diff --git a/How-to-debug-acme.sh.md b/How-to-debug-acme.sh.md index 4f51091..9f49a71 100644 --- a/How-to-debug-acme.sh.md +++ b/How-to-debug-acme.sh.md @@ -11,4 +11,31 @@ To output more detailed info: ``` acme.sh --issue .......... --debug 2 -``` \ No newline at end of file +``` + +### Common Root Cause of issue: +#### Port 80 is blocked +If your ISP blocks port 80, any webroot based authentication will fail +You can test this by running this command: curl -IkL -m20 http:// from OUTSIDE your local network. + +### Common Errors using DNS API: +#### Mistake 1: Clumsy fingers - newline in ~/.acme.sh/account.conf +If you type in the api key or private key and accidentally put in a newline or a typo, check and ensure the keys look right in ~/.acme.sh/account.conf + +#### I still see my old keys (when moving from letsencrypt bot to .acme.sh) +Needed step - point nginx configuration to new acme based keys +If you still see the old keys being used, even after finally getting the dns based authentication to work. +You may need to comment out the previous keys from the letsencrypt bot, and point to the new folder: + +> `# RSA certificate` +> +> #ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot +> +> #ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot +> +> ssl_certificate /.acme.sh//fullchain.cer; +> +> ssl_certificate_key /.acme.sh//.key; + +#### Do I need to include the webroot `-w ` for DNS? +No! You'll end up back failing the port 80 access to your webroot folder if that was your issue. \ No newline at end of file