Some questions about ACME challenge dns-01

Thu, 20 Nov 2025 19:43:47 -0800 

Hi.

I try to use the ACME dns-01 feature and I'm not sure what I'm doing wrong.

Let me explain what I do and where I'm got stuck.

My Steps.

* git pull from git.haproxy.org
* make TARGET=linux-glibc USE_OPENSSL=1 USE_PCRE2=1 USE_ZLIB=1 DEBUG=-DDEBUG_FULL USE_PCRE2_JIT=1 
* ./haproxy -W -d -f ../haproxy_acme.cfg #terminal 1
* add dns entry as shown in term 1
```
acme: none.at.pem: dns-01 requires to set the "_acme-challenge.none.at" TXT record to "jr7eGbpPeNcVHlbpwRM0MeqNZvXYhH351mrUw1EMCuk" and use the "acme challenge_ready none.at.pem domain none.at" command over the CLI 
```

* Wait until the dns server shows the `_acme-challenge.none.at`
```
dig @ns1.desec.io +short _acme-challenge.none.at txt
"jr7eGbpPeNcVHlbpwRM0MeqNZvXYhH351mrUw1EMCuk"
```
* Run the ready line
```
alex@alex-tuxedoinfinitybooks1517gen7 on 21/11/2025 at 04:31:07_CET /datadisk/git-repos/haproxy $ 
# echo "acme challenge_ready none.at.pem domain none.at" | socat - 
/tmp/hap-stats
Challenge Ready!
```

* check the status
```
alex@alex-tuxedoinfinitybooks1517gen7 on 21/11/2025 at 04:37:47_CET /datadisk/git-repos/haproxy $ 
# echo "acme status" | socat - /tmp/hap-stats
# certificate section state expiration date (UTC) expires in scheduled date (UTC) scheduled in 
none.at.pem     DNS1    Running 2025-11-20T03:29:02Z    0d 0h00m00s     -       
-
```

and that's it.
The `Running` state isn't changed.

What's my mistake?


```
# File: haproxy_acme.cfg

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
  expose-experimental-directives
  log stdout format raw daemon debug
  stats socket /tmp/hap-stats mode 660 level admin expose-fd listeners

defaults
  mode                    http
  balance                 leastconn
  log                     global
  option                  httplog
  option                  dontlognull
  option                  log-health-checks
  option                  forwardfor       except 10.196.106.108/32
  option                  redispatch
  retries                 3
  timeout http-request    10s
  timeout queue           1m
  timeout connect         10s
  timeout client          1m
  timeout server          1m
  timeout http-keep-alive 10s
  timeout check           10s

crt-store
    load crt "none.at.pem" acme DNS1 domains "*.none.at,none.at"

frontend in
    bind *:8080
    bind *:8443 ssl
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].%[path,field(-1,/),map(virt@acme)]\n" if { path_beg '/.well-known/acme-challenge/' } 
    ssl-f-use crt "none.at.pem"

listen stats
  bind *:1936
  monitor-uri /healthz
  #http-request use-service prometheus-exporter if { path /metrics }
  stats enable
  stats uri /

acme DNS1
    directory https://acme-staging-v02.api.letsencrypt.org/directory
    #directory https://acme-v02.api.letsencrypt.org/directory
    #account-key /etc/haproxy/letsencrypt.account.key
    contact [email protected]
    challenge dns-01
    keytype RSA
    bits 2048
    map virt@acme
```

Here the HAP output on stdout.

```
alex@alex-tuxedoinfinitybooks1517gen7 on 21/11/2025 at 04:28:02_CET /datadisk/git-repos/haproxy $ 
# ./haproxy -W -d -f ../haproxy_acme.cfg
[NOTICE]   (80919) : Initializing new worker (80921)
[NOTICE] (80921) : config : No certificate available for 'none.at.pem', generating a temporary key pair before getting the ACME certificate 
Using epoll() as the polling mechanism.
[NOTICE] (80921) : config : acme: generate account key 'DNS1.account.key' for acme section 'DNS1'. 
Sharing caphdr with caphdr
Sharing caphdr with caphdr
Sharing ptrcap with ptrcap
Sharing ptrcap with ptrcap
[NOTICE]   (80921) : Automatically setting global.maxconn to 524263.
Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result FAILED
Total: 3 (2 usable), will use epoll.

Available filters :
        [BWLIM] bwlim-in
        [BWLIM] bwlim-out
        [CACHE] cache
        [COMP] compression
        [FCGI] fcgi-app
        [SPOE] spoe
        [TRACE] trace
Using epoll() as the polling mechanism.
Sharing stk_ctr with caphdr
00000000:MASTER.accept(0004)=0007 from [unix:1] ALPN=<none>
[NOTICE]   (80919) : Loading success.
00000000:MASTER.srvcls[0007:ffff]
00000001:MASTER.clicls[0007:ffff]
00000001:MASTER.closed[0007:ffff]

WARNING! thread 1 has stopped processing traffic for 201 milliseconds
    with 0 streams currently blocked, prevented from making any progress.
    While this may occasionally happen with inefficient configurations
    involving excess of regular expressions, map_reg, or heavy Lua processing,
    this must remain exceptional because the system's stability is now at risk.
    Timers in logs may be reported incorrectly, spurious timeouts may happen,
    some incoming connections may silently be dropped, health checks may
    randomly fail, and accesses to the CLI may block the whole process. The
    blocking delay before emitting this warning may be adjusted via the global
    'warn-blocked-traffic-after' directive. Please check the trace below for
    any clues about configuration elements that need to be corrected:

* Thread 1 : id=0x73b3ccf42d00 act=1 glob=0 wq=0 rq=0 tl=1 tlsz=1 rqsz=1
      1/1    loops=0 ctxsw=7 stuck=0 prof=0 harmless=0 isolated=0 locks=1
             cpu_ns: poll=600395551 now=802318248 diff=201922697
             curr_task=0x6464dfa397c0 (task) calls=1 last=0
               fct=0x6464a1fc6fa0(ssl_async_fd_handler+0x3ecb0) 
ctx=0x73b3cc803b20
lock_hist: S:PROTO U:PROTO W:PATEXP U:PATEXP S:PROTO U:PROTO S:CKCH locked: CKCH(S) 
             call trace(28):
| 0x6464a2117834 <00 00 00 e8 cc 08 e6 ff]: ha_dump_backtrace+0x84/0x40d > main-0x8b0 | 0x6464a211abf6 <48 89 df e8 2a f4 ff ff]: ha_stuck_warning+0xf6/0x160 > ha_thread_dump_one | 0x6464a2237594 <00 00 00 e8 6c 35 ee ff]: wdt_handler+0x1e4/0x297 > ha_stuck_warning 
             | 0x73b3cc645330 <00 00 00 00 0f 1f 40 00]: libc:+0x45330
             | 0x73b3ccb1aa24 <f6 e8 f3 4d 0f 38 f6 f7]: libcrypto:+0x11aa24
| 0x73b3ccb1a187 <09 00 00 e8 59 00 00 00]: libcrypto:+0x11a187 > libcrypto:+0x11a1e0 | 0x73b3ccafdef0 <48 89 fe e8 10 ae 01 00]: libcrypto:+0xfdef0 > libcrypto:+0x118d00 | 0x73b3ccafcd15 <83 ec 08 e8 3b 08 00 00]: libcrypto:BN_mod_exp_mont_consttime+0x15/0x3a > libcrypto:+0xfd550 | 0x73b3ccb08cda <4c 89 ef e8 66 40 ff ff]: libcrypto:+0x108cda > libcrypto:BN_mod_exp_mont | 0x73b3ccb08fca <ff ff ff e8 56 fa ff ff]: libcrypto:+0x108fca > libcrypto:+0x108a20 | 0x73b3ccb0b3d2 <4c 89 ef e8 be e7 ff ff]: libcrypto:+0x10b3d2 > libcrypto:BN_check_prime | 0x73b3ccb0b697 <89 5d a0 e8 e9 f9 ff ff]: libcrypto:+0x10b697 > libcrypto:+0x10b080 | 0x73b3ccd204cd <54 6a 00 e8 d3 af de ff]: libcrypto:+0x3204cd > libcrypto:+0x10b4a0 | 0x73b3ccd20c1c <4c 89 ff e8 84 f7 ff ff]: libcrypto:+0x320c1c > libcrypto:+0x3203a0 | 0x73b3ccdcdcbd <8b 73 18 e8 b3 63 f4 ff]: libcrypto:+0x3cdcbd > libcrypto:RSA_generate_multi_prime_key | 0x73b3ccc03e28 <83 ec 08 e8 f8 0b 00 00]: libcrypto:+0x203e28 > libcrypto:+0x204a20 | 0x73b3ccc0f5fa <fd ff ff e8 06 48 ff ff]: libcrypto:EVP_PKEY_generate+0x12a/0x2cf > libcrypto:+0x203e00 | 0x6464a1fbdf72 <48 89 df e8 ce 9c fb ff]: ssl_async_fd_handler+0x35c82 > main-0xd70 | 0x6464a1fc6dfa <8b 4d c8 e8 06 71 ff ff]: ssl_async_fd_handler+0x3eb0a > ssl_async_fd_handler+0x35c10 | 0x6464a1fc722d <48 89 df e8 43 f6 ff ff]: ssl_async_fd_handler+0x3ef3d > ssl_async_fd_handler+0x3e580 
 => Trying to gracefully recover now (pid 80921).

WARNING! thread 1 has stopped processing traffic for 304 milliseconds
    with 0 streams currently blocked, prevented from making any progress.
    While this may occasionally happen with inefficient configurations
    involving excess of regular expressions, map_reg, or heavy Lua processing,
    this must remain exceptional because the system's stability is now at risk.
    Timers in logs may be reported incorrectly, spurious timeouts may happen,
    some incoming connections may silently be dropped, health checks may
    randomly fail, and accesses to the CLI may block the whole process. The
    blocking delay before emitting this warning may be adjusted via the global
    'warn-blocked-traffic-after' directive. Please check the trace below for
    any clues about configuration elements that need to be corrected:

* Thread 1 : id=0x73b3ccf42d00 act=1 glob=0 wq=0 rq=0 tl=1 tlsz=1 rqsz=1
      1/1    loops=0 ctxsw=7 stuck=0 prof=0 harmless=0 isolated=0 locks=1
             cpu_ns: poll=600395551 now=905301127 diff=304905576
             curr_task=0x6464dfa397c0 (task) calls=1 last=0
               fct=0x6464a1fc6fa0(ssl_async_fd_handler+0x3ecb0) 
ctx=0x73b3cc803b20
lock_hist: S:PROTO U:PROTO W:PATEXP U:PATEXP S:PROTO U:PROTO S:CKCH locked: CKCH(S) 
             call trace(24):
| 0x6464a2117834 <00 00 00 e8 cc 08 e6 ff]: ha_dump_backtrace+0x84/0x40d > main-0x8b0 | 0x6464a211abf6 <48 89 df e8 2a f4 ff ff]: ha_stuck_warning+0xf6/0x160 > ha_thread_dump_one | 0x6464a2237594 <00 00 00 e8 6c 35 ee ff]: wdt_handler+0x1e4/0x297 > ha_stuck_warning 
             | 0x73b3cc645330 <00 00 00 00 0f 1f 40 00]: libc:+0x45330
| 0x73b3ccb0ba08 <4c 89 ef e8 28 82 ff ff]: libcrypto:BN_rshift1+0xf8/0xfa > libcrypto:BN_zero_ex | 0x73b3ccb00c3b <4c 89 cf e8 d5 ac 00 00]: libcrypto:BN_gcd+0x24b/0x30d > libcrypto:BN_rshift1 | 0x73b3ccb0b3ab <4c 89 ff e8 45 56 ff ff]: libcrypto:+0x10b3ab > libcrypto:BN_gcd | 0x73b3ccb0b697 <89 5d a0 e8 e9 f9 ff ff]: libcrypto:+0x10b697 > libcrypto:+0x10b080 | 0x73b3ccd204cd <54 6a 00 e8 d3 af de ff]: libcrypto:+0x3204cd > libcrypto:+0x10b4a0 | 0x73b3ccd20c1c <4c 89 ff e8 84 f7 ff ff]: libcrypto:+0x320c1c > libcrypto:+0x3203a0 | 0x73b3ccdcdcbd <8b 73 18 e8 b3 63 f4 ff]: libcrypto:+0x3cdcbd > libcrypto:RSA_generate_multi_prime_key | 0x73b3ccc03e28 <83 ec 08 e8 f8 0b 00 00]: libcrypto:+0x203e28 > libcrypto:+0x204a20 | 0x73b3ccc0f5fa <fd ff ff e8 06 48 ff ff]: libcrypto:EVP_PKEY_generate+0x12a/0x2cf > libcrypto:+0x203e00 | 0x6464a1fbdf72 <48 89 df e8 ce 9c fb ff]: ssl_async_fd_handler+0x35c82 > main-0xd70 | 0x6464a1fc6dfa <8b 4d c8 e8 06 71 ff ff]: ssl_async_fd_handler+0x3eb0a > ssl_async_fd_handler+0x35c10 | 0x6464a1fc722d <48 89 df e8 43 f6 ff ff]: ssl_async_fd_handler+0x3ef3d > ssl_async_fd_handler+0x3e580 
 => Trying to gracefully recover now (pid 80921).

WARNING! thread 1 has stopped processing traffic for 407 milliseconds
    with 0 streams currently blocked, prevented from making any progress.
    While this may occasionally happen with inefficient configurations
    involving excess of regular expressions, map_reg, or heavy Lua processing,
    this must remain exceptional because the system's stability is now at risk.
    Timers in logs may be reported incorrectly, spurious timeouts may happen,
    some incoming connections may silently be dropped, health checks may
    randomly fail, and accesses to the CLI may block the whole process. The
    blocking delay before emitting this warning may be adjusted via the global
    'warn-blocked-traffic-after' directive. Please check the trace below for
    any clues about configuration elements that need to be corrected:

* Thread 1 : id=0x73b3ccf42d00 act=1 glob=0 wq=0 rq=0 tl=1 tlsz=1 rqsz=1
      1/1    loops=0 ctxsw=7 stuck=0 prof=0 harmless=0 isolated=0 locks=1
             cpu_ns: poll=600395551 now=1008297270 diff=407901719
             curr_task=0x6464dfa397c0 (task) calls=1 last=0
               fct=0x6464a1fc6fa0(ssl_async_fd_handler+0x3ecb0) 
ctx=0x73b3cc803b20
lock_hist: S:PROTO U:PROTO W:PATEXP U:PATEXP S:PROTO U:PROTO S:CKCH locked: CKCH(S) 
             call trace(24):
| 0x6464a2117834 <00 00 00 e8 cc 08 e6 ff]: ha_dump_backtrace+0x84/0x40d > main-0x8b0 | 0x6464a211abf6 <48 89 df e8 2a f4 ff ff]: ha_stuck_warning+0xf6/0x160 > ha_thread_dump_one | 0x6464a2237594 <00 00 00 e8 6c 35 ee ff]: wdt_handler+0x1e4/0x297 > ha_stuck_warning 
             | 0x73b3cc645330 <00 00 00 00 0f 1f 40 00]: libc:+0x45330
| 0x73b3ccb03b36 <fe 41 31 f0 44 89 40 10]: libcrypto:BN_consttime_swap+0x56/0xb9 | 0x73b3ccb00c99 <4c 89 ca e8 47 2e 00 00]: libcrypto:BN_gcd+0x2a9/0x30d > libcrypto:BN_consttime_swap | 0x73b3ccb0b3ab <4c 89 ff e8 45 56 ff ff]: libcrypto:+0x10b3ab > libcrypto:BN_gcd | 0x73b3ccb0b697 <89 5d a0 e8 e9 f9 ff ff]: libcrypto:+0x10b697 > libcrypto:+0x10b080 | 0x73b3ccd204cd <54 6a 00 e8 d3 af de ff]: libcrypto:+0x3204cd > libcrypto:+0x10b4a0 | 0x73b3ccd20c1c <4c 89 ff e8 84 f7 ff ff]: libcrypto:+0x320c1c > libcrypto:+0x3203a0 | 0x73b3ccdcdcbd <8b 73 18 e8 b3 63 f4 ff]: libcrypto:+0x3cdcbd > libcrypto:RSA_generate_multi_prime_key | 0x73b3ccc03e28 <83 ec 08 e8 f8 0b 00 00]: libcrypto:+0x203e28 > libcrypto:+0x204a20 | 0x73b3ccc0f5fa <fd ff ff e8 06 48 ff ff]: libcrypto:EVP_PKEY_generate+0x12a/0x2cf > libcrypto:+0x203e00 | 0x6464a1fbdf72 <48 89 df e8 ce 9c fb ff]: ssl_async_fd_handler+0x35c82 > main-0xd70 | 0x6464a1fc6dfa <8b 4d c8 e8 06 71 ff ff]: ssl_async_fd_handler+0x3eb0a > ssl_async_fd_handler+0x35c10 | 0x6464a1fc722d <48 89 df e8 43 f6 ff ff]: ssl_async_fd_handler+0x3ef3d > ssl_async_fd_handler+0x3e580 
 => Trying to gracefully recover now (pid 80921).

WARNING! thread 1 has stopped processing traffic for 510 milliseconds
    with 0 streams currently blocked, prevented from making any progress.
    While this may occasionally happen with inefficient configurations
    involving excess of regular expressions, map_reg, or heavy Lua processing,
    this must remain exceptional because the system's stability is now at risk.
    Timers in logs may be reported incorrectly, spurious timeouts may happen,
    some incoming connections may silently be dropped, health checks may
    randomly fail, and accesses to the CLI may block the whole process. The
    blocking delay before emitting this warning may be adjusted via the global
    'warn-blocked-traffic-after' directive. Please check the trace below for
    any clues about configuration elements that need to be corrected:

* Thread 1 : id=0x73b3ccf42d00 act=1 glob=0 wq=0 rq=0 tl=1 tlsz=1 rqsz=1
      1/1    loops=0 ctxsw=7 stuck=0 prof=0 harmless=0 isolated=0 locks=1
             cpu_ns: poll=600395551 now=1111291887 diff=510896336
             curr_task=0x6464dfa397c0 (task) calls=1 last=0
               fct=0x6464a1fc6fa0(ssl_async_fd_handler+0x3ecb0) 
ctx=0x73b3cc803b20
lock_hist: S:PROTO U:PROTO W:PATEXP U:PATEXP S:PROTO U:PROTO S:CKCH locked: CKCH(S) 
             call trace(24):
| 0x6464a2117834 <00 00 00 e8 cc 08 e6 ff]: ha_dump_backtrace+0x84/0x40d > main-0x8b0 | 0x6464a211abf6 <48 89 df e8 2a f4 ff ff]: ha_stuck_warning+0xf6/0x160 > ha_thread_dump_one | 0x6464a2237594 <00 00 00 e8 6c 35 ee ff]: wdt_handler+0x1e4/0x297 > ha_stuck_warning 
             | 0x73b3cc645330 <00 00 00 00 0f 1f 40 00]: libc:+0x45330
| 0x73b3ccb03b1c <fe 41 31 f0 44 89 40 08]: libcrypto:BN_consttime_swap+0x3c/0xb9 | 0x73b3ccb00c2c <83 e7 01 e8 b4 2e 00 00]: libcrypto:BN_gcd+0x23c/0x30d > libcrypto:BN_consttime_swap | 0x73b3ccb0b3ab <4c 89 ff e8 45 56 ff ff]: libcrypto:+0x10b3ab > libcrypto:BN_gcd | 0x73b3ccb0b697 <89 5d a0 e8 e9 f9 ff ff]: libcrypto:+0x10b697 > libcrypto:+0x10b080 | 0x73b3ccd204cd <54 6a 00 e8 d3 af de ff]: libcrypto:+0x3204cd > libcrypto:+0x10b4a0 | 0x73b3ccd20c1c <4c 89 ff e8 84 f7 ff ff]: libcrypto:+0x320c1c > libcrypto:+0x3203a0 | 0x73b3ccdcdcbd <8b 73 18 e8 b3 63 f4 ff]: libcrypto:+0x3cdcbd > libcrypto:RSA_generate_multi_prime_key | 0x73b3ccc03e28 <83 ec 08 e8 f8 0b 00 00]: libcrypto:+0x203e28 > libcrypto:+0x204a20 | 0x73b3ccc0f5fa <fd ff ff e8 06 48 ff ff]: libcrypto:EVP_PKEY_generate+0x12a/0x2cf > libcrypto:+0x203e00 | 0x6464a1fbdf72 <48 89 df e8 ce 9c fb ff]: ssl_async_fd_handler+0x35c82 > main-0xd70 | 0x6464a1fc6dfa <8b 4d c8 e8 06 71 ff ff]: ssl_async_fd_handler+0x3eb0a > ssl_async_fd_handler+0x35c10 | 0x6464a1fc722d <48 89 df e8 43 f6 ff ff]: ssl_async_fd_handler+0x3ef3d > ssl_async_fd_handler+0x3e580 
 => Trying to gracefully recover now (pid 80921).
acme: none.at.pem: Starting update of the certificate.
00000000:<ACME>.clireq[ffffffff:ffffffff]: GET https://acme-staging-v02.api.letsencrypt.org/directory HTTP/1.1 00000000:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000000:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000000:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000000:<ACME>.clireq[ffffffff:ffffffff]: GET https://acme-staging-v02.api.letsencrypt.org/directory HTTP/1.1 00000000:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000000:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000000:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000000:<ACME>.srvcls[ffff:0021]
00000000:<ACME>.srvrep[ffffffff:0021]: HTTP/2.0 200
00000000:<ACME>.srvhdr[ffffffff:0021]: server: nginx
00000000:<ACME>.srvhdr[ffffffff:0021]: date: Fri, 21 Nov 2025 03:29:04 GMT
00000000:<ACME>.srvhdr[ffffffff:0021]: content-type: application/json
00000000:<ACME>.srvhdr[ffffffff:0021]: content-length: 1137
00000000:<ACME>.srvhdr[ffffffff:0021]: cache-control: public, max-age=0, 
no-cache
00000000:<ACME>.srvhdr[ffffffff:0021]: x-frame-options: DENY
00000000:<ACME>.srvhdr[ffffffff:0021]: strict-transport-security: max-age=604800
00000000:<ACME>.clicls[ffff:0021]
00000000:<ACME>.closed[ffff:0021]
-:- [21/Nov/2025:04:29:03.091] <ACME> -/- 625/0/319/161/1103 200 152 - - ---- 0/0/0/0/0 0/0 {2606:4700:60:0:f41b:d4fe:4325:6026} "GET https://acme-staging-v02.api.letsencrypt.org/directory HTTP/1.1" 0/0000000000000000/-/-/0 -/-/- 00000001:<ACME>.clireq[ffffffff:ffffffff]: HEAD https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce HTTP/1.1 00000001:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000001:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000001:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000001:<ACME>.clireq[ffffffff:ffffffff]: HEAD https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce HTTP/1.1 00000001:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000001:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000001:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000001:<ACME>.srvcls[ffff:0021]
00000001:<ACME>.srvrep[ffffffff:0021]: HTTP/2.0 200
00000001:<ACME>.srvhdr[ffffffff:0021]: server: nginx
00000001:<ACME>.srvhdr[ffffffff:0021]: date: Fri, 21 Nov 2025 03:29:04 GMT
00000001:<ACME>.srvhdr[ffffffff:0021]: cache-control: public, max-age=0, 
no-cache
00000001:<ACME>.srvhdr[ffffffff:0021]: link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" 00000001:<ACME>.srvhdr[ffffffff:0021]: replay-nonce: K_WcMXRqwqURClDfFMLRn-mAncZWDJ04cOs0W8iAlTAKN_Gk6so 
00000001:<ACME>.srvhdr[ffffffff:0021]: x-frame-options: DENY
00000001:<ACME>.srvhdr[ffffffff:0021]: strict-transport-security: max-age=604800
00000001:<ACME>.clicls[ffff:0021]
00000001:<ACME>.closed[ffff:0021]
-:- [21/Nov/2025:04:29:04.194] <ACME> -/- 2/0/0/157/157 200 158 - - ---- 0/0/0/0/0 0/0 {2606:4700:60:0:f41b:d4fe:4325:6026} "HEAD https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce HTTP/1.1" 0/0000000000000000/-/-/0 -/-/- 00000002:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/new-acct HTTP/1.1 
00000002:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000002:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000002:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000002:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000002:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 1243
00000002:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/new-acct HTTP/1.1 
00000002:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000002:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000002:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000002:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000002:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 1243
00000002:<ACME>.srvcls[ffff:0021]
00000002:<ACME>.srvrep[ffffffff:0021]: HTTP/2.0 400
00000002:<ACME>.srvhdr[ffffffff:0021]: server: nginx
00000002:<ACME>.srvhdr[ffffffff:0021]: date: Fri, 21 Nov 2025 03:29:04 GMT
00000002:<ACME>.srvhdr[ffffffff:0021]: content-type: application/problem+json
00000002:<ACME>.srvhdr[ffffffff:0021]: content-length: 134
00000002:<ACME>.srvhdr[ffffffff:0021]: cache-control: public, max-age=0, 
no-cache
00000002:<ACME>.srvhdr[ffffffff:0021]: link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" 00000002:<ACME>.srvhdr[ffffffff:0021]: replay-nonce: XVP_df_u3QJrjr7Ii7TpM75sl2e8sKHmxAK_Sbc5uVFEdfc09ig 
00000002:<ACME>.clicls[ffff:0021]
00000002:<ACME>.closed[ffff:0021]
-:- [21/Nov/2025:04:29:04.352] <ACME> -/- 2/0/0/266/266 400 1451 - - ---- 0/0/0/0/0 0/0 {2606:4700:60:0:f41b:d4fe:4325:6026} "POST https://acme-staging-v02.api.letsencrypt.org/acme/new-acct HTTP/1.1" 0/0000000000000000/-/-/0 -/-/- 00000003:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/new-acct HTTP/1.1 
00000003:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000003:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000003:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000003:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000003:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 1271
00000003:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/new-acct HTTP/1.1 
00000003:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000003:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000003:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000003:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000003:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 1271
00000003:<ACME>.srvcls[ffff:0021]
00000003:<ACME>.srvrep[ffffffff:0021]: HTTP/2.0 201
00000003:<ACME>.srvhdr[ffffffff:0021]: server: nginx
00000003:<ACME>.srvhdr[ffffffff:0021]: date: Fri, 21 Nov 2025 03:29:04 GMT
00000003:<ACME>.srvhdr[ffffffff:0021]: content-type: application/json
00000003:<ACME>.srvhdr[ffffffff:0021]: content-length: 477
00000003:<ACME>.srvhdr[ffffffff:0021]: boulder-requester: 244744183
00000003:<ACME>.srvhdr[ffffffff:0021]: cache-control: public, max-age=0, 
no-cache
00000003:<ACME>.srvhdr[ffffffff:0021]: link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" 00000003:<ACME>.srvhdr[ffffffff:0021]: link: <https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf>;rel="terms-of-service" 00000003:<ACME>.srvhdr[ffffffff:0021]: location: https://acme-staging-v02.api.letsencrypt.org/acme/acct/244744183 00000003:<ACME>.srvhdr[ffffffff:0021]: replay-nonce: K_WcMXRqks3rR3SQv1vj63z6rMmGIInRbvopzqazBf5UuH42XPA 
00000003:<ACME>.srvhdr[ffffffff:0021]: x-frame-options: DENY
00000003:<ACME>.srvhdr[ffffffff:0021]: strict-transport-security: max-age=604800
00000003:<ACME>.clicls[ffff:0021]
00000003:<ACME>.closed[ffff:0021]
-:- [21/Nov/2025:04:29:04.618] <ACME> -/- 2/0/0/378/378 201 1479 - - ---- 0/0/0/0/0 0/0 {2606:4700:60:0:f41b:d4fe:4325:6026} "POST https://acme-staging-v02.api.letsencrypt.org/acme/new-acct HTTP/1.1" 0/0000000000000000/-/-/0 -/-/- 00000004:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/new-order HTTP/1.1 
00000004:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000004:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000004:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000004:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000004:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 876
00000004:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/new-order HTTP/1.1 
00000004:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000004:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000004:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000004:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000004:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 876
00000004:<ACME>.srvcls[ffff:0021]
00000004:<ACME>.srvrep[ffffffff:0021]: HTTP/2.0 201
00000004:<ACME>.srvhdr[ffffffff:0021]: server: nginx
00000004:<ACME>.srvhdr[ffffffff:0021]: date: Fri, 21 Nov 2025 03:29:05 GMT
00000004:<ACME>.srvhdr[ffffffff:0021]: content-type: application/json
00000004:<ACME>.srvhdr[ffffffff:0021]: content-length: 499
00000004:<ACME>.srvhdr[ffffffff:0021]: boulder-requester: 244744183
00000004:<ACME>.srvhdr[ffffffff:0021]: cache-control: public, max-age=0, 
no-cache
00000004:<ACME>.srvhdr[ffffffff:0021]: link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" 00000004:<ACME>.srvhdr[ffffffff:0021]: location: https://acme-staging-v02.api.letsencrypt.org/acme/order/244744183/28901465513 00000004:<ACME>.srvhdr[ffffffff:0021]: replay-nonce: XVP_df_uzdZGWyHQd_ch-V77tdsO1RLDK6haZNNzfbPj7fAZ4nY 
00000004:<ACME>.srvhdr[ffffffff:0021]: x-frame-options: DENY
00000004:<ACME>.srvhdr[ffffffff:0021]: strict-transport-security: max-age=604800
00000004:<ACME>.clicls[ffff:0021]
00000004:<ACME>.closed[ffff:0021]
-:- [21/Nov/2025:04:29:04.996] <ACME> -/- 2/0/0/167/167 201 1084 - - ---- 0/0/0/0/0 0/0 {2606:4700:60:0:f41b:d4fe:4325:6026} "POST https://acme-staging-v02.api.letsencrypt.org/acme/new-order HTTP/1.1" 0/0000000000000000/-/-/0 -/-/- 00000005:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/authz/244744183/20346316043 HTTP/1.1 
00000005:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000005:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000005:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000005:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000005:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 764
00000005:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/authz/244744183/20346316043 HTTP/1.1 
00000005:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000005:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000005:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000005:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000005:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 764
00000005:<ACME>.srvcls[ffff:0021]
00000005:<ACME>.srvrep[ffffffff:0021]: HTTP/2.0 200
00000005:<ACME>.srvhdr[ffffffff:0021]: server: nginx
00000005:<ACME>.srvhdr[ffffffff:0021]: date: Fri, 21 Nov 2025 03:29:05 GMT
00000005:<ACME>.srvhdr[ffffffff:0021]: content-type: application/json
00000005:<ACME>.srvhdr[ffffffff:0021]: content-length: 833
00000005:<ACME>.srvhdr[ffffffff:0021]: boulder-requester: 244744183
00000005:<ACME>.srvhdr[ffffffff:0021]: cache-control: public, max-age=0, 
no-cache
00000005:<ACME>.srvhdr[ffffffff:0021]: link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" 00000005:<ACME>.srvhdr[ffffffff:0021]: replay-nonce: K_WcMXRqQOT4dm8MDyfn09dfVGXe0BEi7jAZtcyMVLuM30b9bhg 
00000005:<ACME>.srvhdr[ffffffff:0021]: x-frame-options: DENY
00000005:<ACME>.srvhdr[ffffffff:0021]: strict-transport-security: max-age=604800
acme: none.at.pem: dns-01 requires to set the "_acme-challenge.none.at" TXT record to "9MMRzvJDo0zBFT72sBY0R_qprSj2DDpgGp_BtU8IqfY" and use the "acme challenge_ready none.at.pem domain none.at" command over the CLI 
00000005:<ACME>.clicls[ffff:0021]
00000005:<ACME>.closed[ffff:0021]
-:- [21/Nov/2025:04:29:05.164] <ACME> -/- 2/0/0/161/161 200 990 - - ---- 0/0/0/0/0 0/0 {2606:4700:60:0:f41b:d4fe:4325:6026} "POST https://acme-staging-v02.api.letsencrypt.org/acme/authz/244744183/20346316043 HTTP/1.1" 0/0000000000000000/-/-/0 -/-/- 00000006:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/authz/244744183/20346316033 HTTP/1.1 
00000006:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000006:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000006:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000006:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000006:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 764
00000006:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/authz/244744183/20346316033 HTTP/1.1 
00000006:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
00000006:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
00000006:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
00000006:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
00000006:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 764
00000006:<ACME>.srvcls[ffff:0021]
00000006:<ACME>.srvrep[ffffffff:0021]: HTTP/2.0 200
00000006:<ACME>.srvhdr[ffffffff:0021]: server: nginx
00000006:<ACME>.srvhdr[ffffffff:0021]: date: Fri, 21 Nov 2025 03:29:05 GMT
00000006:<ACME>.srvhdr[ffffffff:0021]: content-type: application/json
00000006:<ACME>.srvhdr[ffffffff:0021]: content-length: 395
00000006:<ACME>.srvhdr[ffffffff:0021]: boulder-requester: 244744183
00000006:<ACME>.srvhdr[ffffffff:0021]: cache-control: public, max-age=0, 
no-cache
00000006:<ACME>.srvhdr[ffffffff:0021]: link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" 00000006:<ACME>.srvhdr[ffffffff:0021]: replay-nonce: XVP_df_ucrpuqrrAEPYtDN8VM2Fich9BVwn81mvP9nLtzcoK5aM 
00000006:<ACME>.srvhdr[ffffffff:0021]: x-frame-options: DENY
00000006:<ACME>.srvhdr[ffffffff:0021]: strict-transport-security: max-age=604800
acme: none.at.pem: dns-01 requires to set the "_acme-challenge.none.at" TXT record to "jr7eGbpPeNcVHlbpwRM0MeqNZvXYhH351mrUw1EMCuk" and use the "acme challenge_ready none.at.pem domain none.at" command over the CLI 
00000006:<ACME>.clicls[ffff:0021]
00000006:<ACME>.closed[ffff:0021]
-:- [21/Nov/2025:04:29:05.325] <ACME> -/- 2/0/0/158/158 200 990 - - ---- 0/0/0/0/0 0/0 {2606:4700:60:0:f41b:d4fe:4325:6026} "POST https://acme-staging-v02.api.letsencrypt.org/acme/authz/244744183/20346316033 HTTP/1.1" 0/0000000000000000/-/-/0 -/-/- 
00000007:GLOBAL.accept(0009)=0022 from [unix:2] ALPN=<none>
00000007:GLOBAL.clicls[0022:ffff]
00000007:GLOBAL.srvcls[0022:ffff]
00000007:GLOBAL.closed[0022:ffff]
00000008:GLOBAL.accept(0009)=0021 from [unix:2] ALPN=<none>
00000008:GLOBAL.clicls[0021:ffff]
00000008:GLOBAL.srvcls[0021:ffff]
00000008:GLOBAL.closed[0021:ffff]
00000009:GLOBAL.accept(0009)=0022 from [unix:2] ALPN=<none>
00000009:GLOBAL.clicls[0022:ffff]
00000009:GLOBAL.srvcls[0022:ffff]
00000009:GLOBAL.closed[0022:ffff]
0000000a:GLOBAL.accept(0009)=0021 from [unix:2] ALPN=<none>
0000000a:GLOBAL.clicls[0021:ffff]
0000000a:GLOBAL.srvcls[0021:ffff]
0000000a:GLOBAL.closed[0021:ffff]
0000000b:GLOBAL.accept(0009)=0021 from [unix:2] ALPN=<none>
0000000c:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/chall/244744183/20346316043/1_f3SQ HTTP/1.1 
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 777
0000000b:GLOBAL.clicls[0021:ffff]
0000000b:GLOBAL.srvcls[0021:ffff]
0000000b:GLOBAL.closed[0021:ffff]
0000000c:<ACME>.clireq[ffffffff:ffffffff]: POST https://acme-staging-v02.api.letsencrypt.org/acme/chall/244744183/20346316043/1_f3SQ HTTP/1.1 
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: content-type: application/jose+json
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: host: acme-staging-v02.api.letsencrypt.org 
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: accept: */*
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: user-agent: HAProxy
0000000c:<ACME>.clihdr[ffffffff:ffffffff]: content-length: 777
0000000c:<ACME>.srvcls[ffff:0021]
0000000c:<ACME>.srvrep[ffffffff:0021]: HTTP/2.0 200
0000000c:<ACME>.srvhdr[ffffffff:0021]: server: nginx
0000000c:<ACME>.srvhdr[ffffffff:0021]: date: Fri, 21 Nov 2025 03:31:13 GMT
0000000c:<ACME>.srvhdr[ffffffff:0021]: content-type: application/json
0000000c:<ACME>.srvhdr[ffffffff:0021]: content-length: 200
0000000c:<ACME>.srvhdr[ffffffff:0021]: boulder-requester: 244744183
0000000c:<ACME>.srvhdr[ffffffff:0021]: cache-control: public, max-age=0, 
no-cache
0000000c:<ACME>.srvhdr[ffffffff:0021]: link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index" 0000000c:<ACME>.srvhdr[ffffffff:0021]: link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz/244744183/20346316043>;rel="up" 0000000c:<ACME>.srvhdr[ffffffff:0021]: location: https://acme-staging-v02.api.letsencrypt.org/acme/chall/244744183/20346316043/1_f3SQ 0000000c:<ACME>.srvhdr[ffffffff:0021]: replay-nonce: XVP_df_uT5zW2LDnf8qtlElvipnSHNazcdi5XKbot07UmjYGgDw 
0000000c:<ACME>.srvhdr[ffffffff:0021]: x-frame-options: DENY
0000000c:<ACME>.srvhdr[ffffffff:0021]: strict-transport-security: max-age=604800
0000000c:<ACME>.clicls[ffff:0021]
0000000c:<ACME>.closed[ffff:0021]
-:- [21/Nov/2025:04:31:12.901] <ACME> -/- 5/0/0/485/488 200 1010 - - ---- 0/0/0/0/0 0/0 {2606:4700:60:0:f41b:d4fe:4325:6026} "POST https://acme-staging-v02.api.letsencrypt.org/acme/chall/244744183/20346316043/1_f3SQ HTTP/1.1" 0/0000000000000000/-/-/0 -/-/- 
0000000d:GLOBAL.accept(0009)=0022 from [unix:2] ALPN=<none>
0000000d:GLOBAL.clicls[0022:ffff]
0000000d:GLOBAL.srvcls[0022:ffff]
0000000d:GLOBAL.closed[0022:ffff]
```

Regards
Aleks

Reply via email to