Skip to content

How to debug acme.sh

Jump to bottom Edit New page
Kelton Temby edited this page Dec 20, 2018 · 7 revisions

Use --debug parameter to output detailed debug info.

For example:

acme.sh  --issue  .........   --debug

To output more detailed info:

acme.sh  --issue  ..........    --debug 2

Common Root Cause of issue:

Port 80 is blocked

If your ISP blocks port 80, any webroot based authentication will fail You can test this by running this command from OUTSIDE your local network.

curl -IkL -m20 http://[your domain]

Common Errors using DNS API:

Mistake 1: Clumsy fingers - newline in ~/.acme.sh/account.conf

If you type in the api key or private key and accidentally put in a newline or a typo, check and ensure the keys look right in ~/.acme.sh/account.conf

I still see my old keys (when moving from letsencrypt bot to .acme.sh)

Needed step - point nginx configuration to new acme based keys If you still see the old keys being used, even after finally getting the dns based authentication to work. You may need to comment out the previous keys from the letsencrypt bot, and point to the new folder:

# RSA certificate

#ssl_certificate /etc/letsencrypt/live/[your domain]/fullchain.pem; # managed by Certbot

#ssl_certificate_key /etc/letsencrypt/live/[your domain]/privkey.pem; # managed by Certbot

ssl_certificate [your home directory]/.acme.sh/[your domain]/fullchain.cer;

ssl_certificate_key [your home directory]/.acme.sh//[your domain].key;

Do I need to include the webroot -w [your webroot] for DNS?

No! You'll end up back failing the port 80 access to your webroot folder if that was your issue.

Buy me a beer, Donate to acme.sh if it saves your time. Your donation makes acme.sh better: https://donate.acme.sh/

如果 acme.sh 帮你节省了时间,请考虑赏我一杯啤酒🍺, 捐助: https://donate.acme.sh/ 你的支持将会使得 acme.sh 越来越好. 感谢

Add a custom sidebar
Clone this wiki locally