Acme.sh doesnt issue certificates starting version 3.0.6

I have installed acme.sh version 3.0.5 and configured it against our internal acme server. Everything was working fine. So far so good.
But after upgrading it to a recent version, the issuing stopped working.

I have tried also to install a recent version and configured it the same way as version 3.0.5, but I was recieving the same internal error 500.

The installation  steps that I have followed which are verified and working for version 3.0.5, but doesn't work with other posterior versions, are the following:

[root@hostname .acme.sh]# git clone --depth 1 https://github.com/acmesh-official/acme.sh.git -b 3.0.5
               Cloning into 'acme.sh'...
               remote: Enumerating objects: 231, done.
               remote: Counting objects: 100% (231/231), done.
               remote: Compressing objects: 100% (224/224), done.
               remote: Total 231 (delta 29), reused 49 (delta 7), pack-reused 0 (from 0)
               Receiving objects: 100% (231/231), 364.95 KiB | 8.69 MiB/s, done.
               Resolving deltas: 100% (29/29), done.
               Note: switching to 'b7caf7a0165d80dd1556b16057a06bb32025066d'.

 
Change the repository name:   [[root@hostname](mailto:root@hostname) .acme.sh]#mv acme.sh acme.sh.305                                       
Go to package repository: [root@hostname .acme.sh]#cd acme.sh.305
Install acme.sh:
              [root@hostname acme.sh.305]# ./acme.sh --install -m corporate_email@domain.com
              [Thu Oct  9 01:45:17 PM CEST 2025] Installing to /root/.acme.sh
              [Thu Oct  9 01:45:17 PM CEST 2025] Installed to /root/.acme.sh/acme.sh
              [Thu Oct  9 01:45:17 PM CEST 2025] Installing alias to '/root/.bashrc'
              [Thu Oct  9 01:45:17 PM CEST 2025] OK, Close and reopen your terminal to start using acme.sh
              [Thu Oct  9 01:45:17 PM CEST 2025] Installing alias to '/root/.cshrc'
              [Thu Oct  9 01:45:17 PM CEST 2025] Installing alias to '/root/.tcshrc'
              [Thu Oct  9 01:45:17 PM CEST 2025] Installing cron job
              [Thu Oct  9 01:45:17 PM CEST 2025] Good, bash is found, so change the shebang to use bash as preferred.
              [Thu Oct  9 01:45:19 PM CEST 2025] OK
              [[root@hostname](mailto:root@hostname) acme.sh.305]# acme.sh --version

              https://github.com/acmesh-official/acme.sh
              v3.0.5

3. Set the ACME as the default CA:

acme.sh --set-default-ca --server https://acme.internal.com/acme/ --ca-bundle /etc/ssl/certs/ca-bundle.crt

Run below command and verify that line DEFAULT_ACME_SERVER='https://acme.internal.com/acme/' has been added

[root@hostname .acme.sh]# cat account.conf

#LOG_FILE="/root/.acme.sh/acme.sh.log"

#LOG_LEVEL=1

#AUTO_UPGRADE="1"

#NO_TIMESTAMP=1

[ACCOUNT_EMAIL='corporate_email@domain.com](mailto:ACCOUNT_EMAIL='corporate_email@domain.com)'

UPGRADE_HASH='e6959f093c4e147b4a206f0b5d027ff3d0a59b80'

DEFAULT_ACME_SERVER='https://internal.acme.com/acme/'

USER_PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin:/root/bin'

The repository internal.acme.com/acme is added under  /root/.acme.sh/ca/

 

4. Issue a test certificate 

acme.sh –-issue --domain example.domain.com --webroot /root/.acme.sh/

5. Go to /root/.acme.sh/ca/acme.internal.com/acme

Edit ca.conf with vi (vi ca.conf)

Add the following entries:

CA_EAB_KEY_ID=xxxxxxxxxxxxx

CA_EAB_HMAC_KEY=xxxxxxxxxxxxxxxxx

 
5.Issue a test certificate 

acme.sh –-issue --domain example.domain.com --webroot /root/.acme.sh -w /home/root/public_html



[root@hostname acme.sh.306]# acme.sh --issue --domain example.domain.com --webroot /root/.acme.sh/ --force
[Thu Oct  9 01:44:47 PM CEST 2025] Using CA: https://acme.internal.com/acme/
[Thu Oct  9 01:44:47 PM CEST 2025] Single domain='example.domain.com'
[Thu Oct  9 01:44:47 PM CEST 2025] Getting domain auth token for each domain
[Thu Oct  9 01:44:47 PM CEST 2025] Getting webroot for domain='example.domain.com'
[Thu Oct  9 01:44:47 PM CEST 2025] example.domain.com is already verified, skip http-01.
[Thu Oct  9 01:44:47 PM CEST 2025] Verify finished, start to sign.
[Thu Oct  9 01:44:48 PM CEST 2025] Lets finalize the order.
[Thu Oct  9 01:44:48 PM CEST 2025] Le_OrderFinalize='https://acme.internal.com/ACME/orders/424aa992-4b75-4ab0-8f83-3e8616966bbd/Finalize'
[Thu Oct  9 01:44:48 PM CEST 2025] Sign failed, finalize code is not 200.
[Thu Oct  9 01:44:48 PM CEST 2025] {"type":"urn:ietf:params:acme:error:serverInternal","status":500}
[Thu Oct  9 01:44:48 PM CEST 2025] Please add '--debug' or '--log' to check more details.
[Thu Oct  9 01:44:48 PM CEST 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

Can you help mw with that, I don't know what is this internal error 500 is due to what

Thanks a lot!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Acme.sh doesnt issue certificates starting version 3.0.6 #6557

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Acme.sh doesnt issue certificates starting version 3.0.6 #6557

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions