You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue a certificate (using the new default ecc #2350 ) which issues the certificates into a directory with _ecc-suffix,
Run SSH deploy hook like this: ~/.acme.sh/acme.sh --deploy -d "*.example.com" --deploy-hook ssh --debug 2
For newly issued certificates, the deploy hook fails, because it uses the directory without the _ecc-suffix. See DOMAIN_PATH below.
If you already had a certificate issued before ecc became the default, the deploy hook doesn't fail but keeps deploying the old certificates that aren't valid anymore.
Debug log
https://github.com/acmesh-official/acme.sh
v3.0.6
[Mon Mar 13 17:46:58 CET 2023] Running cmd: deploy
[Mon Mar 13 17:46:58 CET 2023] Using config home:/root/.acme.sh
[Mon Mar 13 17:46:58 CET 2023] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 13 17:46:58 CET 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 13 17:46:58 CET 2023] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Mon Mar 13 17:46:58 CET 2023] _ACME_SERVER_PATH='directory'
[Mon Mar 13 17:46:58 CET 2023] DOMAIN_PATH='/root/.acme.sh/*.example.com'
[Mon Mar 13 17:46:58 CET 2023] _deployApi='/root/.acme.sh/deploy/ssh.sh'
[Mon Mar 13 17:46:58 CET 2023] _cdomain='*.example.com'
[Mon Mar 13 17:46:58 CET 2023] _ckey='/root/.acme.sh/*.example.com/*.example.com.key'
[Mon Mar 13 17:46:58 CET 2023] _ccert='/root/.acme.sh/*.example.com/*.example.com.cer'
[Mon Mar 13 17:46:58 CET 2023] _cca='/root/.acme.sh/*.example.com/ca.cer'
[Mon Mar 13 17:46:58 CET 2023] _cfullchain='/root/.acme.sh/*.example.com/fullchain.cer'
As a workaround, adding --keylength 2048 when issuing the certificate helps.
See #4480 and #4416
The text was updated successfully, but these errors were encountered:
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
refs acmesh-official/acme.sh#4552
- there was a change in the acme.sh script which changed the default
certificate type
- unfortunately this has led to breaking the SSL creation process
because the wrong path is used
- from the referenced issue, this is a workaround that fixes the problem
for now
Steps to reproduce
Issue a certificate (using the new default ecc #2350 ) which issues the certificates into a directory with
_ecc
-suffix,Run SSH deploy hook like this:
~/.acme.sh/acme.sh --deploy -d "*.example.com" --deploy-hook ssh --debug 2
For newly issued certificates, the deploy hook fails, because it uses the directory without the
_ecc
-suffix. SeeDOMAIN_PATH
below.If you already had a certificate issued before
ecc
became the default, the deploy hook doesn't fail but keeps deploying the old certificates that aren't valid anymore.Debug log
As a workaround, adding
--keylength 2048
when issuing the certificate helps.See #4480 and #4416
The text was updated successfully, but these errors were encountered: