Error during challenge, nonce not found. #1367

MauriceMossIT · 2023-04-28T19:52:02Z

MauriceMossIT
Apr 28, 2023

Hello,
I have a Step-CA server that I am able to use with a linux machine in standalone mode and enroll/renew without issue. However, I also have a load balancer that can respond to http-01 challenges to perform ACME. When using this load balancer my Step-CA server errors after the first enrollment or first renewal attempt. For example, if a cert renews successfully then tries to renew again later, I get an error. I also get this error if I try to enroll then renew, enroll succeeds then renew fails. Once I restart the Step-CA server, I can have 1 enrollment or 1 renewal succeed before further enrollments/renewals fail.

Server side error:

WARN[1371]                                               duration=144.611786ms duration-ns=144611786 error="nonce SHp6MmtoWmc4SDNLYVBWNkpQUjFJZjVlRWNTcjNwb00 not found" fields.time="2023-04-28T19:36:16Z" method=POST name=ca nonce=a1hyUE1FRFNHeklITm96bjVPejNEMTd2RXdqT1l0c2k path=/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0 protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch620c74b3p3d8hjq3l0 response="{\"type\":\"urn:ietf:params:acme:error:badNonce\",\"detail\":\"Unacceptable anti-replay nonce\"}" size=89 status=400 user-agent="A10 ACME client" user-id=

Client side error:

[Fri Apr 28 15:36:34 EDT 2023] Retrying post
[Fri Apr 28 15:36:34 EDT 2023] POST
[Fri Apr 28 15:36:34 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0'
[Fri Apr 28 15:36:34 EDT 2023] _CURL='curl --silent --dump-header /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header -k -L  -g '
[Fri Apr 28 15:36:35 EDT 2023] _ret='0'
[Fri Apr 28 15:36:35 EDT 2023] _hcode='0'
[Fri Apr 28 15:36:35 EDT 2023] code='400'
[Fri Apr 28 15:36:35 EDT 2023] test.com:Challenge error: {"type":"urn:ietf:params:acme:error:badNonce","detail":"Unacceptable anti-replay nonce"}
[Fri Apr 28 15:36:35 EDT 2023] Debugging, skip removing: /var/www/html/.well-known/acme-challenge/PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj
[Fri Apr 28 15:36:35 EDT 2023] pid
[Fri Apr 28 15:36:35 EDT 2023] No need to restore nginx, skip.
[Fri Apr 28 15:36:35 EDT 2023] _clearupdns
[Fri Apr 28 15:36:35 EDT 2023] dns_entries
[Fri Apr 28 15:36:35 EDT 2023] skip dns.

Does anyone have any idea why this issue might occur on the load balancer? If it is something with the nonce, is there a way to see that? Otherwise what else could I look at? A packet capture wasn't the most useful since most of the communication was encrypted. However, I do notice on successful runs the load balancer immediately responds to the first GET for the challenge with a 200 OK. On unsuccessful runs the load balancer doesn't respond to the first GET but does respond to a 2nd GET. I am unsure of why this occurs though.

Full server and client logs below. These logs were from a successful enrollment followed by the first renewal which failed.

Server

INFO[0027]                                               duration="434.111µs" duration-ns=434111 fields.time="2023-04-28T19:13:52Z" method=GET name=ca path=/acme/acme/directory protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch61ls74b3p3d8hjq3f0 response="{\"newNonce\":\"https://10.6.18.10:8443/acme/acme/new-nonce\",\"newAccount\":\"https://10.6.18.10:8443/acme/acme/new-account\",\"newOrder\":\"https://10.6.18.10:8443/acme/acme/new-order\",\"revokeCert\":\"https://10.6.18.10:8443/acme/acme/revoke-cert\",\"keyChange\":\"https://10.6.18.10:8443/acme/acme/key-change\"}" size=297 status=200 user-agent="acme.sh/3.0.1 (https://github.com/acmesh-official/acme.sh)" user-id=
INFO[0027]                                               duration=32.622557ms duration-ns=32622557 fields.time="2023-04-28T19:13:52Z" method=HEAD name=ca nonce=TUQ2amE3S0FNOGZtNlMxdUdTOE4waWtIc3B5YzJ0QU0 path=/acme/acme/new-nonce protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch61ls74b3p3d8hjq3fg size=0 status=200 user-agent="acme.sh/3.0.1 (https://github.com/acmesh-official/acme.sh)" user-id=
INFO[0028]                                               duration=371.081905ms duration-ns=371081905 fields.time="2023-04-28T19:13:53Z" method=POST name=ca nonce=VDVZZklsbEhZQVBpVDNPT2o2OUN3aUNvRUFMUnN2cUs path=/acme/acme/new-order protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch61lsf4b3p3d8hjq3g0 response="{\"id\":\"5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s\",\"status\":\"pending\",\"expires\":\"2023-04-29T19:13:53Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"test.com\"}],\"notBefore\":\"2023-04-28T19:12:53Z\",\"notAfter\":\"2023-04-29T19:13:53Z\",\"authorizations\":[\"https://10.6.18.10:8443/acme/acme/authz/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL\"],\"finalize\":\"https://10.6.18.10:8443/acme/acme/order/5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s/finalize\"}" size=402 status=201 user-agent="acme.sh/3.0.1 (https://github.com/acmesh-official/acme.sh)" user-id=
INFO[0028]                                               duration=78.057041ms duration-ns=78057041 fields.time="2023-04-28T19:13:53Z" method=POST name=ca nonce=MUpxRlF3YVd2dm1IZ0ZrSGhETEVJNnlkdEFMTHdtcXU path=/acme/acme/authz/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch61lsf4b3p3d8hjq3gg response="{\"identifier\":{\"type\":\"dns\",\"value\":\"test.com\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/ZSAEIwj5Ad3SizQtVl779KZss4q6R6vF\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/oTgLEp2Kbfu9Y5EGQBR7hnMgWPMn6fBJ\"}],\"wildcard\":false,\"expires\":\"2023-04-29T19:13:53Z\"}" size=733 status=200 user-agent="acme.sh/3.0.1 (https://github.com/acmesh-official/acme.sh)" user-id=
INFO[0028]                                               duration=105.945826ms duration-ns=105945826 fields.time="2023-04-28T19:13:54Z" method=POST name=ca nonce=RFByWGZubXFPN1FVdUpzamlsWEYwd1JScFM4NjJMbWE path=/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545 protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch61lsn4b3p3d8hjq3h0 response="{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC\",\"validated\":\"2023-04-28T19:13:54Z\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545\"}" size=232 status=200 user-agent="acme.sh/3.0.1 (https://github.com/acmesh-official/acme.sh)" user-id=
INFO[0029]                                               duration=340.966239ms duration-ns=340966239 fields.time="2023-04-28T19:13:54Z" method=POST name=ca nonce=SjlaU2tvUjFIUnQ2dWc4bUtkZmtRbThHZ3JXYXJZb0o path=/acme/acme/order/5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s/finalize protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch61lsn4b3p3d8hjq3hg response="{\"id\":\"5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s\",\"status\":\"valid\",\"expires\":\"2023-04-29T19:13:53Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"test.com\"}],\"notBefore\":\"2023-04-28T19:12:53Z\",\"notAfter\":\"2023-04-29T19:13:53Z\",\"authorizations\":[\"https://10.6.18.10:8443/acme/acme/authz/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL\"],\"finalize\":\"https://10.6.18.10:8443/acme/acme/order/5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s/finalize\",\"certificate\":\"https://10.6.18.10:8443/acme/acme/certificate/VboKmKXuXqqAdZvCiDV0URHLvLGy3EZA\"}" size=495 status=200 user-agent="acme.sh/3.0.1 (https://github.com/acmesh-official/acme.sh)" user-id=
INFO[0029]                                               certificate=MIIC0jCCAnegAwIBAgIQN595an8Pz6qwgP3049V41jAKBggqhkjOPQQDAjBOMR0wGwYDVQQKExRSZXNwZWN0TXlBdXRob3JpdGlnaDEtMCsGA1UEAxMkUmVzcGVjdE15QXV0aG9yaXRpZ2ggSW50ZXJtZWRpYXRlIENBMB4XDTIzMDQyODE5MTI1M1oXDTIzMDQyOTE5MTM1M1owEzERMA8GA1UEAxMIdGVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDllCDCUc77f4bOjnO22L8n2F/H5aQI7K+nqEGPY1MD8cUzQ2fYVJKook+zDoDmV6oLrMn9ij0YMtg7X8ohHxUywUOwE6K60wN6V6+03p/cnWs/9UpzYXz4qqAqIGrNYHUZ1aEOyaVyJWZ9snKf8IQf5KVE1UeRt1vEMe/MgycHpFZUX5MRKfYWHMEJtYPW+Q1BBzHca/AkB5ufxQoldoZEaNtOCajx5qWAIyOEiDqX/6waFqbnHycVsZsSEiGYDaN6Je8vVcQojgF468WiRb/EzmK0sLgTH6trhe/jBYwOxQHJadl+ytHr0KMKtPnjmfCWG2gvCaZrHGMX2EKgDwNAgMBAAGjgaYwgaMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUtbQjGi9yWFm2R7+8TJIQZ6kSiLUwHwYDVR0jBBgwFoAUIq0ALi3q+79aci/uZIUil/dxNlgwEwYDVR0RBAwwCoIIdGVzdC5jb20wHQYMKwYBBAGCpGTGKEABBA0wCwIBBgQEYWNtZQQAMAoGCCqGSM49BAMCA0kAMEYCIQCB8AZy/gW+W5U5cNYsPhxGJ88ssV8B708fmJUvGH3IowIhAMEPwOtolc0Zdnmrqj2Ce5bYL1otsHVyACQ973Tk6KeC duration=50.37199ms duration-ns=50371990 fields.time="2023-04-28T19:13:54Z" issuer="RespectMyAuthoritigh Intermediate CA" method=POST name=ca nonce=c0dLYnJFblhXNUJLYUZoTmswRG4zeFI5UEVSRmtpOEU path=/acme/acme/certificate/VboKmKXuXqqAdZvCiDV0URHLvLGy3EZA protocol=HTTP/1.1 provisioner=acme public-key="RSA 2048" referer= remote-address=10.6.18.5 request-id=ch61lsn4b3p3d8hjq3i0 serial=73935577577748389779918754053610633430 size=1783 status=200 subject=test.com user-agent="acme.sh/3.0.1 (https://github.com/acmesh-official/acme.sh)" user-id= valid-from="2023-04-28T19:12:53Z" valid-to="2023-04-29T19:13:53Z"
INFO[1338]                                               duration="245.445µs" duration-ns=245445 fields.time="2023-04-28T19:35:43Z" method=GET name=ca path=/acme/acme/directory protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch6203v4b3p3d8hjq3ig response="{\"newNonce\":\"https://10.6.18.10:8443/acme/acme/new-nonce\",\"newAccount\":\"https://10.6.18.10:8443/acme/acme/new-account\",\"newOrder\":\"https://10.6.18.10:8443/acme/acme/new-order\",\"revokeCert\":\"https://10.6.18.10:8443/acme/acme/revoke-cert\",\"keyChange\":\"https://10.6.18.10:8443/acme/acme/key-change\"}" size=297 status=200 user-agent="A10 ACME client" user-id=
INFO[1338]                                               duration=37.742297ms duration-ns=37742297 fields.time="2023-04-28T19:35:43Z" method=HEAD name=ca nonce=bzhYa1NLejMydEhPcktNM21KQUw3bklnQW5RU2JCYmQ path=/acme/acme/new-nonce protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch6203v4b3p3d8hjq3j0 size=0 status=200 user-agent="A10 ACME client" user-id=
INFO[1339]                                               duration=345.137006ms duration-ns=345137006 fields.time="2023-04-28T19:35:44Z" method=POST name=ca nonce=MVdTWktQbEczTzdWZEVZS0dMNUNuZll1YmdYNHVkQ2c path=/acme/acme/new-order protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch620474b3p3d8hjq3jg response="{\"id\":\"HOPJeLOb1d4qSnTPcbvhR45hexs77Gxg\",\"status\":\"pending\",\"expires\":\"2023-04-29T19:35:44Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"test.com\"}],\"notBefore\":\"2023-04-28T19:34:44Z\",\"notAfter\":\"2023-04-29T19:35:44Z\",\"authorizations\":[\"https://10.6.18.10:8443/acme/acme/authz/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p\"],\"finalize\":\"https://10.6.18.10:8443/acme/acme/order/HOPJeLOb1d4qSnTPcbvhR45hexs77Gxg/finalize\"}" size=402 status=201 user-agent="A10 ACME client" user-id=
INFO[1339]                                               duration=51.67783ms duration-ns=51677830 fields.time="2023-04-28T19:35:44Z" method=POST name=ca nonce=SHp6MmtoWmc4SDNLYVBWNkpQUjFJZjVlRWNTcjNwb00 path=/acme/acme/authz/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch620474b3p3d8hjq3k0 response="{\"identifier\":{\"type\":\"dns\",\"value\":\"test.com\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/4fiqyBM9SWnHXZdVETTWlVIsjlCd8SIh\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/rC3UNHECEANsWQglaexwf7ym2nBQc8ds\"}],\"wildcard\":false,\"expires\":\"2023-04-29T19:35:44Z\"}" size=733 status=200 user-agent="A10 ACME client" user-id=
INFO[1369]                                               duration=30.159312704s duration-ns=30159312704 fields.time="2023-04-28T19:35:45Z" method=POST name=ca nonce=bGszVTJQVkw3eDZsVmVoclkwek45M0pXcFJRZXliMXY path=/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0 protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch6204f4b3p3d8hjq3kg response="{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0\",\"error\":{\"type\":\"urn:ietf:params:acme:error:connection\",\"detail\":\"The server could not connect to validation target\"}}" size=317 status=200 user-agent="A10 ACME client" user-id=
WARN[1371]                                               duration=144.611786ms duration-ns=144611786 error="nonce SHp6MmtoWmc4SDNLYVBWNkpQUjFJZjVlRWNTcjNwb00 not found" fields.time="2023-04-28T19:36:16Z" method=POST name=ca nonce=a1hyUE1FRFNHeklITm96bjVPejNEMTd2RXdqT1l0c2k path=/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0 protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch620c74b3p3d8hjq3l0 response="{\"type\":\"urn:ietf:params:acme:error:badNonce\",\"detail\":\"Unacceptable anti-replay nonce\"}" size=89 status=400 user-agent="A10 ACME client" user-id=
INFO[1371]                                               duration=109.237189ms duration-ns=109237189 fields.time="2023-04-28T19:36:16Z" method=POST name=ca nonce=UTJKRjB6V2hpdlZoV2xIUHk1bGkxQUN5TmZjOFd1aEU path=/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0 protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch620c74b3p3d8hjq3lg response="{\"type\":\"http-01\",\"status\":\"valid\",\"token\":\"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj\",\"validated\":\"2023-04-28T19:36:16Z\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0\"}" size=232 status=200 user-agent="A10 ACME client" user-id=

Client

************************************ENROLLMENT**********************************************


Begin enrollment of certificate ACME on 28/04/2023 15:14:10
ACME production directory: https://10.6.18.10:8443/acme/acme/directory
ACME account path /a10data/acme/10.6.18.10:8443/[email protected]
ACME domain path is /a10data/acme/10.6.18.10:8443/[email protected]/ACME/"test.com"
received arguments /a10data/cert/ACME /a10data/key/ACME test.com https://10.6.18.10:8443/acme/acme/directory 0 0 2048 2 /a10data shared 0 1 0
No EAB credentials are set, continue to enroll/renew
Sending enrollment request
/a10/bin/acme.sh --issue --server https://10.6.18.10:8443/acme/acme/directory --accountemail [email protected] --ca-file /a10data/ca/tmp-acme/ACME --cert-file /a10data/cert/ACME --key-file /a10data/key/ACME --a10-send-challenge-token 0 --a10-partition shared --webroot /var/www/html --domain "test.com" --log-level 2 --debug --force
[Fri Apr 28 15:14:11 EDT 2023] Lets find script dir.
[Fri Apr 28 15:14:11 EDT 2023] _SCRIPT_='/a10/bin/acme.sh'
[Fri Apr 28 15:14:11 EDT 2023] _script='/a10/bin/acme.sh'
[Fri Apr 28 15:14:11 EDT 2023] _script_home='/a10/bin'
[Fri Apr 28 15:14:11 EDT 2023] Using default home:/.acme.sh
[Fri Apr 28 15:14:11 EDT 2023] Using config home:/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.1
[Fri Apr 28 15:14:11 EDT 2023] Using server: https://10.6.18.10:8443/acme/acme/directory
[Fri Apr 28 15:14:11 EDT 2023] Running cmd: issue
[Fri Apr 28 15:14:11 EDT 2023] _main_domain='test.com'
[Fri Apr 28 15:14:11 EDT 2023] _alt_domains='no'
[Fri Apr 28 15:14:11 EDT 2023] Using config home:/.acme.sh
[Fri Apr 28 15:14:11 EDT 2023] ACME_DIRECTORY='https://10.6.18.10:8443/acme/acme/directory'
[Fri Apr 28 15:14:11 EDT 2023] DOMAIN_PATH='/.acme.sh/test.com'
[Fri Apr 28 15:14:11 EDT 2023] Le_NextRenewTime='1687804864'
[Fri Apr 28 15:14:11 EDT 2023] Using ACME_DIRECTORY: https://10.6.18.10:8443/acme/acme/directory
[Fri Apr 28 15:14:11 EDT 2023] _init api for server: https://10.6.18.10:8443/acme/acme/directory
[Fri Apr 28 15:14:11 EDT 2023] Retrying GET
[Fri Apr 28 15:14:11 EDT 2023] GET
[Fri Apr 28 15:14:11 EDT 2023] url='https://10.6.18.10:8443/acme/acme/directory'
[Fri Apr 28 15:14:11 EDT 2023] timeout=
[Fri Apr 28 15:14:11 EDT 2023] displayError='1'
[Fri Apr 28 15:14:11 EDT 2023] _CURL='curl --silent --dump-header /.acme.sh/http.header -k -L  -g '
[Fri Apr 28 15:14:11 EDT 2023] ret='0'
[Fri Apr 28 15:14:11 EDT 2023] _hcode='0'
[Fri Apr 28 15:14:11 EDT 2023] ACME_KEY_CHANGE='https://10.6.18.10:8443/acme/acme/key-change'
[Fri Apr 28 15:14:11 EDT 2023] ACME_NEW_AUTHZ
[Fri Apr 28 15:14:11 EDT 2023] ACME_NEW_ORDER='https://10.6.18.10:8443/acme/acme/new-order'
[Fri Apr 28 15:14:11 EDT 2023] ACME_NEW_ACCOUNT='https://10.6.18.10:8443/acme/acme/new-account'
[Fri Apr 28 15:14:11 EDT 2023] ACME_REVOKE_CERT='https://10.6.18.10:8443/acme/acme/revoke-cert'
[Fri Apr 28 15:14:11 EDT 2023] ACME_AGREEMENT
[Fri Apr 28 15:14:11 EDT 2023] ACME_NEW_NONCE='https://10.6.18.10:8443/acme/acme/new-nonce'
[Fri Apr 28 15:14:11 EDT 2023] Using CA: https://10.6.18.10:8443/acme/acme/directory
[Fri Apr 28 15:14:11 EDT 2023] _on_before_issue
[Fri Apr 28 15:14:11 EDT 2023] _chk_main_domain='test.com'
[Fri Apr 28 15:14:11 EDT 2023] _chk_alt_domains
[Fri Apr 28 15:14:11 EDT 2023] Le_LocalAddress
[Fri Apr 28 15:14:11 EDT 2023] d='test.com'
[Fri Apr 28 15:14:11 EDT 2023] Check for domain='test.com'
[Fri Apr 28 15:14:11 EDT 2023] _currentRoot='/var/www/html'
[Fri Apr 28 15:14:11 EDT 2023] d
[Fri Apr 28 15:14:11 EDT 2023] _saved_account_key_hash is not changed, skip register account.
[Fri Apr 28 15:14:11 EDT 2023] Read key length:
[Fri Apr 28 15:14:11 EDT 2023] _createcsr
[Fri Apr 28 15:14:11 EDT 2023] Single domain='test.com'
[Fri Apr 28 15:14:11 EDT 2023] Getting domain auth token for each domain
[Fri Apr 28 15:14:11 EDT 2023] d
[Fri Apr 28 15:14:11 EDT 2023] url='https://10.6.18.10:8443/acme/acme/new-order'
[Fri Apr 28 15:14:11 EDT 2023] payload='{"identifiers": [{"type":"dns","value":"test.com"}]}'
[Fri Apr 28 15:14:11 EDT 2023] RSA key
[Fri Apr 28 15:14:11 EDT 2023] Retrying post
[Fri Apr 28 15:14:11 EDT 2023] HEAD
[Fri Apr 28 15:14:11 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/new-nonce'
[Fri Apr 28 15:14:11 EDT 2023] _CURL='curl --silent --dump-header /.acme.sh/http.header -k -L  -g  -I  '
[Fri Apr 28 15:14:11 EDT 2023] _ret='0'
[Fri Apr 28 15:14:11 EDT 2023] _hcode='0'
[Fri Apr 28 15:14:11 EDT 2023] Retrying post
[Fri Apr 28 15:14:11 EDT 2023] POST
[Fri Apr 28 15:14:11 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/new-order'
[Fri Apr 28 15:14:11 EDT 2023] _CURL='curl --silent --dump-header /.acme.sh/http.header -k -L  -g '
[Fri Apr 28 15:14:12 EDT 2023] _ret='0'
[Fri Apr 28 15:14:12 EDT 2023] _hcode='0'
[Fri Apr 28 15:14:12 EDT 2023] code='201'
[Fri Apr 28 15:14:12 EDT 2023] Le_LinkOrder='https://10.6.18.10:8443/acme/acme/order/5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s'
[Fri Apr 28 15:14:12 EDT 2023] Le_OrderFinalize='https://10.6.18.10:8443/acme/acme/order/5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s/finalize'
[Fri Apr 28 15:14:12 EDT 2023] url='https://10.6.18.10:8443/acme/acme/authz/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL'
[Fri Apr 28 15:14:12 EDT 2023] payload
[Fri Apr 28 15:14:12 EDT 2023] Retrying post
[Fri Apr 28 15:14:12 EDT 2023] POST
[Fri Apr 28 15:14:12 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/authz/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL'
[Fri Apr 28 15:14:12 EDT 2023] _CURL='curl --silent --dump-header /.acme.sh/http.header -k -L  -g '
[Fri Apr 28 15:14:12 EDT 2023] _ret='0'
[Fri Apr 28 15:14:12 EDT 2023] _hcode='0'
[Fri Apr 28 15:14:12 EDT 2023] code='200'
[Fri Apr 28 15:14:12 EDT 2023] d='test.com'
[Fri Apr 28 15:14:12 EDT 2023] Getting webroot for domain='test.com'
[Fri Apr 28 15:14:12 EDT 2023] _w='/var/www/html'
[Fri Apr 28 15:14:12 EDT 2023] _currentRoot='/var/www/html'
[Fri Apr 28 15:14:12 EDT 2023] entry='"type":"http-01","status":"pending","token":"MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC","url":"https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545"'
[Fri Apr 28 15:14:12 EDT 2023] token='MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC'
[Fri Apr 28 15:14:12 EDT 2023] uri='https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545'
[Fri Apr 28 15:14:12 EDT 2023] keyauthorization='MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC.x2nnx0x2t9vQjVUfPoBJgFN09Kn5cha9NPQ-c59Hh80'
[Fri Apr 28 15:14:12 EDT 2023] dvlist='test.com#MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC.x2nnx0x2t9vQjVUfPoBJgFN09Kn5cha9NPQ-c59Hh80#https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545#http-01#/var/www/html'
[Fri Apr 28 15:14:12 EDT 2023] d
[Fri Apr 28 15:14:12 EDT 2023] vlist='test.com#MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC.x2nnx0x2t9vQjVUfPoBJgFN09Kn5cha9NPQ-c59Hh80#https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545#http-01#/var/www/html,'
[Fri Apr 28 15:14:12 EDT 2023] d='test.com'
[Fri Apr 28 15:14:12 EDT 2023] ok, let's start to verify
[Fri Apr 28 15:14:12 EDT 2023] Verifying: test.com
[Fri Apr 28 15:14:12 EDT 2023] d='test.com'
[Fri Apr 28 15:14:12 EDT 2023] keyauthorization='MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC.x2nnx0x2t9vQjVUfPoBJgFN09Kn5cha9NPQ-c59Hh80'
[Fri Apr 28 15:14:12 EDT 2023] uri='https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545'
[Fri Apr 28 15:14:12 EDT 2023] _currentRoot='/var/www/html'
[Fri Apr 28 15:14:12 EDT 2023] wellknown_path='/var/www/html/.well-known/acme-challenge'
[Fri Apr 28 15:14:12 EDT 2023] sending token:MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC to a10lb(partition shared, vrid 0). The wellknown path is: <VIP>/.well-known/acme-challenge/MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC
[Fri Apr 28 15:14:12 EDT 2023] Changing owner/group of .well-known to root:root
[Fri Apr 28 15:14:12 EDT 2023] url='https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545'
[Fri Apr 28 15:14:12 EDT 2023] payload='{}'
[Fri Apr 28 15:14:12 EDT 2023] Retrying post
[Fri Apr 28 15:14:12 EDT 2023] POST
[Fri Apr 28 15:14:12 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/challenge/ct5XcX5i790Ilmz0dwyxJPR6wJTBvQkL/RUWzvLLx3qIlwFVbO8owu7e5Ffw8q545'
[Fri Apr 28 15:14:12 EDT 2023] _CURL='curl --silent --dump-header /.acme.sh/http.header -k -L  -g '
[Fri Apr 28 15:14:12 EDT 2023] _ret='0'
[Fri Apr 28 15:14:12 EDT 2023] _hcode='0'
[Fri Apr 28 15:14:12 EDT 2023] code='200'
[Fri Apr 28 15:14:12 EDT 2023] trigger validation code: 200
[Fri Apr 28 15:14:12 EDT 2023] Success
[Fri Apr 28 15:14:12 EDT 2023] pid
[Fri Apr 28 15:14:12 EDT 2023] Debugging, skip removing: /var/www/html/.well-known/acme-challenge/MJ6goXTrTwHJrpt66BqSkAUHt7MGiwdC
[Fri Apr 28 15:14:12 EDT 2023] pid
[Fri Apr 28 15:14:12 EDT 2023] No need to restore nginx, skip.
[Fri Apr 28 15:14:12 EDT 2023] _clearupdns
[Fri Apr 28 15:14:12 EDT 2023] dns_entries
[Fri Apr 28 15:14:12 EDT 2023] skip dns.
[Fri Apr 28 15:14:12 EDT 2023] Verify finished, start to sign.
[Fri Apr 28 15:14:12 EDT 2023] i='2'
[Fri Apr 28 15:14:12 EDT 2023] j='15'
[Fri Apr 28 15:14:12 EDT 2023] Lets finalize the order.
[Fri Apr 28 15:14:12 EDT 2023] Le_OrderFinalize='https://10.6.18.10:8443/acme/acme/order/5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s/finalize'
[Fri Apr 28 15:14:12 EDT 2023] url='https://10.6.18.10:8443/acme/acme/order/5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s/finalize'
[Fri Apr 28 15:14:12 EDT 2023] payload='{"csr": "MIICfjCCAWYCAQAwEzERMA8GA1UEAwwIdGVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDllCDCUc77f4bOjnO22L8n2F_H5aQI7K-nqEGPY1MD8cUzQ2fYVJKook-zDoDmV6oLrMn9ij0YMtg7X8ohHxUywUOwE6K60wN6V6-03p_cnWs_9UpzYXz4qqAqIGrNYHUZ1aEOyaVyJWZ9snKf8IQf5KVE1UeRt1vEMe_MgycHpFZUX5MRKfYWHMEJtYPW-Q1BBzHca_AkB5ufxQoldoZEaNtOCajx5qWAIyOEiDqX_6waFqbnHycVsZsSEiGYDaN6Je8vVcQojgF468WiRb_EzmK0sLgTH6trhe_jBYwOxQHJadl-ytHr0KMKtPnjmfCWG2gvCaZrHGMX2EKgDwNAgMBAAGgJjAkBgkqhkiG9w0BCQ4xFzAVMB
MGA1UdEQQMMAqCCHRlc3QuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBHbxF9k6_8yR6NmfBaOfq8_ivwnrkXuDqrHU7U7cZn7fYcANf_F2vZxaYP2Nl5zDS5q-DRwboCCf0oonbmGFmlqz3tnJBWaAIyK48ovhMICqN8trFCz-ooxxSslYuh7LLootbcWVULevodhUS5VrF3nRUOV_mbxbaY_wqjB5GRmKfrZ4f4msnS6FEWw5y4E80XYSsuFVbI3AjZbVLkwN-3iyrrhcXbJhlfWSaXS-62RxAuAdEbkkbGJfxRY4wjF9GFcAL5JxuJKydyVk05FgE_swbfqUkTz_aSBV-SsYw8kqO5oFjQT9WTvifaIPavKH9KZMmXGgi662JMU_7bM3xB"}'
[Fri Apr 28 15:14:12 EDT 2023] Retrying post
[Fri Apr 28 15:14:12 EDT 2023] POST
[Fri Apr 28 15:14:12 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/order/5N7mpFJLyLlQX9flvWZ6P77bfLt2zI6s/finalize'
[Fri Apr 28 15:14:12 EDT 2023] _CURL='curl --silent --dump-header /.acme.sh/http.header -k -L  -g '
[Fri Apr 28 15:14:13 EDT 2023] _ret='0'
[Fri Apr 28 15:14:13 EDT 2023] _hcode='0'
[Fri Apr 28 15:14:13 EDT 2023] code='200'
[Fri Apr 28 15:14:13 EDT 2023] Order status is valid.
[Fri Apr 28 15:14:13 EDT 2023] Le_LinkCert='https://10.6.18.10:8443/acme/acme/certificate/VboKmKXuXqqAdZvCiDV0URHLvLGy3EZA'
[Fri Apr 28 15:14:13 EDT 2023] Downloading cert.
[Fri Apr 28 15:14:13 EDT 2023] Le_LinkCert='https://10.6.18.10:8443/acme/acme/certificate/VboKmKXuXqqAdZvCiDV0URHLvLGy3EZA'
[Fri Apr 28 15:14:13 EDT 2023] url='https://10.6.18.10:8443/acme/acme/certificate/VboKmKXuXqqAdZvCiDV0URHLvLGy3EZA'
[Fri Apr 28 15:14:13 EDT 2023] payload
[Fri Apr 28 15:14:13 EDT 2023] Retrying post
[Fri Apr 28 15:14:13 EDT 2023] POST
[Fri Apr 28 15:14:13 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/certificate/VboKmKXuXqqAdZvCiDV0URHLvLGy3EZA'
[Fri Apr 28 15:14:13 EDT 2023] _CURL='curl --silent --dump-header /.acme.sh/http.header -k -L  -g '
[Fri Apr 28 15:14:13 EDT 2023] _ret='0'
[Fri Apr 28 15:14:13 EDT 2023] _hcode='0'
[Fri Apr 28 15:14:13 EDT 2023] code='200'
[Fri Apr 28 15:14:13 EDT 2023] Found cert chain
[Fri Apr 28 15:14:13 EDT 2023] _end_n='18'
[Fri Apr 28 15:14:13 EDT 2023] Le_LinkCert='https://10.6.18.10:8443/acme/acme/certificate/VboKmKXuXqqAdZvCiDV0URHLvLGy3EZA'
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:9f:79:6a:7f:0f:cf:aa:b0:80:fd:f4:e3:d5:78:d6
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: O=RespectMyAuthoritigh, CN=RespectMyAuthoritigh Intermediate CA
        Validity
            Not Before: Apr 28 19:12:53 2023 GMT
            Not After : Apr 29 19:13:53 2023 GMT
        Subject: CN=test.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c3:96:50:83:09:47:3b:ed:fe:1b:3a:39:ce:db:
                    62:fc:9f:61:7f:1f:96:90:23:b2:be:9e:a1:06:3d:
                    8d:4c:0f:c7:14:cd:0d:9f:61:52:4a:a2:89:3e:cc:
                    3a:03:99:5e:a8:2e:b3:27:f6:28:f4:60:cb:60:ed:
                    7f:28:84:7c:54:cb:05:0e:c0:4e:8a:eb:4c:0d:e9:
                    5e:be:d3:7a:7f:72:75:ac:ff:d5:29:cd:85:f3:e2:
                    aa:80:a8:81:ab:35:81:d4:67:56:84:3b:26:95:c8:
                    95:99:f6:c9:ca:7f:c2:10:7f:92:95:13:55:1e:46:
                    dd:6f:10:c7:bf:32:0c:9c:1e:91:59:51:7e:4c:44:
                    a7:d8:58:73:04:26:d6:0f:5b:e4:35:04:1c:c7:71:
                    af:c0:90:1e:6e:7f:14:28:95:da:19:11:a3:6d:38:
                    26:a3:c7:9a:96:00:8c:8e:12:20:ea:5f:fe:b0:68:
                    5a:9b:9c:7c:9c:56:c6:6c:48:48:86:60:36:8d:e8:
                    97:bc:bd:57:10:a2:38:05:e3:af:16:89:16:ff:13:
                    39:8a:d2:c2:e0:4c:7e:ad:ae:17:bf:8c:16:30:3b:
                    14:07:25:a7:65:fb:2b:47:af:42:8c:2a:d3:e7:8e:
                    67:c2:58:6d:a0:bc:26:99:ac:71:8c:5f:61:0a:80:
                    3c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Subject Key Identifier:
                B5:B4:23:1A:2F:72:58:59:B6:47:BF:BC:4C:92:10:67:A9:12:88:B5
            X509v3 Authority Key Identifier:
                keyid:22:AD:00:2E:2D:EA:FB:BF:5A:72:2F:EE:64:85:22:97:F7:71:36:58

            X509v3 Subject Alternative Name:
                DNS:test.com
            1.3.6.1.4.1.37476.9000.64.1:
                0......acme..
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:81:f0:06:72:fe:05:be:5b:95:39:70:d6:2c:
         3e:1c:46:27:cf:2c:b1:5f:01:ef:4f:1f:98:95:2f:18:7d:c8:
         a3:02:21:00:c1:0f:c0:eb:68:95:cd:19:76:79:ab:aa:3d:82:
         7b:96:d8:2f:5a:2d:b0:75:72:00:24:3d:ef:74:e4:e8:a7:82
[Fri Apr 28 15:14:13 EDT 2023] Cert success.
-----BEGIN CERTIFICATE-----
MIIC0jCCAnegAwIBAgIQN595an8Pz6qwgP3049V41jAKBggqhkjOPQQDAjBOMR0w
GwYDVQQKExRSZXNwZWN0TXlBdXRob3JpdGlnaDEtMCsGA1UEAxMkUmVzcGVjdE15
QXV0aG9yaXRpZ2ggSW50ZXJtZWRpYXRlIENBMB4XDTIzMDQyODE5MTI1M1oXDTIz
MDQyOTE5MTM1M1owEzERMA8GA1UEAxMIdGVzdC5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDDllCDCUc77f4bOjnO22L8n2F/H5aQI7K+nqEGPY1M
D8cUzQ2fYVJKook+zDoDmV6oLrMn9ij0YMtg7X8ohHxUywUOwE6K60wN6V6+03p/
cnWs/9UpzYXz4qqAqIGrNYHUZ1aEOyaVyJWZ9snKf8IQf5KVE1UeRt1vEMe/Mgyc
HpFZUX5MRKfYWHMEJtYPW+Q1BBzHca/AkB5ufxQoldoZEaNtOCajx5qWAIyOEiDq
X/6waFqbnHycVsZsSEiGYDaN6Je8vVcQojgF468WiRb/EzmK0sLgTH6trhe/jBYw
OxQHJadl+ytHr0KMKtPnjmfCWG2gvCaZrHGMX2EKgDwNAgMBAAGjgaYwgaMwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
HQ4EFgQUtbQjGi9yWFm2R7+8TJIQZ6kSiLUwHwYDVR0jBBgwFoAUIq0ALi3q+79a
ci/uZIUil/dxNlgwEwYDVR0RBAwwCoIIdGVzdC5jb20wHQYMKwYBBAGCpGTGKEAB
BA0wCwIBBgQEYWNtZQQAMAoGCCqGSM49BAMCA0kAMEYCIQCB8AZy/gW+W5U5cNYs
PhxGJ88ssV8B708fmJUvGH3IowIhAMEPwOtolc0Zdnmrqj2Ce5bYL1otsHVyACQ9
73Tk6KeC
-----END CERTIFICATE-----
[Fri Apr 28 15:14:13 EDT 2023] Your cert is in: /.acme.sh/test.com/test.com.cer
[Fri Apr 28 15:14:13 EDT 2023] Your cert key is in: /.acme.sh/test.com/test.com.key
[Fri Apr 28 15:14:13 EDT 2023] The intermediate CA cert is in: /.acme.sh/test.com/ca.cer
[Fri Apr 28 15:14:13 EDT 2023] And the full chain certs is there: /.acme.sh/test.com/fullchain.cer
[Fri Apr 28 15:14:13 EDT 2023] Installing cert to: /a10data/cert/ACME
[Fri Apr 28 15:14:13 EDT 2023] Installing CA to: /a10data/ca/tmp-acme/ACME
[Fri Apr 28 15:14:13 EDT 2023] Installing key to: /a10data/key/ACME
[Fri Apr 28 15:14:13 EDT 2023] _on_issue_success
return value 0
Client enrollment completed successfully
notify system for acme cert status
/a10/bin/comm_acme -a -s -c ACME -p shared -r success
return value 0
successfully send acme cert status(success)
rotating file
file /a10data/cert/.acme/ACME rotation completed
rotating file
file /a10data/key/.acme/ACME rotation completed





************************************RENEWAL**********************************************



check VCS status before doing renew
/a10/bin/comm_acme -e
/a10/bin/comm_acme -m
VCS is active: 0
VCS is vMaster: 0
Begin certificate update ACME on 28/04/2023 15:36:01
copying certificate /a10data/cert/ACME to temporary location /a10data/tmp/ACME.cert
copying key /a10data/key/ACME to temporary location /a10data/tmp/ACME.key
ACME production directory: https://10.6.18.10:8443/acme/acme/directory
ACME account path /a10data/acme/10.6.18.10:8443/[email protected]
ACME domain path is /a10data/acme/10.6.18.10:8443/[email protected]/ACME/"test.com"
received arguments /a10data/cert/ACME /a10data/key/ACME test.com https://10.6.18.10:8443/acme/acme/directory 0 0 2048 2 /a10data shared 0 0 0
notify system for acme cert status
/a10/bin/comm_acme -a -s -c ACME -p shared -r in_progress
return value 0
successfully send acme cert status(in_progress)
No EAB credentials are set, continue to enroll/renew
Sending update request
/a10/bin/acme.sh --renew --server https://10.6.18.10:8443/acme/acme/directory --home /a10data/acme --config-home /a10data/acme/10.6.18.10:8443/[email protected] --accountemail [email protected] --accountconf /a10data/acme/10.6.18.10:8443/[email protected]/ACME/account.conf --useragent "A10 ACME client" --ca-file /a10data/ca/tmp-acme/ACME --cert-file /a10data/cert/ACME --key-file /a10data/key/ACME --a10-domain-path /a10data/acme/10.6.18.10:8443/[email protected]/ACME/"test.com" --a10-ca-home /a10data/acme/10.6.18.10:84
43/[email protected]/ACME/ca --a10-dump-http-header-path /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header --keylength 2048 --domain "test.com" --webroot /var/www/html --log-level 2 --debug --force --a10-send-challenge-token 0 --a10-partition shared
[Fri Apr 28 15:36:02 EDT 2023] Lets find script dir.
[Fri Apr 28 15:36:02 EDT 2023] _SCRIPT_='/a10/bin/acme.sh'
[Fri Apr 28 15:36:02 EDT 2023] _script='/a10/bin/acme.sh'
[Fri Apr 28 15:36:02 EDT 2023] _script_home='/a10/bin'
[Fri Apr 28 15:36:02 EDT 2023] Using config home:/a10data/acme/10.6.18.10:8443/[email protected]
https://github.com/acmesh-official/acme.sh
v3.0.1
[Fri Apr 28 15:36:02 EDT 2023] Using server: https://10.6.18.10:8443/acme/acme/directory
[Fri Apr 28 15:36:02 EDT 2023] Running cmd: renew
[Fri Apr 28 15:36:02 EDT 2023] Using config home:/a10data/acme/10.6.18.10:8443/[email protected]
[Fri Apr 28 15:36:02 EDT 2023] ACME_DIRECTORY='https://10.6.18.10:8443/acme/acme/directory'
[Fri Apr 28 15:36:02 EDT 2023] Renew: 'test.com'
[Fri Apr 28 15:36:02 EDT 2023] Le_API='https://10.6.18.10:8443/acme/acme/directory'
[Fri Apr 28 15:36:02 EDT 2023] Using config home:/a10data/acme/10.6.18.10:8443/[email protected]
[Fri Apr 28 15:36:02 EDT 2023] ACME_DIRECTORY='https://10.6.18.10:8443/acme/acme/directory'
[Fri Apr 28 15:36:02 EDT 2023] _main_domain='test.com'
[Fri Apr 28 15:36:02 EDT 2023] _alt_domains='no'
[Fri Apr 28 15:36:02 EDT 2023] Le_NextRenewTime='1687710004'
[Fri Apr 28 15:36:02 EDT 2023] Using ACME_DIRECTORY: https://10.6.18.10:8443/acme/acme/directory
[Fri Apr 28 15:36:02 EDT 2023] _init api for server: https://10.6.18.10:8443/acme/acme/directory
[Fri Apr 28 15:36:02 EDT 2023] Retrying GET
[Fri Apr 28 15:36:02 EDT 2023] GET
[Fri Apr 28 15:36:02 EDT 2023] url='https://10.6.18.10:8443/acme/acme/directory'
[Fri Apr 28 15:36:02 EDT 2023] timeout=
[Fri Apr 28 15:36:02 EDT 2023] displayError='1'
[Fri Apr 28 15:36:02 EDT 2023] _CURL='curl --silent --dump-header /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header -k -L  -g '
[Fri Apr 28 15:36:02 EDT 2023] ret='0'
[Fri Apr 28 15:36:02 EDT 2023] _hcode='0'
[Fri Apr 28 15:36:02 EDT 2023] ACME_KEY_CHANGE='https://10.6.18.10:8443/acme/acme/key-change'
[Fri Apr 28 15:36:02 EDT 2023] ACME_NEW_AUTHZ
[Fri Apr 28 15:36:02 EDT 2023] ACME_NEW_ORDER='https://10.6.18.10:8443/acme/acme/new-order'
[Fri Apr 28 15:36:02 EDT 2023] ACME_NEW_ACCOUNT='https://10.6.18.10:8443/acme/acme/new-account'
[Fri Apr 28 15:36:02 EDT 2023] ACME_REVOKE_CERT='https://10.6.18.10:8443/acme/acme/revoke-cert'
[Fri Apr 28 15:36:02 EDT 2023] ACME_AGREEMENT
[Fri Apr 28 15:36:02 EDT 2023] ACME_NEW_NONCE='https://10.6.18.10:8443/acme/acme/new-nonce'
[Fri Apr 28 15:36:02 EDT 2023] Using CA: https://10.6.18.10:8443/acme/acme/directory
[Fri Apr 28 15:36:02 EDT 2023] _on_before_issue
[Fri Apr 28 15:36:02 EDT 2023] _chk_main_domain='test.com'
[Fri Apr 28 15:36:02 EDT 2023] _chk_alt_domains
[Fri Apr 28 15:36:02 EDT 2023] Le_LocalAddress
[Fri Apr 28 15:36:02 EDT 2023] d='test.com'
[Fri Apr 28 15:36:02 EDT 2023] Check for domain='test.com'
[Fri Apr 28 15:36:02 EDT 2023] _currentRoot='/var/www/html'
[Fri Apr 28 15:36:02 EDT 2023] d
[Fri Apr 28 15:36:02 EDT 2023] _saved_account_key_hash is not changed, skip register account.
[Fri Apr 28 15:36:02 EDT 2023] Read key length:2048
[Fri Apr 28 15:36:02 EDT 2023] _createcsr
[Fri Apr 28 15:36:02 EDT 2023] Single domain='test.com'
[Fri Apr 28 15:36:02 EDT 2023] Getting domain auth token for each domain
[Fri Apr 28 15:36:02 EDT 2023] d
[Fri Apr 28 15:36:02 EDT 2023] url='https://10.6.18.10:8443/acme/acme/new-order'
[Fri Apr 28 15:36:02 EDT 2023] payload='{"identifiers": [{"type":"dns","value":"test.com"}]}'
[Fri Apr 28 15:36:02 EDT 2023] RSA key
[Fri Apr 28 15:36:02 EDT 2023] Retrying post
[Fri Apr 28 15:36:02 EDT 2023] HEAD
[Fri Apr 28 15:36:02 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/new-nonce'
[Fri Apr 28 15:36:02 EDT 2023] _CURL='curl --silent --dump-header /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header -k -L  -g  -I  '
[Fri Apr 28 15:36:02 EDT 2023] _ret='0'
[Fri Apr 28 15:36:02 EDT 2023] _hcode='0'
[Fri Apr 28 15:36:02 EDT 2023] Retrying post
[Fri Apr 28 15:36:02 EDT 2023] POST
[Fri Apr 28 15:36:02 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/new-order'
[Fri Apr 28 15:36:02 EDT 2023] _CURL='curl --silent --dump-header /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header -k -L  -g '
[Fri Apr 28 15:36:03 EDT 2023] _ret='0'
[Fri Apr 28 15:36:03 EDT 2023] _hcode='0'
[Fri Apr 28 15:36:03 EDT 2023] code='201'
[Fri Apr 28 15:36:03 EDT 2023] Le_LinkOrder='https://10.6.18.10:8443/acme/acme/order/HOPJeLOb1d4qSnTPcbvhR45hexs77Gxg'
[Fri Apr 28 15:36:03 EDT 2023] Le_OrderFinalize='https://10.6.18.10:8443/acme/acme/order/HOPJeLOb1d4qSnTPcbvhR45hexs77Gxg/finalize'
[Fri Apr 28 15:36:03 EDT 2023] url='https://10.6.18.10:8443/acme/acme/authz/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p'
[Fri Apr 28 15:36:03 EDT 2023] payload
[Fri Apr 28 15:36:03 EDT 2023] Retrying post
[Fri Apr 28 15:36:03 EDT 2023] POST
[Fri Apr 28 15:36:03 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/authz/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p'
[Fri Apr 28 15:36:03 EDT 2023] _CURL='curl --silent --dump-header /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header -k -L  -g '
[Fri Apr 28 15:36:03 EDT 2023] _ret='0'
[Fri Apr 28 15:36:03 EDT 2023] _hcode='0'
[Fri Apr 28 15:36:03 EDT 2023] code='200'
[Fri Apr 28 15:36:03 EDT 2023] d='test.com'
[Fri Apr 28 15:36:03 EDT 2023] Getting webroot for domain='test.com'
[Fri Apr 28 15:36:03 EDT 2023] _w='/var/www/html'
[Fri Apr 28 15:36:03 EDT 2023] _currentRoot='/var/www/html'
[Fri Apr 28 15:36:03 EDT 2023] entry='"type":"http-01","status":"pending","token":"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj","url":"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0"'
[Fri Apr 28 15:36:03 EDT 2023] token='PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj'
[Fri Apr 28 15:36:03 EDT 2023] uri='https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0'
[Fri Apr 28 15:36:03 EDT 2023] keyauthorization='PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj.-daKjPT3wpa3ZuKhVF4TQ-8IlC5V6ECJ0eJI5xZNXMs'
[Fri Apr 28 15:36:03 EDT 2023] dvlist='test.com#PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj.-daKjPT3wpa3ZuKhVF4TQ-8IlC5V6ECJ0eJI5xZNXMs#https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0#http-01#/var/www/html'
[Fri Apr 28 15:36:03 EDT 2023] d
[Fri Apr 28 15:36:03 EDT 2023] vlist='test.com#PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj.-daKjPT3wpa3ZuKhVF4TQ-8IlC5V6ECJ0eJI5xZNXMs#https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0#http-01#/var/www/html,'
[Fri Apr 28 15:36:03 EDT 2023] d='test.com'
[Fri Apr 28 15:36:03 EDT 2023] ok, let's start to verify
[Fri Apr 28 15:36:03 EDT 2023] Verifying: test.com
[Fri Apr 28 15:36:03 EDT 2023] d='test.com'
[Fri Apr 28 15:36:03 EDT 2023] keyauthorization='PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj.-daKjPT3wpa3ZuKhVF4TQ-8IlC5V6ECJ0eJI5xZNXMs'
[Fri Apr 28 15:36:03 EDT 2023] uri='https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0'
[Fri Apr 28 15:36:03 EDT 2023] _currentRoot='/var/www/html'
[Fri Apr 28 15:36:03 EDT 2023] wellknown_path='/var/www/html/.well-known/acme-challenge'
[Fri Apr 28 15:36:03 EDT 2023] sending token:PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj to a10lb(partition shared, vrid 0). The wellknown path is: <VIP>/.well-known/acme-challenge/PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj
[Fri Apr 28 15:36:03 EDT 2023] Changing owner/group of .well-known to root:root
[Fri Apr 28 15:36:03 EDT 2023] url='https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0'
[Fri Apr 28 15:36:03 EDT 2023] payload='{}'
[Fri Apr 28 15:36:03 EDT 2023] Retrying post
[Fri Apr 28 15:36:03 EDT 2023] POST
[Fri Apr 28 15:36:03 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0'
[Fri Apr 28 15:36:03 EDT 2023] _CURL='curl --silent --dump-header /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header -k -L  -g '
[Fri Apr 28 15:36:33 EDT 2023] _ret='56'
[Fri Apr 28 15:36:33 EDT 2023] _hcode='56'
[Fri Apr 28 15:36:34 EDT 2023] Retrying post
[Fri Apr 28 15:36:34 EDT 2023] POST
[Fri Apr 28 15:36:34 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0'
[Fri Apr 28 15:36:34 EDT 2023] _CURL='curl --silent --dump-header /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header -k -L  -g '
[Fri Apr 28 15:36:35 EDT 2023] _ret='0'
[Fri Apr 28 15:36:35 EDT 2023] _hcode='0'
[Fri Apr 28 15:36:35 EDT 2023] code='400'
[Fri Apr 28 15:36:35 EDT 2023] test.com:Challenge error: {"type":"urn:ietf:params:acme:error:badNonce","detail":"Unacceptable anti-replay nonce"}
[Fri Apr 28 15:36:35 EDT 2023] Debugging, skip removing: /var/www/html/.well-known/acme-challenge/PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj
[Fri Apr 28 15:36:35 EDT 2023] pid
[Fri Apr 28 15:36:35 EDT 2023] No need to restore nginx, skip.
[Fri Apr 28 15:36:35 EDT 2023] _clearupdns
[Fri Apr 28 15:36:35 EDT 2023] dns_entries
[Fri Apr 28 15:36:35 EDT 2023] skip dns.
[Fri Apr 28 15:36:35 EDT 2023] _on_issue_err
[Fri Apr 28 15:36:35 EDT 2023] url='https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0'
[Fri Apr 28 15:36:35 EDT 2023] payload='{}'
[Fri Apr 28 15:36:35 EDT 2023] Retrying post
[Fri Apr 28 15:36:35 EDT 2023] POST
[Fri Apr 28 15:36:35 EDT 2023] _post_url='https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0'
[Fri Apr 28 15:36:35 EDT 2023] _CURL='curl --silent --dump-header /a10data/acme/10.6.18.10:8443/[email protected]/ACME/http.header -k -L  -g '
[Fri Apr 28 15:36:35 EDT 2023] _ret='0'
[Fri Apr 28 15:36:35 EDT 2023] _hcode='0'
[Fri Apr 28 15:36:35 EDT 2023] code='200'
[Fri Apr 28 15:36:35 EDT 2023] socat doesn't exist.
[Fri Apr 28 15:36:35 EDT 2023] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2k-fips  26 Jan 2017
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
return value 1
cert update is failed
create last-enroll-renew-failure to indicate the failure of enrollment/renewal
notify system for acme cert status
/a10/bin/comm_acme -a -s -c ACME -p shared -r failure
comm_acme: Don't send msg to alb because enrollment/update status is fail
return value 0
successfully send acme cert status(failure)
removing tmp key file /a10data/tmp/ACME.key
removing tmp cert file /a10data/tmp/ACME.cert
client enrollment failed

hslatman · 2023-04-28T21:43:22Z

hslatman
Apr 28, 2023
Collaborator

Hey @MauriceMossIT,

I noticed that in the log for the renew, there's also an error: The server could not connect to validation target. That one runs for 30s and then times out. The log after that is the nonce ... not found. That error can only be returned if the nonce never existed (not likely; I don't the client would think of one itself), or the client has used the nonce in a request before (the CA deletes it on usage). The latter seems to be the case:

INFO[1339]                                               duration=51.67783ms duration-ns=51677830 fields.time="2023-04-28T19:35:44Z" method=POST name=ca nonce=SHp6MmtoWmc4SDNLYVBWNkpQUjFJZjVlRWNTcjNwb00 path=/acme/acme/authz/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p protocol=HTTP/1.1 referer= remote-address=10.6.18.5 request-id=ch620474b3p3d8hjq3k0 response="{\"identifier\":{\"type\":\"dns\",\"value\":\"test.com\"},\"status\":\"pending\",\"challenges\":[{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/4fiqyBM9SWnHXZdVETTWlVIsjlCd8SIh\"},{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/8wCRyrKI7wDCvaUzBoP1dKhh4nC2lwV0\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"PeOCnWKydkoWVkl9zjj9XmJLToiGUbOj\",\"url\":\"https://10.6.18.10:8443/acme/acme/challenge/CfIFlTUrP29ACUwQEYolv7pnXGqs5Z8p/rC3UNHECEANsWQglaexwf7ym2nBQc8ds\"}],\"wildcard\":false,\"expires\":\"2023-04-29T19:35:44Z\"}" size=733 status=200 user-agent="A10 ACME client" user-id=

So, the root cause of your error is the client trying to reuse the nonce. It should ensure to use a fresh nonce. Ideally, it would automatically detect this specific error, retrieve a new nonce, and continue working. I'm not 100% sure, but I think the CA already sends a new nonce in the error response sent back to the client, also in this specific case, which can then be used for a subsequent request automatically, without the client having to call the new-nonce endpoint. This would have to be fixed by the manufacturer of the load balancer, or further up the software supply chain.

However, it's weird that it works the first time, because the same test.com domain is challenged. That means the first time the ACME server was able to connect to test.com to validate the challenge, but it failed on the renewal. Is it possible that due to the the cert being issued, port 80 is closed automatically somehow, resulting in the renewal failing?

0 replies

MauriceMossIT · 2023-05-02T14:59:07Z

MauriceMossIT
May 2, 2023
Author

Hello @hslatman,

I tested running a constant curl to port 80 from a separate device and can confirm port 80 is not closing. What's strange is this same load balancer config with a public domain can run against the let's encrypt staging or public servers without issue. The only issue is when it runs against Step-CA. Of course, a separate linux machine doesn't have issues with Step-CA. So it's hard to determine where the fault lies since both the load balancer and Step-CA work fine but not when used together.

Is there any way to see the nonce sent in a packet capture? Is this in the encrypted traffic? If so I can try to decrypt the traffic and analyze it to confirm if a duplicate nonce is sent.

2 replies

hslatman May 2, 2023
Collaborator

Yes, the nonce is indeed within the encrypted traffic. The CA will put the next nonce to use in the HTTP Replay-Nonce response header. The client will set the nonce inside of the signed JWT it sends as a HTTP request body. For both you'll need to decrypt the TLS traffic. Does your load balancer offer a way to extract the TLS sessions keys (using something like a key log file) as described here: https://wiki.wireshark.org/TLS? If so, you should then be able to use that to decrypt the TLS traffic in a packet dump using Wireshark. If not, we maybe need to add support for that on the CA side.

You mention that you don't see this issue with other ACME servers, so you don't see the request timeout in those cases? It's not the root cause of the nonce reuse, but it's still interesting that it times out on a renew; not on the first issuance.

hslatman May 4, 2023
Collaborator

@MauriceMossIT did you find a way to capture the TLS session keys on your load balancer?

In the meantime I've discussed adding capturing the keys on the CA side with the team. While considered useful, the suggestion was to add full request/response logging instead. This should provide you with the same view of what's going on, but without having to start a packet dump and decrypting TLS. This is something I consider useful in more debugging scenarios, so I might do a quick implementation of that.

MauriceMossIT · 2023-05-05T15:29:18Z

MauriceMossIT
May 5, 2023
Author

Hello @hslatman,

Thank you for the response and consideration of further logging on the CA side. I do believe that would be very useful.

Unfortunately I have not found any way to capture the session key on the load balancer. I have discovered that on an older version of the load balancer code this issue doesn't occur. I have reached out for the load balancer support to investigate this further, but nothing has been found yet.

0 replies

MauriceMossIT · 2023-05-05T17:16:42Z

MauriceMossIT
May 5, 2023
Author

Hello @hslatman,

Load balancer support team advised the change in versions should have only had an upgrade of the acme.sh script from 2.8.6 to 3.0.1. Are you aware of any issues specific to version 3.0.1?

0 replies

MauriceMossIT · 2023-05-16T13:21:17Z

MauriceMossIT
May 16, 2023
Author

Hello @hslatman,

Just wanted to check and see if you had further considered implementing further logging.

0 replies

hslatman · 2023-05-24T10:18:11Z

hslatman
May 24, 2023
Collaborator

Hey @MauriceMossIT, sorry for the silence. It's still on my list to improve the logs, but some other things have higher priority at the moment. Hope to get to it soon.

1 reply

MauriceMossIT May 24, 2023
Author

Thank you for the update. I completely understand the delay.

MauriceMossIT · 2023-09-20T17:17:35Z

MauriceMossIT
Sep 20, 2023
Author

Hello @hslatman,

I wanted to check in again and see if there's been any updates to the logging? I tested this issue again with some newer code on the load balancer, but no change when using Step-CA.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error during challenge, nonce not found. #1367

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 7 comments 3 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Error during challenge, nonce not found. #1367

MauriceMossIT Apr 28, 2023

Server

Client

Replies: 7 comments · 3 replies

hslatman Apr 28, 2023 Collaborator

MauriceMossIT May 2, 2023 Author

hslatman May 2, 2023 Collaborator

hslatman May 4, 2023 Collaborator

MauriceMossIT May 5, 2023 Author

MauriceMossIT May 5, 2023 Author

MauriceMossIT May 16, 2023 Author

hslatman May 24, 2023 Collaborator

MauriceMossIT May 24, 2023 Author

MauriceMossIT Sep 20, 2023 Author

MauriceMossIT
Apr 28, 2023

Replies: 7 comments 3 replies

hslatman
Apr 28, 2023
Collaborator

MauriceMossIT
May 2, 2023
Author

hslatman May 2, 2023
Collaborator

hslatman May 4, 2023
Collaborator

MauriceMossIT
May 5, 2023
Author

MauriceMossIT
May 5, 2023
Author

MauriceMossIT
May 16, 2023
Author

hslatman
May 24, 2023
Collaborator

MauriceMossIT May 24, 2023
Author

MauriceMossIT
Sep 20, 2023
Author