dlangille/1 - running the acme.sh script

## 1 - running the acme.sh script
[acme@certs ~]$ acme.sh --staging --issue --dns dns_nsupdate -d www.unixathome.org
[Sat Jun 24 16:57:09 UTC 2017] Using stage api:https://acme-staging.api.letsencrypt.org
[Sat Jun 24 16:57:09 UTC 2017] Creating domain key
[Sat Jun 24 16:57:09 UTC 2017] Single domain='www.unixathome.org'
[Sat Jun 24 16:57:09 UTC 2017] Getting domain auth token for each domain
[Sat Jun 24 16:57:09 UTC 2017] Getting webroot for domain='www.unixathome.org'
[Sat Jun 24 16:57:09 UTC 2017] Getting new-authz for domain='www.unixathome.org'
[Sat Jun 24 16:57:12 UTC 2017] The new-authz request is ok.
[Sat Jun 24 16:57:12 UTC 2017] Found domain api file: /var/db/acme/.acme.sh/dns_nsupdate.sh
[Sat Jun 24 16:57:12 UTC 2017] adding _acme-challenge.www.unixathome.org. 60 in txt "MfR2Ez5J5fdeuNy7LqawS2y0-IMw_QeghkFtQdV20Uw"
[Sat Jun 24 16:57:12 UTC 2017] Sleep 10 seconds for the txt records to take effect
[Sat Jun 24 16:57:23 UTC 2017] Verifying:www.unixathome.org
[Sat Jun 24 16:57:26 UTC 2017] Success
[Sat Jun 24 16:57:26 UTC 2017] removing _acme-challenge.www.unixathome.org. txt
[Sat Jun 24 16:57:26 UTC 2017] Verify finished, start to sign.
[Sat Jun 24 16:57:27 UTC 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgITAPoe463hMy+4mkSDrdDOCxNqejANBgkqhkiG9w0BAQsF
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNzA2MjQx
NTU3MDBaFw0xNzA5MjIxNTU3MDBaMB0xGzAZBgNVBAMTEnd3dy51bml4YXRob21l
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0QvXcEbuC9eYen
99hGpCqFngeCIiiG0xkTVAz3RK5v2n8ruj1zX03PfKZCfC5zYbXuU/Sn5H+OoISa
loH8SR1tn8HTPoHmKuXNM+jyxzCFEe7T+uWvEE8oJNjE8qMq+gQbgDHhETnStNMf
f1VpEp3JowUwpuBtl4Wotkj/GcsmI6AfSeZGdlYCiTCd6/8v+A/RquTflQoOvC04
d83mOPspa49oJvKrHhaaVoXey0xH9CeKWKTO1TTvFpb3qS4p+AC9Dvj7+JKN5iCX
7UXbYHXjWShyMY2JibCTDlq22dsQsf4oBgVZ2zBDVHnBv5x9ofEILurCycHA7HRj
rAH3tO8CAwEAAaOCAhowggIWMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU9IO43r8Q
0ya9JdxwTnA1Hz9FLM4wHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7LIKb1aDow
dwYIKwYBBQUHAQEEazBpMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5zdGctaW50
LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQuc3Rn
LWludC14MS5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEnd3dy51bml4YXRo
b21lLm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw
gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr
BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk
IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug
d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0
c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCrlkow
6kqjUct31llwwwjQqOkMz6Svbuo0e5Fl0A/fBjKTJNM5VYYhMPkz0lIIz6rAgNRI
c/YWIe7elP2+hMJkCrSY/8sOpjF0/0v97RrZu9pERDMV0hM4j5zaLXcD6/p0SXw1
taqcZihlFWeE2phSvzDFdY3JqT4B/TdWIgghHFMlX3FIWqwSztdO2bHwuRfKioi0
0UtI8BJy8w8nhwZC0Iyr48n0K9NTtxIwzLclk4UoPZ4OcK7rPkq2sriV6drscF6F
jUb76vE+gtZnkQFZXyAxEAQH1qGaI353TXgmkXyXYs7X9GDzGrPRIPK0cdfpZqhL
2A0NtWj0VB8gA6Ty
-----END CERTIFICATE-----
[Sat Jun 24 16:57:27 UTC 2017] Your cert is in  /var/db/acme/.acme.sh/www.unixathome.org/www.unixathome.org.cer
[Sat Jun 24 16:57:27 UTC 2017] Your cert key is in  /var/db/acme/.acme.sh/www.unixathome.org/www.unixathome.org.key
[Sat Jun 24 16:57:27 UTC 2017] The intermediate CA cert is in  /var/db/acme/.acme.sh/www.unixathome.org/ca.cer
[Sat Jun 24 16:57:27 UTC 2017] And the full chain certs is there:  /var/db/acme/.acme.sh/www.unixathome.org/fullchain.cer

## 2 - hidden dns master logs
NOTE: 10.0.0.112 is the certs host shown above.  That's where acme.sh is run.


This is the incoming update vis nsupdate

*** /var/log/named//update.log ***
24-Jun-2017 16:57:26.712 client 10.0.0.112#45482/key certs.int.unixathome.org: updating zone 'unixathome.org/IN': deleting rrset at '_acme-challenge.www.unixathome.org' TXT

This is the hidden master notifying the slaves
*** /var/log/named//notify.log ***
24-Jun-2017 16:57:26.715 zone unixathome.org/IN: sending notifies (serial 2017053004)

Each slave does a querty to get the SOA from the hidden master and then does a transfer (I think).

*** /var/log/named//queries.log ***
24-Jun-2017 16:57:26.732 client 10.0.0.85#63053 (unixathome.org): query: unixathome.org IN SOA -E (10.0.0.53)
24-Jun-2017 16:57:26.765 client 10.0.0.85#27405 (unixathome.org): query: unixathome.org IN IXFR -T (10.0.0.53)
24-Jun-2017 16:57:27.245 client 10.0.0.68#58684 (unixathome.org): query: unixathome.org IN SOA -E (10.0.0.53)
24-Jun-2017 16:57:27.275 client 10.0.0.30#59069 (unixathome.org): query: unixathome.org IN SOA -E (10.0.0.53)
24-Jun-2017 16:57:27.284 client 10.0.0.68#26819 (unixathome.org): query: unixathome.org IN IXFR -T (10.0.0.53)
24-Jun-2017 16:57:27.374 client 10.0.0.30#14616 (unixathome.org): query: unixathome.org IN IXFR -T (10.0.0.53)

Each slave is doing the transfer

*** /var/log/named//xfer-out.log ***
24-Jun-2017 16:57:26.765 client 10.0.0.85#27405 (unixathome.org): transfer of 'unixathome.org/IN': IXFR started
24-Jun-2017 16:57:26.778 client 10.0.0.85#27405 (unixathome.org): transfer of 'unixathome.org/IN': IXFR ended
24-Jun-2017 16:57:27.284 client 10.0.0.68#26819 (unixathome.org): transfer of 'unixathome.org/IN': IXFR started
24-Jun-2017 16:57:27.284 client 10.0.0.68#26819 (unixathome.org): transfer of 'unixathome.org/IN': IXFR ended
24-Jun-2017 16:57:27.375 client 10.0.0.30#14616 (unixathome.org): transfer of 'unixathome.org/IN': IXFR started
24-Jun-2017 16:57:27.375 client 10.0.0.30#14616 (unixathome.org): transfer of 'unixathome.org/IN': IXFR ended

## logs on public DNS server
*** /var/log/named/notify.log ***
24-Jun-2017 16:57:12.402 client 10.0.0.53#54289: received notify for zone 'unixathome.org'

*** /var/log/named/general.log ***
24-Jun-2017 16:57:26.721 zone unixathome.org/IN: Transfer started.
24-Jun-2017 16:57:26.804 zone unixathome.org/IN: transferred serial 2017053004

*** /var/log/named/xfer-in.log ***
24-Jun-2017 16:57:26.737 transfer of 'unixathome.org/IN' from 10.0.0.53#53: connected using 10.80.0.85#27405
24-Jun-2017 16:57:26.804 transfer of 'unixathome.org/IN' from 10.0.0.53#53: Transfer status: success
24-Jun-2017 16:57:26.804 transfer of 'unixathome.org/IN' from 10.0.0.53#53: Transfer completed: 1 messages, 5 records, 263 bytes, 0.066 secs (3984 bytes/sec)

*** /var/log/named/notify.log ***
24-Jun-2017 16:57:26.704 client 10.0.0.53#62762: received notify for zone 'unixathome.org'
	[acme@certs ~]$ acme.sh --staging --issue --dns dns_nsupdate -d www.unixathome.org
	[Sat Jun 24 16:57:09 UTC 2017] Using stage api:https://acme-staging.api.letsencrypt.org
	[Sat Jun 24 16:57:09 UTC 2017] Creating domain key
	[Sat Jun 24 16:57:09 UTC 2017] Single domain='www.unixathome.org'
	[Sat Jun 24 16:57:09 UTC 2017] Getting domain auth token for each domain
	[Sat Jun 24 16:57:09 UTC 2017] Getting webroot for domain='www.unixathome.org'
	[Sat Jun 24 16:57:09 UTC 2017] Getting new-authz for domain='www.unixathome.org'
	[Sat Jun 24 16:57:12 UTC 2017] The new-authz request is ok.
	[Sat Jun 24 16:57:12 UTC 2017] Found domain api file: /var/db/acme/.acme.sh/dns_nsupdate.sh
	[Sat Jun 24 16:57:12 UTC 2017] adding _acme-challenge.www.unixathome.org. 60 in txt "MfR2Ez5J5fdeuNy7LqawS2y0-IMw_QeghkFtQdV20Uw"
	[Sat Jun 24 16:57:12 UTC 2017] Sleep 10 seconds for the txt records to take effect
	[Sat Jun 24 16:57:23 UTC 2017] Verifying:www.unixathome.org
	[Sat Jun 24 16:57:26 UTC 2017] Success
	[Sat Jun 24 16:57:26 UTC 2017] removing _acme-challenge.www.unixathome.org. txt
	[Sat Jun 24 16:57:26 UTC 2017] Verify finished, start to sign.
	[Sat Jun 24 16:57:27 UTC 2017] Cert success.
	-----BEGIN CERTIFICATE-----
	MIIE6DCCA9CgAwIBAgITAPoe463hMy+4mkSDrdDOCxNqejANBgkqhkiG9w0BAQsF
	ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNzA2MjQx
	NTU3MDBaFw0xNzA5MjIxNTU3MDBaMB0xGzAZBgNVBAMTEnd3dy51bml4YXRob21l
	Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0QvXcEbuC9eYen
	99hGpCqFngeCIiiG0xkTVAz3RK5v2n8ruj1zX03PfKZCfC5zYbXuU/Sn5H+OoISa
	loH8SR1tn8HTPoHmKuXNM+jyxzCFEe7T+uWvEE8oJNjE8qMq+gQbgDHhETnStNMf
	f1VpEp3JowUwpuBtl4Wotkj/GcsmI6AfSeZGdlYCiTCd6/8v+A/RquTflQoOvC04
	d83mOPspa49oJvKrHhaaVoXey0xH9CeKWKTO1TTvFpb3qS4p+AC9Dvj7+JKN5iCX
	7UXbYHXjWShyMY2JibCTDlq22dsQsf4oBgVZ2zBDVHnBv5x9ofEILurCycHA7HRj
	rAH3tO8CAwEAAaOCAhowggIWMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
	BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU9IO43r8Q
	0ya9JdxwTnA1Hz9FLM4wHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7LIKb1aDow
	dwYIKwYBBQUHAQEEazBpMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5zdGctaW50
	LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggrBgEFBQcwAoYnaHR0cDovL2NlcnQuc3Rn
	LWludC14MS5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEnd3dy51bml4YXRo
	b21lLm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw
	gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr
	BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk
	IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug
	d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0
	c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCrlkow
	6kqjUct31llwwwjQqOkMz6Svbuo0e5Fl0A/fBjKTJNM5VYYhMPkz0lIIz6rAgNRI
	c/YWIe7elP2+hMJkCrSY/8sOpjF0/0v97RrZu9pERDMV0hM4j5zaLXcD6/p0SXw1
	taqcZihlFWeE2phSvzDFdY3JqT4B/TdWIgghHFMlX3FIWqwSztdO2bHwuRfKioi0
	0UtI8BJy8w8nhwZC0Iyr48n0K9NTtxIwzLclk4UoPZ4OcK7rPkq2sriV6drscF6F
	jUb76vE+gtZnkQFZXyAxEAQH1qGaI353TXgmkXyXYs7X9GDzGrPRIPK0cdfpZqhL
	2A0NtWj0VB8gA6Ty
	-----END CERTIFICATE-----
	[Sat Jun 24 16:57:27 UTC 2017] Your cert is in /var/db/acme/.acme.sh/www.unixathome.org/www.unixathome.org.cer
	[Sat Jun 24 16:57:27 UTC 2017] Your cert key is in /var/db/acme/.acme.sh/www.unixathome.org/www.unixathome.org.key
	[Sat Jun 24 16:57:27 UTC 2017] The intermediate CA cert is in /var/db/acme/.acme.sh/www.unixathome.org/ca.cer
	[Sat Jun 24 16:57:27 UTC 2017] And the full chain certs is there: /var/db/acme/.acme.sh/www.unixathome.org/fullchain.cer
	NOTE: 10.0.0.112 is the certs host shown above. That's where acme.sh is run.


	This is the incoming update vis nsupdate

	* /var/log/named//update.log *
	24-Jun-2017 16:57:26.712 client 10.0.0.112#45482/key certs.int.unixathome.org: updating zone 'unixathome.org/IN': deleting rrset at '_acme-challenge.www.unixathome.org' TXT

	This is the hidden master notifying the slaves
	* /var/log/named//notify.log *
	24-Jun-2017 16:57:26.715 zone unixathome.org/IN: sending notifies (serial 2017053004)

	Each slave does a querty to get the SOA from the hidden master and then does a transfer (I think).

	* /var/log/named//queries.log *
	24-Jun-2017 16:57:26.732 client 10.0.0.85#63053 (unixathome.org): query: unixathome.org IN SOA -E (10.0.0.53)
	24-Jun-2017 16:57:26.765 client 10.0.0.85#27405 (unixathome.org): query: unixathome.org IN IXFR -T (10.0.0.53)
	24-Jun-2017 16:57:27.245 client 10.0.0.68#58684 (unixathome.org): query: unixathome.org IN SOA -E (10.0.0.53)
	24-Jun-2017 16:57:27.275 client 10.0.0.30#59069 (unixathome.org): query: unixathome.org IN SOA -E (10.0.0.53)
	24-Jun-2017 16:57:27.284 client 10.0.0.68#26819 (unixathome.org): query: unixathome.org IN IXFR -T (10.0.0.53)
	24-Jun-2017 16:57:27.374 client 10.0.0.30#14616 (unixathome.org): query: unixathome.org IN IXFR -T (10.0.0.53)

	Each slave is doing the transfer

	* /var/log/named//xfer-out.log *
	24-Jun-2017 16:57:26.765 client 10.0.0.85#27405 (unixathome.org): transfer of 'unixathome.org/IN': IXFR started
	24-Jun-2017 16:57:26.778 client 10.0.0.85#27405 (unixathome.org): transfer of 'unixathome.org/IN': IXFR ended
	24-Jun-2017 16:57:27.284 client 10.0.0.68#26819 (unixathome.org): transfer of 'unixathome.org/IN': IXFR started
	24-Jun-2017 16:57:27.284 client 10.0.0.68#26819 (unixathome.org): transfer of 'unixathome.org/IN': IXFR ended
	24-Jun-2017 16:57:27.375 client 10.0.0.30#14616 (unixathome.org): transfer of 'unixathome.org/IN': IXFR started
	24-Jun-2017 16:57:27.375 client 10.0.0.30#14616 (unixathome.org): transfer of 'unixathome.org/IN': IXFR ended
	* /var/log/named/notify.log *
	24-Jun-2017 16:57:12.402 client 10.0.0.53#54289: received notify for zone 'unixathome.org'

	* /var/log/named/general.log *
	24-Jun-2017 16:57:26.721 zone unixathome.org/IN: Transfer started.
	24-Jun-2017 16:57:26.804 zone unixathome.org/IN: transferred serial 2017053004

	* /var/log/named/xfer-in.log *
	24-Jun-2017 16:57:26.737 transfer of 'unixathome.org/IN' from 10.0.0.53#53: connected using 10.80.0.85#27405
	24-Jun-2017 16:57:26.804 transfer of 'unixathome.org/IN' from 10.0.0.53#53: Transfer status: success
	24-Jun-2017 16:57:26.804 transfer of 'unixathome.org/IN' from 10.0.0.53#53: Transfer completed: 1 messages, 5 records, 263 bytes, 0.066 secs (3984 bytes/sec)

	* /var/log/named/notify.log *
	24-Jun-2017 16:57:26.704 client 10.0.0.53#62762: received notify for zone 'unixathome.org'