dns_curanet API changed

[kenneth-vkd]

We are using the dns_curanet plugin for some of our domains to manage wildcard certificates and they seem to have recently changed how the v1 API works so that it is now behaving similar to the new v2 API.
This means that if we make an API call with _acme-challenge.example.com in the URL during the process of getting a wildcard domain for *.example.com, then it fails with status code 400 and the error message of Domain '_acme-challenge.example.com' is not valid

If we however alter the API call to use example.com instead of _acme-challenge.example.com, then it does work

The fix would be fairly simple if it was just to to stripe of out the _acme-challenge part of the domain in the request, but the flow would still be broken for subdomains such as mysite.example.com as it is not the name of the DNS Zone.

So the fix would most likely be to fx. identify the actual top-level domain name

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[kenneth-vkd]

Please find below the output for the --debug 2 flag for the --issue command
The specific target system might not run the latest update, but we did verify it on other systems where we run acme.sh --upgrade before attempting to re-run the command.
The issue is resolved if we use a different DNS provider, which is also why we are convinced that the issue is with the Curanet API.

The output below is censored to remove sensitive information, but I do still hope that it is somehow usable to identify and implement a fix

[Mon Nov  3 01:24:01 PM UTC 2025] _selectServer try snames='zerossl.com,zerossl'
[Mon Nov  3 01:24:01 PM UTC 2025] _selectServer try snames='letsencrypt.org,letsencrypt'
[Mon Nov  3 01:24:01 PM UTC 2025] _selectServer match letsencrypt
[Mon Nov  3 01:24:01 PM UTC 2025] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov  3 01:24:01 PM UTC 2025] Lets find script dir.
[Mon Nov  3 01:24:01 PM UTC 2025] _SCRIPT_='/root/.acme.sh/acme.sh'
[Mon Nov  3 01:24:01 PM UTC 2025] _script='/root/.acme.sh/acme.sh'
[Mon Nov  3 01:24:01 PM UTC 2025] _script_home='/root/.acme.sh'
[Mon Nov  3 01:24:01 PM UTC 2025] Using config home:/root/.acme.sh
[Mon Nov  3 01:24:01 PM UTC 2025] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Mon Nov  3 01:24:01 PM UTC 2025] Using server: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov  3 01:24:01 PM UTC 2025] Running cmd: issue
[Mon Nov  3 01:24:01 PM UTC 2025] _main_domain='mysite.example.com'
[Mon Nov  3 01:24:01 PM UTC 2025] _alt_domains='no'
[Mon Nov  3 01:24:01 PM UTC 2025] Using config home:/root/.acme.sh
[Mon Nov  3 01:24:01 PM UTC 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Nov  3 01:24:01 PM UTC 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Mon Nov  3 01:24:01 PM UTC 2025] _ACME_SERVER_PATH='directory'
[Mon Nov  3 01:24:01 PM UTC 2025] DOMAIN_PATH='/root/.acme.sh/mysite.example.com_ecc'
[Mon Nov  3 01:24:02 PM UTC 2025] 'dns_curanet' does not contain 'dns'
[Mon Nov  3 01:24:02 PM UTC 2025] Le_NextRenewTime='1759744116'
[Mon Nov  3 01:24:02 PM UTC 2025] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov  3 01:24:02 PM UTC 2025] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov  3 01:24:02 PM UTC 2025] GET
[Mon Nov  3 01:24:02 PM UTC 2025] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Nov  3 01:24:02 PM UTC 2025] timeout=
[Mon Nov  3 01:24:02 PM UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.OR6nD5ISSh  -g '
[Mon Nov  3 01:24:02 PM UTC 2025] ret='0'
[Mon Nov  3 01:24:02 PM UTC 2025] response='{
  "NXDY5VpNdOo": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Mon Nov  3 01:24:02 PM UTC 2025] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon Nov  3 01:24:02 PM UTC 2025] ACME_NEW_AUTHZ
[Mon Nov  3 01:24:02 PM UTC 2025] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Nov  3 01:24:02 PM UTC 2025] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon Nov  3 01:24:02 PM UTC 2025] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Nov  3 01:24:02 PM UTC 2025] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf'
[Mon Nov  3 01:24:02 PM UTC 2025] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Nov  3 01:24:04 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov  3 01:24:04 PM UTC 2025] _on_before_issue
[Mon Nov  3 01:24:04 PM UTC 2025] _chk_main_domain='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] _chk_alt_domains
[Mon Nov  3 01:24:04 PM UTC 2025] 'dns_curanet' does not contain 'no'
[Mon Nov  3 01:24:04 PM UTC 2025] Le_LocalAddress
[Mon Nov  3 01:24:04 PM UTC 2025] d='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] Check for domain='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] _currentRoot='dns_curanet'
[Mon Nov  3 01:24:04 PM UTC 2025] d
[Mon Nov  3 01:24:04 PM UTC 2025] 'dns_curanet' does not contain 'apache'
[Mon Nov  3 01:24:04 PM UTC 2025] _saved_account_key_hash='**REDACTED**'
[Mon Nov  3 01:24:04 PM UTC 2025] _saved_account_key_hash is not changed, skip register account.
[Mon Nov  3 01:24:04 PM UTC 2025] Read key length:ec-256
[Mon Nov  3 01:24:04 PM UTC 2025] _createcsr
[Mon Nov  3 01:24:04 PM UTC 2025] domain='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] domainlist
[Mon Nov  3 01:24:04 PM UTC 2025] csrkey='/root/.acme.sh/mysite.example.com_ecc/mysite.example.com.key'
[Mon Nov  3 01:24:04 PM UTC 2025] csr='/root/.acme.sh/mysite.example.com_ecc/mysite.example.com.csr'
[Mon Nov  3 01:24:04 PM UTC 2025] csrconf='/root/.acme.sh/mysite.example.com_ecc/mysite.example.com.csr.conf'
[Mon Nov  3 01:24:04 PM UTC 2025] Single domain='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] seg='watchdog'
[Mon Nov  3 01:24:04 PM UTC 2025] _is_idn_d='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] _idn_temp
[Mon Nov  3 01:24:04 PM UTC 2025] _is_idn_d='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] _idn_temp
[Mon Nov  3 01:24:04 PM UTC 2025] _csr_cn='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] seg='watchdog'
[Mon Nov  3 01:24:04 PM UTC 2025] Getting domain auth token for each domain
[Mon Nov  3 01:24:04 PM UTC 2025] seg='watchdog'
[Mon Nov  3 01:24:04 PM UTC 2025] _is_idn_d='mysite.example.com'
[Mon Nov  3 01:24:04 PM UTC 2025] _idn_temp
[Mon Nov  3 01:24:04 PM UTC 2025] d
[Mon Nov  3 01:24:04 PM UTC 2025] _identifiers='{"type":"dns","value":"mysite.example.com"}'
[Mon Nov  3 01:24:04 PM UTC 2025] _notBefore
[Mon Nov  3 01:24:04 PM UTC 2025] _notAfter
[Mon Nov  3 01:24:04 PM UTC 2025] STEP 1, Ordering a Certificate
[Mon Nov  3 01:24:04 PM UTC 2025] =======Begin Send Signed Request=======
[Mon Nov  3 01:24:04 PM UTC 2025] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Nov  3 01:24:04 PM UTC 2025] payload='{"identifiers": [{"type":"dns","value":"mysite.example.com"}]}'
[Mon Nov  3 01:24:04 PM UTC 2025] EC key
[Mon Nov  3 01:24:04 PM UTC 2025] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Nov  3 01:24:04 PM UTC 2025] HEAD
[Mon Nov  3 01:24:04 PM UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Nov  3 01:24:04 PM UTC 2025] body
[Mon Nov  3 01:24:04 PM UTC 2025] _postContentType='application/jose+json'
[Mon Nov  3 01:24:04 PM UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.nsmzWJZrM2  -g  -I  '
[Mon Nov  3 01:24:05 PM UTC 2025] _ret='0'
[Mon Nov  3 01:24:05 PM UTC 2025] _headers='HTTP/2 200 
server: nginx
date: Mon, 03 Nov 2025 13:24:05 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: **REDACTED**
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon Nov  3 01:24:05 PM UTC 2025] _CACHED_NONCE='**REDACTED**'
[Mon Nov  3 01:24:05 PM UTC 2025] nonce='**REDACTED**'
[Mon Nov  3 01:24:05 PM UTC 2025] POST
[Mon Nov  3 01:24:05 PM UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Nov  3 01:24:05 PM UTC 2025] body='{"protected": "**REDACTED**", "payload": ""**REDACTED**", "signature": ""**REDACTED**"}'
[Mon Nov  3 01:24:05 PM UTC 2025] _postContentType='application/jose+json'
[Mon Nov  3 01:24:05 PM UTC 2025] Http already initialized.
[Mon Nov  3 01:24:05 PM UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.nsmzWJZrM2  -g '
[Mon Nov  3 01:24:06 PM UTC 2025] _ret='0'
[Mon Nov  3 01:24:06 PM UTC 2025] responseHeaders='HTTP/2 201 
server: nginx
date: Mon, 03 Nov 2025 13:24:05 GMT
content-type: application/json
content-length: 352
boulder-requester: "**REDACTED**
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/"**REDACTED**/"**REDACTED**
replay-nonce: **REDACTED**
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon Nov  3 01:24:06 PM UTC 2025] code='201'
[Mon Nov  3 01:24:06 PM UTC 2025] original='{
  "status": "pending",
  "expires": "2025-11-10T13:24:05Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mysite.example.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/"**REDACTED**/"**REDACTED**"
}'
[Mon Nov  3 01:24:06 PM UTC 2025] response='{"status":"pending","expires":"2025-11-10T13:24:05Z","identifiers":[{"type":"dns","value":"mysite.example.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/"**REDACTED**/"**REDACTED**"}'
[Mon Nov  3 01:24:06 PM UTC 2025] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] STEP 2, Get the authorizations of each domain
[Mon Nov  3 01:24:06 PM UTC 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] =======Begin Send Signed Request=======
[Mon Nov  3 01:24:06 PM UTC 2025] url='https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] payload
[Mon Nov  3 01:24:06 PM UTC 2025] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Mon Nov  3 01:24:06 PM UTC 2025] Use _CACHED_NONCE='**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] nonce='**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] POST
[Mon Nov  3 01:24:06 PM UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] body='{"protected": "**REDACTED**", "payload": "", "signature": "**REDACTED**"}'
[Mon Nov  3 01:24:06 PM UTC 2025] _postContentType='application/jose+json'
[Mon Nov  3 01:24:06 PM UTC 2025] Http already initialized.
[Mon Nov  3 01:24:06 PM UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.nsmzWJZrM2  -g '
[Mon Nov  3 01:24:06 PM UTC 2025] _ret='0'
[Mon Nov  3 01:24:06 PM UTC 2025] responseHeaders='HTTP/2 200 
server: nginx
date: Mon, 03 Nov 2025 13:24:06 GMT
content-type: application/json
content-length: 826
boulder-requester: "**REDACTED**
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: "**REDACTED**
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon Nov  3 01:24:06 PM UTC 2025] code='200'
[Mon Nov  3 01:24:06 PM UTC 2025] original='{
  "identifier": {
    "type": "dns",
    "value": "mysite.example.com"
  },
  "status": "pending",
  "expires": "2025-11-10T13:24:05Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ",
      "status": "pending",
      "token": ""**REDACTED**"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/VsFACw",
      "status": "pending",
      "token": ""**REDACTED**"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/xDslAg",
      "status": "pending",
      "token": ""**REDACTED**"
    }
  ]
}'
[Mon Nov  3 01:24:06 PM UTC 2025] response='{"identifier":{"type":"dns","value":"mysite.example.com"},"status":"pending","expires":"2025-11-10T13:24:05Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ","status":"pending","token":""**REDACTED**"},{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/VsFACw","status":"pending","token":""**REDACTED**"},{"type":"tls-alpn-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/xDslAg","status":"pending","token":""**REDACTED**"}]}'
[Mon Nov  3 01:24:06 PM UTC 2025] response='{"identifier":{"type":"dns","value":"mysite.example.com"},"status":"pending","expires":"2025-11-10T13:24:05Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ","status":"pending","token":""**REDACTED**"},{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/VsFACw","status":"pending","token":""**REDACTED**"},{"type":"tls-alpn-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/xDslAg","status":"pending","token":""**REDACTED**"}]}'
[Mon Nov  3 01:24:06 PM UTC 2025] _d='mysite.example.com'
[Mon Nov  3 01:24:06 PM UTC 2025] _authorizations_map='mysite.example.com,{"identifier":{"type":"dns","value":"mysite.example.com"},"status":"pending","expires":"2025-11-10T13:24:05Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ","status":"pending","token":""**REDACTED**"},{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/VsFACw","status":"pending","token":""**REDACTED**"},{"type":"tls-alpn-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/xDslAg","status":"pending","token":""**REDACTED**"}]}#https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**
'
[Mon Nov  3 01:24:06 PM UTC 2025] d='mysite.example.com'
[Mon Nov  3 01:24:06 PM UTC 2025] Getting webroot for domain='mysite.example.com'
[Mon Nov  3 01:24:06 PM UTC 2025] _w='dns_curanet'
[Mon Nov  3 01:24:06 PM UTC 2025] _currentRoot='dns_curanet'
[Mon Nov  3 01:24:06 PM UTC 2025] _is_idn_d='mysite.example.com'
[Mon Nov  3 01:24:06 PM UTC 2025] _idn_temp
[Mon Nov  3 01:24:06 PM UTC 2025] _candidates='mysite.example.com,{"identifier":{"type":"dns","value":"mysite.example.com"},"status":"pending","expires":"2025-11-10T13:24:05Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ","status":"pending","token":""**REDACTED**"},{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/VsFACw","status":"pending","token":""**REDACTED**"},{"type":"tls-alpn-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/xDslAg","status":"pending","token":""**REDACTED**"}]}#https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] response='{"identifier":{"type":"dns","value":"mysite.example.com"},"status":"pending","expires":"2025-11-10T13:24:05Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ","status":"pending","token":""**REDACTED**"},{"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/VsFACw","status":"pending","token":""**REDACTED**"},{"type":"tls-alpn-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/xDslAg","status":"pending","token":""**REDACTED**"}]}#https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] entry='"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ","status":"pending","token":""**REDACTED**"'
[Mon Nov  3 01:24:06 PM UTC 2025] token='"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] uri='https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ'
[Mon Nov  3 01:24:06 PM UTC 2025] keyauthorization='"**REDACTED**."**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] dvlist='mysite.example.com#"**REDACTED**."**REDACTED**#https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ#dns-01#dns_curanet#https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] d
[Mon Nov  3 01:24:06 PM UTC 2025] vlist='mysite.example.com#"**REDACTED**."**REDACTED**#https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ#dns-01#dns_curanet#https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**,'
[Mon Nov  3 01:24:06 PM UTC 2025] d='mysite.example.com'
[Mon Nov  3 01:24:06 PM UTC 2025] _d_alias
[Mon Nov  3 01:24:06 PM UTC 2025] txtdomain='_acme-challenge.mysite.example.com'
[Mon Nov  3 01:24:06 PM UTC 2025] txt='"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] d_api='/root/.acme.sh/dnsapi/dns_curanet.sh'
[Mon Nov  3 01:24:06 PM UTC 2025] dns_entry='mysite.example.com,_acme-challenge.mysite.example.com,,dns_curanet,"**REDACTED**,/root/.acme.sh/dnsapi/dns_curanet.sh'
[Mon Nov  3 01:24:06 PM UTC 2025] Found domain api file: /root/.acme.sh/dnsapi/dns_curanet.sh
[Mon Nov  3 01:24:06 PM UTC 2025] Adding txt value: "**REDACTED** for domain:  _acme-challenge.mysite.example.com
[Mon Nov  3 01:24:06 PM UTC 2025] Using curanet
[Mon Nov  3 01:24:06 PM UTC 2025] fulldomain='_acme-challenge.mysite.example.com'
[Mon Nov  3 01:24:06 PM UTC 2025] txtvalue='"**REDACTED**'
[Mon Nov  3 01:24:06 PM UTC 2025] POST
[Mon Nov  3 01:24:06 PM UTC 2025] _post_url='https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token'
[Mon Nov  3 01:24:06 PM UTC 2025] body='grant_type=client_credentials&client_id=**REDACTED**&client_secret=**REDACTED**&scope=dns'
[Mon Nov  3 01:24:06 PM UTC 2025] _postContentType
[Mon Nov  3 01:24:06 PM UTC 2025] Http already initialized.
[Mon Nov  3 01:24:06 PM UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.nsmzWJZrM2  -g '
[Mon Nov  3 01:24:07 PM UTC 2025] _ret='0'
[Mon Nov  3 01:24:07 PM UTC 2025] h='_acme-challenge.mysite.example.com'
[Mon Nov  3 01:24:07 PM UTC 2025] GET
[Mon Nov  3 01:24:07 PM UTC 2025] url='https://api.curanet.dk/dns/v1/Domains/_acme-challenge.mysite.example.com/Records'
[Mon Nov  3 01:24:07 PM UTC 2025] timeout=
[Mon Nov  3 01:24:07 PM UTC 2025] Http already initialized.
[Mon Nov  3 01:24:07 PM UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.nsmzWJZrM2  -g '
[Mon Nov  3 01:24:07 PM UTC 2025] ret='0'
[Mon Nov  3 01:24:07 PM UTC 2025] POST
[Mon Nov  3 01:24:07 PM UTC 2025] _post_url='https://api.curanet.dk/dns/v1/Domains/_acme-challenge.mysite.example.com/Records'
[Mon Nov  3 01:24:07 PM UTC 2025] body='{"name": "_acme-challenge.mysite.example.com","type": "TXT","ttl": 60,"priority": 0,"data": ""**REDACTED**"}'
[Mon Nov  3 01:24:07 PM UTC 2025] _postContentType
[Mon Nov  3 01:24:07 PM UTC 2025] Http already initialized.
[Mon Nov  3 01:24:07 PM UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.nsmzWJZrM2  -g '
[Mon Nov  3 01:24:07 PM UTC 2025] _ret='0'
[Mon Nov  3 01:24:07 PM UTC 2025] Unable to add TXT record
[Mon Nov  3 01:24:07 PM UTC 2025] Error add txt for domain:_acme-challenge.mysite.example.com
[Mon Nov  3 01:24:07 PM UTC 2025] _on_issue_err
[Mon Nov  3 01:24:07 PM UTC 2025] Please add '--debug' or '--log' to check more details.
[Mon Nov  3 01:24:07 PM UTC 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Mon Nov  3 01:24:07 PM UTC 2025] _chk_vlist='mysite.example.com#"**REDACTED**."**REDACTED**#https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ#dns-01#dns_curanet#https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**,'
[Mon Nov  3 01:24:07 PM UTC 2025] start to deactivate authz
[Mon Nov  3 01:24:07 PM UTC 2025] Trigger domain validation.
[Mon Nov  3 01:24:07 PM UTC 2025] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ'
[Mon Nov  3 01:24:07 PM UTC 2025] _t_key_authz='"**REDACTED**."**REDACTED**'
[Mon Nov  3 01:24:07 PM UTC 2025] _t_vtype
[Mon Nov  3 01:24:07 PM UTC 2025] =======Begin Send Signed Request=======
[Mon Nov  3 01:24:07 PM UTC 2025] url='https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ'
[Mon Nov  3 01:24:07 PM UTC 2025] payload='{}'
[Mon Nov  3 01:24:07 PM UTC 2025] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Mon Nov  3 01:24:07 PM UTC 2025] Use _CACHED_NONCE='"**REDACTED**'
[Mon Nov  3 01:24:07 PM UTC 2025] nonce='"**REDACTED**'
[Mon Nov  3 01:24:07 PM UTC 2025] POST
[Mon Nov  3 01:24:07 PM UTC 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ'
[Mon Nov  3 01:24:07 PM UTC 2025] body='{"protected": ""**REDACTED**", "payload": "e30", "signature": ""**REDACTED**"}'
[Mon Nov  3 01:24:07 PM UTC 2025] _postContentType='application/jose+json'
[Mon Nov  3 01:24:07 PM UTC 2025] Http already initialized.
[Mon Nov  3 01:24:07 PM UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.nsmzWJZrM2  -g '
[Mon Nov  3 01:24:08 PM UTC 2025] _ret='0'
[Mon Nov  3 01:24:08 PM UTC 2025] responseHeaders='HTTP/2 200 
server: nginx
date: Mon, 03 Nov 2025 13:24:08 GMT
content-type: application/json
content-length: 194
boulder-requester: "**REDACTED**
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz/"**REDACTED**/"**REDACTED**>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ
replay-nonce: **REDACTED**
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Mon Nov  3 01:24:08 PM UTC 2025] code='200'
[Mon Nov  3 01:24:08 PM UTC 2025] original='{
  "type": "dns-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ",
  "status": "pending",
  "token": ""**REDACTED**"
}'
[Mon Nov  3 01:24:08 PM UTC 2025] response='{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/"**REDACTED**/"**REDACTED**/qgcEbQ","status":"pending","token":""**REDACTED**"}'
[Mon Nov  3 01:24:08 PM UTC 2025] socat doesn't exist.
[Mon Nov  3 01:24:08 PM UTC 2025] Diagnosis versions: 
openssl:openssl
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
[Mon Nov  3 01:24:08 PM UTC 2025] pid
[Mon Nov  3 01:24:08 PM UTC 2025] No need to restore nginx, skip.
[Mon Nov  3 01:24:08 PM UTC 2025] _clearupdns
[Mon Nov  3 01:24:08 PM UTC 2025] dns_entries
[Mon Nov  3 01:24:08 PM UTC 2025] skip dns.

[szhu25]

Maybe an easier solution would be to simply update the integration to use DNS v2 instead?