From 69e0489befdb67c8dddbe9902e160d58dde826f4 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 25 Jan 2019 14:29:52 +0800 Subject: [PATCH] Revert "Destroyed How to debug acme.sh (markdown)" This reverts commit ec2ac50efae60a19b39a5994ec5ee295888a22cc. --- How-to-debug-acme.sh.md | 43 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 How-to-debug-acme.sh.md diff --git a/How-to-debug-acme.sh.md b/How-to-debug-acme.sh.md new file mode 100644 index 0000000..52797a9 --- /dev/null +++ b/How-to-debug-acme.sh.md @@ -0,0 +1,43 @@ +Use `--debug` parameter to output detailed debug info. + +For example: + +``` +acme.sh --issue ......... --debug +``` + + +To output more detailed info: + +``` +acme.sh --issue .......... --debug 2 +``` + +### Common Root Cause of issue: +#### Port 80 is blocked +If your ISP blocks port 80, any webroot based authentication will fail +You can test this by running this command from OUTSIDE your local network. + +`curl -IkL -m20 http://[your domain]` + +### Common Errors using DNS API: +#### Mistake 1: Clumsy fingers - newline in `~/.acme.sh/account.conf` +If you type in the api key or private key and accidentally put in a newline or a typo, check and ensure the keys look right in `~/.acme.sh/account.conf` + +#### I still see my old keys (when moving from letsencrypt bot to .acme.sh) +Needed step - point nginx configuration to new acme based keys +If you still see the old keys being used, even after finally getting the dns based authentication to work. +You may need to comment out the previous keys from the letsencrypt bot, and point to the new folder: + +> `# RSA certificate` +> +> #ssl_certificate /etc/letsencrypt/live/[your domain]/fullchain.pem; # managed by Certbot +> +> #ssl_certificate_key /etc/letsencrypt/live/[your domain]/privkey.pem; # managed by Certbot +> +> ssl_certificate [your home directory]/.acme.sh/[your domain]/fullchain.cer; +> +> ssl_certificate_key [your home directory]/.acme.sh//[your domain].key; + +#### Do I need to include the webroot `-w [your webroot]` for DNS? +No! You'll end up back failing the port 80 access to your webroot folder if that was your issue. \ No newline at end of file