Renewing certificate without must-staple

[badblad]

I am having issue renewing my certificates since Letsencrypt has dropped support for certificates that are issued with must-staple flag.
I tried to upgrade my acme.sh, but I do not seem to be able to go pass version 3.0.8.
How can I update my certificate so I am not passing that must staple parameter?

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[badblad]

This is what I get after upgrading:
[Sun May 11 02:04:12 UTC 2025] Already uptodate! [Sun May 11 02:04:12 UTC 2025] Upgrade success! [ec2-user@ip-172-31-15-58 ~]$ /etc/letsencrypt/acme.sh --version https://github.com/acmesh-official/acme.sh v3.0.8

[badblad]

[ec2-user@ip-172-31-15-58 login.alumsum.com]$ sudo /etc/letsencrypt/acme.sh --renew -d login.alumsum.com --force --debug
[Fri May 9 21:24:25 UTC 2025] Lets find script dir.
[Fri May 9 21:24:25 UTC 2025] SCRIPT='/etc/letsencrypt/acme.sh'
[Fri May 9 21:24:25 UTC 2025] _script='/etc/letsencrypt/acme.sh'
[Fri May 9 21:24:25 UTC 2025] _script_home='/etc/letsencrypt'
[Fri May 9 21:24:25 UTC 2025] Using default home:/root/.acme.sh
[Fri May 9 21:24:25 UTC 2025] Using config home:/root/.acme.sh
[Fri May 9 21:24:25 UTC 2025] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Fri May 9 21:24:25 UTC 2025] Running cmd: renew
[Fri May 9 21:24:25 UTC 2025] _renewServer
[Fri May 9 21:24:25 UTC 2025] Using config home:/root/.acme.sh
[Fri May 9 21:24:25 UTC 2025] default_acme_server
[Fri May 9 21:24:25 UTC 2025] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri May 9 21:24:25 UTC 2025] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri May 9 21:24:25 UTC 2025] _ACME_SERVER_PATH='v2/DV90'
[Fri May 9 21:24:25 UTC 2025] DOMAIN_PATH='/root/.acme.sh/login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] Renew: 'login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 9 21:24:25 UTC 2025] Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
[Fri May 9 21:24:25 UTC 2025] initpath again.
[Fri May 9 21:24:25 UTC 2025] Using config home:/root/.acme.sh
[Fri May 9 21:24:25 UTC 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 9 21:24:25 UTC 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri May 9 21:24:25 UTC 2025] _ACME_SERVER_PATH='directory'
[Fri May 9 21:24:25 UTC 2025] _main_domain='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] _alt_domains='no'
[Fri May 9 21:24:25 UTC 2025] 'no' does not contain 'dns'
[Fri May 9 21:24:25 UTC 2025] 'no' does not contain 'dns'
[Fri May 9 21:24:25 UTC 2025] Le_NextRenewTime='1744138651'
[Fri May 9 21:24:25 UTC 2025] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri May 9 21:24:25 UTC 2025] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri May 9 21:24:25 UTC 2025] GET
[Fri May 9 21:24:25 UTC 2025] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri May 9 21:24:25 UTC 2025] timeout=
[Fri May 9 21:24:25 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.w9e90Q1i5o -g '
[Fri May 9 21:24:25 UTC 2025] ret='0'
[Fri May 9 21:24:25 UTC 2025] response='{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"khk0b2QTHkg": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri May 9 21:24:25 UTC 2025] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri May 9 21:24:25 UTC 2025] ACME_NEW_AUTHZ
[Fri May 9 21:24:25 UTC 2025] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 9 21:24:25 UTC 2025] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri May 9 21:24:25 UTC 2025] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri May 9 21:24:25 UTC 2025] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf'
[Fri May 9 21:24:25 UTC 2025] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 9 21:24:25 UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri May 9 21:24:25 UTC 2025] _on_before_issue
[Fri May 9 21:24:25 UTC 2025] _chk_main_domain='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] _chk_alt_domains
[Fri May 9 21:24:25 UTC 2025] 'no' contains 'no'
[Fri May 9 21:24:25 UTC 2025] Le_LocalAddress
[Fri May 9 21:24:25 UTC 2025] d='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] Check for domain='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] _currentRoot='no'
[Fri May 9 21:24:25 UTC 2025] Standalone mode.
[Fri May 9 21:24:25 UTC 2025] _checkport='80'
[Fri May 9 21:24:25 UTC 2025] _checkaddr
[Fri May 9 21:24:25 UTC 2025] Using: ss
[Fri May 9 21:24:25 UTC 2025] d
[Fri May 9 21:24:25 UTC 2025] 'no' does not contain 'apache'
[Fri May 9 21:24:25 UTC 2025] _saved_account_key_hash='TK99KjV6nL9ViDfc1GHHQfV14D7AYCtYoSyDuyUVz/Y='
[Fri May 9 21:24:25 UTC 2025] _saved_account_key_hash is not changed, skip register account.
[Fri May 9 21:24:25 UTC 2025] Read key length:2048
[Fri May 9 21:24:25 UTC 2025] _createcsr
[Fri May 9 21:24:25 UTC 2025] domain='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] domainlist
[Fri May 9 21:24:25 UTC 2025] csrkey='/root/.acme.sh/login.alumsum.com/login.alumsum.com.key'
[Fri May 9 21:24:25 UTC 2025] csr='/root/.acme.sh/login.alumsum.com/login.alumsum.com.csr'
[Fri May 9 21:24:25 UTC 2025] csrconf='/root/.acme.sh/login.alumsum.com/login.alumsum.com.csr.conf'
[Fri May 9 21:24:25 UTC 2025] Single domain='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] seg='login'
[Fri May 9 21:24:25 UTC 2025] _is_idn_d='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] _idn_temp
[Fri May 9 21:24:25 UTC 2025] _is_idn_d='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] _idn_temp
[Fri May 9 21:24:25 UTC 2025] _csr_cn='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] seg='login'
[Fri May 9 21:24:25 UTC 2025] Getting domain auth token for each domain
[Fri May 9 21:24:25 UTC 2025] seg='login'
[Fri May 9 21:24:25 UTC 2025] _is_idn_d='login.alumsum.com'
[Fri May 9 21:24:25 UTC 2025] _idn_temp
[Fri May 9 21:24:25 UTC 2025] d
[Fri May 9 21:24:25 UTC 2025] _identifiers='{"type":"dns","value":"login.alumsum.com"}'
[Fri May 9 21:24:25 UTC 2025] _notBefore
[Fri May 9 21:24:25 UTC 2025] _notAfter
[Fri May 9 21:24:25 UTC 2025] STEP 1, Ordering a Certificate
[Fri May 9 21:24:25 UTC 2025] =======Begin Send Signed Request=======
[Fri May 9 21:24:25 UTC 2025] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 9 21:24:25 UTC 2025] payload='{"identifiers": [{"type":"dns","value":"login.alumsum.com"}]}'
[Fri May 9 21:24:25 UTC 2025] EC key
[Fri May 9 21:24:26 UTC 2025] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 9 21:24:26 UTC 2025] HEAD
[Fri May 9 21:24:26 UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri May 9 21:24:26 UTC 2025] body
[Fri May 9 21:24:26 UTC 2025] _postContentType='application/jose+json'
[Fri May 9 21:24:26 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.Dsn4qLoJVi -g -I '
[Fri May 9 21:24:26 UTC 2025] _ret='0'
[Fri May 9 21:24:26 UTC 2025] _headers='HTTP/2 200
server: nginx
date: Fri, 09 May 2025 21:24:26 GMT
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: QmouDpB2H-t6DWod7GF_o3V1Apt0rihGBR9F20ZvHOxYu0kZVz4
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri May 9 21:24:26 UTC 2025] _CACHED_NONCE='QmouDpB2H-t6DWod7GF_o3V1Apt0rihGBR9F20ZvHOxYu0kZVz4'
[Fri May 9 21:24:26 UTC 2025] nonce='QmouDpB2H-t6DWod7GF_o3V1Apt0rihGBR9F20ZvHOxYu0kZVz4'
[Fri May 9 21:24:26 UTC 2025] POST
[Fri May 9 21:24:26 UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri May 9 21:24:26 UTC 2025] body='{"protected": "eyJub25jZSI6ICJRbW91RHBCMkgtdDZEV29kN0dGX28zVjFBcHQwcmloR0JSOUYyMFp2SE94WXUwa1pWejQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU4MjQ3NDk0NyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImxvZ2luLmFsdW1zdW0uY29tIn1dfQ", "signature": "puFOk8_Gb4wfuYa_iVLO_DXW_goTKfQr6pgFPxMZyLOy1N2rNTOe6QYMtcCMkaxgSNKe17p_jxCp7pMJqvIO_g"}'
[Fri May 9 21:24:26 UTC 2025] _postContentType='application/jose+json'
[Fri May 9 21:24:26 UTC 2025] Http already initialized.
[Fri May 9 21:24:26 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.Dsn4qLoJVi -g '
[Fri May 9 21:24:26 UTC 2025] _ret='0'
[Fri May 9 21:24:26 UTC 2025] responseHeaders='HTTP/2 201
server: nginx
date: Fri, 09 May 2025 21:24:26 GMT
content-type: application/json
content-length: 349
boulder-requester: 1582474947
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/1582474947/382477046777
replay-nonce: QmouDpB2Z13WtJW9LHBsi7Trp1rQ9Yg4hhqqBN3wcgf6PsIHkQw
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri May 9 21:24:26 UTC 2025] code='201'
[Fri May 9 21:24:26 UTC 2025] original='{
"status": "ready",
"expires": "2025-05-16T21:24:26Z",
"identifiers": [
{
"type": "dns",
"value": "login.alumsum.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1582474947/382477046777"
}'
[Fri May 9 21:24:26 UTC 2025] response='{"status":"ready","expires":"2025-05-16T21:24:26Z","identifiers":[{"type":"dns","value":"login.alumsum.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/1582474947/382477046777"}'
[Fri May 9 21:24:26 UTC 2025] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/1582474947/382477046777'
[Fri May 9 21:24:26 UTC 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1582474947/382477046777'
[Fri May 9 21:24:26 UTC 2025] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027'
[Fri May 9 21:24:26 UTC 2025] STEP 2, Get the authorizations of each domain
[Fri May 9 21:24:26 UTC 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027'
[Fri May 9 21:24:26 UTC 2025] =======Begin Send Signed Request=======
[Fri May 9 21:24:26 UTC 2025] url='https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027'
[Fri May 9 21:24:26 UTC 2025] payload
[Fri May 9 21:24:26 UTC 2025] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 9 21:24:26 UTC 2025] Use _CACHED_NONCE='QmouDpB2Z13WtJW9LHBsi7Trp1rQ9Yg4hhqqBN3wcgf6PsIHkQw'
[Fri May 9 21:24:26 UTC 2025] nonce='QmouDpB2Z13WtJW9LHBsi7Trp1rQ9Yg4hhqqBN3wcgf6PsIHkQw'
[Fri May 9 21:24:26 UTC 2025] POST
[Fri May 9 21:24:26 UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027'
[Fri May 9 21:24:26 UTC 2025] body='{"protected": "eyJub25jZSI6ICJRbW91RHBCMloxM1d0Slc5TEhCc2k3VHJwMXJROVlnNGhocXFCTjN3Y2dmNlBzSUhrUXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE1ODI0NzQ5NDcvNTE3NDc1MjA1MDI3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTgyNDc0OTQ3In0", "payload": "", "signature": "0kSPdAUwnPxod06wFixKMhgZ7czroEijToaLYpy7AgWdwOZ57UTlN3rtQyHUJwiiEkOyodxF4hJQNRSbLRYlsQ"}'
[Fri May 9 21:24:26 UTC 2025] _postContentType='application/jose+json'
[Fri May 9 21:24:26 UTC 2025] Http already initialized.
[Fri May 9 21:24:26 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.Dsn4qLoJVi -g '
[Fri May 9 21:24:27 UTC 2025] _ret='0'
[Fri May 9 21:24:27 UTC 2025] responseHeaders='HTTP/2 200
server: nginx
date: Fri, 09 May 2025 21:24:26 GMT
content-type: application/json
content-length: 774
boulder-requester: 1582474947
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: NUDoTsQw_4Nc9sWC4tDQ3unNmteR47ql3iaEJh7Q4HGhbNCaESo
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri May 9 21:24:27 UTC 2025] code='200'
[Fri May 9 21:24:27 UTC 2025] original='{
"identifier": {
"type": "dns",
"value": "login.alumsum.com"
},
"status": "valid",
"expires": "2025-06-07T20:15:21Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/1582474947/517475205027/HHAI7A",
"status": "valid",
"validated": "2025-05-08T20:15:17Z",
"token": "QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A",
"validationRecord": [
{
"url": "http://login.alumsum.com/.well-known/acme-challenge/QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A",
"hostname": "login.alumsum.com",
"port": "80",
"addressesResolved": [
"18.220.87.197"
],
"addressUsed": "18.220.87.197"
}
]
}
]
}'
[Fri May 9 21:24:27 UTC 2025] response='{"identifier":{"type":"dns","value":"login.alumsum.com"},"status":"valid","expires":"2025-06-07T20:15:21Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1582474947/517475205027/HHAI7A","status":"valid","validated":"2025-05-08T20:15:17Z","token":"QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","validationRecord":[{"url":"http://login.alumsum.com/.well-known/acme-challenge/QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","hostname":"login.alumsum.com","port":"80","addressesResolved":["18.220.87.197"],"addressUsed":"18.220.87.197"}]}]}'
[Fri May 9 21:24:27 UTC 2025] response='{"identifier":{"type":"dns","value":"login.alumsum.com"},"status":"valid","expires":"2025-06-07T20:15:21Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1582474947/517475205027/HHAI7A","status":"valid","validated":"2025-05-08T20:15:17Z","token":"QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","validationRecord":[{"url":"http://login.alumsum.com/.well-known/acme-challenge/QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","hostname":"login.alumsum.com","port":"80","addressesResolved":["18.220.87.197"],"addressUsed":"18.220.87.197"}]}]}'
[Fri May 9 21:24:27 UTC 2025] _d='login.alumsum.com'
[Fri May 9 21:24:27 UTC 2025] _authorizations_map='login.alumsum.com,{"identifier":{"type":"dns","value":"login.alumsum.com"},"status":"valid","expires":"2025-06-07T20:15:21Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1582474947/517475205027/HHAI7A","status":"valid","validated":"2025-05-08T20:15:17Z","token":"QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","validationRecord":[{"url":"http://login.alumsum.com/.well-known/acme-challenge/QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","hostname":"login.alumsum.com","port":"80","addressesResolved":["18.220.87.197"],"addressUsed":"18.220.87.197"}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027
'
[Fri May 9 21:24:27 UTC 2025] d='login.alumsum.com'
[Fri May 9 21:24:27 UTC 2025] Getting webroot for domain='login.alumsum.com'
[Fri May 9 21:24:27 UTC 2025] _w='no'
[Fri May 9 21:24:27 UTC 2025] _currentRoot='no'
[Fri May 9 21:24:27 UTC 2025] _is_idn_d='login.alumsum.com'
[Fri May 9 21:24:27 UTC 2025] _idn_temp
[Fri May 9 21:24:27 UTC 2025] _candidates='login.alumsum.com,{"identifier":{"type":"dns","value":"login.alumsum.com"},"status":"valid","expires":"2025-06-07T20:15:21Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1582474947/517475205027/HHAI7A","status":"valid","validated":"2025-05-08T20:15:17Z","token":"QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","validationRecord":[{"url":"http://login.alumsum.com/.well-known/acme-challenge/QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","hostname":"login.alumsum.com","port":"80","addressesResolved":["18.220.87.197"],"addressUsed":"18.220.87.197"}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027'
[Fri May 9 21:24:27 UTC 2025] response='{"identifier":{"type":"dns","value":"login.alumsum.com"},"status":"valid","expires":"2025-06-07T20:15:21Z","challenges":[{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1582474947/517475205027/HHAI7A","status":"valid","validated":"2025-05-08T20:15:17Z","token":"QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","validationRecord":[{"url":"http://login.alumsum.com/.well-known/acme-challenge/QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","hostname":"login.alumsum.com","port":"80","addressesResolved":["18.220.87.197"],"addressUsed":"18.220.87.197"}]}]}#https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027'
[Fri May 9 21:24:27 UTC 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027'
[Fri May 9 21:24:27 UTC 2025] login.alumsum.com is already valid.
[Fri May 9 21:24:27 UTC 2025] keyauthorization='verified_ok'
[Fri May 9 21:24:27 UTC 2025] entry='"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/1582474947/517475205027/HHAI7A","status":"valid","validated":"2025-05-08T20:15:17Z","token":"QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","validationRecord":[{"url":"http://login.alumsum.com/.well-known/acme-challenge/QCUd8cyIEqmXSMz0LYDtgpLSxO1hcFPzV2e3JbQzu-A","hostname":"login.alumsum.com","port":"80","addressesResolved":["18.220.87.197"],"addressUsed":"18.220.87.197"'
[Fri May 9 21:24:27 UTC 2025] dvlist='login.alumsum.com#verified_ok##http-01#no#https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027'
[Fri May 9 21:24:27 UTC 2025] d
[Fri May 9 21:24:27 UTC 2025] vlist='login.alumsum.com#verified_ok##http-01#no#https://acme-v02.api.letsencrypt.org/acme/authz/1582474947/517475205027,'
[Fri May 9 21:24:27 UTC 2025] d='login.alumsum.com'
[Fri May 9 21:24:27 UTC 2025] login.alumsum.com is already verified, skip http-01.
[Fri May 9 21:24:27 UTC 2025] ok, let's start to verify
[Fri May 9 21:24:27 UTC 2025] login.alumsum.com is already verified, skip http-01.
[Fri May 9 21:24:27 UTC 2025] pid
[Fri May 9 21:24:27 UTC 2025] No need to restore nginx, skip.
[Fri May 9 21:24:27 UTC 2025] _clearupdns
[Fri May 9 21:24:27 UTC 2025] dns_entries
[Fri May 9 21:24:27 UTC 2025] skip dns.
[Fri May 9 21:24:27 UTC 2025] Verify finished, start to sign.
[Fri May 9 21:24:27 UTC 2025] i='2'
[Fri May 9 21:24:27 UTC 2025] j='17'
[Fri May 9 21:24:27 UTC 2025] Lets finalize the order.
[Fri May 9 21:24:27 UTC 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/1582474947/382477046777'
[Fri May 9 21:24:27 UTC 2025] =======Begin Send Signed Request=======
[Fri May 9 21:24:27 UTC 2025] url='https://acme-v02.api.letsencrypt.org/acme/finalize/1582474947/382477046777'
[Fri May 9 21:24:27 UTC 2025] payload='{"csr": "MIICzTCCAbUCAQAwHDEaMBgGA1UEAwwRbG9naW4uYWx1bXN1bS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkZJ8jxIqKbq9QakMI9XBPBRV7x6D2mzdjc2DtPKscCB06KPw_Va9p7Ek-ha5U6sTR_Za06lhvk2bJI33mhbpJ41KhvbPeMk_yEbw38szWCPpETaXcNG8rQ_oe2iCkvF0vdSGiQHcKoVlSoDOe6Xofq_YsZrETZtx-5w4ZbBaWctxAehCvBnwMGJk0UUXDv6aNzNRDm65PEESc_kf2pbfMTKCZ9FqsMb8otOOkFGJhq8of2C0PtrpEI_4PhHcq-yftPxjB45E1rVmSYxJaR6Y5mBZTpcEKOs8pO6j-tH5engK2qdVROGBucQBPuUowwd_KPLujKZbnDBrHF68Cze0vAgMBAAGgbDBqBgkqhkiG9w0BCQ4xXTBbMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAcBgNVHREEFTATghFsb2dpbi5hbHVtc3VtLmNvbTAJBgNVHRMEAjAAMBEGCCsGAQUFBwEYBAUwAwIBBTANBgkqhkiG9w0BAQsFAAOCAQEAOVK0OL0wixrZZCfQACuOiDKABx_pVkV7oQRyp1yySjq6K3LDr7stA_qNBwdiWypNCrOyNclkvQwk6WZMD8sG6PXPWmkO5EoAar8OtxYxvflE3xGEgAV9wQDLbm8oCez0eKagpvKnS2Ppv3hnDti0qFw3NpRVPoTddhR8M4kxVQB8cXakx6Ohdx0ZDYuG2vft3j1Eo4xIyl_zO4t9NQJUMYBj2r0zCyGy4lmrG1tDINZepBy4psvy9Uc3KAOmt6n17dQjzXa_GLTUvgFdvT4OYKe71QpnUJb4H9OCaKYNEW6PWYXpvXhKSUmKssIgpHRC4PbuLnI7w8syjd7SrooDEg"}'
[Fri May 9 21:24:27 UTC 2025] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Fri May 9 21:24:27 UTC 2025] Use _CACHED_NONCE='NUDoTsQw_4Nc9sWC4tDQ3unNmteR47ql3iaEJh7Q4HGhbNCaESo'
[Fri May 9 21:24:27 UTC 2025] nonce='NUDoTsQw_4Nc9sWC4tDQ3unNmteR47ql3iaEJh7Q4HGhbNCaESo'
[Fri May 9 21:24:27 UTC 2025] POST
[Fri May 9 21:24:27 UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/finalize/1582474947/382477046777'
[Fri May 9 21:24:27 UTC 2025] body='{"protected": "eyJub25jZSI6ICJOVURvVHNRd180TmM5c1dDNHREUTN1bk5tdGVSNDdxbDNpYUVKaDdRNEhHaGJOQ2FFU28iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2ZpbmFsaXplLzE1ODI0NzQ5NDcvMzgyNDc3MDQ2Nzc3IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTgyNDc0OTQ3In0", "payload": "eyJjc3IiOiAiTUlJQ3pUQ0NBYlVDQVFBd0hERWFNQmdHQTFVRUF3d1JiRzluYVc0dVlXeDFiWE4xYlM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEa1pKOGp4SXFLYnE5UWFrTUk5WEJQQlJWN3g2RDJtemRqYzJEdFBLc2NDQjA2S1B3X1ZhOXA3RWstaGE1VTZzVFJfWmEwNmxodmsyYkpJMzNtaGJwSjQxS2h2YlBlTWtfeUVidzM4c3pXQ1BwRVRhWGNORzhyUV9vZTJpQ2t2RjB2ZFNHaVFIY0tvVmxTb0RPZTZYb2ZxX1lzWnJFVFp0eC01dzRaYkJhV2N0eEFlaEN2Qm53TUdKazBVVVhEdjZhTnpOUkRtNjVQRUVTY19rZjJwYmZNVEtDWjlGcXNNYjhvdE9Pa0ZHSmhxOG9mMkMwUHRycEVJXzRQaEhjcS15ZnRQeGpCNDVFMXJWbVNZeEphUjZZNW1CWlRwY0VLT3M4cE82ai10SDVlbmdLMnFkVlJPR0J1Y1FCUHVVb3d3ZF9LUEx1aktaYm5EQnJIRjY4Q3plMHZBZ01CQUFHZ2JEQnFCZ2txaGtpRzl3MEJDUTR4WFRCYk1CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFjQmdOVkhSRUVGVEFUZ2hGc2IyZHBiaTVoYkhWdGMzVnRMbU52YlRBSkJnTlZIUk1FQWpBQU1CRUdDQ3NHQVFVRkJ3RVlCQVV3QXdJQkJUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFPVkswT0wwd2l4clpaQ2ZRQUN1T2lES0FCeF9wVmtWN29RUnlwMXl5U2pxNkszTERyN3N0QV9xTkJ3ZGlXeXBOQ3JPeU5jbGt2UXdrNldaTUQ4c0c2UFhQV21rTzVFb0FhcjhPdHhZeHZmbEUzeEdFZ0FWOXdRRExibThvQ2V6MGVLYWdwdktuUzJQcHYzaG5EdGkwcUZ3M05wUlZQb1RkZGhSOE00a3hWUUI4Y1hha3g2T2hkeDBaRFl1RzJ2ZnQzajFFbzR4SXlsX3pPNHQ5TlFKVU1ZQmoycjB6Q3lHeTRsbXJHMXRESU5aZXBCeTRwc3Z5OVVjM0tBT210Nm4xN2RRanpYYV9HTFRVdmdGZHZUNE9ZS2U3MVFwblVKYjRIOU9DYUtZTkVXNlBXWVhwdlhoS1NVbUtzc0lncEhSQzRQYnVMbkk3dzhzeWpkN1Nyb29ERWcifQ", "signature": "ceK5Em9UKGddyF6LS_YQAxPNCYjE2smzl7_pXcNqrfOL18HmKMckSMAlLu3HfGnueNstMp3bgTDxc3-i4rNMng"}'
[Fri May 9 21:24:27 UTC 2025] _postContentType='application/jose+json'
[Fri May 9 21:24:27 UTC 2025] Http already initialized.
[Fri May 9 21:24:27 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.Dsn4qLoJVi -g '
[Fri May 9 21:24:27 UTC 2025] _ret='0'
[Fri May 9 21:24:27 UTC 2025] responseHeaders='HTTP/2 403
server: nginx
date: Fri, 09 May 2025 21:24:27 GMT
content-type: application/problem+json
content-length: 215
boulder-requester: 1582474947
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: yPpvzgaDjV-uvG7vZ14jZjyIvgMfvelTC0ZTPbwt6MSZavDgXe8
'
[Fri May 9 21:24:27 UTC 2025] code='403'
[Fri May 9 21:24:27 UTC 2025] original='{
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"status": 403
}'
[Fri May 9 21:24:27 UTC 2025] response='{
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"status": 403
}'
[Fri May 9 21:24:27 UTC 2025] Sign failed, finalize code is not 200.
[Fri May 9 21:24:27 UTC 2025] {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Error finalizing order :: OCSP must-staple extension is no longer available: see https://letsencrypt.org/2024/12/05/ending-ocsp",
"status": 403
}
[Fri May 9 21:24:27 UTC 2025] _on_issue_err
[Fri May 9 21:24:27 UTC 2025] Please add '--debug' or '--log' to check more details.
[Fri May 9 21:24:27 UTC 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Fri May 9 21:24:27 UTC 2025] _chk_vlist
[Fri May 9 21:24:27 UTC 2025] 'no' does not contain 'dns'
[Fri May 9 21:24:27 UTC 2025] Diagnosis versions:
openssl:openssl
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.2 on Feb 2 2023 00:00:00
running on Linux version #1 SMP PREEMPT_DYNAMIC Wed Jan 31 01:01:59 UTC 2024, release 6.1.75-99.163.amzn2023.x86_64, machine x86_64
features:
#define WITH_STDIO 1
#define WITH_FDNUM 1
#define WITH_FILE 1
#define WITH_CREAT 1
#define WITH_GOPEN 1
#define WITH_TERMIOS 1
#define WITH_PIPE 1
#define WITH_UNIX 1
#define WITH_ABSTRACT_UNIXSOCKET 1
#define WITH_IP4 1
#define WITH_IP6 1
#define WITH_RAWIP 1
#define WITH_GENERICSOCKET 1
#define WITH_INTERFACE 1
#define WITH_TCP 1
#define WITH_UDP 1
#define WITH_SCTP 1
#define WITH_LISTEN 1
#define WITH_SOCKS4 1
#define WITH_SOCKS4A 1
#define WITH_VSOCK 1
#define WITH_PROXY 1
#define WITH_SYSTEM 1
#define WITH_EXEC 1
#define WITH_READLINE 1
#define WITH_TUN 1
#define WITH_PTY 1
#define WITH_OPENSSL 1
#undef WITH_FIPS
#undef WITH_LIBWRAP
#define WITH_SYCLS 1
#define WITH_FILAN 1
#define WITH_RETRY 1
#define WITH_MSGLEVEL 0 /debug/``

[badblad]

This was on Friday evening. The same issue under 3.0.8 testerday

[Neilpang]

please upgrade to the latest version, it should be already fixed.

[badblad]

thank you