deploy-hook fritzbox Fritz!Box 7590 with Fritz!OS 7.57 Upload failed

[mfeske]

Steps to reproduce

Hello everyone,
The creation of the certificate is successful, but the import into the Fritz!Box 7590 with Fritz!OS 7.57 fails.

I created a user LetsEncrypt and the password has no special characters. I can also log in with the user from the Internet via the Fritz interface (I have released everything for the user).
According to the Fritz!Box event log, the user LetsEncrypt also logs in, which also comes from the web server IP where the script is running.
The correct data is stored in the config file of the certificate. When I use --output-insecure, the correct data is also contained there, but appears in the output

[Wed Oct 4 08:53:29 AM CEST 2023] _ret='56'
[Wed Oct 4 08:53:29 AM CEST 2023] Upload failed
[Wed Oct 4 08:53:29 AM CEST 2023] Error deploy for domain:mydomain
[Wed Oct 4 08:53:29 AM CEST 2023] Deploy error.

There is also the message:

[Wed Oct 4 08:53:28 AM CEST 2023] _CURL='curl --silent --dump-header /homepages/u65700/letsencrypt/data/http.header -L --trace-ascii /tmp/tmp.s2tTaHU8Rd -g --insecure '
[Wed Oct 4 08:53:29 AM CEST 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 56

Debug log

see attachment
acme_home_deploy_20231004_0854.log

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[mfeske]

was uptodate, log with --debug 2 is in attachment of the post.
acme.sh --upgrade
[Wed Oct 4 10:21:23 AM CEST 2023] Already uptodate!
[Wed Oct 4 10:21:23 AM CEST 2023] Upgrade success!

[Radiotic]

Same issue here with Fritz Box 7580 on FRITZ!OS: 07.30

[berndy2001]

same on 7590 Firmware 07.57

root@cAcme:~# acme.sh --deploy -d *.domain.com --deploy-hook fritzbox --debug 2
[Fri Nov 10 20:17:50 UTC 2023] Lets find script dir.
[Fri Nov 10 20:17:50 UTC 2023] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Nov 10 20:17:50 UTC 2023] _script='/root/.acme.sh/acme.sh'
[Fri Nov 10 20:17:50 UTC 2023] _script_home='/root/.acme.sh'
[Fri Nov 10 20:17:50 UTC 2023] Using config home:/root/.acme.sh
[Fri Nov 10 20:17:50 UTC 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.7
[Fri Nov 10 20:17:50 UTC 2023] Running cmd: deploy
[Fri Nov 10 20:17:50 UTC 2023] Using config home:/root/.acme.sh
[Fri Nov 10 20:17:50 UTC 2023] default_acme_server
[Fri Nov 10 20:17:50 UTC 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Nov 10 20:17:50 UTC 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri Nov 10 20:17:50 UTC 2023] _ACME_SERVER_PATH='v2/DV90'
[Fri Nov 10 20:17:50 UTC 2023] The domain '*.domain.com' seems to have a ECC cert already, lets use ecc cert.
[Fri Nov 10 20:17:50 UTC 2023] DOMAIN_PATH='/root/.acme.sh/*.domain.com_ecc'
[Fri Nov 10 20:17:50 UTC 2023] DOMAIN_CONF='/root/.acme.sh/*.domain.com_ecc/*.domain.com.conf'
[Fri Nov 10 20:17:50 UTC 2023] _deployApi='/root/.acme.sh/deploy/fritzbox.sh'
[Fri Nov 10 20:17:50 UTC 2023] _cdomain='*.domain.com'
[Fri Nov 10 20:17:50 UTC 2023] _ckey='/root/.acme.sh/*.domain.com_ecc/*.domain.com.key'
[Fri Nov 10 20:17:50 UTC 2023] _ccert='/root/.acme.sh/*.domain.com_ecc/*.domain.com.cer'
[Fri Nov 10 20:17:51 UTC 2023] _cca='/root/.acme.sh/*.domain.com_ecc/ca.cer'
[Fri Nov 10 20:17:51 UTC 2023] _cfullchain='/root/.acme.sh/*.domain.com_ecc/fullchain.cer'
[Fri Nov 10 20:17:51 UTC 2023] DEPLOY_FRITZBOX_URL='https://192.168.1.1'
[Fri Nov 10 20:17:51 UTC 2023] DEPLOY_FRITZBOX_USERNAME='admin'
[Fri Nov 10 20:17:51 UTC 2023] DEPLOY_FRITZBOX_PASSWORD='[hidden](please add '--output-insecure' to see this value)'
[Fri Nov 10 20:17:51 UTC 2023] Log in to the FRITZ!Box
[Fri Nov 10 20:17:51 UTC 2023] GET
[Fri Nov 10 20:17:51 UTC 2023] url='https://192.168.1.1/login_sid.lua'
[Fri Nov 10 20:17:51 UTC 2023] timeout=
[Fri Nov 10 20:17:51 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.e1ElGbjfXF  -g  --insecure  '
[Fri Nov 10 20:17:52 UTC 2023] ret='0'
[Fri Nov 10 20:17:52 UTC 2023] GET
[Fri Nov 10 20:17:52 UTC 2023] url='https://192.168.1.1/login_sid.lua?sid=0000000000000000&username=admin&response=6140341e-040d0c8857f230a93f82859fec406e89'
[Fri Nov 10 20:17:52 UTC 2023] timeout=
[Fri Nov 10 20:17:52 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.4XijmRIoYt  -g  --insecure  '
[Fri Nov 10 20:17:54 UTC 2023] ret='0'
[Fri Nov 10 20:17:54 UTC 2023] Generate form POST request
[Fri Nov 10 20:17:54 UTC 2023] Upload certificate to the FRITZ!Box
[Fri Nov 10 20:17:54 UTC 2023] POST
[Fri Nov 10 20:17:54 UTC 2023] _post_url='https://192.168.1.1/cgi-bin/firmwarecfg'
[Fri Nov 10 20:17:54 UTC 2023] body='-----------------------------20231110201754
Content-Disposition: form-data; name="sid"

b1aa8b6e181b5a5f
-----------------------------20231110201754
Content-Disposition: form-data; name="BoxCertPassword"


-----------------------------20231110201754
Content-Disposition: form-data; name="BoxCertImportFile"; filename="BoxCert.pem"
Content-Type: application/octet-stream

-----BEGIN EC PRIVATE KEY-----
(removed)
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(removed)
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
(removed)
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
(removed)
-----END CERTIFICATE-----

-----------------------------20231110201754--'
[Fri Nov 10 20:17:54 UTC 2023] _postContentType
[Fri Nov 10 20:17:54 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.XcWhL8suvl  -g  --insecure  '
[Fri Nov 10 20:17:55 UTC 2023] _ret='0'
[Fri Nov 10 20:17:55 UTC 2023] Upload failed
[Fri Nov 10 20:17:55 UTC 2023] Error deploy for domain:*.domain.com
[Fri Nov 10 20:17:55 UTC 2023] Deploy error.

[berndy2001]

I would like to solve:
fritzbox wants to have an rsa certificate, but the default is apparently now ec-256. therefore simply add --keylength 4096 (or 2048 which was default) and optionally --force and it will work.

#2350