Hello,
Sorry if I am posting to the wrong list. I am under the impression this
could be
submitted either to bugs or tech.
I have a couple 7.4 servers that I use acme-client to get letsencrypt certs.
I copied /etc/examples/acme-client.conf and added my domain block
domain example.com {
alternative names { foo.example.com bar.example.com }
domain key "/etc/ssl/private/example.com.key"
domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
sign with letsencrypt
}
I noticed when my cronjob (as root) `acme-client example.com` runs with
a space
separated alternative names list, acme-client bombs out and I get an email
with these error messages:
acme-client: https://acme-v02.api.letsencrypt.org/acme/new-nonce: no
replay nonce
acme-client:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/190218442267: bad comm
If I run `acme-client example.com` from a shell, it has no issues.
Additionally, if I make the alternative names list comma-separated, it works
just fine both via cron and shell. My httpd.conf:
server "example.com" {
alias baz.example.com
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "/*" {
root "/htdocs"
directory auto index
}
}
types {
include "/usr/share/misc/mime.types"
}
(un)fortunately, when I comma-separated the list I got new certificates
so I can't test
again until a renewal on these servers. Since it is having a different
behavior, in case
it is a PATH issue, here are the environment variables in my crontab:
SHELL=/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
And root user's PATH
/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin
Courtney
