Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CURL Info: SSL certificate problem: unable to get local issuer certificate #6256

Open
boku42 opened this issue Mar 1, 2025 · 2 comments
Open

CURL Info: SSL certificate problem: unable to get local issuer certificate #6256

boku42 opened this issue Mar 1, 2025 · 2 comments

Comments

@boku42
Copy link

boku42 commented Mar 1, 2025

Dear all
I have been struggling with this for some time now and don't know where else to get help from.

My setup:

  • OPNsense 25.1.2
  • os-acme-client 4.9
  • 2 identical Synology NAS DSM 7.2.2-72806 Update 3 in different VLANs

The certificates are issued and renewed but the automation for 1 of these 2 NAS fails. Both certificates are lets encrypt certificates but they use different CA (R10 and R11). I can see both CAs in OPNsense under System/Trust/Authorities (don't know if that is relevant). I have several certificates referring to each of these CAs that seem to work well.

I already had this issue with the Synology self-signed certificate and then manually uploaded the LE certificate. Now, it has become invalid. When searching for this CURL issue, I can see that people are suggesting to disable host and peer verification.

<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 68789 - [meta sequenceId="1"] [Sat Mar 1 12:13:08 CET 2025] ACCOUNT_CONF_PATH='/var/etc/acme-client/home/account.conf'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 70204 - [meta sequenceId="2"] [Sat Mar 1 12:13:08 CET 2025] logger exists=0
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 72898 - [meta sequenceId="3"] [Sat Mar 1 12:13:08 CET 2025] OK
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 75895 - [meta sequenceId="4"] [Sat Mar 1 12:13:08 CET 2025] 2:SYS_LOG='9'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 77556 - [meta sequenceId="5"] [Sat Mar 1 12:13:08 CET 2025] LE_WORKING_DIR='/var/etc/acme-client/home'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 78572 - [meta sequenceId="6"] [Sat Mar 1 12:13:08 CET 2025] Using server: https://acme-v02.api.letsencrypt.org/directory
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 80520 - [meta sequenceId="7"] [Sat Mar 1 12:13:08 CET 2025] Running cmd: deploy
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 82728 - [meta sequenceId="8"] [Sat Mar 1 12:13:08 CET 2025] Using config home: /var/etc/acme-client/home
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 85011 - [meta sequenceId="9"] [Sat Mar 1 12:13:08 CET 2025] ACCOUNT_CONF_PATH='/var/etc/acme-client/home/account.conf'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 86686 - [meta sequenceId="10"] [Sat Mar 1 12:13:08 CET 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 88561 - [meta sequenceId="11"] [Sat Mar 1 12:13:08 CET 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 90637 - [meta sequenceId="12"] [Sat Mar 1 12:13:08 CET 2025] _ACME_SERVER_PATH='directory'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 92776 - [meta sequenceId="13"] [Sat Mar 1 12:13:08 CET 2025] CA_CONF='/var/etc/acme-client/home/ca/acme-v02.api.letsencrypt.org/directory/ca.conf'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 93788 - [meta sequenceId="14"] [Sat Mar 1 12:13:08 CET 2025] DOMAIN_PATH='/var/etc/acme-client/cert-home/674ae3bab48154.66512749/<my_internal_NAS_hostname>.<my_publlic_domain>.'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 95718 - [meta sequenceId="15"] [Sat Mar 1 12:13:08 CET 2025] DOMAIN_CONF='/var/etc/acme-client/cert-home/674ae3bab48154.66512749/<my_internal_NAS_hostname>.<my_publlic_domain>./<my_internal_NAS_hostname>.<my_publlic_domain>..conf'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 98404 - [meta sequenceId="16"] [Sat Mar 1 12:13:08 CET 2025] OK
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 1541 - [meta sequenceId="17"] [Sat Mar 1 12:13:08 CET 2025] 25:Le_DeployHook='synology_dsm,'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 3152 - [meta sequenceId="18"] [Sat Mar 1 12:13:08 CET 2025] _deployApi='/usr/local/share/examples/acme.sh/deploy/synology_dsm.sh'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 5406 - [meta sequenceId="19"] [Sat Mar 1 12:13:08 CET 2025] synology_dsm_deploy exists=0
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 7023 - [meta sequenceId="20"] [Sat Mar 1 12:13:08 CET 2025] _cdomain='<my_internal_NAS_hostname>.<my_publlic_domain>.'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 27130 - [meta sequenceId="21"] [Sat Mar 1 12:13:08 CET 2025] SYNO_USE_TEMP_ADMIN
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 29425 - [meta sequenceId="22"] [Sat Mar 1 12:13:08 CET 2025] SYNO_USERNAME='<my_internal_OPNsense_hostname>sense'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 31747 - [meta sequenceId="23"] [Sat Mar 1 12:13:08 CET 2025] SYNO_PASSWORD='[hidden](please add '--output-insecure' to see this value)'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 32960 - [meta sequenceId="24"] [Sat Mar 1 12:13:08 CET 2025] SYNO_DEVICE_NAME
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 34322 - [meta sequenceId="25"] [Sat Mar 1 12:13:08 CET 2025] SYNO_DEVICE_ID='[hidden](please add '--output-insecure' to see this value)'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 48784 - [meta sequenceId="26"] [Sat Mar 1 12:13:08 CET 2025] OK
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 51766 - [meta sequenceId="27"] [Sat Mar 1 12:13:08 CET 2025] 28:SAVED_SYNO_SCHEME='https'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 54491 - [meta sequenceId="28"] [Sat Mar 1 12:13:08 CET 2025] OK
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 58544 - [meta sequenceId="29"] [Sat Mar 1 12:13:08 CET 2025] 29:SAVED_SYNO_HOSTNAME='<my_internal_NAS_hostname>.<my_publlic_domain>.'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 61072 - [meta sequenceId="30"] [Sat Mar 1 12:13:08 CET 2025] OK
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 64528 - [meta sequenceId="31"] [Sat Mar 1 12:13:08 CET 2025] 30:SAVED_SYNO_PORT='5001'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 66981 - [meta sequenceId="32"] [Sat Mar 1 12:13:08 CET 2025] SYNO_SCHEME='https'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 68447 - [meta sequenceId="33"] [Sat Mar 1 12:13:08 CET 2025] SYNO_HOSTNAME='<my_internal_NAS_hostname>.<my_publlic_domain>.'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 70051 - [meta sequenceId="34"] [Sat Mar 1 12:13:08 CET 2025] SYNO_PORT='5001'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 75789 - [meta sequenceId="35"] [Sat Mar 1 12:13:08 CET 2025] SYNO_CERTIFICATE='<my_internal_OPNsense_hostname>sense ACME cert 674ae3bab48154.66512749'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 78187 - [meta sequenceId="36"] [Sat Mar 1 12:13:08 CET 2025] Getting API version...
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 79380 - [meta sequenceId="37"] [Sat Mar 1 12:13:08 CET 2025] _base_url='https://<my_internal_NAS_hostname>.<my_publlic_domain>.:5001'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 81672 - [meta sequenceId="38"] [Sat Mar 1 12:13:08 CET 2025] GET
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 83331 - [meta sequenceId="39"] [Sat Mar 1 12:13:08 CET 2025] url='https://<my_internal_NAS_hostname>.<my_publlic_domain>.:5001/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 85222 - [meta sequenceId="40"] [Sat Mar 1 12:13:08 CET 2025] timeout=
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 86560 - [meta sequenceId="41"] [Sat Mar 1 12:13:08 CET 2025] curl exists=0
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 88473 - [meta sequenceId="42"] [Sat Mar 1 12:13:08 CET 2025] mktemp exists=0
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 92224 - [meta sequenceId="43"] [Sat Mar 1 12:13:08 CET 2025] wget exists=127
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 94047 - [meta sequenceId="44"] [Sat Mar 1 12:13:08 CET 2025] CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.37iyRYfwBV -g '
<11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 96409 - [meta sequenceId="45"] [Sat Mar 1 12:13:08 CET 2025] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
<11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 98129 - [meta sequenceId="46"] [Sat Mar 1 12:13:08 CET 2025] Here is the curl dump log:
<11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 99652 - [meta sequenceId="47"] [Sat Mar 1 12:13:08 CET 2025] == Info: Host <my_internal_NAS_hostname>.<my_publlic_domain>.:5001 was resolved.
== Info: IPv6: (none)
== Info: IPv4: <my_internal_NAS_IP>
== Info: Trying <my_internal_NAS_IP>:5001...
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: ......mz..a...7.lK..q.j...Q.8......p1 .jEBH.b.5.)..G..w.......%
0040: ./...vw.>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........<my_internal_NAS_hostname>.<my_publlic_domain>.............................
00c0: .............h2.http/1.1.........1......(......................
0100: ...................+............-.....3.&.$... .....!'......... 0140: v..%.....m....l................................................. 0180: ................................................................ 01c0: ................................................................ <= Recv SSL data, 5 bytes (0x5) 0000: ....z == Info: TLSv1.3 (IN), TLS handshake, Server hello (2): <= Recv SSL data, 122 bytes (0x7a) 0000: ...v..8...".....d.)..(SI<...{....T.u.. .jEBH.b.5.)..G..w.......% 0040: ./...vw......+.....3.$... 2.l..i..x.....?........!"...Ua.e <= Recv SSL data, 5 bytes (0x5) 0000: ..... <= Recv SSL data, 5 bytes (0x5) 0000: ....$ <= Recv SSL data, 1 bytes (0x1) 0000: . == Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): <= Recv SSL data, 19 bytes (0x13) 0000: .................h2 <= Recv SSL data, 5 bytes (0x5) 0000: ..... <= Recv SSL data, 1 bytes (0x1) 0000: . == Info: TLSv1.3 (IN), TLS handshake, Certificate (11): <= Recv SSL data, 1536 bytes (0x600) 0000: ...........0...0................K......D..on0...*.H........031.0 0040: ...U....US1.0...U....Let's Encrypt1.0...U....R110...241130091347 0080: Z..250228091346Z0.1.0...U....<my_internal_NAS_hostname>.<my_publlic_domain>.<tld>0.."0...*.H........ 00c0: .....0..........y...lx.Ga4.,Y........{bo...{...G.....M....%.4... 0100: w............[)...;.....b.O>...L....{5s.cZy..F.~w"......9...cDw. 0140: ...O{."c.....qG..G...pU.E(..x...f... .:.b.../..T..b...r.Ne'..... 0180: . <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 1132 - [meta sequenceId="48"] [Sat Mar 1 12:13:08 CET 2025] ret='60' <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 5377 - [meta sequenceId="49"] [Sat Mar 1 12:13:08 CET 2025] response <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 7309 - [meta sequenceId="50"] [Sat Mar 1 12:13:08 CET 2025] api_path <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 8928 - [meta sequenceId="51"] [Sat Mar 1 12:13:08 CET 2025] api_version <14>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 10630 - [meta sequenceId="52"] [Sat Mar 1 12:13:08 CET 2025] Logging into <my_internal_NAS_hostname>.<my_publlic_domain>.<tld>:5001... <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 13096 - [meta sequenceId="53"] [Sat Mar 1 12:13:08 CET 2025] od exists=0 <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 16409 - [meta sequenceId="54"] [Sat Mar 1 12:13:08 CET 2025] _url_encode <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 17365 - [meta sequenceId="55"] [Sat Mar 1 12:13:08 CET 2025] _hex_str=' 6f 70 6e 73 65 6e 73 65' <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 20681 - [meta sequenceId="56"] [Sat Mar 1 12:13:08 CET 2025] od exists=0 <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 23320 - [meta sequenceId="57"] [Sat Mar 1 12:13:08 CET 2025] _url_encode <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 24997 - [meta sequenceId="58"] [Sat Mar 1 12:13:08 CET 2025] _hex_str=' 57 26 6f 66 66 52 6d 6a 55 21 38 32 2a 71 61 45 34 6a 70 68' <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 27202 - [meta sequenceId="59"] [Sat Mar 1 12:13:08 CET 2025] GET <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 29106 - [meta sequenceId="60"] [Sat Mar 1 12:13:08 CET 2025] url='https://<my_internal_NAS_hostname>.<my_publlic_domain>.<tld>:5001/webapi/?api=SYNO.API.Auth&version=&method=login&format=sid&account=<my_internal_OPNsense_hostname>sense&passwd=W%26offRmjU%2182%2aqaE4jph&enable_syno_token=yes' <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 30790 - [meta sequenceId="61"] [Sat Mar 1 12:13:08 CET 2025] timeout= <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 32509 - [meta sequenceId="62"] [Sat Mar 1 12:13:08 CET 2025] curl exists=0 <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 33896 - [meta sequenceId="63"] [Sat Mar 1 12:13:08 CET 2025] mktemp exists=0 <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 37802 - [meta sequenceId="64"] [Sat Mar 1 12:13:08 CET 2025] wget exists=127 <15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 38966 - [meta sequenceId="65"] [Sat Mar 1 12:13:08 CET 2025] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L --trace-ascii /tmp/tmp.xqJjm9COL2 -g ' <11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 39838 - [meta sequenceId="66"] [Sat Mar 1 12:13:08 CET 2025] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60 <11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 41833 - [meta sequenceId="67"] [Sat Mar 1 12:13:08 CET 2025] Here is the curl dump log: <11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>.<tld> acme.sh 43139 - [meta sequenceId="68"] [Sat Mar 1 12:13:08 CET 2025] == Info: Host <my_internal_NAS_hostname>.<my_publlic_domain>.<tld>:5001 was resolved. == Info: IPv6: (none) == Info: IPv4: <my_internal_NAS_IP> == Info: Trying <my_internal_NAS_IP>:5001... == Info: ALPN: curl offers h2,http/1.1 => Send SSL data, 5 bytes (0x5) 0000: ..... == Info: TLSv1.3 (OUT), TLS handshake, Client hello (1): => Send SSL data, 512 bytes (0x200) 0000: ...........Pi[....[.4S...|z.....B...*. ....p{dWo...!.O...p....J. 0040: gy....y.>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=. 0080: <.5./.....u.........<my_internal_NAS_hostname>.<my_publlic_domain>.<tld>............................ 00c0: .............h2.http/1.1.........1.....*.(...................... 0100: ...................+............-.....3.&.$... c....W..<elO....L 0140: .9L....aGA..c].................................................
0180: ................................................................
01c0: ................................................................
<= Recv SSL data, 5 bytes (0x5)
0000: ....z
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 122 bytes (0x7a)
0000: ...v....Z....0/99......aKK.......H.<)U ....p{dWo...!.O...p....J.
0040: gy....y......+.....3.$... .[.c....s.Y.Q.r...........BEz.uz
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: ....$
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
<= Recv SSL data, 19 bytes (0x13)
0000: .................h2
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 1536 bytes (0x600)
0000: ...........0...0................K......D..on0....H........031.0
0040: ...U....US1.0...U....Let's Encrypt1.0...U....R110...241130091347
0080: Z..250228091346Z0.1.0...U....<my_internal_NAS_hostname>.<my_publlic_domain>.0.."0...*.H........
00c0: .....0..........y...lx.Ga4.,Y........{bo...{...G.....M....%.4...
0100: w............[)...;.....b.O>...L....{5s.cZy..F.~w"......9...cDw.
0140: ...O{."c.....qG..G...pU.E(..x...f... .:.b.../..T..b...r.Ne'.....
0180: .
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 44137 - [meta sequenceId="69"] [Sat Mar 1 12:13:08 CET 2025] ret='60'
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 46125 - [meta sequenceId="70"] [Sat Mar 1 12:13:08 CET 2025] response
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 48752 - [meta sequenceId="71"] [Sat Mar 1 12:13:08 CET 2025] error_code
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 51882 - [meta sequenceId="72"] [Sat Mar 1 12:13:08 CET 2025] Session ID
<15>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 53496 - [meta sequenceId="73"] [Sat Mar 1 12:13:08 CET 2025] SynoToken
<11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 54794 - [meta sequenceId="74"] [Sat Mar 1 12:13:08 CET 2025] Unable to authenticate to https://<my_internal_NAS_hostname>.<my_publlic_domain>.:5001, you may report this by providing full log with '--debug 3'.
<11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 56256 - [meta sequenceId="75"] [Sat Mar 1 12:13:08 CET 2025] Error deploying for domain: <my_internal_NAS_hostname>.<my_publlic_domain>.
<11>1 2025-03-01T12:13:08+01:00 <my_internal_OPNsense_hostname>.<my_publlic_domain>. acme.sh 57890 - [meta sequenceId="76"] [Sat Mar 1 12:13:08 CET 2025] Error encountered while deploying.

The CURL dump mentioned in the log shows this:

== Info: Host <my_internal_NAS_hostname>.<my_publlic_domain>.:5001 was resolved.
== Info: IPv6: (none)
== Info: IPv4: <my_internal_NAS_IP>
== Info: Trying <my_internal_NAS_IP>:5001...
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: ...........Pi[....[.4S...|z.....B.... ....p{dWo...!.O...p....J.
0040: gy....y.>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........<my_internal_NAS_hostname>.<my_publlic_domain>.............................
00c0: .............h2.http/1.1.........1......(......................
0100: ...................+............-.....3.&.$... c....W..<elO....L
0140: .9L....aGA..c]................................................. 0180: ................................................................ 01c0: ................................................................ <= Recv SSL data, 5 bytes (0x5) 0000: ....z == Info: TLSv1.3 (IN), TLS handshake, Server hello (2): <= Recv SSL data, 122 bytes (0x7a) 0000: ...v....Z....0/99......aKK.......H.<)U ....p{dWo...!.O...p....J. 0040: gy....y......+.....3.$... .[.c....s.Y.Q.r...........BEz.uz <= Recv SSL data, 5 bytes (0x5) 0000: ..... <= Recv SSL data, 5 bytes (0x5) 0000: ....$ <= Recv SSL data, 1 bytes (0x1) 0000: . == Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): <= Recv SSL data, 19 bytes (0x13) 0000: .................h2 <= Recv SSL data, 5 bytes (0x5) 0000: ..... <= Recv SSL data, 1 bytes (0x1) 0000: . == Info: TLSv1.3 (IN), TLS handshake, Certificate (11): <= Recv SSL data, 1536 bytes (0x600) 0000: ...........0...0................K......D..on0...*.H........031.0 0040: ...U....US1.0...U....Let's Encrypt1.0...U....R110...241130091347 0080: Z..250228091346Z0.1.0...U....<my_internal_NAS_hostname>.<my_publlic_domain>.<tld>0.."0...*.H........ 00c0: .....0..........y...lx.Ga4.,Y........{bo...{...G.....M....%.4... 0100: w............[)...;.....b.O>...L....{5s.cZy..F.~w"......9...cDw. 0140: ...O{."c.....qG..G...pU.E(..x...f... .:.b.../..T..b...r.Ne'..... 0180: ..r<...-.^@.G.=...N.%.".XC.a.../..<w..]<I..#.=J[......J=9h....
01c0: .g.....b.o7.+...b.v. ..E/......ajMVk...,6......1m..7........... 0200: ..)...........y...?..(h{d...C.........$4<..V.l.F.xD...~.:....... 0240: ....2.w.h.....r..q....3;t.....bd..1#.;........../...K.CoJl..M.G. 0280: ....97......#.......g.x...'....!=x..d..e,......=...,d.n.(b....*. 02c0: [email protected].%..0...+....... 0300: ..+.......0...U.......0.0...U.......u..S.y.Y.\.l.;..|0...U.#..
0340: 0.....F.....zl..-.^./&..0W..+........K0I0"..+.....0...http://r11
0380: .o.lencr.org0#..+.....0...http://r11.i.lencr.org/0...U....0...s0
03c0: 03.<my_publlic_domain>.0...U. ..0.0...g.....0.....+.....y............u.}Y
0400: ...x*{.ag|^......N..../....y.....|........F0D. .;Z-t..i%.buuL.
0440: ...dCI.....6t.).. ..$....&F...&!....M....tiK.e. .6.v.....E....~8
0480: .GgwS..[...+^.,..P.G.....|........G0E. jb.y.B...B.v2.A}...4J..I
04c0: )#.-..?.!.....5..&.....j$0{8.?'.E.o/...}X.0....H..............x
0500: ...5.....;....t;.......nVu.....!9...D...-y....FV..|.:..6..)...
0540: [E.M.'.p.W.8KA..E>.N.../..}.../.'..j.sj[b4...i.Ce{...B....t....Y
0580: .\7.K..r...c...X...m...............Y;3T...6..$.h.v;.1...o.k...2.
05c0: ....V.lS^..K.5...u......UfU.s....mF..R5t.J.......^UL.....]..kq..
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS alert, unknown CA (560):
=> Send SSL data, 2 bytes (0x2)
0000: .0
== Info: SSL certificate problem: unable to get local issuer certificate
== Info: closing connection #0
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 1, 2025

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

@boku42
Copy link
Author

boku42 commented Mar 1, 2025

I thought I added debug 3 output?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@boku42