环境缺失openssl-tool时生成的accout证书有问题

[qidizi]

运行环境

安卓的termux中

acme.sh版本

~/bin/acme.sh $ ./acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.1.2

问题描述

1 缺失socat与openssl2个命令；
1 未运行过acme.sh干净环境，或删除它的home目录；
1 运行acme.sh（通过dns api方式）签发，它会生成account.key之类初始文件
1 关键错误报[Sat Nov 15 12:08:31 CST 2025] Only RSA or EC keys are supported. keyfile=/data/data/com.termux/files/usr/tmp/acme/ca/acme-v02.api.letsencrypt.org/directory/account.key
1 删除home目录，并安装openssl-tool,问题解决

建议

像openssl之类必须的依赖，检测存在和通过才继续，要不容易产生其它不明确的错误

日志

which: no openssl in (~/bin:~/bin:/data/data/com.termux/files/usr/bin)
安装openssl...

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  openssl-tool
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 272 kB of archives.
After this operation, 983 kB of additional disk space will be used.
Get:1 https://packages-cf.termux.dev/apt/termux-main stable/main aarch64 openssl-tool aarch64 1:3.5.2 [272 kB]
Fetched 272 kB in 1s (188 kB/s)  
Selecting previously unselected package openssl-tool.
(Reading database ... 14864 files and directories currently installed.)
Preparing to unpack .../openssl-tool_1%3a3.5.2_aarch64.deb ...
Unpacking openssl-tool (1:3.5.2) ...
Setting up openssl-tool (1:3.5.2) ...
/data/data/com.termux/files/usr/bin/socat
-d cedcm.com -d *.cedcm.com -d cedcm.com.cn -d *.cedcm.com.cn -d *.app.cedcm.com.cn -d cedcm.cn -d *.cedcm.cn
开始签发以上域名证书？[y/其它]：y
[Sat Nov 15 12:08:25 CST 2025] _is_idn_d='cedcm.com'
[Sat Nov 15 12:08:25 CST 2025] _idn_temp
[Sat Nov 15 12:08:25 CST 2025] _is_idn_d='*.cedcm.com'
[Sat Nov 15 12:08:25 CST 2025] _idn_temp
[Sat Nov 15 12:08:25 CST 2025] _is_idn_d='cedcm.com.cn'
[Sat Nov 15 12:08:25 CST 2025] _idn_temp
[Sat Nov 15 12:08:25 CST 2025] _is_idn_d='*.cedcm.com.cn'
[Sat Nov 15 12:08:25 CST 2025] _idn_temp
[Sat Nov 15 12:08:25 CST 2025] _is_idn_d='*.app.cedcm.com.cn'
[Sat Nov 15 12:08:25 CST 2025] _idn_temp
[Sat Nov 15 12:08:25 CST 2025] _is_idn_d='cedcm.cn'
[Sat Nov 15 12:08:25 CST 2025] _idn_temp
[Sat Nov 15 12:08:25 CST 2025] _is_idn_d='*.cedcm.cn'
[Sat Nov 15 12:08:25 CST 2025] _idn_temp
[Sat Nov 15 12:08:25 CST 2025] _selectServer try snames='zerossl.com,zerossl'
[Sat Nov 15 12:08:25 CST 2025] _selectServer try snames='letsencrypt.org,letsencrypt'
[Sat Nov 15 12:08:25 CST 2025] _selectServer match letsencrypt
[Sat Nov 15 12:08:25 CST 2025] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 15 12:08:25 CST 2025] Let's find the script directory.
[Sat Nov 15 12:08:25 CST 2025] _SCRIPT_='/data/data/com.termux/files/home/bin/acme.sh/acme.sh'
[Sat Nov 15 12:08:25 CST 2025] _script='/data/data/com.termux/files/home/bin/acme.sh/acme.sh'
[Sat Nov 15 12:08:25 CST 2025] _script_home='/data/data/com.termux/files/home/bin/acme.sh'
[Sat Nov 15 12:08:25 CST 2025] Using config home: /data/data/com.termux/files/usr/tmp/acme
[Sat Nov 15 12:08:25 CST 2025] LE_WORKING_DIR='/data/data/com.termux/files/usr/tmp/acme'
https://github.com/acmesh-official/acme.sh
v3.1.2
[Sat Nov 15 12:08:25 CST 2025] Using server: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 15 12:08:25 CST 2025] Running cmd: issue
[Sat Nov 15 12:08:25 CST 2025] _main_domain='cedcm.com'
[Sat Nov 15 12:08:26 CST 2025] _alt_domains='*.cedcm.com,cedcm.com.cn,*.cedcm.com.cn,*.app.cedcm.com.cn,cedcm.cn,*.cedcm.cn'
[Sat Nov 15 12:08:26 CST 2025] Using config home: /data/data/com.termux/files/usr/tmp/acme
[Sat Nov 15 12:08:26 CST 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat Nov 15 12:08:26 CST 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sat Nov 15 12:08:26 CST 2025] _ACME_SERVER_PATH='directory'
[Sat Nov 15 12:08:26 CST 2025] DOMAIN_PATH='/data/data/com.termux/files/usr/tmp/acme/cedcm.com_ecc'
[Sat Nov 15 12:08:26 CST 2025] 'dns_ali' does not contain 'dns'
[Sat Nov 15 12:08:26 CST 2025] Le_NextRenewTime
[Sat Nov 15 12:08:26 CST 2025] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 15 12:08:26 CST 2025] _init API for server: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 15 12:08:26 CST 2025] GET
[Sat Nov 15 12:08:26 CST 2025] url='https://acme-v02.api.letsencrypt.org/directory'
[Sat Nov 15 12:08:26 CST 2025] timeout=10
[Sat Nov 15 12:08:26 CST 2025] _CURL='curl --silent --dump-header /data/data/com.termux/files/usr/tmp/acme/http.header  -L  --trace-ascii /data/data/com.termux/files/usr/tmp/tmp.ArOET6hk7k  -g  --connect-timeout 10'
[Sat Nov 15 12:08:28 CST 2025] ret='0'
[Sat Nov 15 12:08:28 CST 2025] response='{
  "DX3ISw3iAtI": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "profiles": {
      "classic": "https://letsencrypt.org/docs/profiles#classic",
      "shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
      "tlsclient": "https://letsencrypt.org/docs/profiles#tlsclient",
      "tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
    },
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Sat Nov 15 12:08:28 CST 2025] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sat Nov 15 12:08:28 CST 2025] ACME_NEW_AUTHZ
[Sat Nov 15 12:08:28 CST 2025] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Nov 15 12:08:28 CST 2025] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sat Nov 15 12:08:28 CST 2025] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Nov 15 12:08:28 CST 2025] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf'
[Sat Nov 15 12:08:28 CST 2025] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Nov 15 12:08:29 CST 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 15 12:08:29 CST 2025] _on_before_issue
[Sat Nov 15 12:08:29 CST 2025] _chk_main_domain='cedcm.com'
[Sat Nov 15 12:08:29 CST 2025] _chk_alt_domains='*.cedcm.com,cedcm.com.cn,*.cedcm.com.cn,*.app.cedcm.com.cn,cedcm.cn,*.cedcm.cn'
[Sat Nov 15 12:08:29 CST 2025] 'dns_ali' does not contain 'no'
[Sat Nov 15 12:08:29 CST 2025] Le_LocalAddress
[Sat Nov 15 12:08:29 CST 2025] d='cedcm.com'
[Sat Nov 15 12:08:29 CST 2025] Checking for domain='cedcm.com'
[Sat Nov 15 12:08:29 CST 2025] _currentRoot='dns_ali'
[Sat Nov 15 12:08:29 CST 2025] d='*.cedcm.com'
[Sat Nov 15 12:08:29 CST 2025] Checking for domain='*.cedcm.com'
[Sat Nov 15 12:08:29 CST 2025] _currentRoot='dns_ali'
[Sat Nov 15 12:08:30 CST 2025] d='cedcm.com.cn'
[Sat Nov 15 12:08:30 CST 2025] Checking for domain='cedcm.com.cn'
[Sat Nov 15 12:08:30 CST 2025] _currentRoot='dns_ali'
[Sat Nov 15 12:08:30 CST 2025] d='*.cedcm.com.cn'
[Sat Nov 15 12:08:30 CST 2025] Checking for domain='*.cedcm.com.cn'
[Sat Nov 15 12:08:30 CST 2025] _currentRoot='dns_ali'
[Sat Nov 15 12:08:30 CST 2025] d='*.app.cedcm.com.cn'
[Sat Nov 15 12:08:30 CST 2025] Checking for domain='*.app.cedcm.com.cn'
[Sat Nov 15 12:08:30 CST 2025] _currentRoot='dns_ali'
[Sat Nov 15 12:08:30 CST 2025] d='cedcm.cn'
[Sat Nov 15 12:08:30 CST 2025] Checking for domain='cedcm.cn'
[Sat Nov 15 12:08:30 CST 2025] _currentRoot='dns_ali'
[Sat Nov 15 12:08:30 CST 2025] d='*.cedcm.cn'
[Sat Nov 15 12:08:30 CST 2025] Checking for domain='*.cedcm.cn'
[Sat Nov 15 12:08:30 CST 2025] _currentRoot='dns_ali'
[Sat Nov 15 12:08:30 CST 2025] d
[Sat Nov 15 12:08:30 CST 2025] 'dns_ali' does not contain 'apache'
[Sat Nov 15 12:08:30 CST 2025] Config file is empty, cannot read CA_KEY_HASH
[Sat Nov 15 12:08:30 CST 2025] _saved_account_key_hash
[Sat Nov 15 12:08:30 CST 2025] Using config home: /data/data/com.termux/files/usr/tmp/acme
[Sat Nov 15 12:08:30 CST 2025] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat Nov 15 12:08:30 CST 2025] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Sat Nov 15 12:08:30 CST 2025] _ACME_SERVER_PATH='directory'
[Sat Nov 15 12:08:31 CST 2025] _init API for server: https://acme-v02.api.letsencrypt.org/directory
[Sat Nov 15 12:08:31 CST 2025] Only RSA or EC keys are supported. keyfile=/data/data/com.termux/files/usr/tmp/acme/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Sat Nov 15 12:08:31 CST 2025] 
[Sat Nov 15 12:08:31 CST 2025] _on_issue_err
[Sat Nov 15 12:08:31 CST 2025] Please check log file for more details: /data/data/com.termux/files/usr/tmp/acme/acme.sh.log
[Sat Nov 15 12:08:31 CST 2025] _chk_vlist
[Sat Nov 15 12:08:31 CST 2025] Diagnosis versions: 
openssl:openssl
OpenSSL 3.5.2 5 Aug 2025 (Library: OpenSSL 3.5.2 5 Aug 2025)
Apache:
Apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.8.0.3 on 14 Sep 2025 13:43:50
   running on Linux version #2 SMP PREEMPT Thu Nov 25 13:06:04 CST 2021, release 4.14.180-perf-gb24d113, machine aarch64
features:
  #define WITH_HELP 1
  #define WITH_STATS 1
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_SOCKETPAIR 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_DCCP 1
  #define WITH_UDPLITE 1
  #define WITH_LISTEN 1
  #undef WITH_POSIXMQ
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_SOCKS5 1
  #define WITH_VSOCK 1
  #define WITH_NAMESPACES 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_SHELL 1
  #define WITH_EXEC 1
  #define WITH_READLINE 1
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #undef WITH_LIBWRAP
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #undef WITH_DEVTESTS
  #define WITH_MSGLEVEL 0 /*debug*/
  #define WITH_DEFAULT_IPV 4
签发失败

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.