for domain.info
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}'
++ _sed 's/"challenges": \[\{.*\}\]//'
++ [[ Linux = \L\i\n\u\x ]]
++ get_json_string_value status
++ sed -r 's/"challenges": \[\{.*\}\]//'
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status
++ filter='s/.*"status": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p'
+ '[' pending = valid ']'
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}'
++ _sed 's/.*"challenges": \[(\{.*\})\].*/\1/'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/.*"challenges": \[(\{.*\})\].*/\1/'
+ challenges='{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}'
++ _sed -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\
\2/g'
++ grep '"dns-01"'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\
\2/g'
+ challenge='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
+ '[' -z '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}' ']'
+ challenge_names[${idx}]=domain.info
++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
++ get_json_string_value token
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' token
++ filter='s/.*"token": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"token": *"\([^"]*\)".*/\1/p'
+ challenge_tokens[${idx}]=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc
+ [[ 2 -eq 2 ]]
++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
++ _sed 's/"validationRecord": ?\[[^]]+\]//g'
++ get_json_string_value url
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/"validationRecord": ?\[[^]]+\]//g'
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' url
++ filter='s/.*"url": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"url": *"\([^"]*\)".*/\1/p'
+ challenge_uris[${idx}]=https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800
+ keyauth=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ case "${CHALLENGETYPE}" in
++ printf %s TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
++ openssl dgst -sha256 -binary
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ keyauth_hook=ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE
+ keyauths[${idx}]=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ deploy_args[${idx}]='domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE'
+ idx=1
+ for authorization in ${authorizations[*]}
+ [[ 2 -eq 2 ]]
++ clean_json
++ tr -d '\r\n'
+++ echo https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc
++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
++ [[ Linux = \L\i\n\u\x ]]
+++ _sed -e 's/\"(.*)".*/\1/'
++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's/\"(.*)".*/\1/'
++ http_request get https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-FStchJ
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-dTdRNh
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-FStchJ -D /tmp/dehydrated-dTdRNh https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-FStchJ
++ rm -f /tmp/dehydrated-FStchJ
++ rm -f /tmp/dehydrated-dTdRNh
+ response='{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}'
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}'
++ get_json_dict_value identifier
++ local filter
++ get_json_string_value value
++ local filter
+++ printf 's/.*"%s": *{\([^}]*\)}.*/\\1/p' identifier
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' value
++ filter='s/.*"identifier": *{\([^}]*\)}.*/\1/p'
++ sed -n 's/.*"identifier": *{\([^}]*\)}.*/\1/p'
++ filter='s/.*"value": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"value": *"\([^"]*\)".*/\1/p'
+ identifier=domain.info
+ echo ' + Handling authorization for domain.info'
 + Handling authorization for domain.info
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}'
++ _sed 's/"challenges": \[\{.*\}\]//'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/"challenges": \[\{.*\}\]//'
++ get_json_string_value status
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status
++ filter='s/.*"status": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p'
+ '[' pending = valid ']'
++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}'
++ _sed 's/.*"challenges": \[(\{.*\})\].*/\1/'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/.*"challenges": \[(\{.*\})\].*/\1/'
+ challenges='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}'
++ _sed -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\
\2/g'
++ grep '"dns-01"'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\
\2/g'
+ challenge='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}'
+ '[' -z '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}' ']'
+ challenge_names[${idx}]=domain.info
++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}'
++ get_json_string_value token
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' token
++ filter='s/.*"token": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"token": *"\([^"]*\)".*/\1/p'
+ challenge_tokens[${idx}]=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo
+ [[ 2 -eq 2 ]]
++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}'
++ _sed 's/"validationRecord": ?\[[^]]+\]//g'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r 's/"validationRecord": ?\[[^]]+\]//g'
++ get_json_string_value url
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' url
++ filter='s/.*"url": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"url": *"\([^"]*\)".*/\1/p'
+ challenge_uris[${idx}]=https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997
+ keyauth=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ case "${CHALLENGETYPE}" in
++ printf %s uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
++ openssl dgst -sha256 -binary
++ urlbase64
++ openssl base64 -e
++ tr -d '\n\r'
++ _sed -e 's:=*$::g' -e y:+/:-_:
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's:=*$::g' -e y:+/:-_:
+ keyauth_hook=nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs
+ keyauths[${idx}]=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI
+ deploy_args[${idx}]='domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs'
+ idx=2
+ local num_pending_challenges=2
+ echo ' + 2 pending challenge(s)'
 + 2 pending challenge(s)
+ [[ 2 -ne 0 ]]
+ echo ' + Deploying challenge tokens...'
 + Deploying challenge tokens...
+ [[ -n /opt/dehydrated/hook.sh ]]
+ [[ no = \y\e\s ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ local idx=0
+ '[' 0 -lt 2 ']'
+ /opt/dehydrated/hook.sh deploy_challenge domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE
+ idx=1
+ '[' 1 -lt 2 ']'
+ /opt/dehydrated/hook.sh deploy_challenge domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs
+ idx=2
+ '[' 2 -lt 2 ']'
+ local idx=0
+ '[' 0 -lt 2 ']'
+ echo ' + Responding to challenge for domain.info authorization...'
 + Responding to challenge for domain.info authorization...
+ [[ 2 -eq 1 ]]
++ signed_request https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 '{"keyAuthorization": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI"}'
++ clean_json
++ tr -d '\r\n'
++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+++ printf %s '{"keyAuthorization": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI"}'
++ [[ Linux = \L\i\n\u\x ]]
++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ payload64=eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9
++ [[ 2 -eq 1 ]]
+++ grep -i '^Replay-Nonce:'
+++ tr -d '\n\r'
+++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ awk -F ': ' '{print $2}'
+++ tempcont=/tmp/dehydrated-NWOJLR
++++ _mktemp
++++ mktemp /tmp/dehydrated-XXXXXX
+++ tempheaders=/tmp/dehydrated-0WoWI3
+++ [[ -n '' ]]
+++ set +e
+++ [[ head = \h\e\a\d ]]
++++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-NWOJLR https://acme-v02.api.letsencrypt.org/acme/new-nonce -I
+++ statuscode=204
+++ touch /tmp/dehydrated-0WoWI3
+++ curlret=0
+++ set -e
+++ [[ ! 0 = \0 ]]
+++ [[ ! 2 = \2 ]]
+++ cat /tmp/dehydrated-NWOJLR
+++ rm -f /tmp/dehydrated-NWOJLR
+++ rm -f /tmp/dehydrated-0WoWI3
++ nonce=Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA
++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}'
++ [[ 2 -eq 1 ]]
++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]]
++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "nonce": "Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA"}'
+++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "nonce": "Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA"}'
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0
+++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0.eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9
+++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem
+++ urlbase64
+++ openssl base64 -e
+++ tr -d '\n\r'
+++ _sed -e 's:=*$::g' -e y:+/:-_:
+++ [[ Linux = \L\i\n\u\x ]]
+++ sed -r -e 's:=*$::g' -e y:+/:-_:
++ signed64=FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc
++ [[ 2 -eq 1 ]]
++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}'
++ http_request post https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}'
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-pT5sN5
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-knMqWY
++ [[ -n '' ]]
++ set +e
++ [[ post = \h\e\a\d ]]
++ [[ post = \g\e\t ]]
++ [[ post = \p\o\s\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-pT5sN5 https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 -D /tmp/dehydrated-knMqWY -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}'
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-pT5sN5
++ rm -f /tmp/dehydrated-pT5sN5
++ rm -f /tmp/dehydrated-knMqWY
+ result='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
++ printf '%s\n' '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}'
++ get_json_string_value status
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status
++ filter='s/.*"status": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p'
+ reqstatus=pending
+ [[ pending = \p\e\n\d\i\n\g ]]
+ sleep 1
++ http_request get https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempcont=/tmp/dehydrated-ZoElTz
+++ _mktemp
+++ mktemp /tmp/dehydrated-XXXXXX
++ tempheaders=/tmp/dehydrated-WrCSkv
++ [[ -n '' ]]
++ set +e
++ [[ get = \h\e\a\d ]]
++ [[ get = \g\e\t ]]
+++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-ZoElTz -D /tmp/dehydrated-WrCSkv https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800
++ statuscode=200
++ curlret=0
++ set -e
++ [[ ! 0 = \0 ]]
++ [[ ! 2 = \2 ]]
++ cat /tmp/dehydrated-ZoElTz
++ rm -f /tmp/dehydrated-ZoElTz
++ rm -f /tmp/dehydrated-WrCSkv
+ result='{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
}'
++ printf '%s\n' '{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
}'
++ get_json_string_value status
++ local filter
+++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status
++ filter='s/.*"status": *"\([^"]*\)".*/\1/p'
++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p'
+ reqstatus=invalid
+ [[ invalid = \p\e\n\d\i\n\g ]]
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]]
+ [[ invalid = \v\a\l\i\d ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ /opt/dehydrated/hook.sh invalid_challenge '*.domain.info' '{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
}'
+ break
+ [[ 2 -ne 0 ]]
+ echo ' + Cleaning challenge tokens...'
 + Cleaning challenge tokens...
+ [[ -n /opt/dehydrated/hook.sh ]]
+ [[ no = \y\e\s ]]
+ local idx=0
+ '[' 0 -lt 2 ']'
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ [[ no != \y\e\s ]]
+ /opt/dehydrated/hook.sh clean_challenge domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE
+ idx=1
+ '[' 1 -lt 2 ']'
+ [[ dns-01 = \h\t\t\p\-\0\1 ]]
+ [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]]
+ [[ -n /opt/dehydrated/hook.sh ]]
+ [[ no != \y\e\s ]]
+ /opt/dehydrated/hook.sh clean_challenge domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs
+ idx=2
+ '[' 2 -lt 2 ']'
+ [[ invalid != \v\a\l\i\d ]]
+ echo ' + Challenge validation has failed :('
 + Challenge validation has failed :(
+ _exiterr 'Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
})'
+ echo 'ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
})'
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800",
  "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"
})
+ exit 1
+ remove_lock
+ rm -f /opt/dehydrated/lock
Originally created by @TB1234 on GitHub (Oct 4, 2018). I call dehydrated from the command line for every domain. If I try to get a wildard certificate this failed with the message "Challenge is invalid". That's my call: `/opt/dehydrated/dehydrated -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh` I have a hook script which sets the token to the nameserver. This works and make no problems if you have only a single domain. So you can see, I have the domain twice in the call. Once alone and once with wildcard. The result of this call looks like that: ``` Processing domain.info with alternative names: *.domain.info + Signing domains... + Generating private key... + Generating signing request... + Requesting new certificate order from CA... + Received 2 authorizations URLs from the CA + Handling authorization for domain.info + Handling authorization for domain.info + 2 pending challenge(s) + Deploying challenge tokens... + Responding to challenge for domain.info authorization... + Cleaning challenge tokens... + Challenge validation has failed :( ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:dns", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.domain.info", "status": 400 }, "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/sIuPB8ocWGvOy_2-01tST_k8OY5cyz0wBPABASwvSFg/7932386848", "token": "AjNkNX6i-Nv8j8bpbTU6u3X6Fs0S4r7x4b4Sgr76cqY" }) ``` For me, it looks like dehydrated call the hook script twice and in this case the wildcard (*.) is removed. So both challenges have the same name which will result in the problem, that the frist challenge will be deleted if the second one is added. So the first one is invalid. I called the script with `bash -x`: ``` bash -x /opt/dehydrated/dehydrated -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh + set -e + set -u + set -o pipefail + [[ -n '' ]] + [[ -z '' ]] + shopt -s nullglob + set -f + umask 077 + exec + exec + VERSION=git-master-after-0.6.2 + SOURCE=/opt/dehydrated/dehydrated + '[' -h /opt/dehydrated/dehydrated ']' +++ dirname /opt/dehydrated/dehydrated ++ cd -P /opt/dehydrated ++ pwd + SCRIPTDIR=/opt/dehydrated + BASEDIR=/opt/dehydrated + ORIGARGS='-c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh' ++ uname + OSTYPE=Linux + [[ ! '' = \N\O\O\P ]] + main -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d '*.domain.info' -k /opt/dehydrated/hook.sh + COMMAND= + [[ -z -c -t dns-01 -o /etc/ssl/reksys -a secp384r1 -d domain.info -d *.domain.info -k /opt/dehydrated/hook.sh ]] + (( 13 )) + case "${1}" in + set_command sign_domains + [[ -z '' ]] + COMMAND=sign_domains + shift 1 + (( 12 )) + case "${1}" in + shift 1 + check_parameters dns-01 + [[ -z dns-01 ]] + [[ d = \- ]] + PARAM_CHALLENGETYPE=dns-01 + shift 1 + (( 10 )) + case "${1}" in + shift 1 + check_parameters /etc/ssl/reksys + [[ -z /etc/ssl/reksys ]] + [[ / = \- ]] + PARAM_CERTDIR=/etc/ssl/reksys + shift 1 + (( 8 )) + case "${1}" in + shift 1 + check_parameters secp384r1 + [[ -z secp384r1 ]] + [[ s = \- ]] + PARAM_KEY_ALGO=secp384r1 + shift 1 + (( 6 )) + case "${1}" in + shift 1 + check_parameters domain.info + [[ -z domain.info ]] + [[ s = \- ]] + [[ -z '' ]] + PARAM_DOMAIN=domain.info + shift 1 + (( 4 )) + case "${1}" in + shift 1 + check_parameters '*.domain.info' + [[ -z *.domain.info ]] + [[ * = \- ]] + [[ -z domain.info ]] + PARAM_DOMAIN='domain.info *.domain.info' + shift 1 + (( 2 )) + case "${1}" in + shift 1 + check_parameters /opt/dehydrated/hook.sh + [[ -z /opt/dehydrated/hook.sh ]] + [[ / = \- ]] + PARAM_HOOK=/opt/dehydrated/hook.sh + shift 1 + (( 0 )) + case "${COMMAND}" in + command_sign_domains + init_system + load_config + [[ -z '' ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /etc/dehydrated/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /usr/local/etc/dehydrated/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /opt/reksys/webserver/config ]] + for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}" + [[ -f /opt/dehydrated/config ]] + BASEDIR=/opt/dehydrated + CONFIG=/opt/dehydrated/config + break + CA=https://acme-v02.api.letsencrypt.org/directory + OLDCA= + CERTDIR= + ALPNCERTDIR= + ACCOUNTDIR= + CHALLENGETYPE=http-01 + CONFIG_D= + CURL_OPTS= + DOMAINS_D= + DOMAINS_TXT= + HOOK= + HOOK_CHAIN=no + RENEW_DAYS=30 + KEYSIZE=4096 + WELLKNOWN= + PRIVATE_KEY_RENEW=yes + PRIVATE_KEY_ROLLOVER=no + KEY_ALGO=rsa + OPENSSL=openssl + OPENSSL_CNF= + CONTACT_EMAIL= + LOCKFILE= + OCSP_MUST_STAPLE=no + OCSP_FETCH=no + OCSP_DAYS=5 + IP_VERSION= + CHAINCACHE= + AUTO_CLEANUP=no + DEHYDRATED_USER= + DEHYDRATED_GROUP= + API=auto + [[ -z /opt/dehydrated/config ]] + [[ -f /opt/dehydrated/config ]] + echo '# INFO: Using main config file /opt/dehydrated/config' # INFO: Using main config file /opt/dehydrated/config ++ dirname /opt/dehydrated/config + BASEDIR=/opt/dehydrated + . /opt/dehydrated/config ++ CHALLENGETYPE=http-01 ++ WELLKNOWN=/srv/http/dehydrated ++ KEYSIZE=4096 ++ PRIVATE_KEY_RENEW=yes ++ KEY_ALGO=secp384r1 + [[ -n '' ]] + [[ -n '' ]] + [[ -n '' ]] + check_dependencies + openssl version + _sed '' + command -v grep + command -v mktemp + command -v diff + set +e ++ curl -V ++ head -n1 ++ awk '{print $2}' + CURL_VERSION=7.61.1 + retcode=0 + set -e + [[ ! 0 = \0 ]] + [[ /opt/dehydrated != \/ ]] + BASEDIR=/opt/dehydrated + [[ -d /opt/dehydrated ]] + [[ -z '' ]] + [[ https://acme-v02.api.letsencrypt.org/directory = \h\t\t\p\s\:\/\/\a\c\m\e\-\v\0\2\.\a\p\i\.\l\e\t\s\e\n\c\r\y\p\t\.\o\r\g\/\d\i\r\e\c\t\o\r\y ]] + OLDCA=https://acme-v01.api.letsencrypt.org/directory ++ echo https://acme-v02.api.letsencrypt.org/directory ++ urlbase64 ++ tr -d '\n\r' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ openssl base64 -e ++ sed -r -e 's:=*$::g' -e y:+/:-_: + CAHASH=aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo + [[ -z '' ]] + ACCOUNTDIR=/opt/dehydrated/accounts + [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo ]] + [[ -f /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/config ]] + ACCOUNT_KEY=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem + ACCOUNT_KEY_JSON=/opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json + [[ -f /opt/dehydrated/private_key.pem ]] + [[ -f /opt/dehydrated/private_key.json ]] + [[ -z '' ]] + CERTDIR=/opt/dehydrated/certs + [[ -z '' ]] + ALPNCERTDIR=/opt/dehydrated/alpn-certs + [[ -z '' ]] + CHAINCACHE=/opt/dehydrated/chains + [[ -z '' ]] + DOMAINS_TXT=/opt/dehydrated/domains.txt + [[ -z /srv/http/dehydrated ]] + [[ -z '' ]] + LOCKFILE=/opt/dehydrated/lock + [[ -z '' ]] ++ openssl version -d ++ cut '-d"' -f2 + OPENSSL_CNF=/etc/ssl/openssl.cnf + [[ -n '' ]] + [[ -n '' ]] + [[ -n /opt/dehydrated/hook.sh ]] + HOOK=/opt/dehydrated/hook.sh + [[ -n /etc/ssl/reksys ]] + CERTDIR=/etc/ssl/reksys + [[ -n '' ]] + [[ -n dns-01 ]] + CHALLENGETYPE=dns-01 + [[ -n secp384r1 ]] + KEY_ALGO=secp384r1 + [[ -n '' ]] + [[ -n '' ]] + '[' '!' '' = noverify ']' + verify_config + [[ dns-01 == \h\t\t\p\-\0\1 ]] + [[ dns-01 == \d\n\s\-\0\1 ]] + [[ dns-01 = \d\n\s\-\0\1 ]] + [[ -z /opt/dehydrated/hook.sh ]] + [[ dns-01 = \h\t\t\p\-\0\1 ]] + [[ secp384r1 == \r\s\a ]] + [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]] + [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]] + [[ -n '' ]] + [[ auto == \a\u\t\o ]] + [[ 5 =~ ^[0-9]+$ ]] + store_configvars + __KEY_ALGO=secp384r1 + __OCSP_MUST_STAPLE=no + __PRIVATE_KEY_RENEW=yes + __KEYSIZE=4096 + __CHALLENGETYPE=dns-01 + __HOOK=/opt/dehydrated/hook.sh + __WELLKNOWN=/srv/http/dehydrated + __HOOK_CHAIN=no + __OPENSSL_CNF=/etc/ssl/openssl.cnf + __RENEW_DAYS=30 + __IP_VERSION= + [[ -n /opt/dehydrated/lock ]] ++ dirname /opt/dehydrated/lock + LOCKDIR=/opt/dehydrated + [[ -w /opt/dehydrated ]] + trap remove_lock EXIT ++ http_request get https://acme-v02.api.letsencrypt.org/directory +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-q9EtsQ +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-I1e4lX ++ [[ -n '' ]] ++ set +e ++ [[ get = \h\e\a\d ]] ++ [[ get = \g\e\t ]] +++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-q9EtsQ -D /tmp/dehydrated-I1e4lX https://acme-v02.api.letsencrypt.org/directory ++ statuscode=200 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ cat /tmp/dehydrated-q9EtsQ ++ rm -f /tmp/dehydrated-q9EtsQ ++ rm -f /tmp/dehydrated-I1e4lX + CA_DIRECTORY='{ "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' + [[ auto = \a\u\t\o ]] + grep -q newOrder + API=2 + [[ 2 -eq 1 ]] ++ printf %s '{ "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newOrder ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newOrder ++ filter='s/.*"newOrder": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"newOrder": *"\([^"]*\)".*/\1/p' + CA_NEW_ORDER=https://acme-v02.api.letsencrypt.org/acme/new-order ++ printf %s '{ "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newNonce ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newNonce ++ filter='s/.*"newNonce": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"newNonce": *"\([^"]*\)".*/\1/p' + CA_NEW_NONCE=https://acme-v02.api.letsencrypt.org/acme/new-nonce ++ printf %s '{ "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value newAccount ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' newAccount ++ filter='s/.*"newAccount": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"newAccount": *"\([^"]*\)".*/\1/p' + CA_NEW_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/new-acct ++ printf %s '{ "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value termsOfService ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' termsOfService ++ filter='s/.*"termsOfService": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"termsOfService": *"\([^"]*\)".*/\1/p' + CA_TERMS=https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf ++ printf %s '{ "9olKG4aSTR0": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }' ++ get_json_string_value revokeCert ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' revokeCert ++ filter='s/.*"revokeCert": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"revokeCert": *"\([^"]*\)".*/\1/p' + CA_REVOKE_CERT=https://acme-v02.api.letsencrypt.org/acme/revoke-cert + CA_ACCOUNT=https://acme-v02.api.letsencrypt.org/acme/acct + export WELLKNOWN BASEDIR CERTDIR ALPNCERTDIR CONFIG COMMAND + register_new_key=no + [[ -n '' ]] + [[ ! -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem ]] + openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -check ++ hex2bin ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' +++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -text +++ awk '/publicExponent/ {print $2}' ++ _sed -e 's:=*$::g' -e y:+/:-_: +++ cat ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: +++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' ++ printf %x 65537 ++ printf -- '\x01\x00\x01' + pubExponent64=AQAB ++ openssl rsa -in /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem -noout -modulus ++ hex2bin ++ cut -d= -f2 ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' +++ cat ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] +++ _sed -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' ++ sed -r -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's/[[:space:]]//g' -e 's/^(.(.{2})*)$/0\1/' -e 's/(.{2})/\\x\1/g' ++ printf -- '\xD2\x5B\x95\x21\x48\xED\xB1\x22\x5D\x42\x08\x28\xA4\x60\x7C\xAC\x8F\x5E\xC0\xE5\x44\x97\xFF\x3F\x5E\xD3\xB4\x0C\x11\x11\x9F\x71\x67\x96\xC7\xEA\x83\xC8\xE0\xFB\xD5\x73\xE4\x23\xAB\xB9\xAC\x7F\x01\x14\xC2\xCA\xEC\xA0\x03\x60\x10\x92\xC4\x9B\xC8\xF2\xF9\x01\xCC\x00\xDC\xF5\x8E\xC6\xD8\x0E\xFA\xBE\x5F\xF6\x1E\x49\xD6\x69\xA8\x85\x7B\x97\x6B\xC2\x38\x50\xF6\x05\x26\x00\x8D\xAC\x58\x18\xC9\xCA\x8A\x3E\x98\xF6\xFD\x65\x4C\x8C\x6D\x09\x03\x16\x3D\xFF\xE7\x2F\xB1\xBB\xEB\xD2\xF3\x0E\xE4\x10\xFF\x57\x39\x3B\xC5\x47\xD8\xE9\x25\x8B\x92\x62\x3E\x86\x87\xF7\xAD\x06\x15\xA8\x8F\x2D\xD0\xE6\xF7\x2D\x55\x26\x57\x14\xAF\x17\xDA\x86\xC1\x97\x65\x81\x6C\x71\xE7\x6E\x96\x7C\x79\x4C\xDF\xE1\x65\xD8\x80\xE8\x39\x00\xB6\x63\x0D\x49\x84\x61\x1A\xB3\x4E\x63\xDE\x29\x2F\xDC\x47\xE0\x15\xDB\x8F\x2D\xDE\x9B\x85\x7B\x95\x2E\xEC\xBC\xEA\xF5\xC8\x28\x2A\xF4\x7D\xE4\x5A\x29\x9B\xB9\xEF\x36\x79\x3F\xCC\x10\x32\xC2\xC2\x47\x70\x41\x4A\xE0\x21\xAB\xCF\x44\x45\x04\x84\x14\x4C\x6A\xAC\xE5\x96\xF7\xB6\xD4\x61\x57\xEF\x77\x2A\x6E\x9B\x73\xC3\x2F\x24\x54\xB2\xE2\x00\xD0\x2F\xCD\x2C\x58\xAD\x43\xE9\xB7\x77\x6C\x31\x9F\x26\x29\x8B\x5F\xE1\x26\xBE\xE7\x9C\x07\xCA\x5F\x97\xC5\xBF\x46\x07\x24\xF5\xF9\xED\x2F\x35\x32\xF1\x95\xC2\xCE\x3B\x3C\xED\x36\xE8\xB0\x18\x7A\x44\x7F\xD6\x98\xA3\xD8\x60\x73\x64\xBC\xA3\x0E\x05\xED\x2E\xB4\x56\x46\xFC\x2F\x55\xFF\x93\x53\xC6\x09\x58\x87\xAD\x84\x2B\x75\x3B\x83\x8A\x62\x5F\xDD\x82\x98\x13\x59\xC1\xD7\x5B\x5F\x3C\xAA\x97\xAC\xAB\xED\x1A\xF3\x42\x24\x06\x86\xEE\x67\x61\x13\xBD\x5E\x6F\x87\x5B\xEC\x99\xC1\xC8\x29\x52\xAB\x92\x10\x1F\xE1\x1C\x70\xFC\xFB\xE8\x05\x1F\x1D\x95\x8D\xA4\xDF\x1F\x8D\xD8\x02\x57\xE6\xD2\xF8\x30\xF8\x1C\x8A\xD7\xAF\x20\x52\xFF\x27\xA8\x82\x10\x61\x07\xBE\xA2\xC6\x37\x2E\xA4\x6E\xFC\xF3\x60\x8D\x94\xA0\xBF\x97\x42\x47\x6E\xE4\xF2\xFB\xE2\x48\xF1\x65\xB7\x24\x8C\x27\x90\x7E\xB7\xC1\xB2\xE8\xC3\xD1\x45\x17\x09\xA4\x61\x9B\x48\x71\x66\xF5\xF1\x5B\xE2\x20\xF4\x7D\xAB\x1A\x37\x47\x98\xB8\x4A\x25\x08\x6F\xC3\xC5\x77\x97\xCD\x64\xE3\x15\x98\xE1\x3B\x3C\xC4\x4B\xA2\xF0\x48\xC5\x74\x6E\xC7\xF0\x88\x48\x2A\xC3' + pubMod64=0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM ++ printf '{"e":"%s","kty":"RSA","n":"%s"}' AQAB 0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM ++ openssl dgst -sha256 -binary ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: + thumbprint=VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI + [[ no = \y\e\s ]] + [[ sign_domains = \r\e\g\i\s\t\e\r ]] + [[ -e /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ]] ++ cat /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/registration_info.json ++ get_json_int_value id ++ local filter +++ printf 's/.*"%s": *\([0-9]*\).*/\\1/p' id ++ filter='s/.*"id": *\([0-9]*\).*/\1/p' ++ sed -n 's/.*"id": *\([0-9]*\).*/\1/p' + ACCOUNT_ID=4935574 + [[ 2 -eq 1 ]] + ACCOUNT_URL=https://acme-v02.api.letsencrypt.org/acme/acct/4935574 + hookscript_bricker_hook + [[ -n /opt/dehydrated/hook.sh ]] + /opt/dehydrated/hook.sh this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script + [[ -n /opt/dehydrated/hook.sh ]] + /opt/dehydrated/hook.sh startup_hook + '[' '!' -d /opt/dehydrated/chains ']' + [[ -n domain.info *.domain.info ]] ++ _mktemp ++ mktemp /tmp/dehydrated-XXXXXX + DOMAINS_TXT=/tmp/dehydrated-C5wIKt + [[ -n '' ]] + printf -- 'domain.info *.domain.info' + ORIGIFS=' ' + IFS=' ' ++ tr -d '\r' ++ awk '{print tolower($0)}' ++ _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' ++ [[ Linux = \L\i\n\u\x ]] ++ grep -vE '^(#|$)' ++ sed -r -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' + for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true)) + reset_configvars + KEY_ALGO=secp384r1 + OCSP_MUST_STAPLE=no + PRIVATE_KEY_RENEW=yes + KEYSIZE=4096 + CHALLENGETYPE=dns-01 + HOOK=/opt/dehydrated/hook.sh + WELLKNOWN=/srv/http/dehydrated + HOOK_CHAIN=no + OPENSSL_CNF=/etc/ssl/openssl.cnf + RENEW_DAYS=30 + IP_VERSION= + IFS=' ' ++ grep -Eo '>[^ ]+' ++ true + alias= ++ _sed -e 's/>[^ ]+[ ]*//g' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/>[^ ]+[ ]*//g' + line='domain.info *.domain.info' ++ grep -Eo '>' ++ awk 'END {print NR}' ++ true + aliascount=0 + '[' 0 -gt 1 ']' ++ printf '%s\n' 'domain.info *.domain.info' ++ cut '-d ' -f1 + domain=domain.info ++ printf '%s\n' 'domain.info *.domain.info' ++ cut -s '-d ' -f2- + morenames='*.domain.info' + '[' 0 -lt 1 ']' + alias=domain.info + export alias + [[ -z *.domain.info ]] + echo 'Processing domain.info with alternative names: *.domain.info' Processing domain.info with alternative names: *.domain.info + '[' sw = '*.' ']' + local certdir=/etc/ssl/reksys/domain.info + cert=/etc/ssl/reksys/domain.info/cert.pem + chain=/etc/ssl/reksys/domain.info/chain.pem + force_renew=no ++ date +%s + timestamp=1538635752 + [[ ! -e /etc/ssl/reksys/domain.info ]] + [[ -n '' ]] + certconfig=/etc/ssl/reksys/domain.info/config + '[' -f /etc/ssl/reksys/domain.info/config ']' + verify_config + [[ dns-01 == \h\t\t\p\-\0\1 ]] + [[ dns-01 == \d\n\s\-\0\1 ]] + [[ dns-01 = \d\n\s\-\0\1 ]] + [[ -z /opt/dehydrated/hook.sh ]] + [[ dns-01 = \h\t\t\p\-\0\1 ]] + [[ secp384r1 == \r\s\a ]] + [[ secp384r1 == \p\r\i\m\e\2\5\6\v\1 ]] + [[ secp384r1 == \s\e\c\p\3\8\4\r\1 ]] + [[ -n '' ]] + [[ 2 == \a\u\t\o ]] + [[ 2 == \1 ]] + [[ 2 == \2 ]] + [[ 5 =~ ^[0-9]+$ ]] + hookscript_bricker_hook + [[ -n /opt/dehydrated/hook.sh ]] + /opt/dehydrated/hook.sh this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script + export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER + skip=no + local csr= + [[ -n /opt/dehydrated/hook.sh ]] ++ /opt/dehydrated/hook.sh generate_csr domain.info /etc/ssl/reksys/domain.info 'domain.info *.domain.info' + csr= + grep -qE '\-----BEGIN (NEW )?CERTIFICATE REQUEST-----' + csr= + [[ -e /etc/ssl/reksys/domain.info/cert.pem ]] + [[ -e /etc/ssl/reksys/domain.info/cert.pem ]] + local update_ocsp + update_ocsp=no + [[ ! no = \y\e\s ]] + update_ocsp=yes + [[ -z '' ]] + [[ '' = \y\e\s ]] + sign_domain /etc/ssl/reksys/domain.info 1538635752 domain.info '*.domain.info' + local certdir=/etc/ssl/reksys/domain.info + shift + timestamp=1538635752 + shift + domain=domain.info + altnames='domain.info *.domain.info' + export altnames + echo ' + Signing domains...' + Signing domains... + [[ 2 -eq 1 ]] + [[ 2 -eq 2 ]] + [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]] + local privkey=privkey.pem + [[ ! -e /etc/ssl/reksys/domain.info/cert-1538635752.csr ]] + [[ ! -r /etc/ssl/reksys/domain.info/privkey.pem ]] + echo ' + Generating private key...' + Generating private key... + privkey=privkey-1538635752.pem ++ _mktemp ++ mktemp /tmp/dehydrated-XXXXXX + local tmp_privkey=/tmp/dehydrated-erQcHt + case "${KEY_ALGO}" in + _openssl ecparam -genkey -name secp384r1 -out /tmp/dehydrated-erQcHt + set +e ++ openssl ecparam -genkey -name secp384r1 -out /tmp/dehydrated-erQcHt + out= + res=0 + set -e + [[ 0 -ne 0 ]] + cat /tmp/dehydrated-erQcHt + rm /tmp/dehydrated-erQcHt + [[ -r /etc/ssl/reksys/domain.info/privkey.pem ]] + [[ ! -r /etc/ssl/reksys/domain.info/privkey.roll.pem ]] + [[ no = \y\e\s ]] + [[ -r /etc/ssl/reksys/domain.info/privkey.roll.pem ]] + echo ' + Generating signing request...' + Generating signing request... + SAN= + for altname in ${altnames} + SAN='DNS:domain.info, ' + for altname in ${altnames} + SAN='DNS:domain.info, DNS:*.domain.info, ' + SAN='DNS:domain.info, DNS:*.domain.info' + local tmp_openssl_cnf ++ _mktemp ++ mktemp /tmp/dehydrated-XXXXXX + tmp_openssl_cnf=/tmp/dehydrated-FdLi0a + cat /etc/ssl/openssl.cnf + printf '[SAN]\nsubjectAltName=%s' 'DNS:domain.info, DNS:*.domain.info' + '[' no = yes ']' + SUBJ=/CN=domain.info/ + [[ Linux = \M\I\N\G\W ]] + openssl req -new -sha256 -key /etc/ssl/reksys/domain.info/privkey-1538635752.pem -out /etc/ssl/reksys/domain.info/cert-1538635752.csr -subj /CN=domain.info/ -reqexts SAN -config /tmp/dehydrated-FdLi0a + rm -f /tmp/dehydrated-FdLi0a + crt_path=/etc/ssl/reksys/domain.info/cert-1538635752.pem + sign_csr '-----BEGIN CERTIFICATE REQUEST----- MIIBVTCB3AIBADAbMRkwFwYDVQQDDBBzd2ltZmFzaGlvbi5pbmZvMHYwEAYHKoZI zj0CAQYFK4EEACIDYgAE4XM95dlmHTEKy96G3nLeYRW4x2OU3KnWBnIdikveLi/W ngWKw/F6iaCSM/eofPEUVR3ZBdx2v4WspNkV28APuMh93uxStFvs5I5+W04kxkQN o16Qb9/fM+KBBXv/N5G+oEIwQAYJKoZIhvcNAQkOMTMwMTAvBgNVHREEKDAmghBz d2ltZmFzaGlvbi5pbmZvghIqLnN3aW1mYXNoaW9uLmluZm8wCgYIKoZIzj0EAwID aAAwZQIxAPAQVmH9m3/ETU8A3VGFPPVAQlVakggyQCk8Dz+4iG2sUrBtW8R+2BzA fIRKengLEgIwdPcf47ST5vNdsLouM1foospAQk3nP/70Atp8kkvPwICxm86lJVtW IM6urT5EnbAZ -----END CERTIFICATE REQUEST-----' domain.info '*.domain.info' + csr='-----BEGIN CERTIFICATE REQUEST----- MIIBVTCB3AIBADAbMRkwFwYDVQQDDBBzd2ltZmFzaGlvbi5pbmZvMHYwEAYHKoZI zj0CAQYFK4EEACIDYgAE4XM95dlmHTEKy96G3nLeYRW4x2OU3KnWBnIdikveLi/W ngWKw/F6iaCSM/eofPEUVR3ZBdx2v4WspNkV28APuMh93uxStFvs5I5+W04kxkQN o16Qb9/fM+KBBXv/N5G+oEIwQAYJKoZIhvcNAQkOMTMwMTAvBgNVHREEKDAmghBz d2ltZmFzaGlvbi5pbmZvghIqLnN3aW1mYXNoaW9uLmluZm8wCgYIKoZIzj0EAwID aAAwZQIxAPAQVmH9m3/ETU8A3VGFPPVAQlVakggyQCk8Dz+4iG2sUrBtW8R+2BzA fIRKengLEgIwdPcf47ST5vNdsLouM1foospAQk3nP/70Atp8kkvPwICxm86lJVtW IM6urT5EnbAZ -----END CERTIFICATE REQUEST-----' + : + shift 1 + export 'altnames=domain.info *.domain.info' + altnames='domain.info *.domain.info' + [[ 2 -eq 1 ]] + [[ 2 -eq 2 ]] + [[ -z https://acme-v02.api.letsencrypt.org/acme/new-order ]] + [[ -n '' ]] + local -a challenge_names challenge_uris challenge_tokens authorizations keyauths deploy_args + [[ 2 -eq 2 ]] + local challenge_identifiers= + for altname in ${altnames} ++ printf '{"type": "dns", "value": "%s"}, ' domain.info + challenge_identifiers+='{"type": "dns", "value": "domain.info"}, ' + for altname in ${altnames} ++ printf '{"type": "dns", "value": "%s"}, ' '*.domain.info' + challenge_identifiers+='{"type": "dns", "value": "*.domain.info"}, ' + challenge_identifiers='[{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]' + echo ' + Requesting new certificate order from CA...' + Requesting new certificate order from CA... ++ signed_request https://acme-v02.api.letsencrypt.org/acme/new-order '{"identifiers": [{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]}' +++ urlbase64 +++ printf %s '{"identifiers": [{"type": "dns", "value": "domain.info"}, {"type": "dns", "value": "*.domain.info"}]}' +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ payload64=eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19 ++ [[ 2 -eq 1 ]] +++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce +++ grep -i '^Replay-Nonce:' +++ awk -F ': ' '{print $2}' +++ tr -d '\n\r' ++++ _mktemp ++++ mktemp /tmp/dehydrated-XXXXXX +++ tempcont=/tmp/dehydrated-GAc3dP ++++ _mktemp ++++ mktemp /tmp/dehydrated-XXXXXX +++ tempheaders=/tmp/dehydrated-oStB4S +++ [[ -n '' ]] +++ set +e +++ [[ head = \h\e\a\d ]] ++++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-GAc3dP https://acme-v02.api.letsencrypt.org/acme/new-nonce -I +++ statuscode=204 +++ touch /tmp/dehydrated-oStB4S +++ curlret=0 +++ set -e +++ [[ ! 0 = \0 ]] +++ [[ ! 2 = \2 ]] +++ cat /tmp/dehydrated-GAc3dP +++ rm -f /tmp/dehydrated-GAc3dP +++ rm -f /tmp/dehydrated-oStB4S ++ nonce=LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0 ++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}' ++ [[ 2 -eq 1 ]] ++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]] ++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0"}' +++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "nonce": "LQL5cHuftJpYK5Qx-O57bigUZ510BzXT2udxe4r28v0"}' +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ +++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ.eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19 +++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ signed64=SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s ++ [[ 2 -eq 1 ]] ++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}' ++ http_request post https://acme-v02.api.letsencrypt.org/acme/new-order '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}' +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-mv4uct +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-1U874i ++ [[ -n '' ]] ++ set +e ++ [[ post = \h\e\a\d ]] ++ [[ post = \g\e\t ]] ++ [[ post = \p\o\s\t ]] +++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-mv4uct https://acme-v02.api.letsencrypt.org/acme/new-order -D /tmp/dehydrated-1U874i -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgIm5vbmNlIjogIkxRTDVjSHVmdEpwWUs1UXgtTzU3YmlnVVo1MTBCelhUMnVkeGU0cjI4djAifQ", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiAiZG5zIiwgInZhbHVlIjogInN3aW1mYXNoaW9uLmluZm8ifSwgeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICIqLnN3aW1mYXNoaW9uLmluZm8ifV19", "signature": "SCWqLMXXzFEJhyaf4uHZ2FoTddfXdIEmcVIaIoPooo4829wltVOFpxsvIkDnsimXs3rrZVwu5bakSG5l7im-GMTLhgnRSqCSo6bug02_2L3T4Mf8NBrgAtr9Cj0UG1_0QBYMZ3WgCZYTt_6ByOFYxgEg4ZFEYT-LUEecbXeoDeLDQTppPKu_Ps6unmKxzCmQmvBtXZzVkwL8fp1UHVx1SxTrv2ltcUMJZuGdbMhW_u5lnY9z27-wzwo4DEClnJZthwAPWuBIjX0_aj4-9R-rJ9Q7Y7l4mPSol_eaCH1KEfhIE1FBA9xCKSVYC_BdXsMg8CcCx_Ee3Q2xUdIQaeEqDdiqWCcBCL2rL5PwA48U8wwEHjw3J4pZ3jGACGzqMCSvRSBxWqHBCsmzs27UL9ryQF-FoZZJSpIIMfygF1YRWfBdYy2QpAYcsy0Zgrba2MYFzfSp1BDUovq3DVxRYHUMM23qtcLv2f_neVTFrQwV8cilQFB3FwoIq94elDAFQNseHe2f0ob8HycA2tHJjq_SlxgjD5GE8Y0TYyD5vfOcFrZO24TXpU-X0woeLpcnuDzs1GKeiu7wF6e3-jFLaTexK90ujEQALhYuuslLl_usb6ZJVRS9o9YbiszXwWzJfWMJwJB0dFOw6la5W-G7bw9OImaib7bhcuvxttXFsYBTq0s"}' ++ statuscode=201 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ cat /tmp/dehydrated-mv4uct ++ rm -f /tmp/dehydrated-mv4uct ++ rm -f /tmp/dehydrated-1U874i + result='{ "status": "pending", "expires": "2018-10-11T06:46:25Z", "identifiers": [ { "type": "dns", "value": "*.domain.info" }, { "type": "dns", "value": "domain.info" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ", "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627" }' ++ echo '{' '"status":' '"pending",' '"expires":' '"2018-10-11T06:46:25Z",' '"identifiers":' '[' '{' '"type":' '"dns",' '"value":' '"*.domain.info"' '},' '{' '"type":' '"dns",' '"value":' '"domain.info"' '}' '],' '"authorizations":' '[' '"https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",' '"https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"' '],' '"finalize":' '"https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627"' '}' ++ get_json_array_value authorizations ++ local filter +++ printf 's/.*"%s": *\\[\([^]]*\)\\].*/\\1/p' authorizations ++ filter='s/.*"authorizations": *\[\([^]]*\)\].*/\1/p' ++ sed -n 's/.*"authorizations": *\[\([^]]*\)\].*/\1/p' + order_authorizations=' "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ", "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc" ' ++ echo '{ "status": "pending", "expires": "2018-10-11T06:46:25Z", "identifiers": [ { "type": "dns", "value": "*.domain.info" }, { "type": "dns", "value": "domain.info" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ", "https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627" }' ++ get_json_string_value finalize ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' finalize ++ filter='s/.*"finalize": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"finalize": *"\([^"]*\)".*/\1/p' + finalize=https://acme-v02.api.letsencrypt.org/acme/finalize/4935574/97560627 + local idx=0 + for uri in ${order_authorizations} ++ echo '"https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ",' ++ _sed -e 's/\"(.*)".*/\1/' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/\"(.*)".*/\1/' + authorizations[${idx}]=https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ + idx=1 + for uri in ${order_authorizations} ++ echo '"https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc"' ++ _sed -e 's/\"(.*)".*/\1/' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/\"(.*)".*/\1/' + authorizations[${idx}]=https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc + idx=2 + echo ' + Received 2 authorizations URLs from the CA' + Received 2 authorizations URLs from the CA + local idx=0 + for authorization in ${authorizations[*]} + [[ 2 -eq 2 ]] ++ clean_json ++ tr -d '\r\n' ++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g' ++ [[ Linux = \L\i\n\u\x ]] +++ echo https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ ++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g' +++ _sed -e 's/\"(.*)".*/\1/' +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's/\"(.*)".*/\1/' ++ http_request get https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-rmwFTE +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-K7COFr ++ [[ -n '' ]] ++ set +e ++ [[ get = \h\e\a\d ]] ++ [[ get = \g\e\t ]] +++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-rmwFTE -D /tmp/dehydrated-K7COFr https://acme-v02.api.letsencrypt.org/acme/authz/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ ++ statuscode=200 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ cat /tmp/dehydrated-rmwFTE ++ rm -f /tmp/dehydrated-rmwFTE ++ rm -f /tmp/dehydrated-K7COFr + response='{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}' ++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}' ++ get_json_dict_value identifier ++ local filter ++ get_json_string_value value ++ local filter +++ printf 's/.*"%s": *{\([^}]*\)}.*/\\1/p' identifier +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' value ++ filter='s/.*"identifier": *{\([^}]*\)}.*/\1/p' ++ sed -n 's/.*"identifier": *{\([^}]*\)}.*/\1/p' ++ filter='s/.*"value": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"value": *"\([^"]*\)".*/\1/p' + identifier=domain.info + echo ' + Handling authorization for domain.info' + Handling authorization for domain.info ++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}' ++ _sed 's/"challenges": \[\{.*\}\]//' ++ [[ Linux = \L\i\n\u\x ]] ++ get_json_string_value status ++ sed -r 's/"challenges": \[\{.*\}\]//' ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status ++ filter='s/.*"status": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p' + '[' pending = valid ']' ++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:46:25Z", "challenges": [{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}]}' ++ _sed 's/.*"challenges": \[(\{.*\})\].*/\1/' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/.*"challenges": \[(\{.*\})\].*/\1/' + challenges='{"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123799", "token": "USzfScQk8rQZbbCSTzs-WjdqKncjKD3CofKbAwjJf6A"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}, {"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123801", "token": "xh0oBmDJ1MyZWpbQSZ2s6orEdQwhNyEo9ztgvFnYWRA"}' ++ _sed -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\ \2/g' ++ grep '"dns-01"' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\ \2/g' + challenge='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}' + '[' -z '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}' ']' + challenge_names[${idx}]=domain.info ++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}' ++ get_json_string_value token ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' token ++ filter='s/.*"token": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"token": *"\([^"]*\)".*/\1/p' + challenge_tokens[${idx}]=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc + [[ 2 -eq 2 ]] ++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}' ++ _sed 's/"validationRecord": ?\[[^]]+\]//g' ++ get_json_string_value url ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/"validationRecord": ?\[[^]]+\]//g' ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' url ++ filter='s/.*"url": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"url": *"\([^"]*\)".*/\1/p' + challenge_uris[${idx}]=https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 + keyauth=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI + case "${CHALLENGETYPE}" in ++ printf %s TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI ++ openssl dgst -sha256 -binary ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: + keyauth_hook=ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE + keyauths[${idx}]=TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI + deploy_args[${idx}]='domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE' + idx=1 + for authorization in ${authorizations[*]} + [[ 2 -eq 2 ]] ++ clean_json ++ tr -d '\r\n' +++ echo https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc ++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g' ++ [[ Linux = \L\i\n\u\x ]] +++ _sed -e 's/\"(.*)".*/\1/' ++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g' +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's/\"(.*)".*/\1/' ++ http_request get https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-FStchJ +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-dTdRNh ++ [[ -n '' ]] ++ set +e ++ [[ get = \h\e\a\d ]] ++ [[ get = \g\e\t ]] +++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-FStchJ -D /tmp/dehydrated-dTdRNh https://acme-v02.api.letsencrypt.org/acme/authz/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc ++ statuscode=200 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ cat /tmp/dehydrated-FStchJ ++ rm -f /tmp/dehydrated-FStchJ ++ rm -f /tmp/dehydrated-dTdRNh + response='{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}' ++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}' ++ get_json_dict_value identifier ++ local filter ++ get_json_string_value value ++ local filter +++ printf 's/.*"%s": *{\([^}]*\)}.*/\\1/p' identifier +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' value ++ filter='s/.*"identifier": *{\([^}]*\)}.*/\1/p' ++ sed -n 's/.*"identifier": *{\([^}]*\)}.*/\1/p' ++ filter='s/.*"value": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"value": *"\([^"]*\)".*/\1/p' + identifier=domain.info + echo ' + Handling authorization for domain.info' + Handling authorization for domain.info ++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}' ++ _sed 's/"challenges": \[\{.*\}\]//' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/"challenges": \[\{.*\}\]//' ++ get_json_string_value status ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status ++ filter='s/.*"status": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p' + '[' pending = valid ']' ++ echo '{"identifier": {"type": "dns", "value": "domain.info"}, "status": "pending", "expires": "2018-10-11T06:49:13Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}], "wildcard": true}' ++ _sed 's/.*"challenges": \[(\{.*\})\].*/\1/' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/.*"challenges": \[(\{.*\})\].*/\1/' + challenges='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}' ++ _sed -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\ \2/g' ++ grep '"dns-01"' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/^[^\[]+\[(.+)\]$/\1/' -e 's/\}(, (\{)|(\]))/}\ \2/g' + challenge='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}' + '[' -z '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}' ']' + challenge_names[${idx}]=domain.info ++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}' ++ get_json_string_value token ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' token ++ filter='s/.*"token": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"token": *"\([^"]*\)".*/\1/p' + challenge_tokens[${idx}]=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo + [[ 2 -eq 2 ]] ++ echo '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997", "token": "uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo"}' ++ _sed 's/"validationRecord": ?\[[^]]+\]//g' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r 's/"validationRecord": ?\[[^]]+\]//g' ++ get_json_string_value url ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' url ++ filter='s/.*"url": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"url": *"\([^"]*\)".*/\1/p' + challenge_uris[${idx}]=https://acme-v02.api.letsencrypt.org/acme/challenge/7MtDI-C1GdEnJoTnGXpSH6or9ktaDqo_lWEwVPoa2Rc/7933174997 + keyauth=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI + case "${CHALLENGETYPE}" in ++ printf %s uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI ++ openssl dgst -sha256 -binary ++ urlbase64 ++ openssl base64 -e ++ tr -d '\n\r' ++ _sed -e 's:=*$::g' -e y:+/:-_: ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's:=*$::g' -e y:+/:-_: + keyauth_hook=nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs + keyauths[${idx}]=uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI + deploy_args[${idx}]='domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs' + idx=2 + local num_pending_challenges=2 + echo ' + 2 pending challenge(s)' + 2 pending challenge(s) + [[ 2 -ne 0 ]] + echo ' + Deploying challenge tokens...' + Deploying challenge tokens... + [[ -n /opt/dehydrated/hook.sh ]] + [[ no = \y\e\s ]] + [[ -n /opt/dehydrated/hook.sh ]] + local idx=0 + '[' 0 -lt 2 ']' + /opt/dehydrated/hook.sh deploy_challenge domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE + idx=1 + '[' 1 -lt 2 ']' + /opt/dehydrated/hook.sh deploy_challenge domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs + idx=2 + '[' 2 -lt 2 ']' + local idx=0 + '[' 0 -lt 2 ']' + echo ' + Responding to challenge for domain.info authorization...' + Responding to challenge for domain.info authorization... + [[ 2 -eq 1 ]] ++ signed_request https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 '{"keyAuthorization": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI"}' ++ clean_json ++ tr -d '\r\n' ++ _sed -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g' +++ printf %s '{"keyAuthorization": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc.VXESrd5m4rm2wgbUmDI4cr1fyUE7-DTX5gi2StpxhgI"}' ++ [[ Linux = \L\i\n\u\x ]] ++ sed -r -e 's/ +/ /g' -e 's/\{ /{/g' -e 's/ \}/}/g' -e 's/\[ /[/g' -e 's/ \]/]/g' +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ payload64=eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9 ++ [[ 2 -eq 1 ]] +++ grep -i '^Replay-Nonce:' +++ tr -d '\n\r' +++ http_request head https://acme-v02.api.letsencrypt.org/acme/new-nonce ++++ _mktemp ++++ mktemp /tmp/dehydrated-XXXXXX +++ awk -F ': ' '{print $2}' +++ tempcont=/tmp/dehydrated-NWOJLR ++++ _mktemp ++++ mktemp /tmp/dehydrated-XXXXXX +++ tempheaders=/tmp/dehydrated-0WoWI3 +++ [[ -n '' ]] +++ set +e +++ [[ head = \h\e\a\d ]] ++++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-NWOJLR https://acme-v02.api.letsencrypt.org/acme/new-nonce -I +++ statuscode=204 +++ touch /tmp/dehydrated-0WoWI3 +++ curlret=0 +++ set -e +++ [[ ! 0 = \0 ]] +++ [[ ! 2 = \2 ]] +++ cat /tmp/dehydrated-NWOJLR +++ rm -f /tmp/dehydrated-NWOJLR +++ rm -f /tmp/dehydrated-0WoWI3 ++ nonce=Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA ++ header='{"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0luVIUjtsSJdQggopGB8rI9ewOVEl_8_XtO0DBERn3Fnlsfqg8jg-9Vz5COruax_ARTCyuygA2AQksSbyPL5AcwA3PWOxtgO-r5f9h5J1mmohXuXa8I4UPYFJgCNrFgYycqKPpj2_WVMjG0JAxY9_-cvsbvr0vMO5BD_Vzk7xUfY6SWLkmI-hof3rQYVqI8t0Ob3LVUmVxSvF9qGwZdlgWxx526WfHlM3-Fl2IDoOQC2Yw1JhGEas05j3ikv3EfgFduPLd6bhXuVLuy86vXIKCr0feRaKZu57zZ5P8wQMsLCR3BBSuAhq89ERQSEFExqrOWW97bUYVfvdypum3PDLyRUsuIA0C_NLFitQ-m3d2wxnyYpi1_hJr7nnAfKX5fFv0YHJPX57S81MvGVws47PO026LAYekR_1pij2GBzZLyjDgXtLrRWRvwvVf-TU8YJWIethCt1O4OKYl_dgpgTWcHXW188qpesq-0a80IkBobuZ2ETvV5vh1vsmcHIKVKrkhAf4Rxw_PvoBR8dlY2k3x-N2AJX5tL4MPgcitevIFL_J6iCEGEHvqLGNy6kbvzzYI2UoL-XQkdu5PL74kjxZbckjCeQfrfBsujD0UUXCaRhm0hxZvXxW-Ig9H2rGjdHmLhKJQhvw8V3l81k4xWY4Ts8xEui8EjFdG7H8IhIKsM"}}' ++ [[ 2 -eq 1 ]] ++ [[ -n https://acme-v02.api.letsencrypt.org/acme/acct/4935574 ]] ++ protected='{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "nonce": "Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA"}' +++ printf %s '{"alg": "RS256", "kid": "https://acme-v02.api.letsencrypt.org/acme/acct/4935574", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "nonce": "Njl3p0w_Lfd6Dvxe_CsegPxcJYLadcRuwNgAuEeZtZA"}' +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ protected64=eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0 +++ printf %s eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0.eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9 +++ openssl dgst -sha256 -sign /opt/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo/account_key.pem +++ urlbase64 +++ openssl base64 -e +++ tr -d '\n\r' +++ _sed -e 's:=*$::g' -e y:+/:-_: +++ [[ Linux = \L\i\n\u\x ]] +++ sed -r -e 's:=*$::g' -e y:+/:-_: ++ signed64=FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc ++ [[ 2 -eq 1 ]] ++ data='{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}' ++ http_request post https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}' +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-pT5sN5 +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-knMqWY ++ [[ -n '' ]] ++ set +e ++ [[ post = \h\e\a\d ]] ++ [[ post = \g\e\t ]] ++ [[ post = \p\o\s\t ]] +++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -s -w '%{http_code}' -o /tmp/dehydrated-pT5sN5 https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 -D /tmp/dehydrated-knMqWY -H 'Content-Type: application/jose+json' -d '{"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNDkzNTU3NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL05LUE1uV2d2Skw0aHdTQ0RDczUya3QtTnAzdmt3TjNTREZIVFB1SWJoUFEvNzkzMzEyMzgwMCIsICJub25jZSI6ICJOamwzcDB3X0xmZDZEdnhlX0NzZWdQeGNKWUxhZGNSdXdOZ0F1RWVadFpBIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlRJS0ZjU1RhMDR6Nmc2bzZKUkFZZGp2MnpyQUNVSktuZmxhRDlOc0k4VWMuVlhFU3JkNW00cm0yd2diVW1ESTRjcjFmeVVFNy1EVFg1Z2kyU3RweGhnSSJ9", "signature": "FY72qgyp1TO_aOl8mbkoYSJ8vjEqj6Sk9CCiEaLXzE1Mv_w5huhAJ8-wnFec94ImKBxqfq85uDOnwAs_OxewGVWoB_RZpFmAoGXyFf61tOPCEK3tcJ8kxNdlGQsSLAvTxw4dLEXMmXddV-saulvggj6MnXODjP821icDcrO2fDCB9-lgnkbscOTeYYttMvV3X8GIJnzXN1q7L0yoUuqJoXLpzyQFu42zPRGXLz4GsNLG-zIBbGuuJUBJNKoSRXxWyFzAux26UsTiRYTP45lnXrGM1bn79i66pb7lEEyzGoqaEdDcQUWp7Yp_YT7rMgOXuKs7FS1XFBcP-_2P1kVysL15gNgeOnBmhB6F4kV6TnOlFCpjkLNVqzupt1TEIuwEdwFr2JCyygQOVyd_JQRX7G13HORl7rANXc2XXiwgWLdHBT2HJJnGc_dqEsIrj8D_z22BHBMcKnui68jt-VhnQUpQZqZwqjRHoyorhDv222RlIdOdoJfMyjebD1whq_NUXnwtDy-77Ikl1e3Sh68tEZgniYjgNy8LH_JQqpDZMOb4E0spzn7kgAUa_OsXIl0JJViCoJ-OdG4Dw20t_-MptSHSEIDG1XXaBz08-5Mh2b9IOntRqmvofNn5Hs2XqUzi8s0G-KDwmxgXtWFEHeGQMFAtejsgXAomcF0T8MegIzc"}' ++ statuscode=200 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ cat /tmp/dehydrated-pT5sN5 ++ rm -f /tmp/dehydrated-pT5sN5 ++ rm -f /tmp/dehydrated-knMqWY + result='{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}' ++ printf '%s\n' '{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc"}' ++ get_json_string_value status ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status ++ filter='s/.*"status": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p' + reqstatus=pending + [[ pending = \p\e\n\d\i\n\g ]] + sleep 1 ++ http_request get https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempcont=/tmp/dehydrated-ZoElTz +++ _mktemp +++ mktemp /tmp/dehydrated-XXXXXX ++ tempheaders=/tmp/dehydrated-WrCSkv ++ [[ -n '' ]] ++ set +e ++ [[ get = \h\e\a\d ]] ++ [[ get = \g\e\t ]] +++ curl -A 'dehydrated/git-master-after-0.6.2 curl/7.61.1' -L -s -w '%{http_code}' -o /tmp/dehydrated-ZoElTz -D /tmp/dehydrated-WrCSkv https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800 ++ statuscode=200 ++ curlret=0 ++ set -e ++ [[ ! 0 = \0 ]] ++ [[ ! 2 = \2 ]] ++ cat /tmp/dehydrated-ZoElTz ++ rm -f /tmp/dehydrated-ZoElTz ++ rm -f /tmp/dehydrated-WrCSkv + result='{ "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc" }' ++ printf '%s\n' '{ "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc" }' ++ get_json_string_value status ++ local filter +++ printf 's/.*"%s": *"\([^"]*\)".*/\\1/p' status ++ filter='s/.*"status": *"\([^"]*\)".*/\1/p' ++ sed -n 's/.*"status": *"\([^"]*\)".*/\1/p' + reqstatus=invalid + [[ invalid = \p\e\n\d\i\n\g ]] + [[ dns-01 = \h\t\t\p\-\0\1 ]] + [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]] + [[ invalid = \v\a\l\i\d ]] + [[ -n /opt/dehydrated/hook.sh ]] + /opt/dehydrated/hook.sh invalid_challenge '*.domain.info' '{ "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc" }' + break + [[ 2 -ne 0 ]] + echo ' + Cleaning challenge tokens...' + Cleaning challenge tokens... + [[ -n /opt/dehydrated/hook.sh ]] + [[ no = \y\e\s ]] + local idx=0 + '[' 0 -lt 2 ']' + [[ dns-01 = \h\t\t\p\-\0\1 ]] + [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]] + [[ -n /opt/dehydrated/hook.sh ]] + [[ no != \y\e\s ]] + /opt/dehydrated/hook.sh clean_challenge domain.info TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc ZHMI1Azupu26hykLoEyWEXvhz3MYb5FWErtSgx-wLXE + idx=1 + '[' 1 -lt 2 ']' + [[ dns-01 = \h\t\t\p\-\0\1 ]] + [[ dns-01 = \t\l\s\-\a\l\p\n\-\0\1 ]] + [[ -n /opt/dehydrated/hook.sh ]] + [[ no != \y\e\s ]] + /opt/dehydrated/hook.sh clean_challenge domain.info uOzXUvwoop3tzQxm66EEQY2l_W8SGs0sihmk-NccFJo nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs + idx=2 + '[' 2 -lt 2 ']' + [[ invalid != \v\a\l\i\d ]] + echo ' + Challenge validation has failed :(' + Challenge validation has failed :( + _exiterr 'Challenge is invalid! (returned: invalid) (result: { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc" })' + echo 'ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc" })' ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "dns-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Incorrect TXT record \"nM3WCJDa3Ta6kEBwEDt3MvCSQTOqbjnPfyeee8lusUs\" found at _acme-challenge.domain.info", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/NKPMnWgvJL4hwSCDCs52kt-Np3vkwN3SDFHTPuIbhPQ/7933123800", "token": "TIKFcSTa04z6g6o6JRAYdjv2zrACUJKnflaD9NsI8Uc" }) + exit 1 + remove_lock + rm -f /opt/dehydrated/lock ```
adam closed this issue 2025-12-29 01:24:11 +01:00
adam commented 2025-12-29 01:24:12 +01:00
Author
Owner
Copy Link

@TB1234 commented on GitHub (Oct 4, 2018):

I fixed the problem by myself. You need multiple TXT records for the domain. Then this worked. So I modified my script not do delete the old tokens until the cleanup is called...

@TB1234 commented on GitHub (Oct 4, 2018): I fixed the problem by myself. You need multiple TXT records for the domain. Then this worked. So I modified my script not do delete the old tokens until the cleanup is called...
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#383
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?