Skip to content

Instantly share code, notes, and snippets.

@mweinelt

mweinelt/gist:b27e2353eedc99242a1074a5d2a4e85f

Created November 29, 2024 02:11
Show Gist options
  • Save mweinelt/b27e2353eedc99242a1074a5d2a4e85f to your computer and use it in GitHub Desktop.
Save mweinelt/b27e2353eedc99242a1074a5d2a4e85f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
Machine state will be reset. To keep it, pass --keep-vm-state
start all VLans
start vlan
running vlan (pid 7; ctl /build/vde1.ctl)
(finished: start all VLans, in 0.00 seconds)
Test will time out and terminate in 3600 seconds
run the VM test script
additionally exposed symbols:
acme, client, dnsserver, webserver,
vlan1,
start_all, test_script, machines, vlans, driver, log, os, create_machine, subtest, run_tests, join_all, retry, serial_stdout_off, serial_stdout_on, polling_condition, Machine
start all VMs
acme: starting vm
mke2fs 1.47.1 (20-May-2024)
acme # Disk image do not exist, creating the virtualisation disk image...
acme: QEMU running (pid 9)
acme # Formatting '/build/vm-state-acme/tmp.m20xolcZoV', fmt=raw size=1073741824
acme # Discarding device blocks: 0/262144 done
acme # Creating filesystem with 262144 4k blocks and 65536 inodes
acme # Filesystem UUID: 486f7ab4-d229-4417-92c9-2076d2f5aa8a
acme # Superblock backups stored on blocks:
acme # 32768, 98304, 163840, 229376
acme #
acme # Allocating group tables: 0/8 done
acme # Writing inode tables: 0/8 done
acme # Creating journal (8192 blocks): done
acme # Writing superblocks and filesystem accounting information: 0/8 done
acme #
acme # Virtualisation disk image created.
client: starting vm
mke2fs 1.47.1 (20-May-2024)
acme # cSeaBIOS (version rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org)
client # Disk image do not exist, creating the virtualisation disk image...
client: QEMU running (pid 30)
client # Formatting '/build/vm-state-client/tmp.UJusBNqKOE', fmt=raw size=1073741824
dnsserver: starting vm
client # Discarding device blocks: 0/262144 done
client # Creating filesystem with 262144 4k blocks and 65536 inodes
client # Filesystem UUID: 8324d8c0-5f08-4324-bd34-3aecf9d9f02e
client # Superblock backups stored on blocks:
client # 32768, 98304, 163840, 229376
client #
client # Allocating group tables: 0/8 done
client # Writing inode tables: 0/8 done
client # Creating journal (8192 blocks): done
client # Writing superblocks and filesystem accounting information: 0/8 done
client #
client # Virtualisation disk image created.
acme #
acme #
acme # iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+3EFD0AF0+3EF30AF0 CA00
mke2fs 1.47.1 (20-May-2024)
acme # Press Ctrl-B to configure iPXE (PCI 00:03.0)...
acme #
acme #
acme #
acme #
acme # iPXE (http://ipxe.org) 00:09.0 CB00 PCI2.10 PnP PMM 3EFD0AF0 3EF30AF0 CB00
acme # Press Ctrl-B to configure iPXE (PCI 00:09.0)...
acme #
acme #
acme # Booting from ROM...
client # cSeaBIOS (version rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org)
dnsserver # Disk image do not exist, creating the virtualisation disk image...
dnsserver # Formatting '/build/vm-state-dnsserver/tmp.wDbdvaAINu', fmt=raw size=1073741824
dnsserver # Discarding device blocks: 0/262144 done
dnsserver # Creating filesystem with 262144 4k blocks and 65536 inodes
dnsserver # Filesystem UUID: 012cbbb8-2e11-457a-ae38-e326170780a1
dnsserver # Superblock backups stored on blocks:
dnsserver # 32768, 98304, 163840, 229376
dnsserver #
dnsserver # Allocating group tables: 0/8 done
dnsserver # Writing inode tables: 0/8 done
dnsserver # Creating journal (8192 blocks): done
dnsserver # Writing superblocks and filesystem accounting information: 0/8 done
dnsserver #
dnsserver # Virtualisation disk image created.
dnsserver: QEMU running (pid 51)
webserver: starting vm
mke2fs 1.47.1 (20-May-2024)
client #
client #
client # iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+3EFD0AF0+3EF30AF0 CA00
client # Press Ctrl-B to configure iPXE (PCI 00:03.0)...
client #
client #
client #
client #
client # iPXE (http://ipxe.org) 00:09.0 CB00 PCI2.10 PnP PMM 3EFD0AF0 3EF30AF0 CB00
client # Press Ctrl-B to configure iPXE (PCI 00:09.0)...
client #
client #
client # Booting from ROM...
client # Probing EDD (edd=off to disable)... ok
dnsserver # cSeaBIOS (version rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org)
webserver # Disk image do not exist, creating the virtualisation disk image...
webserver # Formatting '/build/vm-state-webserver/tmp.VSPNFcyQ5q', fmt=raw size=1073741824
webserver # Discarding device blocks: 0/262144 done
webserver # Creating filesystem with 262144 4k blocks and 65536 inodes
webserver # Filesystem UUID: 9af7894e-e549-4525-9088-bed3ba7a646e
webserver # Superblock backups stored on blocks:
webserver # 32768, 98304, 163840, 229376
webserver #
webserver # Allocating group tables: 0/8 done
webserver # Writing inode tables: 0/8 done
webserver # Creating journal (8192 blocks): done
webserver # Writing superblocks and filesystem accounting information: 0/8 done
webserver #
webserver # Virtualisation disk image created.
webserver: QEMU running (pid 72)
(finished: start all VMs, in 0.51 seconds)
dnsserver: waiting for unit pebble-challtestsrv.service
dnsserver: waiting for the VM to finish booting
acme # Probing EDD (edd=off to disable)... ock[ 0.000000] Linux version 6.6.63 (nixbld@localhost) (gcc (GCC) 13.3.0, GNU ld (GNU Binutils) 2.43.1) #1-NixOS SMP PREEMPT_DYNAMIC Fri Nov 22 14:38:37 UTC 2024
dnsserver #
dnsserver #
dnsserver # iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+3EFD0AF0+3EF30AF0 CA00
acme # [ 0.000000] Command line: console=ttyS0 console=tty0 panic=1 boot.panic_on_fail clocksource=acpi_pm loglevel=7 net.ifnames=0 init=/nix/store/0181bz5aah1ybf2yjxs5p07v8na816x9-nixos-system-acme-test/init regInfo=/nix/store/4vw32vrd6aj47q2i04jsgqlvnkzbh3fi-closure-info/registration console=ttyS0
acme # [ 0.000000] BIOS-provided physical RAM map:
acme # [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
acme # [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
dnsserver # Press Ctrl-B to configure iPXE (PCI 00:03.0)...
dnsserver #
dnsserver #
dnsserver #
dnsserver #
acme # [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
acme # [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003ffdafff] usable
acme # [ 0.000000] BIOS-e820: [mem 0x000000003ffdb000-0x000000003fffffff] reserved
dnsserver # iPXE (http://ipxe.org) 00:09.0 CB00 PCI2.10 PnP PMM 3EFD0AF0 3EF30AF0 CB00
acme # [ 0.000000] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
acme # [ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
acme # [ 0.000000] BIOS-e820: [mem 0x000000fd00000000-0x000000ffffffffff] reserved
acme # [ 0.000000] NX (Execute Disable) protection: active
acme # [ 0.000000] APIC: Static calls initialized
acme # [ 0.000000] SMBIOS 2.8 present.
acme # [ 0.000000] DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
dnsserver # Press Ctrl-B to configure iPXE (PCI 00:09.0)...
dnsserver #
dnsserver #
acme # [ 0.000000] Hypervisor detected: KVM
acme # [ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
acme # [ 0.000000] kvm-clock: using sched offset of 364465552 cycles
acme # [ 0.000001] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
acme # [ 0.000003] tsc: Detected 2794.748 MHz processor
acme # [ 0.001060] last_pfn = 0x3ffdb max_arch_pfn = 0x400000000
dnsserver # Booting from ROM...
acme # [ 0.001094] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
acme # [ 0.001097] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT
acme # [ 0.003418] found SMP MP-table at [mem 0x000f5430-0x000f543f]
acme # [ 0.003432] Using GB pages for direct mapping
acme # [ 0.003561] RAMDISK: [mem 0x3f4c7000-0x3ffcffff]
acme # [ 0.003567] ACPI: Early table checksum verification disabled
acme # [ 0.003569] ACPI: RSDP 0x00000000000F5250 000014 (v00 BOCHS )
acme # [ 0.003573] ACPI: RSDT 0x000000003FFE1CE4 000034 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.003577] ACPI: FACP 0x000000003FFE1B98 000074 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.003581] ACPI: DSDT 0x000000003FFE0040 001B58 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.003584] ACPI: FACS 0x000000003FFE0000 000040
acme # [ 0.003586] ACPI: APIC 0x000000003FFE1C0C 000078 (v03 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.003589] ACPI: HPET 0x000000003FFE1C84 000038 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.003591] ACPI: WAET 0x000000003FFE1CBC 000028 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.003593] ACPI: Reserving FACP table memory at [mem 0x3ffe1b98-0x3ffe1c0b]
acme # [ 0.003594] ACPI: Reserving DSDT table memory at [mem 0x3ffe0040-0x3ffe1b97]
acme # [ 0.003595] ACPI: Reserving FACS table memory at [mem 0x3ffe0000-0x3ffe003f]
acme # [ 0.003596] ACPI: Reserving APIC table memory at [mem 0x3ffe1c0c-0x3ffe1c83]
acme # [ 0.003597] ACPI: Reserving HPET table memory at [mem 0x3ffe1c84-0x3ffe1cbb]
acme # [ 0.003597] ACPI: Reserving WAET table memory at [mem 0x3ffe1cbc-0x3ffe1ce3]
acme # [ 0.003840] No NUMA configuration found
acme # [ 0.003841] Faking a node at [mem 0x0000000000000000-0x000000003ffdafff]
acme # [ 0.003843] NODE_DATA(0) allocated [mem 0x3ffd5000-0x3ffdafff]
acme # [ 0.003859] Zone ranges:
acme # [ 0.003859] DMA [mem 0x0000000000001000-0x0000000000ffffff]
acme # [ 0.003861] DMA32 [mem 0x0000000001000000-0x000000003ffdafff]
acme # [ 0.003862] Normal empty
acme # [ 0.003863] Device empty
acme # [ 0.003864] Movable zone start for each node
acme # [ 0.003865] Early memory node ranges
webserver # cSeaBIOS (version rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org)
acme # [ 0.003865] node 0: [mem 0x0000000000001000-0x000000000009efff]
acme # [ 0.003867] node 0: [mem 0x0000000000100000-0x000000003ffdafff]
acme # [ 0.003868] Initmem setup node 0 [mem 0x0000000000001000-0x000000003ffdafff]
acme # [ 0.004074] On node 0, zone DMA: 1 pages in unavailable ranges
acme # [ 0.004087] On node 0, zone DMA: 97 pages in unavailable ranges
acme # [ 0.006055] On node 0, zone DMA32: 37 pages in unavailable ranges
acme # [ 0.006530] ACPI: PM-Timer IO Port: 0x608
acme # [ 0.006539] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1])
acme # [ 0.006569] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23
acme # [ 0.006572] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
acme # [ 0.006573] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level)
acme # [ 0.006575] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
acme # [ 0.006576] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level)
acme # [ 0.006577] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level)
acme # [ 0.006580] ACPI: Using ACPI (MADT) for SMP configuration information
acme # [ 0.006580] ACPI: HPET id: 0x8086a201 base: 0xfed00000
acme # [ 0.006584] TSC deadline timer available
acme # [ 0.006585] smpboot: Allowing 1 CPUs, 0 hotplug CPUs
acme # [ 0.006603] kvm-guest: APIC: eoi() replaced with kvm_guest_apic_eoi_write()
acme # [ 0.006628] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
acme # [ 0.006630] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
acme # [ 0.006630] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff]
acme # [ 0.006631] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff]
acme # [ 0.006633] [mem 0x40000000-0xfeffbfff] available for PCI devices
acme # [ 0.006634] Booting paravirtualized kernel on KVM
acme # [ 0.006636] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
acme # [ 0.011552] setup_percpu: NR_CPUS:384 nr_cpumask_bits:1 nr_cpu_ids:1 nr_node_ids:1
acme # [ 0.011910] percpu: Embedded 84 pages/cpu s221184 r8192 d114688 u2097152
acme # [ 0.011950] kvm-guest: PV spinlocks disabled, single CPU
acme # [ 0.011951] Kernel command line: console=ttyS0 console=tty0 panic=1 boot.panic_on_fail clocksource=acpi_pm loglevel=7 net.ifnames=0 init=/nix/store/0181bz5aah1ybf2yjxs5p07v8na816x9-nixos-system-acme-test/init regInfo=/nix/store/4vw32vrd6aj47q2i04jsgqlvnkzbh3fi-closure-info/registration console=ttyS0
acme # [ 0.012043] Unknown kernel command line parameters "regInfo=/nix/store/4vw32vrd6aj47q2i04jsgqlvnkzbh3fi-closure-info/registration", will be passed to user space.
acme # [ 0.012064] random: crng init done
acme # [ 0.012106] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
acme # [ 0.012149] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
acme # [ 0.012171] Fallback order for Node 0: 0
acme # [ 0.012174] Built 1 zonelists, mobility grouping on. Total pages: 257755
acme # [ 0.012175] Policy zone: DMA32
acme # [ 0.012475] mem auto-init: stack:all(zero), heap alloc:on, heap free:off
acme # [ 0.014340] Memory: 972092K/1048036K available (16384K kernel code, 2367K rwdata, 10864K rodata, 3120K init, 4480K bss, 75684K reserved, 0K cma-reserved)
acme # [ 0.015154] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
acme # [ 0.015177] ftrace: allocating 42915 entries in 168 pages
acme # [ 0.022180] ftrace: allocated 168 pages with 3 groups
acme # [ 0.022791] Dynamic Preempt: voluntary
acme # [ 0.023027] rcu: Preemptible hierarchical RCU implementation.
acme # [ 0.023028] rcu: RCU event tracing is enabled.
acme # [ 0.023028] rcu: RCU restricting CPUs from NR_CPUS=384 to nr_cpu_ids=1.
acme # [ 0.023029] Trampoline variant of Tasks RCU enabled.
acme # [ 0.023030] Rude variant of Tasks RCU enabled.
acme # [ 0.023030] Tracing variant of Tasks RCU enabled.
acme # [ 0.023031] rcu: RCU calculated value of scheduler-enlistment delay is 100 jiffies.
acme # [ 0.023031] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
acme # [ 0.025370] NR_IRQS: 24832, nr_irqs: 256, preallocated irqs: 16
acme # [ 0.025774] rcu: srcu_init: Setting srcu_struct sizes based on contention.
acme # [ 0.025872] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____)
acme # [ 0.030043] Console: colour VGA+ 80x25
acme # [ 0.030045] printk: console [tty0] enabled
acme # [ 0.063377] printk: console [ttyS0] enabled
acme # [ 0.163508] ACPI: Core revision 20230628
acme # [ 0.164418] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns
acme # [ 0.166249] APIC: Switch to symmetric I/O mode setup
acme # [ 0.167395] x2apic enabled
acme # [ 0.168286] APIC: Switched APIC routing to: physical x2apic
acme # [ 0.170404] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
acme # [ 0.171584] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x2848df6a9de, max_idle_ns: 440795280912 ns
acme # [ 0.173531] Calibrating delay loop (skipped) preset value.. 5589.49 BogoMIPS (lpj=2794748)
acme # [ 0.175013] x86/cpu: User Mode Instruction Prevention (UMIP) activated
acme # [ 0.176614] Last level iTLB entries: 4KB 512, 2MB 255, 4MB 127
acme # [ 0.177800] Last level dTLB entries: 4KB 512, 2MB 255, 4MB 127, 1GB 0
acme # [ 0.178822] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
acme # [ 0.180531] Spectre V2 : Mitigation: Retpolines
acme # [ 0.181397] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
acme # [ 0.181941] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
acme # [ 0.182814] Spectre V2 : Enabling Speculation Barrier for firmware calls
webserver #
webserver #
client # c[ 0.000000] Linux version 6.6.63 (nixbld@localhost) (gcc (GCC) 13.3.0, GNU ld (GNU Binutils) 2.43.1) #1-NixOS SMP PREEMPT_DYNAMIC Fri Nov 22 14:38:37 UTC 2024
acme # [ 0.183814] RETBleed: Mitigation: untrained return thunk
webserver # iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+3EFD0AF0+3EF30AF0 CA00
acme # [ 0.184787] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
acme # [ 0.185946] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
client # [ 0.000000] Command line: console=ttyS0 console=tty0 panic=1 boot.panic_on_fail clocksource=acpi_pm loglevel=7 net.ifnames=0 init=/nix/store/pym7iqvl158pcfm11zw20bz5hdn4fxqw-nixos-system-client-test/init regInfo=/nix/store/7h916pb1v4apvf6w7lc96vlm9j8zb5ww-closure-info/registration console=ttyS0
client # [ 0.000000] BIOS-provided physical RAM map:
acme # [ 0.187529] Speculative Return Stack Overflow: IBPB-extending microcode not applied!
client # [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
webserver # Press Ctrl-B to configure iPXE (PCI 00:03.0)...
webserver #
webserver #
webserver #
webserver #
client # [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
acme # [ 0.188931] Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
client # [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
webserver # iPXE (http://ipxe.org) 00:09.0 CB00 PCI2.10 PnP PMM 3EFD0AF0 3EF30AF0 CB00
client # [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003ffdafff] usable
acme # [ 0.188932] Speculative Return Stack Overflow: Vulnerable: Safe RET, no microcode
client # [ 0.000000] BIOS-e820: [mem 0x000000003ffdb000-0x000000003fffffff] reserved
acme # [ 0.191542] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
client # [ 0.000000] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
client # [ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
acme # [ 0.192918] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
client # [ 0.000000] BIOS-e820: [mem 0x000000fd00000000-0x000000ffffffffff] reserved
acme # [ 0.193802] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
client # [ 0.000000] NX (Execute Disable) protection: active
client # [ 0.000000] APIC: Static calls initialized
acme # [ 0.195530] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
client # [ 0.000000] SMBIOS 2.8 present.
webserver # Press Ctrl-B to configure iPXE (PCI 00:09.0)...
webserver #
webserver #
acme # [ 0.196529] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
client # [ 0.000000] DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
client # [ 0.000000] Hypervisor detected: KVM
client # [ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
client # [ 0.000000] kvm-clock: using sched offset of 346443839 cycles
client # [ 0.000001] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
client # [ 0.000003] tsc: Detected 2794.748 MHz processor
webserver # Booting from ROM...
client # [ 0.001054] last_pfn = 0x3ffdb max_arch_pfn = 0x400000000
client # [ 0.001087] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
client # [ 0.001090] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT
client # [ 0.003404] found SMP MP-table at [mem 0x000f5430-0x000f543f]
client # [ 0.003417] Using GB pages for direct mapping
client # [ 0.003521] RAMDISK: [mem 0x3f4c9000-0x3ffcffff]
client # [ 0.003526] ACPI: Early table checksum verification disabled
client # [ 0.003528] ACPI: RSDP 0x00000000000F5250 000014 (v00 BOCHS )
client # [ 0.003532] ACPI: RSDT 0x000000003FFE1CE4 000034 (v01 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.003537] ACPI: FACP 0x000000003FFE1B98 000074 (v01 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.003540] ACPI: DSDT 0x000000003FFE0040 001B58 (v01 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.003543] ACPI: FACS 0x000000003FFE0000 000040
client # [ 0.003545] ACPI: APIC 0x000000003FFE1C0C 000078 (v03 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.003548] ACPI: HPET 0x000000003FFE1C84 000038 (v01 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.003550] ACPI: WAET 0x000000003FFE1CBC 000028 (v01 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.003552] ACPI: Reserving FACP table memory at [mem 0x3ffe1b98-0x3ffe1c0b]
client # [ 0.003553] ACPI: Reserving DSDT table memory at [mem 0x3ffe0040-0x3ffe1b97]
client # [ 0.003554] ACPI: Reserving FACS table memory at [mem 0x3ffe0000-0x3ffe003f]
client # [ 0.003555] ACPI: Reserving APIC table memory at [mem 0x3ffe1c0c-0x3ffe1c83]
client # [ 0.003556] ACPI: Reserving HPET table memory at [mem 0x3ffe1c84-0x3ffe1cbb]
client # [ 0.003556] ACPI: Reserving WAET table memory at [mem 0x3ffe1cbc-0x3ffe1ce3]
client # [ 0.003799] No NUMA configuration found
acme # [ 0.222593] Freeing SMP alternatives memory: 36K
client # [ 0.003800] Faking a node at [mem 0x0000000000000000-0x000000003ffdafff]
acme # [ 0.223471] pid_max: default: 32768 minimum: 301
client # [ 0.003802] NODE_DATA(0) allocated [mem 0x3ffd5000-0x3ffdafff]
client # [ 0.003819] Zone ranges:
acme # [ 0.223836] LSM: initializing lsm=capability,landlock,yama,selinux,bpf,integrity
client # [ 0.003819] DMA [mem 0x0000000000001000-0x0000000000ffffff]
client # [ 0.003821] DMA32 [mem 0x0000000001000000-0x000000003ffdafff]
client # [ 0.003822] Normal empty
client # [ 0.003823] Device empty
client # [ 0.003824] Movable zone start for each node
client # [ 0.003825] Early memory node ranges
acme # [ 0.225549] landlock: Up and running.
client # [ 0.003825] node 0: [mem 0x0000000000001000-0x000000000009efff]
acme # [ 0.226530] Yama: becoming mindful.
client # [ 0.003827] node 0: [mem 0x0000000000100000-0x000000003ffdafff]
acme # [ 0.227231] SELinux: Initializing.
client # [ 0.003828] Initmem setup node 0 [mem 0x0000000000001000-0x000000003ffdafff]
acme # [ 0.227780] LSM support for eBPF active
client # [ 0.004030] On node 0, zone DMA: 1 pages in unavailable ranges
client # [ 0.004043] On node 0, zone DMA: 97 pages in unavailable ranges
acme # [ 0.228787] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
client # [ 0.006214] On node 0, zone DMA32: 37 pages in unavailable ranges
client # [ 0.006834] ACPI: PM-Timer IO Port: 0x608
acme # [ 0.229921] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
client # [ 0.006845] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1])
client # [ 0.006885] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23
acme # [ 0.231900] smpboot: CPU0: AMD EPYC 7402P 24-Core Processor (family: 0x17, model: 0x31, stepping: 0x0)
client # [ 0.006888] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
client # [ 0.006891] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level)
acme # [ 0.233185] RCU Tasks: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
client # [ 0.006893] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
client # [ 0.006894] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level)
acme # [ 0.233964] RCU Tasks Rude: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
client # [ 0.006896] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level)
client # [ 0.006900] ACPI: Using ACPI (MADT) for SMP configuration information
acme # [ 0.234990] RCU Tasks Trace: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
client # [ 0.006901] ACPI: HPET id: 0x8086a201 base: 0xfed00000
client # [ 0.006907] TSC deadline timer available
acme # [ 0.235983] Performance Events: Fam17h+ core perfctr, AMD PMU driver.
client # [ 0.006908] smpboot: Allowing 1 CPUs, 0 hotplug CPUs
acme # [ 0.236819] ... version: 0
client # [ 0.006932] kvm-guest: APIC: eoi() replaced with kvm_guest_apic_eoi_write()
acme # [ 0.237533] ... bit width: 48
client # [ 0.006963] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
acme # [ 0.238324] ... generic registers: 6
acme # [ 0.238761] ... value mask: 0000ffffffffffff
client # [ 0.006965] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
acme # [ 0.239532] ... max period: 00007fffffffffff
client # [ 0.006966] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff]
acme # [ 0.240506] ... fixed-purpose events: 0
client # [ 0.006967] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff]
acme # [ 0.240763] ... event mask: 000000000000003f
client # [ 0.006970] [mem 0x40000000-0xfeffbfff] available for PCI devices
client # [ 0.006971] Booting paravirtualized kernel on KVM
acme # [ 0.241631] signal: max sigframe size: 1776
acme # [ 0.242484] rcu: Hierarchical SRCU implementation.
client # [ 0.006974] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
acme # [ 0.242784] rcu: Max phase no-delay instances is 400.
client # [ 0.012075] setup_percpu: NR_CPUS:384 nr_cpumask_bits:1 nr_cpu_ids:1 nr_node_ids:1
client # [ 0.012434] percpu: Embedded 84 pages/cpu s221184 r8192 d114688 u2097152
client # [ 0.012473] kvm-guest: PV spinlocks disabled, single CPU
acme # [ 0.246922] smp: Bringing up secondary CPUs ...
acme # [ 0.247785] smp: Brought up 1 node, 1 CPU
client # [ 0.012475] Kernel command line: console=ttyS0 console=tty0 panic=1 boot.panic_on_fail clocksource=acpi_pm loglevel=7 net.ifnames=0 init=/nix/store/pym7iqvl158pcfm11zw20bz5hdn4fxqw-nixos-system-client-test/init regInfo=/nix/store/7h916pb1v4apvf6w7lc96vlm9j8zb5ww-closure-info/registration console=ttyS0
acme # [ 0.248534] smpboot: Max logical packages: 1
acme # [ 0.249366] smpboot: Total of 1 processors activated (5589.49 BogoMIPS)
client # [ 0.012566] Unknown kernel command line parameters "regInfo=/nix/store/7h916pb1v4apvf6w7lc96vlm9j8zb5ww-closure-info/registration", will be passed to user space.
acme # [ 0.250054] devtmpfs: initialized
client # [ 0.012588] random: crng init done
acme # [ 0.250621] x86/mm: Memory block size: 128MB
client # [ 0.012631] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
client # [ 0.012673] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
client # [ 0.012702] Fallback order for Node 0: 0
acme # [ 0.252028] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
client # [ 0.012704] Built 1 zonelists, mobility grouping on. Total pages: 257755
client # [ 0.012706] Policy zone: DMA32
acme # [ 0.252995] futex hash table entries: 256 (order: 2, 16384 bytes, linear)
client # [ 0.013001] mem auto-init: stack:all(zero), heap alloc:on, heap free:off
acme # [ 0.253889] pinctrl core: initialized pinctrl subsystem
acme # [ 0.254968] PM: RTC time: 20:52:42, date: 2024-11-28
client # [ 0.014871] Memory: 972100K/1048036K available (16384K kernel code, 2367K rwdata, 10864K rodata, 3120K init, 4480K bss, 75676K reserved, 0K cma-reserved)
client # [ 0.015675] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
acme # [ 0.256683] NET: Registered PF_NETLINK/PF_ROUTE protocol family
client # [ 0.015705] ftrace: allocating 42915 entries in 168 pages
client # [ 0.022654] ftrace: allocated 168 pages with 3 groups
client # [ 0.023254] Dynamic Preempt: voluntary
acme # [ 0.257736] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
client # [ 0.023492] rcu: Preemptible hierarchical RCU implementation.
client # [ 0.023493] rcu: RCU event tracing is enabled.
acme # [ 0.258843] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
client # [ 0.023493] rcu: RCU restricting CPUs from NR_CPUS=384 to nr_cpu_ids=1.
acme # [ 0.259948] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
client # [ 0.023494] Trampoline variant of Tasks RCU enabled.
client # [ 0.023495] Rude variant of Tasks RCU enabled.
acme # [ 0.260937] audit: initializing netlink subsys (disabled)
client # [ 0.023495] Tracing variant of Tasks RCU enabled.
client # [ 0.023496] rcu: RCU calculated value of scheduler-enlistment delay is 100 jiffies.
acme # [ 0.261831] audit: type=2000 audit(1732827162.622:1): state=initialized audit_enabled=0 res=1
client # [ 0.023497] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
acme # [ 0.263105] thermal_sys: Registered thermal governor 'bang_bang'
client # [ 0.026007] NR_IRQS: 24832, nr_irqs: 256, preallocated irqs: 16
client # [ 0.026209] rcu: srcu_init: Setting srcu_struct sizes based on contention.
acme # [ 0.263107] thermal_sys: Registered thermal governor 'step_wise'
acme # [ 0.263804] thermal_sys: Registered thermal governor 'user_space'
client # [ 0.026303] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____)
client # [ 0.030493] Console: colour VGA+ 80x25
acme # [ 0.264825] cpuidle: using governor menu
client # [ 0.030495] printk: console [tty0] enabled
client # [ 0.063917] printk: console [ttyS0] enabled
client # [ 0.163853] ACPI: Core revision 20230628
acme # [ 0.267142] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
acme # [ 0.267965] PCI: Using configuration type 1 for base access
client # [ 0.164750] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns
acme # [ 0.268795] PCI: Using configuration type 1 for extended access
client # [ 0.166555] APIC: Switch to symmetric I/O mode setup
client # [ 0.167985] x2apic enabled
acme # [ 0.270028] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
client # [ 0.168903] APIC: Switched APIC routing to: physical x2apic
client # [ 0.171058] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
client # [ 0.172195] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x2848df6a9de, max_idle_ns: 440795280912 ns
client # [ 0.174125] Calibrating delay loop (skipped) preset value.. 5589.49 BogoMIPS (lpj=2794748)
client # [ 0.176207] x86/cpu: User Mode Instruction Prevention (UMIP) activated
client # [ 0.177495] Last level iTLB entries: 4KB 512, 2MB 255, 4MB 127
client # [ 0.178392] Last level dTLB entries: 4KB 512, 2MB 255, 4MB 127, 1GB 0
client # [ 0.179410] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
client # [ 0.181124] Spectre V2 : Mitigation: Retpolines
client # [ 0.182122] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
client # [ 0.183532] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
dnsserver # Probing EDD (edd=off to disable)... ock[ 0.000000] Linux version 6.6.63 (nixbld@localhost) (gcc (GCC) 13.3.0, GNU ld (GNU Binutils) 2.43.1) #1-NixOS SMP PREEMPT_DYNAMIC Fri Nov 22 14:38:37 UTC 2024
client # [ 0.185122] Spectre V2 : Enabling Speculation Barrier for firmware calls
client # [ 0.186122] RETBleed: Mitigation: untrained return thunk
client # [ 0.187124] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
dnsserver # [ 0.000000] Command line: console=ttyS0 console=tty0 panic=1 boot.panic_on_fail clocksource=acpi_pm loglevel=7 net.ifnames=0 init=/nix/store/jdm56ci6swvzxajb974q8gyln23z1f3s-nixos-system-dnsserver-test/init regInfo=/nix/store/wgb3fqxbdxgvk2cah6lvq6idawygaax3-closure-info/registration console=ttyS0
dnsserver # [ 0.000000] BIOS-provided physical RAM map:
client # [ 0.188532] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
dnsserver # [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
client # [ 0.190122] Speculative Return Stack Overflow: IBPB-extending microcode not applied!
dnsserver # [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
dnsserver # [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
dnsserver # [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003ffdafff] usable
client # [ 0.191516] Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
dnsserver # [ 0.000000] BIOS-e820: [mem 0x000000003ffdb000-0x000000003fffffff] reserved
acme # [ 0.295597] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages
client # [ 0.191518] Speculative Return Stack Overflow: Vulnerable: Safe RET, no microcode
dnsserver # [ 0.000000] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
dnsserver # [ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
acme # [ 0.296533] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page
client # [ 0.194516] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
dnsserver # [ 0.000000] BIOS-e820: [mem 0x000000fd00000000-0x000000ffffffffff] reserved
acme # [ 0.297533] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
dnsserver # [ 0.000000] NX (Execute Disable) protection: active
client # [ 0.196122] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
dnsserver # [ 0.000000] APIC: Static calls initialized
acme # [ 0.298532] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
dnsserver # [ 0.000000] SMBIOS 2.8 present.
client # [ 0.197122] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
client # [ 0.198122] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
dnsserver # [ 0.000000] DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
dnsserver # [ 0.000000] Hypervisor detected: KVM
dnsserver # [ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
client # [ 0.199400] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
dnsserver # [ 0.000000] kvm-clock: using sched offset of 343319168 cycles
acme # [ 0.303184] ACPI: Added _OSI(Module Device)
dnsserver # [ 0.000002] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
acme # [ 0.303768] ACPI: Added _OSI(Processor Device)
dnsserver # [ 0.000004] tsc: Detected 2794.748 MHz processor
acme # [ 0.304533] ACPI: Added _OSI(3.0 _SCP Extensions)
dnsserver # [ 0.001043] last_pfn = 0x3ffdb max_arch_pfn = 0x400000000
acme # [ 0.305433] ACPI: Added _OSI(Processor Aggregator Device)
dnsserver # [ 0.001076] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
dnsserver # [ 0.001079] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT
dnsserver # [ 0.003400] found SMP MP-table at [mem 0x000f5430-0x000f543f]
acme # [ 0.307003] ACPI: 1 ACPI AML tables successfully acquired and loaded
dnsserver # [ 0.003414] Using GB pages for direct mapping
dnsserver # [ 0.003512] RAMDISK: [mem 0x3f4c9000-0x3ffcffff]
dnsserver # [ 0.003517] ACPI: Early table checksum verification disabled
acme # [ 0.308590] ACPI: _OSC evaluation for CPUs failed, trying _PDC
dnsserver # [ 0.003519] ACPI: RSDP 0x00000000000F5250 000014 (v00 BOCHS )
acme # [ 0.309732] ACPI: Interpreter enabled
dnsserver # [ 0.003522] ACPI: RSDT 0x000000003FFE1CE4 000034 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.310469] ACPI: PM: (supports S0 S3 S4 S5)
dnsserver # [ 0.003526] ACPI: FACP 0x000000003FFE1B98 000074 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.310784] ACPI: Using IOAPIC for interrupt routing
dnsserver # [ 0.003530] ACPI: DSDT 0x000000003FFE0040 001B58 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.311551] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
dnsserver # [ 0.003533] ACPI: FACS 0x000000003FFE0000 000040
dnsserver # [ 0.003535] ACPI: APIC 0x000000003FFE1C0C 000078 (v03 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.312960] PCI: Using E820 reservations for host bridge windows
acme # [ 0.313938] ACPI: Enabled 2 GPEs in block 00 to 0F
dnsserver # [ 0.003538] ACPI: HPET 0x000000003FFE1C84 000038 (v01 BOCHS BXPC 00000001 BXPC 00000001)
dnsserver # [ 0.003540] ACPI: WAET 0x000000003FFE1CBC 000028 (v01 BOCHS BXPC 00000001 BXPC 00000001)
dnsserver # [ 0.003542] ACPI: Reserving FACP table memory at [mem 0x3ffe1b98-0x3ffe1c0b]
dnsserver # [ 0.003543] ACPI: Reserving DSDT table memory at [mem 0x3ffe0040-0x3ffe1b97]
dnsserver # [ 0.003544] ACPI: Reserving FACS table memory at [mem 0x3ffe0000-0x3ffe003f]
acme # [ 0.318144] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
dnsserver # [ 0.003545] ACPI: Reserving APIC table memory at [mem 0x3ffe1c0c-0x3ffe1c83]
dnsserver # [ 0.003546] ACPI: Reserving HPET table memory at [mem 0x3ffe1c84-0x3ffe1cbb]
acme # [ 0.318822] acpi PNP0A03:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
dnsserver # [ 0.003546] ACPI: Reserving WAET table memory at [mem 0x3ffe1cbc-0x3ffe1ce3]
acme # [ 0.320251] acpiphp: Slot [3] registered
dnsserver # [ 0.003787] No NUMA configuration found
acme # [ 0.320792] acpiphp: Slot [4] registered
dnsserver # [ 0.003788] Faking a node at [mem 0x0000000000000000-0x000000003ffdafff]
acme # [ 0.321555] acpiphp: Slot [5] registered
dnsserver # [ 0.003790] NODE_DATA(0) allocated [mem 0x3ffd5000-0x3ffdafff]
dnsserver # [ 0.003807] Zone ranges:
acme # [ 0.322341] acpiphp: Slot [6] registered
dnsserver # [ 0.003807] DMA [mem 0x0000000000001000-0x0000000000ffffff]
acme # [ 0.322785] acpiphp: Slot [7] registered
dnsserver # [ 0.003809] DMA32 [mem 0x0000000001000000-0x000000003ffdafff]
acme # [ 0.323556] acpiphp: Slot [8] registered
dnsserver # [ 0.003810] Normal empty
dnsserver # [ 0.003811] Device empty
acme # [ 0.324351] acpiphp: Slot [9] registered
dnsserver # [ 0.003812] Movable zone start for each node
acme # [ 0.324783] acpiphp: Slot [10] registered
dnsserver # [ 0.003813] Early memory node ranges
acme # [ 0.325555] acpiphp: Slot [11] registered
dnsserver # [ 0.003813] node 0: [mem 0x0000000000001000-0x000000000009efff]
acme # [ 0.326376] acpiphp: Slot [12] registered
dnsserver # [ 0.003814] node 0: [mem 0x0000000000100000-0x000000003ffdafff]
client # [ 0.231068] Freeing SMP alternatives memory: 36K
acme # [ 0.326791] acpiphp: Slot [13] registered
dnsserver # [ 0.003816] Initmem setup node 0 [mem 0x0000000000001000-0x000000003ffdafff]
client # [ 0.231367] pid_max: default: 32768 minimum: 301
acme # [ 0.327561] acpiphp: Slot [14] registered
dnsserver # [ 0.004026] On node 0, zone DMA: 1 pages in unavailable ranges
acme # [ 0.328350] acpiphp: Slot [15] registered
client # [ 0.232432] LSM: initializing lsm=capability,landlock,yama,selinux,bpf,integrity
dnsserver # [ 0.004039] On node 0, zone DMA: 97 pages in unavailable ranges
acme # [ 0.328798] acpiphp: Slot [16] registered
dnsserver # [ 0.005965] On node 0, zone DMA32: 37 pages in unavailable ranges
acme # [ 0.329558] acpiphp: Slot [17] registered
dnsserver # [ 0.006446] ACPI: PM-Timer IO Port: 0x608
acme # [ 0.330371] acpiphp: Slot [18] registered
dnsserver # [ 0.006455] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1])
acme # [ 0.330792] acpiphp: Slot [19] registered
dnsserver # [ 0.006484] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23
acme # [ 0.331557] acpiphp: Slot [20] registered
client # [ 0.234141] landlock: Up and running.
dnsserver # [ 0.006487] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
acme # [ 0.332348] acpiphp: Slot [21] registered
client # [ 0.234861] Yama: becoming mindful.
dnsserver # [ 0.006488] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level)
client # [ 0.235347] SELinux: Initializing.
acme # [ 0.332786] acpiphp: Slot [22] registered
dnsserver # [ 0.006489] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
client # [ 0.236371] LSM support for eBPF active
acme # [ 0.333556] acpiphp: Slot [23] registered
dnsserver # [ 0.006490] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level)
acme # [ 0.334359] acpiphp: Slot [24] registered
client # [ 0.237162] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
acme # [ 0.334784] acpiphp: Slot [25] registered
dnsserver # [ 0.006491] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level)
acme # [ 0.335586] acpiphp: Slot [26] registered
dnsserver # [ 0.006495] ACPI: Using ACPI (MADT) for SMP configuration information
client # [ 0.238509] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
dnsserver # [ 0.006495] ACPI: HPET id: 0x8086a201 base: 0xfed00000
acme # [ 0.336378] acpiphp: Slot [27] registered
dnsserver # [ 0.006499] TSC deadline timer available
acme # [ 0.336783] acpiphp: Slot [28] registered
dnsserver # [ 0.006500] smpboot: Allowing 1 CPUs, 0 hotplug CPUs
client # [ 0.240571] smpboot: CPU0: AMD EPYC 7402P 24-Core Processor (family: 0x17, model: 0x31, stepping: 0x0)
acme # [ 0.337557] acpiphp: Slot [29] registered
dnsserver # [ 0.006517] kvm-guest: APIC: eoi() replaced with kvm_guest_apic_eoi_write()
acme # [ 0.338369] acpiphp: Slot [30] registered
dnsserver # [ 0.006542] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
acme # [ 0.338805] acpiphp: Slot [31] registered
client # [ 0.241809] RCU Tasks: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
acme # [ 0.339543] PCI host bridge to bus 0000:00
dnsserver # [ 0.006543] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
client # [ 0.242569] RCU Tasks Rude: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
acme # [ 0.340333] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
dnsserver # [ 0.006544] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff]
dnsserver # [ 0.006545] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff]
acme # [ 0.340824] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
client # [ 0.243580] RCU Tasks Trace: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
dnsserver # [ 0.006547] [mem 0x40000000-0xfeffbfff] available for PCI devices
acme # [ 0.341820] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
dnsserver # [ 0.006549] Booting paravirtualized kernel on KVM
client # [ 0.244580] Performance Events: Fam17h+ core perfctr, AMD PMU driver.
client # [ 0.245413] ... version: 0
acme # [ 0.342921] pci_bus 0000:00: root bus resource [mem 0x40000000-0xfebfffff window]
dnsserver # [ 0.006550] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
client # [ 0.246125] ... bit width: 48
dnsserver # [ 0.011516] setup_percpu: NR_CPUS:384 nr_cpumask_bits:1 nr_cpu_ids:1 nr_node_ids:1
acme # [ 0.343920] pci_bus 0000:00: root bus resource [mem 0x100000000-0x17fffffff window]
client # [ 0.246926] ... generic registers: 6
dnsserver # [ 0.011857] percpu: Embedded 84 pages/cpu s221184 r8192 d114688 u2097152
client # [ 0.247354] ... value mask: 0000ffffffffffff
acme # [ 0.344924] pci_bus 0000:00: root bus resource [bus 00-ff]
dnsserver # [ 0.011896] kvm-guest: PV spinlocks disabled, single CPU
client # [ 0.248125] ... max period: 00007fffffffffff
acme # [ 0.345950] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000
client # [ 0.249103] ... fixed-purpose events: 0
client # [ 0.249356] ... event mask: 000000000000003f
acme # [ 0.347227] pci 0000:00:01.0: [8086:7000] type 00 class 0x060100
client # [ 0.250226] signal: max sigframe size: 1776
dnsserver # [ 0.011897] Kernel command line: console=ttyS0 console=tty0 panic=1 boot.panic_on_fail clocksource=acpi_pm loglevel=7 net.ifnames=0 init=/nix/store/jdm56ci6swvzxajb974q8gyln23z1f3s-nixos-system-dnsserver-test/init regInfo=/nix/store/wgb3fqxbdxgvk2cah6lvq6idawygaax3-closure-info/registration console=ttyS0
acme # [ 0.348339] pci 0000:00:01.1: [8086:7010] type 00 class 0x010180
client # [ 0.251079] rcu: Hierarchical SRCU implementation.
client # [ 0.251377] rcu: Max phase no-delay instances is 400.
dnsserver # [ 0.011988] Unknown kernel command line parameters "regInfo=/nix/store/wgb3fqxbdxgvk2cah6lvq6idawygaax3-closure-info/registration", will be passed to user space.
dnsserver # [ 0.012011] random: crng init done
dnsserver # [ 0.012054] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
dnsserver # [ 0.012095] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
dnsserver # [ 0.012118] Fallback order for Node 0: 0
acme # [ 0.351900] pci 0000:00:01.1: reg 0x20: [io 0xc1e0-0xc1ef]
dnsserver # [ 0.012121] Built 1 zonelists, mobility grouping on. Total pages: 257755
client # [ 0.255678] smp: Bringing up secondary CPUs ...
dnsserver # [ 0.012122] Policy zone: DMA32
client # [ 0.256385] smp: Brought up 1 node, 1 CPU
dnsserver # [ 0.012460] mem auto-init: stack:all(zero), heap alloc:on, heap free:off
client # [ 0.257126] smpboot: Max logical packages: 1
acme # [ 0.353994] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
client # [ 0.257959] smpboot: Total of 1 processors activated (5589.49 BogoMIPS)
acme # [ 0.354848] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
dnsserver # [ 0.014297] Memory: 972100K/1048036K available (16384K kernel code, 2367K rwdata, 10864K rodata, 3120K init, 4480K bss, 75676K reserved, 0K cma-reserved)
client # [ 0.258686] devtmpfs: initialized
dnsserver # [ 0.015111] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
acme # [ 0.355825] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
client # [ 0.259447] x86/mm: Memory block size: 128MB
dnsserver # [ 0.015134] ftrace: allocating 42915 entries in 168 pages
dnsserver # [ 0.022130] ftrace: allocated 168 pages with 3 groups
acme # [ 0.356847] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
dnsserver # [ 0.022730] Dynamic Preempt: voluntary
dnsserver # [ 0.022960] rcu: Preemptible hierarchical RCU implementation.
client # [ 0.260702] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
acme # [ 0.357998] pci 0000:00:01.2: [8086:7020] type 00 class 0x0c0300
dnsserver # [ 0.022961] rcu: RCU event tracing is enabled.
client # [ 0.261582] futex hash table entries: 256 (order: 2, 16384 bytes, linear)
dnsserver # [ 0.022961] rcu: RCU restricting CPUs from NR_CPUS=384 to nr_cpu_ids=1.
dnsserver # [ 0.022963] Trampoline variant of Tasks RCU enabled.
client # [ 0.262476] pinctrl core: initialized pinctrl subsystem
dnsserver # [ 0.022963] Rude variant of Tasks RCU enabled.
acme # [ 0.360533] pci 0000:00:01.2: reg 0x20: [io 0xc100-0xc11f]
dnsserver # [ 0.022963] Tracing variant of Tasks RCU enabled.
client # [ 0.263571] PM: RTC time: 20:52:42, date: 2024-11-28
dnsserver # [ 0.022964] rcu: RCU calculated value of scheduler-enlistment delay is 100 jiffies.
dnsserver # [ 0.022965] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
client # [ 0.265142] NET: Registered PF_NETLINK/PF_ROUTE protocol family
dnsserver # [ 0.025329] NR_IRQS: 24832, nr_irqs: 256, preallocated irqs: 16
client # [ 0.266331] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
acme # [ 0.363802] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000
dnsserver # [ 0.025731] rcu: srcu_init: Setting srcu_struct sizes based on contention.
client # [ 0.267446] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
dnsserver # [ 0.025824] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____)
dnsserver # [ 0.030005] Console: colour VGA+ 80x25
acme # [ 0.365599] pci 0000:00:01.3: quirk: [io 0x0600-0x063f] claimed by PIIX4 ACPI
dnsserver # [ 0.030007] printk: console [tty0] enabled
client # [ 0.268529] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
dnsserver # [ 0.063369] printk: console [ttyS0] enabled
acme # [ 0.366929] pci 0000:00:01.3: quirk: [io 0x0700-0x070f] claimed by PIIX4 SMB
dnsserver # [ 0.163284] ACPI: Core revision 20230628
client # [ 0.269532] audit: initializing netlink subsys (disabled)
acme # [ 0.368053] pci 0000:00:02.0: [1234:1111] type 00 class 0x030000
dnsserver # [ 0.164184] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns
client # [ 0.270431] audit: type=2000 audit(1732827162.749:1): state=initialized audit_enabled=0 res=1
dnsserver # [ 0.166004] APIC: Switch to symmetric I/O mode setup
client # [ 0.271703] thermal_sys: Registered thermal governor 'bang_bang'
acme # [ 0.369978] pci 0000:00:02.0: reg 0x10: [mem 0xfd000000-0xfdffffff pref]
dnsserver # [ 0.167147] x2apic enabled
client # [ 0.271705] thermal_sys: Registered thermal governor 'step_wise'
dnsserver # [ 0.168032] APIC: Switched APIC routing to: physical x2apic
client # [ 0.272410] thermal_sys: Registered thermal governor 'user_space'
client # [ 0.273413] cpuidle: using governor menu
acme # [ 0.372453] pci 0000:00:02.0: reg 0x18: [mem 0xfebd0000-0xfebd0fff]
dnsserver # [ 0.170158] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
client # [ 0.275733] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
dnsserver # [ 0.171291] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x2848df6a9de, max_idle_ns: 440795280912 ns
client # [ 0.276551] PCI: Using configuration type 1 for base access
client # [ 0.277388] PCI: Using configuration type 1 for extended access
dnsserver # [ 0.173213] Calibrating delay loop (skipped) preset value.. 5589.49 BogoMIPS (lpj=2794748)
client # [ 0.278627] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
dnsserver # [ 0.174692] x86/cpu: User Mode Instruction Prevention (UMIP) activated
acme # [ 0.376195] pci 0000:00:02.0: reg 0x30: [mem 0xfebc0000-0xfebcffff pref]
dnsserver # [ 0.176293] Last level iTLB entries: 4KB 512, 2MB 255, 4MB 127
acme # [ 0.376891] pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
dnsserver # [ 0.177212] Last level dTLB entries: 4KB 512, 2MB 255, 4MB 127, 1GB 0
acme # [ 0.378231] pci 0000:00:03.0: [1af4:1000] type 00 class 0x020000
dnsserver # [ 0.178508] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
dnsserver # [ 0.179624] Spectre V2 : Mitigation: Retpolines
dnsserver # [ 0.180457] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
dnsserver # [ 0.182212] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
acme # [ 0.380533] pci 0000:00:03.0: reg 0x10: [io 0xc120-0xc13f]
dnsserver # [ 0.183505] Spectre V2 : Enabling Speculation Barrier for firmware calls
webserver # Probing EDD (edd=off to disable)... ock[ 0.000000] Linux version 6.6.63 (nixbld@localhost) (gcc (GCC) 13.3.0, GNU ld (GNU Binutils) 2.43.1) #1-NixOS SMP PREEMPT_DYNAMIC Fri Nov 22 14:38:37 UTC 2024
dnsserver # [ 0.184501] RETBleed: Mitigation: untrained return thunk
acme # [ 0.382534] pci 0000:00:03.0: reg 0x14: [mem 0xfebd1000-0xfebd1fff]
dnsserver # [ 0.185473] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
webserver # [ 0.000000] Command line: console=ttyS0 console=tty0 panic=1 boot.panic_on_fail clocksource=acpi_pm loglevel=7 net.ifnames=0 init=/nix/store/zswagxrp2ycz4nwi41pby9rhx6sc7ksa-nixos-system-webserver-test/init regInfo=/nix/store/frp0n46l8v6qqx1hx5nxhwl0qhc8kmyf-closure-info/registration console=ttyS0
dnsserver # [ 0.187213] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
webserver # [ 0.000000] BIOS-provided physical RAM map:
webserver # [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
dnsserver # [ 0.189212] Speculative Return Stack Overflow: IBPB-extending microcode not applied!
webserver # [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
webserver # [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
acme # [ 0.386534] pci 0000:00:03.0: reg 0x20: [mem 0xfe000000-0xfe003fff 64bit pref]
dnsserver # [ 0.190613] Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
webserver # [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003ffdafff] usable
webserver # [ 0.000000] BIOS-e820: [mem 0x000000003ffdb000-0x000000003fffffff] reserved
dnsserver # [ 0.190615] Speculative Return Stack Overflow: Vulnerable: Safe RET, no microcode
webserver # [ 0.000000] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
dnsserver # [ 0.193224] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
webserver # [ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
acme # [ 0.389962] pci 0000:00:03.0: reg 0x30: [mem 0xfeb40000-0xfeb7ffff pref]
dnsserver # [ 0.194607] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
webserver # [ 0.000000] BIOS-e820: [mem 0x000000fd00000000-0x000000ffffffffff] reserved
webserver # [ 0.000000] NX (Execute Disable) protection: active
dnsserver # [ 0.195488] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
webserver # [ 0.000000] APIC: Static calls initialized
webserver # [ 0.000000] SMBIOS 2.8 present.
dnsserver # [ 0.196491] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
acme # [ 0.392117] pci 0000:00:04.0: [1af4:1005] type 00 class 0x00ff00
webserver # [ 0.000000] DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
webserver # [ 0.000000] Hypervisor detected: KVM
dnsserver # [ 0.198212] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
webserver # [ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
acme # [ 0.393535] pci 0000:00:04.0: reg 0x10: [io 0xc140-0xc15f]
webserver # [ 0.000000] kvm-clock: using sched offset of 333838254 cycles
client # [ 0.304158] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages
client # [ 0.305125] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page
webserver # [ 0.000001] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
acme # [ 0.395534] pci 0000:00:04.0: reg 0x14: [mem 0xfebd2000-0xfebd2fff]
webserver # [ 0.000003] tsc: Detected 2794.748 MHz processor
client # [ 0.306125] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
webserver # [ 0.001042] last_pfn = 0x3ffdb max_arch_pfn = 0x400000000
client # [ 0.307124] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
webserver # [ 0.001074] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
webserver # [ 0.001077] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT
webserver # [ 0.003390] found SMP MP-table at [mem 0x000f5430-0x000f543f]
webserver # [ 0.003404] Using GB pages for direct mapping
acme # [ 0.399332] pci 0000:00:04.0: reg 0x20: [mem 0xfe004000-0xfe007fff 64bit pref]
webserver # [ 0.003511] RAMDISK: [mem 0x3f4c9000-0x3ffcffff]
webserver # [ 0.003516] ACPI: Early table checksum verification disabled
client # [ 0.311911] ACPI: Added _OSI(Module Device)
webserver # [ 0.003519] ACPI: RSDP 0x00000000000F5250 000014 (v00 BOCHS )
client # [ 0.312375] ACPI: Added _OSI(Processor Device)
webserver # [ 0.003522] ACPI: RSDT 0x000000003FFE1CE4 000034 (v01 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.401793] pci 0000:00:05.0: [1af4:1009] type 00 class 0x000200
client # [ 0.313126] ACPI: Added _OSI(3.0 _SCP Extensions)
webserver # [ 0.003527] ACPI: FACP 0x000000003FFE1B98 000074 (v01 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.314018] ACPI: Added _OSI(Processor Aggregator Device)
acme # [ 0.403533] pci 0000:00:05.0: reg 0x10: [io 0xc080-0xc0bf]
webserver # [ 0.003530] ACPI: DSDT 0x000000003FFE0040 001B58 (v01 BOCHS BXPC 00000001 BXPC 00000001)
webserver # [ 0.003533] ACPI: FACS 0x000000003FFE0000 000040
client # [ 0.315593] ACPI: 1 ACPI AML tables successfully acquired and loaded
webserver # [ 0.003535] ACPI: APIC 0x000000003FFE1C0C 000078 (v03 BOCHS BXPC 00000001 BXPC 00000001)
acme # [ 0.405534] pci 0000:00:05.0: reg 0x14: [mem 0xfebd3000-0xfebd3fff]
webserver # [ 0.003538] ACPI: HPET 0x000000003FFE1C84 000038 (v01 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.317190] ACPI: _OSC evaluation for CPUs failed, trying _PDC
webserver # [ 0.003540] ACPI: WAET 0x000000003FFE1CBC 000028 (v01 BOCHS BXPC 00000001 BXPC 00000001)
client # [ 0.318322] ACPI: Interpreter enabled
webserver # [ 0.003542] ACPI: Reserving FACP table memory at [mem 0x3ffe1b98-0x3ffe1c0b]
client # [ 0.319080] ACPI: PM: (supports S0 S3 S4 S5)
webserver # [ 0.003543] ACPI: Reserving DSDT table memory at [mem 0x3ffe0040-0x3ffe1b97]
client # [ 0.319369] ACPI: Using IOAPIC for interrupt routing
acme # [ 0.409326] pci 0000:00:05.0: reg 0x20: [mem 0xfe008000-0xfe00bfff 64bit pref]
webserver # [ 0.003544] ACPI: Reserving FACS table memory at [mem 0x3ffe0000-0x3ffe003f]
client # [ 0.320140] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
webserver # [ 0.003545] ACPI: Reserving APIC table memory at [mem 0x3ffe1c0c-0x3ffe1c83]
webserver # [ 0.003546] ACPI: Reserving HPET table memory at [mem 0x3ffe1c84-0x3ffe1cbb]
client # [ 0.321543] PCI: Using E820 reservations for host bridge windows
webserver # [ 0.003546] ACPI: Reserving WAET table memory at [mem 0x3ffe1cbc-0x3ffe1ce3]
acme # [ 0.411799] pci 0000:00:06.0: [1af4:1009] type 00 class 0x000200
client # [ 0.322550] ACPI: Enabled 2 GPEs in block 00 to 0F
webserver # [ 0.003784] No NUMA configuration found
webserver # [ 0.003785] Faking a node at [mem 0x0000000000000000-0x000000003ffdafff]
dnsserver # [ 0.224035] Freeing SMP alternatives memory: 36K
acme # [ 0.413533] pci 0000:00:06.0: reg 0x10: [io 0xc160-0xc17f]
webserver # [ 0.003787] NODE_DATA(0) allocated [mem 0x3ffd5000-0x3ffdafff]
webserver # [ 0.003803] Zone ranges:
dnsserver # [ 0.224458] pid_max: default: 32768 minimum: 301
webserver # [ 0.003803] DMA [mem 0x0000000000001000-0x0000000000ffffff]
dnsserver # [ 0.225516] LSM: initializing lsm=capability,landlock,yama,selinux,bpf,integrity
webserver # [ 0.003805] DMA32 [mem 0x0000000001000000-0x000000003ffdafff]
webserver # [ 0.003806] Normal empty
acme # [ 0.415386] pci 0000:00:06.0: reg 0x14: [mem 0xfebd4000-0xfebd4fff]
webserver # [ 0.003807] Device empty
client # [ 0.326739] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
webserver # [ 0.003808] Movable zone start for each node
webserver # [ 0.003809] Early memory node ranges
client # [ 0.327407] acpi PNP0A03:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
webserver # [ 0.003809] node 0: [mem 0x0000000000001000-0x000000000009efff]
dnsserver # [ 0.227236] landlock: Up and running.
client # [ 0.328846] acpiphp: Slot [3] registered
webserver # [ 0.003811] node 0: [mem 0x0000000000100000-0x000000003ffdafff]
dnsserver # [ 0.227960] Yama: becoming mindful.
client # [ 0.329381] acpiphp: Slot [4] registered
acme # [ 0.417966] pci 0000:00:06.0: reg 0x20: [mem 0xfe00c000-0xfe00ffff 64bit pref]
webserver # [ 0.003812] Initmem setup node 0 [mem 0x0000000000001000-0x000000003ffdafff]
dnsserver # [ 0.228444] SELinux: Initializing.
client # [ 0.330149] acpiphp: Slot [5] registered
webserver # [ 0.004022] On node 0, zone DMA: 1 pages in unavailable ranges
dnsserver # [ 0.229464] LSM support for eBPF active
client # [ 0.330927] acpiphp: Slot [6] registered
webserver # [ 0.004035] On node 0, zone DMA: 97 pages in unavailable ranges
client # [ 0.331377] acpiphp: Slot [7] registered
webserver # [ 0.006001] On node 0, zone DMA32: 37 pages in unavailable ranges
dnsserver # [ 0.230246] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
client # [ 0.332148] acpiphp: Slot [8] registered
webserver # [ 0.006482] ACPI: PM-Timer IO Port: 0x608
acme # [ 0.420777] pci 0000:00:07.0: [1af4:1009] type 00 class 0x000200
webserver # [ 0.006490] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1])
client # [ 0.332935] acpiphp: Slot [9] registered
dnsserver # [ 0.231607] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
client # [ 0.333382] acpiphp: Slot [10] registered
webserver # [ 0.006521] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23
acme # [ 0.422533] pci 0000:00:07.0: reg 0x10: [io 0xc180-0xc19f]
client # [ 0.334147] acpiphp: Slot [11] registered
webserver # [ 0.006523] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
dnsserver # [ 0.233487] smpboot: CPU0: AMD EPYC 7402P 24-Core Processor (family: 0x17, model: 0x31, stepping: 0x0)
client # [ 0.334933] acpiphp: Slot [12] registered
webserver # [ 0.006525] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level)
client # [ 0.335377] acpiphp: Slot [13] registered
webserver # [ 0.006526] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
dnsserver # [ 0.234853] RCU Tasks: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
client # [ 0.336147] acpiphp: Slot [14] registered
webserver # [ 0.006527] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level)
acme # [ 0.424469] pci 0000:00:07.0: reg 0x14: [mem 0xfebd5000-0xfebd5fff]
client # [ 0.336953] acpiphp: Slot [15] registered
webserver # [ 0.006528] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level)
client # [ 0.337386] acpiphp: Slot [16] registered
dnsserver # [ 0.235651] RCU Tasks Rude: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
webserver # [ 0.006531] ACPI: Using ACPI (MADT) for SMP configuration information
client # [ 0.338160] acpiphp: Slot [17] registered
webserver # [ 0.006532] ACPI: HPET id: 0x8086a201 base: 0xfed00000
client # [ 0.338959] acpiphp: Slot [18] registered
dnsserver # [ 0.236675] RCU Tasks Trace: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
webserver # [ 0.006536] TSC deadline timer available
client # [ 0.339379] acpiphp: Slot [19] registered
webserver # [ 0.006537] smpboot: Allowing 1 CPUs, 0 hotplug CPUs
acme # [ 0.426977] pci 0000:00:07.0: reg 0x20: [mem 0xfe010000-0xfe013fff 64bit pref]
dnsserver # [ 0.237660] Performance Events: Fam17h+ core perfctr, AMD PMU driver.
client # [ 0.340149] acpiphp: Slot [20] registered
webserver # [ 0.006554] kvm-guest: APIC: eoi() replaced with kvm_guest_apic_eoi_write()
dnsserver # [ 0.238508] ... version: 0
client # [ 0.340958] acpiphp: Slot [21] registered
webserver # [ 0.006579] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
dnsserver # [ 0.239215] ... bit width: 48
client # [ 0.341379] acpiphp: Slot [22] registered
dnsserver # [ 0.239997] ... generic registers: 6
webserver # [ 0.006580] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
client # [ 0.342147] acpiphp: Slot [23] registered
acme # [ 0.429803] pci 0000:00:08.0: [1af4:1001] type 00 class 0x010000
client # [ 0.342945] acpiphp: Slot [24] registered
dnsserver # [ 0.240445] ... value mask: 0000ffffffffffff
webserver # [ 0.006581] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff]
client # [ 0.343376] acpiphp: Slot [25] registered
dnsserver # [ 0.241215] ... max period: 00007fffffffffff
webserver # [ 0.006582] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff]
acme # [ 0.431534] pci 0000:00:08.0: reg 0x10: [io 0xc000-0xc07f]
client # [ 0.344148] acpiphp: Slot [26] registered
dnsserver # [ 0.242191] ... fixed-purpose events: 0
webserver # [ 0.006583] [mem 0x40000000-0xfeffbfff] available for PCI devices
client # [ 0.344931] acpiphp: Slot [27] registered
webserver # [ 0.006584] Booting paravirtualized kernel on KVM
dnsserver # [ 0.242455] ... event mask: 000000000000003f
client # [ 0.345378] acpiphp: Slot [28] registered
dnsserver # [ 0.243316] signal: max sigframe size: 1776
webserver # [ 0.006587] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
client # [ 0.346175] acpiphp: Slot [29] registered
acme # [ 0.433466] pci 0000:00:08.0: reg 0x14: [mem 0xfebd6000-0xfebd6fff]
dnsserver # [ 0.244172] rcu: Hierarchical SRCU implementation.
client # [ 0.346979] acpiphp: Slot [30] registered
webserver # [ 0.011538] setup_percpu: NR_CPUS:384 nr_cpumask_bits:1 nr_cpu_ids:1 nr_node_ids:1
dnsserver # [ 0.244469] rcu: Max phase no-delay instances is 400.
client # [ 0.347385] acpiphp: Slot [31] registered
webserver # [ 0.011891] percpu: Embedded 84 pages/cpu s221184 r8192 d114688 u2097152
client # [ 0.348136] PCI host bridge to bus 0000:00
webserver # [ 0.011935] kvm-guest: PV spinlocks disabled, single CPU
client # [ 0.348916] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
acme # [ 0.436003] pci 0000:00:08.0: reg 0x20: [mem 0xfe014000-0xfe017fff 64bit pref]
client # [ 0.349423] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
dnsserver # [ 0.248603] smp: Bringing up secondary CPUs ...
client # [ 0.350419] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
webserver # [ 0.011936] Kernel command line: console=ttyS0 console=tty0 panic=1 boot.panic_on_fail clocksource=acpi_pm loglevel=7 net.ifnames=0 init=/nix/store/zswagxrp2ycz4nwi41pby9rhx6sc7ksa-nixos-system-webserver-test/init regInfo=/nix/store/frp0n46l8v6qqx1hx5nxhwl0qhc8kmyf-closure-info/registration console=ttyS0
dnsserver # [ 0.249477] smp: Brought up 1 node, 1 CPU
dnsserver # [ 0.250217] smpboot: Max logical packages: 1
client # [ 0.351509] pci_bus 0000:00: root bus resource [mem 0x40000000-0xfebfffff window]
acme # [ 0.438784] pci 0000:00:09.0: [1af4:1000] type 00 class 0x020000
webserver # [ 0.012026] Unknown kernel command line parameters "regInfo=/nix/store/frp0n46l8v6qqx1hx5nxhwl0qhc8kmyf-closure-info/registration", will be passed to user space.
dnsserver # [ 0.251014] smpboot: Total of 1 processors activated (5589.49 BogoMIPS)
webserver # [ 0.012048] random: crng init done
client # [ 0.352523] pci_bus 0000:00: root bus resource [mem 0x100000000-0x17fffffff window]
dnsserver # [ 0.251739] devtmpfs: initialized
webserver # [ 0.012090] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
client # [ 0.353513] pci_bus 0000:00: root bus resource [bus 00-ff]
dnsserver # [ 0.252309] x86/mm: Memory block size: 128MB
acme # [ 0.440965] pci 0000:00:09.0: reg 0x10: [io 0xc1a0-0xc1bf]
webserver # [ 0.012132] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
webserver # [ 0.012155] Fallback order for Node 0: 0
client # [ 0.354540] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000
webserver # [ 0.012157] Built 1 zonelists, mobility grouping on. Total pages: 257755
dnsserver # [ 0.253688] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
webserver # [ 0.012158] Policy zone: DMA32
acme # [ 0.442533] pci 0000:00:09.0: reg 0x14: [mem 0xfebd7000-0xfebd7fff]
client # [ 0.355828] pci 0000:00:01.0: [8086:7000] type 00 class 0x060100
webserver # [ 0.012467] mem auto-init: stack:all(zero), heap alloc:on, heap free:off
dnsserver # [ 0.254673] futex hash table entries: 256 (order: 2, 16384 bytes, linear)
client # [ 0.356925] pci 0000:00:01.1: [8086:7010] type 00 class 0x010180
dnsserver # [ 0.255560] pinctrl core: initialized pinctrl subsystem
webserver # [ 0.014352] Memory: 972100K/1048036K available (16384K kernel code, 2367K rwdata, 10864K rodata, 3120K init, 4480K bss, 75676K reserved, 0K cma-reserved)
dnsserver # [ 0.256664] PM: RTC time: 20:52:42, date: 2024-11-28
acme # [ 0.445534] pci 0000:00:09.0: reg 0x20: [mem 0xfe018000-0xfe01bfff 64bit pref]
webserver # [ 0.015160] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
webserver # [ 0.015189] ftrace: allocating 42915 entries in 168 pages
webserver # [ 0.022187] ftrace: allocated 168 pages with 3 groups
dnsserver # [ 0.258132] NET: Registered PF_NETLINK/PF_ROUTE protocol family
webserver # [ 0.022785] Dynamic Preempt: voluntary
acme # [ 0.447313] pci 0000:00:09.0: reg 0x30: [mem 0xfeb80000-0xfebbffff pref]
client # [ 0.360476] pci 0000:00:01.1: reg 0x20: [io 0xc1e0-0xc1ef]
webserver # [ 0.023024] rcu: Preemptible hierarchical RCU implementation.
dnsserver # [ 0.258884] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
webserver # [ 0.023024] rcu: RCU event tracing is enabled.
webserver # [ 0.023025] rcu: RCU restricting CPUs from NR_CPUS=384 to nr_cpu_ids=1.
dnsserver # [ 0.259530] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
webserver # [ 0.023026] Trampoline variant of Tasks RCU enabled.
acme # [ 0.449896] pci 0000:00:0a.0: [1af4:1052] type 00 class 0x090000
client # [ 0.362614] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
webserver # [ 0.023026] Rude variant of Tasks RCU enabled.
dnsserver # [ 0.260620] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
webserver # [ 0.023027] Tracing variant of Tasks RCU enabled.
client # [ 0.363433] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
dnsserver # [ 0.261622] audit: initializing netlink subsys (disabled)
webserver # [ 0.023027] rcu: RCU calculated value of scheduler-enlistment delay is 100 jiffies.
acme # [ 0.451807] pci 0000:00:0a.0: reg 0x14: [mem 0xfebd8000-0xfebd8fff]
webserver # [ 0.023028] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
client # [ 0.364410] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
dnsserver # [ 0.262523] audit: type=2000 audit(1732827162.862:1): state=initialized audit_enabled=0 res=1
webserver # [ 0.025378] NR_IRQS: 24832, nr_irqs: 256, preallocated irqs: 16
client # [ 0.365429] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
webserver # [ 0.025780] rcu: srcu_init: Setting srcu_struct sizes based on contention.
dnsserver # [ 0.263792] thermal_sys: Registered thermal governor 'bang_bang'
acme # [ 0.454386] pci 0000:00:0a.0: reg 0x20: [mem 0xfe01c000-0xfe01ffff 64bit pref]
client # [ 0.366579] pci 0000:00:01.2: [8086:7020] type 00 class 0x0c0300
dnsserver # [ 0.263793] thermal_sys: Registered thermal governor 'step_wise'
webserver # [ 0.025874] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____)
webserver # [ 0.030041] Console: colour VGA+ 80x25
dnsserver # [ 0.264489] thermal_sys: Registered thermal governor 'user_space'
webserver # [ 0.030043] printk: console [tty0] enabled
webserver # [ 0.063465] printk: console [ttyS0] enabled
dnsserver # [ 0.265510] cpuidle: using governor menu
webserver # [ 0.162608] ACPI: Core revision 20230628
acme # [ 0.456670] pci 0000:00:0b.0: [1af4:1003] type 00 class 0x078000
client # [ 0.369472] pci 0000:00:01.2: reg 0x20: [io 0xc100-0xc11f]
dnsserver # [ 0.267807] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
webserver # [ 0.163506] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns
dnsserver # [ 0.268646] PCI: Using configuration type 1 for base access
webserver # [ 0.165303] APIC: Switch to symmetric I/O mode setup
acme # [ 0.458946] pci 0000:00:0b.0: reg 0x10: [io 0xc0c0-0xc0ff]
dnsserver # [ 0.269478] PCI: Using configuration type 1 for extended access
webserver # [ 0.166447] x2apic enabled
client # [ 0.372850] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000
acme # [ 0.460533] pci 0000:00:0b.0: reg 0x14: [mem 0xfebd9000-0xfebd9fff]
webserver # [ 0.167332] APIC: Switched APIC routing to: physical x2apic
dnsserver # [ 0.270722] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
client # [ 0.374514] pci 0000:00:01.3: quirk: [io 0x0600-0x063f] claimed by PIIX4 ACPI
webserver # [ 0.169445] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
client # [ 0.375518] pci 0000:00:01.3: quirk: [io 0x0700-0x070f] claimed by PIIX4 SMB
webserver # [ 0.170553] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x2848df6a9de, max_idle_ns: 440795280912 ns
client # [ 0.376643] pci 0000:00:02.0: [1234:1111] type 00 class 0x030000
webserver # [ 0.172458] Calibrating delay loop (skipped) preset value.. 5589.49 BogoMIPS (lpj=2794748)
acme # [ 0.463533] pci 0000:00:0b.0: reg 0x20: [mem 0xfe020000-0xfe023fff 64bit pref]
webserver # [ 0.173934] x86/cpu: User Mode Instruction Prevention (UMIP) activated
client # [ 0.378597] pci 0000:00:02.0: reg 0x10: [mem 0xfd000000-0xfdffffff pref]
webserver # [ 0.175496] Last level iTLB entries: 4KB 512, 2MB 255, 4MB 127
webserver # [ 0.176457] Last level dTLB entries: 4KB 512, 2MB 255, 4MB 127, 1GB 0
acme # [ 0.467195] pci 0000:00:0c.0: [1af4:1005] type 00 class 0x00ff00
client # [ 0.381127] pci 0000:00:02.0: reg 0x18: [mem 0xfebd0000-0xfebd0fff]
webserver # [ 0.177462] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
webserver # [ 0.178879] Spectre V2 : Mitigation: Retpolines
acme # [ 0.468533] pci 0000:00:0c.0: reg 0x10: [io 0xc1c0-0xc1df]
webserver # [ 0.179701] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
acme # [ 0.470314] pci 0000:00:0c.0: reg 0x14: [mem 0xfebda000-0xfebdafff]
webserver # [ 0.181456] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
webserver # [ 0.182742] Spectre V2 : Enabling Speculation Barrier for firmware calls
client # [ 0.385127] pci 0000:00:02.0: reg 0x30: [mem 0xfebc0000-0xfebcffff pref]
webserver # [ 0.183741] RETBleed: Mitigation: untrained return thunk
client # [ 0.386168] pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
webserver # [ 0.184714] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
client # [ 0.387809] pci 0000:00:03.0: [1af4:1000] type 00 class 0x020000
webserver # [ 0.186457] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
acme # [ 0.473983] pci 0000:00:0c.0: reg 0x20: [mem 0xfe024000-0xfe027fff 64bit pref]
webserver # [ 0.187872] Speculative Return Stack Overflow: IBPB-extending microcode not applied!
webserver # [ 0.189457] Speculative Return Stack Overflow: WARNING: See https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html for mitigation options.
client # [ 0.390126] pci 0000:00:03.0: reg 0x10: [io 0xc120-0xc13f]
acme # [ 0.477126] ACPI: PCI: Interrupt link LNKA configured for IRQ 10
webserver # [ 0.189458] Speculative Return Stack Overflow: Vulnerable: Safe RET, no microcode
acme # [ 0.477942] ACPI: PCI: Interrupt link LNKB configured for IRQ 10
client # [ 0.392126] pci 0000:00:03.0: reg 0x14: [mem 0xfebd1000-0xfebd1fff]
dnsserver # [ 0.296299] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages
webserver # [ 0.192468] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
acme # [ 0.478934] ACPI: PCI: Interrupt link LNKC configured for IRQ 11
dnsserver # [ 0.297510] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page
webserver # [ 0.193843] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
acme # [ 0.479938] ACPI: PCI: Interrupt link LNKD configured for IRQ 11
dnsserver # [ 0.298502] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
webserver # [ 0.194731] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
acme # [ 0.480892] ACPI: PCI: Interrupt link LNKS configured for IRQ 9
webserver # [ 0.195740] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
dnsserver # [ 0.299516] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
acme # [ 0.482131] iommu: Default domain type: Translated
webserver # [ 0.197457] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
acme # [ 0.482800] iommu: DMA domain TLB invalidation policy: lazy mode
client # [ 0.396126] pci 0000:00:03.0: reg 0x20: [mem 0xfe000000-0xfe003fff 64bit pref]
acme # [ 0.483852] ACPI: bus type USB registered
acme # [ 0.484555] usbcore: registered new interface driver usbfs
dnsserver # [ 0.304144] ACPI: Added _OSI(Module Device)
acme # [ 0.485541] usbcore: registered new interface driver hub
dnsserver # [ 0.304464] ACPI: Added _OSI(Processor Device)
acme # [ 0.486543] usbcore: registered new device driver usb
dnsserver # [ 0.305215] ACPI: Added _OSI(3.0 _SCP Extensions)
acme # [ 0.487939] NetLabel: Initializing
client # [ 0.400125] pci 0000:00:03.0: reg 0x30: [mem 0xfeb40000-0xfeb7ffff pref]
dnsserver # [ 0.306114] ACPI: Added _OSI(Processor Aggregator Device)
acme # [ 0.488533] NetLabel: domain hash size = 128
acme # [ 0.489373] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
dnsserver # [ 0.307696] ACPI: 1 ACPI AML tables successfully acquired and loaded
client # [ 0.402372] pci 0000:00:04.0: [1af4:1005] type 00 class 0x00ff00
acme # [ 0.489837] NetLabel: unlabeled traffic allowed by default
acme # [ 0.490807] PCI: Using ACPI for IRQ routing
client # [ 0.404126] pci 0000:00:04.0: reg 0x10: [io 0xc140-0xc15f]
dnsserver # [ 0.309284] ACPI: _OSC evaluation for CPUs failed, trying _PDC
acme # [ 0.491822] pci 0000:00:02.0: vgaarb: setting as boot VGA device
dnsserver # [ 0.310405] ACPI: Interpreter enabled
acme # [ 0.492528] pci 0000:00:02.0: vgaarb: bridge control possible
dnsserver # [ 0.311156] ACPI: PM: (supports S0 S3 S4 S5)
client # [ 0.406101] pci 0000:00:04.0: reg 0x14: [mem 0xfebd2000-0xfebd2fff]
acme # [ 0.492528] pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
dnsserver # [ 0.311465] ACPI: Using IOAPIC for interrupt routing
acme # [ 0.492535] vgaarb: loaded
dnsserver # [ 0.312231] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
acme # [ 0.493225] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
acme # [ 0.493784] hpet0: 3 comparators, 64-bit 100.000000 MHz counter
dnsserver # [ 0.313633] PCI: Using E820 reservations for host bridge windows
dnsserver # [ 0.314621] ACPI: Enabled 2 GPEs in block 00 to 0F
client # [ 0.410125] pci 0000:00:04.0: reg 0x20: [mem 0xfe004000-0xfe007fff 64bit pref]
acme # [ 0.498569] clocksource: Switched to clocksource kvm-clock
client # [ 0.413352] pci 0000:00:05.0: [1af4:1009] type 00 class 0x000200
dnsserver # [ 0.318851] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
dnsserver # [ 0.319499] acpi PNP0A03:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
acme # [ 0.501079] VFS: Disk quotas dquot_6.6.0
client # [ 0.415125] pci 0000:00:05.0: reg 0x10: [io 0xc080-0xc0bf]
dnsserver # [ 0.320936] acpiphp: Slot [3] registered
acme # [ 0.501907] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
webserver # [ 0.223220] Freeing SMP alternatives memory: 36K
dnsserver # [ 0.321485] acpiphp: Slot [4] registered
acme # [ 0.503231] pnp: PnP ACPI init
client # [ 0.417097] pci 0000:00:05.0: reg 0x14: [mem 0xfebd3000-0xfebd3fff]
webserver # [ 0.223701] pid_max: default: 32768 minimum: 301
dnsserver # [ 0.322251] acpiphp: Slot [5] registered
acme # [ 0.504314] pnp: PnP ACPI: found 6 devices
dnsserver # [ 0.323028] acpiphp: Slot [6] registered
webserver # [ 0.224755] LSM: initializing lsm=capability,landlock,yama,selinux,bpf,integrity
dnsserver # [ 0.323466] acpiphp: Slot [7] registered
dnsserver # [ 0.324238] acpiphp: Slot [8] registered
dnsserver # [ 0.325037] acpiphp: Slot [9] registered
dnsserver # [ 0.325474] acpiphp: Slot [10] registered
client # [ 0.420084] pci 0000:00:05.0: reg 0x20: [mem 0xfe008000-0xfe00bfff 64bit pref]
dnsserver # [ 0.326238] acpiphp: Slot [11] registered
webserver # [ 0.226479] landlock: Up and running.
dnsserver # [ 0.327030] acpiphp: Slot [12] registered
webserver # [ 0.227194] Yama: becoming mindful.
dnsserver # [ 0.327470] acpiphp: Slot [13] registered
webserver # [ 0.227681] SELinux: Initializing.
dnsserver # [ 0.328238] acpiphp: Slot [14] registered
webserver # [ 0.228486] LSM support for eBPF active
dnsserver # [ 0.329054] acpiphp: Slot [15] registered
client # [ 0.422360] pci 0000:00:06.0: [1af4:1009] type 00 class 0x000200
webserver # [ 0.229260] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
acme # [ 0.511710] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
dnsserver # [ 0.329472] acpiphp: Slot [16] registered
dnsserver # [ 0.330253] acpiphp: Slot [17] registered
acme # [ 0.513378] clocksource: Switched to clocksource acpi_pm
webserver # [ 0.230459] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
dnsserver # [ 0.331047] acpiphp: Slot [18] registered
client # [ 0.424126] pci 0000:00:06.0: reg 0x10: [io 0xc160-0xc17f]
acme # [ 0.514503] NET: Registered PF_INET protocol family
dnsserver # [ 0.331472] acpiphp: Slot [19] registered
webserver # [ 0.232645] smpboot: CPU0: AMD EPYC 7402P 24-Core Processor (family: 0x17, model: 0x31, stepping: 0x0)
dnsserver # [ 0.332239] acpiphp: Slot [20] registered
acme # [ 0.515498] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear)
dnsserver # [ 0.333037] acpiphp: Slot [21] registered
dnsserver # [ 0.333482] acpiphp: Slot [22] registered
webserver # [ 0.234103] RCU Tasks: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
acme # [ 0.517325] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear)
dnsserver # [ 0.334238] acpiphp: Slot [23] registered
dnsserver # [ 0.335050] acpiphp: Slot [24] registered
webserver # [ 0.234891] RCU Tasks Rude: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
acme # [ 0.518948] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
client # [ 0.428125] pci 0000:00:06.0: reg 0x14: [mem 0xfebd4000-0xfebd4fff]
dnsserver # [ 0.335508] acpiphp: Slot [25] registered
dnsserver # [ 0.336245] acpiphp: Slot [26] registered
acme # [ 0.520437] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear)
webserver # [ 0.235912] RCU Tasks Trace: Setting shift to 0 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=1.
dnsserver # [ 0.337040] acpiphp: Slot [27] registered
webserver # [ 0.236909] Performance Events: Fam17h+ core perfctr, AMD PMU driver.
acme # [ 0.521952] TCP bind hash table entries: 8192 (order: 6, 262144 bytes, linear)
dnsserver # [ 0.337467] acpiphp: Slot [28] registered
dnsserver # [ 0.338238] acpiphp: Slot [29] registered
webserver # [ 0.237755] ... version: 0
acme # [ 0.523376] TCP: Hash tables configured (established 8192 bind 8192)
client # [ 0.431601] pci 0000:00:06.0: reg 0x20: [mem 0xfe00c000-0xfe00ffff 64bit pref]
webserver # [ 0.238460] ... bit width: 48
dnsserver # [ 0.339042] acpiphp: Slot [30] registered
webserver # [ 0.239229] ... generic registers: 6
dnsserver # [ 0.339477] acpiphp: Slot [31] registered
acme # [ 0.524578] MPTCP token hash table entries: 1024 (order: 2, 24576 bytes, linear)
dnsserver # [ 0.340225] PCI host bridge to bus 0000:00
webserver # [ 0.239689] ... value mask: 0000ffffffffffff
acme # [ 0.526246] UDP hash table entries: 512 (order: 2, 16384 bytes, linear)
webserver # [ 0.240460] ... max period: 00007fffffffffff
dnsserver # [ 0.341017] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
client # [ 0.434360] pci 0000:00:07.0: [1af4:1009] type 00 class 0x000200
webserver # [ 0.241436] ... fixed-purpose events: 0
acme # [ 0.527488] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear)
dnsserver # [ 0.341509] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
webserver # [ 0.241692] ... event mask: 000000000000003f
acme # [ 0.528833] NET: Registered PF_UNIX/PF_LOCAL protocol family
dnsserver # [ 0.342514] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
webserver # [ 0.242564] signal: max sigframe size: 1776
acme # [ 0.529933] NET: Registered PF_XDP protocol family
webserver # [ 0.243407] rcu: Hierarchical SRCU implementation.
dnsserver # [ 0.343600] pci_bus 0000:00: root bus resource [mem 0x40000000-0xfebfffff window]
acme # [ 0.530891] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
webserver # [ 0.243722] rcu: Max phase no-delay instances is 400.
client # [ 0.436126] pci 0000:00:07.0: reg 0x10: [io 0xc180-0xc19f]
dnsserver # [ 0.344604] pci_bus 0000:00: root bus resource [mem 0x100000000-0x17fffffff window]
acme # [ 0.532037] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
dnsserver # [ 0.345609] pci_bus 0000:00: root bus resource [bus 00-ff]
client # [ 0.438125] pci 0000:00:07.0: reg 0x14: [mem 0xfebd5000-0xfebd5fff]
acme # [ 0.533195] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
dnsserver # [ 0.346630] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000
acme # [ 0.534471] pci_bus 0000:00: resource 7 [mem 0x40000000-0xfebfffff window]
webserver # [ 0.247834] smp: Bringing up secondary CPUs ...
dnsserver # [ 0.347917] pci 0000:00:01.0: [8086:7000] type 00 class 0x060100
acme # [ 0.535735] pci_bus 0000:00: resource 8 [mem 0x100000000-0x17fffffff window]
webserver # [ 0.248713] smp: Brought up 1 node, 1 CPU
webserver # [ 0.249461] smpboot: Max logical packages: 1
acme # [ 0.537161] pci 0000:00:01.0: PIIX3: Enabling Passive Release
client # [ 0.441125] pci 0000:00:07.0: reg 0x20: [mem 0xfe010000-0xfe013fff 64bit pref]
dnsserver # [ 0.349030] pci 0000:00:01.1: [8086:7010] type 00 class 0x010180
webserver # [ 0.250278] smpboot: Total of 1 processors activated (5589.49 BogoMIPS)
acme # [ 0.538297] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
webserver # [ 0.250981] devtmpfs: initialized
webserver # [ 0.251554] x86/mm: Memory block size: 128MB
dnsserver # [ 0.352527] pci 0000:00:01.1: reg 0x20: [io 0xc1e0-0xc1ef]
webserver # [ 0.252929] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
client # [ 0.444357] pci 0000:00:08.0: [1af4:1001] type 00 class 0x010000
webserver # [ 0.253909] futex hash table entries: 256 (order: 2, 16384 bytes, linear)
webserver # [ 0.254802] pinctrl core: initialized pinctrl subsystem
client # [ 0.446127] pci 0000:00:08.0: reg 0x10: [io 0xc000-0xc07f]
dnsserver # [ 0.355193] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
webserver # [ 0.256114] PM: RTC time: 20:52:42, date: 2024-11-28
dnsserver # [ 0.355515] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
client # [ 0.448126] pci 0000:00:08.0: reg 0x14: [mem 0xfebd6000-0xfebd6fff]
webserver # [ 0.257382] NET: Registered PF_NETLINK/PF_ROUTE protocol family
dnsserver # [ 0.356503] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
webserver # [ 0.257941] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
dnsserver # [ 0.357517] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
webserver # [ 0.258766] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
dnsserver # [ 0.358677] pci 0000:00:01.2: [8086:7020] type 00 class 0x0c0300
client # [ 0.452126] pci 0000:00:08.0: reg 0x20: [mem 0xfe014000-0xfe017fff 64bit pref]
webserver # [ 0.259862] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
webserver # [ 0.260867] audit: initializing netlink subsys (disabled)
dnsserver # [ 0.361812] pci 0000:00:01.2: reg 0x20: [io 0xc100-0xc11f]
webserver # [ 0.261757] audit: type=2000 audit(1732827162.981:1): state=initialized audit_enabled=0 res=1
webserver # [ 0.263033] thermal_sys: Registered thermal governor 'bang_bang'
client # [ 0.456399] pci 0000:00:09.0: [1af4:1000] type 00 class 0x020000
webserver # [ 0.263035] thermal_sys: Registered thermal governor 'step_wise'
webserver # [ 0.263733] thermal_sys: Registered thermal governor 'user_space'
dnsserver # [ 0.364974] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000
webserver # [ 0.264756] cpuidle: using governor menu
client # [ 0.458125] pci 0000:00:09.0: reg 0x10: [io 0xc1a0-0xc1bf]
dnsserver # [ 0.365874] pci 0000:00:01.3: quirk: [io 0x0600-0x063f] claimed by PIIX4 ACPI
webserver # [ 0.267045] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
client # [ 0.460031] pci 0000:00:09.0: reg 0x14: [mem 0xfebd7000-0xfebd7fff]
dnsserver # [ 0.366604] pci 0000:00:01.3: quirk: [io 0x0700-0x070f] claimed by PIIX4 SMB
webserver # [ 0.267894] PCI: Using configuration type 1 for base access
webserver # [ 0.268728] PCI: Using configuration type 1 for extended access
dnsserver # [ 0.367741] pci 0000:00:02.0: [1234:1111] type 00 class 0x030000
webserver # [ 0.269957] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
dnsserver # [ 0.369671] pci 0000:00:02.0: reg 0x10: [mem 0xfd000000-0xfdffffff pref]
client # [ 0.462702] pci 0000:00:09.0: reg 0x20: [mem 0xfe018000-0xfe01bfff 64bit pref]
client # [ 0.464125] pci 0000:00:09.0: reg 0x30: [mem 0xfeb80000-0xfebbffff pref]
dnsserver # [ 0.372158] pci 0000:00:02.0: reg 0x18: [mem 0xfebd0000-0xfebd0fff]
client # [ 0.466347] pci 0000:00:0a.0: [1af4:1052] type 00 class 0x090000
client # [ 0.468477] pci 0000:00:0a.0: reg 0x14: [mem 0xfebd8000-0xfebd8fff]
dnsserver # [ 0.375886] pci 0000:00:02.0: reg 0x30: [mem 0xfebc0000-0xfebcffff pref]
dnsserver # [ 0.376554] pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
dnsserver # [ 0.377895] pci 0000:00:03.0: [1af4:1000] type 00 class 0x020000
client # [ 0.471515] pci 0000:00:0a.0: reg 0x20: [mem 0xfe01c000-0xfe01ffff 64bit pref]
acme # [ 0.578621] ACPI: \_SB_.LNKD: Enabled at IRQ 11
client # [ 0.474310] pci 0000:00:0b.0: [1af4:1003] type 00 class 0x078000
dnsserver # [ 0.380215] pci 0000:00:03.0: reg 0x10: [io 0xc120-0xc13f]
client # [ 0.476125] pci 0000:00:0b.0: reg 0x10: [io 0xc0c0-0xc0ff]
dnsserver # [ 0.382163] pci 0000:00:03.0: reg 0x14: [mem 0xfebd1000-0xfebd1fff]
client # [ 0.478125] pci 0000:00:0b.0: reg 0x14: [mem 0xfebd9000-0xfebd9fff]
webserver # [ 0.295549] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages
webserver # [ 0.296761] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page
dnsserver # [ 0.387216] pci 0000:00:03.0: reg 0x20: [mem 0xfe000000-0xfe003fff 64bit pref]
webserver # [ 0.297749] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages
client # [ 0.481617] pci 0000:00:0b.0: reg 0x20: [mem 0xfe020000-0xfe023fff 64bit pref]
webserver # [ 0.298752] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page
dnsserver # [ 0.389698] pci 0000:00:03.0: reg 0x30: [mem 0xfeb40000-0xfeb7ffff pref]
dnsserver # [ 0.391745] pci 0000:00:04.0: [1af4:1005] type 00 class 0x00ff00
client # [ 0.484351] pci 0000:00:0c.0: [1af4:1005] type 00 class 0x00ff00
webserver # [ 0.303373] ACPI: Added _OSI(Module Device)
dnsserver # [ 0.393215] pci 0000:00:04.0: reg 0x10: [io 0xc140-0xc15f]
webserver # [ 0.303703] ACPI: Added _OSI(Processor Device)
webserver # [ 0.304460] ACPI: Added _OSI(3.0 _SCP Extensions)
client # [ 0.487125] pci 0000:00:0c.0: reg 0x10: [io 0xc1c0-0xc1df]
dnsserver # [ 0.395215] pci 0000:00:04.0: reg 0x14: [mem 0xfebd2000-0xfebd2fff]
webserver # [ 0.305361] ACPI: Added _OSI(Processor Aggregator Device)
client # [ 0.489024] pci 0000:00:0c.0: reg 0x14: [mem 0xfebda000-0xfebdafff]
webserver # [ 0.306945] ACPI: 1 ACPI AML tables successfully acquired and loaded
webserver # [ 0.308517] ACPI: _OSC evaluation for CPUs failed, trying _PDC
dnsserver # [ 0.398774] pci 0000:00:04.0: reg 0x20: [mem 0xfe004000-0xfe007fff 64bit pref]
webserver # [ 0.309648] ACPI: Interpreter enabled
client # [ 0.491623] pci 0000:00:0c.0: reg 0x20: [mem 0xfe024000-0xfe027fff 64bit pref]
webserver # [ 0.310394] ACPI: PM: (supports S0 S3 S4 S5)
webserver # [ 0.310697] ACPI: Using IOAPIC for interrupt routing
webserver # [ 0.311475] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
dnsserver # [ 0.402032] pci 0000:00:05.0: [1af4:1009] type 00 class 0x000200
webserver # [ 0.312883] PCI: Using E820 reservations for host bridge windows
webserver # [ 0.313884] ACPI: Enabled 2 GPEs in block 00 to 0F
client # [ 0.495184] ACPI: PCI: Interrupt link LNKA configured for IRQ 10
client # [ 0.496260] ACPI: PCI: Interrupt link LNKB configured for IRQ 10
client # [ 0.497250] ACPI: PCI: Interrupt link LNKC configured for IRQ 11
dnsserver # [ 0.404215] pci 0000:00:05.0: reg 0x10: [io 0xc080-0xc0bf]
client # [ 0.498257] ACPI: PCI: Interrupt link LNKD configured for IRQ 11
webserver # [ 0.318055] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
client # [ 0.499198] ACPI: PCI: Interrupt link LNKS configured for IRQ 9
dnsserver # [ 0.406215] pci 0000:00:05.0: reg 0x14: [mem 0xfebd3000-0xfebd3fff]
acme # [ 0.618873] pci 0000:00:01.2: quirk_usb_early_handoff+0x0/0x7d0 took 77546 usecs
webserver # [ 0.318741] acpi PNP0A03:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
client # [ 0.500475] iommu: Default domain type: Translated
acme # [ 0.620432] PCI: CLS 0 bytes, default 64
client # [ 0.501375] iommu: DMA domain TLB invalidation policy: lazy mode
webserver # [ 0.320179] acpiphp: Slot [3] registered
client # [ 0.502446] ACPI: bus type USB registered
acme # [ 0.621341] Trying to unpack rootfs image as initramfs...
webserver # [ 0.320716] acpiphp: Slot [4] registered
webserver # [ 0.321483] acpiphp: Slot [5] registered
client # [ 0.503147] usbcore: registered new interface driver usbfs
dnsserver # [ 0.409750] pci 0000:00:05.0: reg 0x20: [mem 0xfe008000-0xfe00bfff 64bit pref]
webserver # [ 0.322267] acpiphp: Slot [6] registered
client # [ 0.504136] usbcore: registered new interface driver hub
webserver # [ 0.322713] acpiphp: Slot [7] registered
webserver # [ 0.323483] acpiphp: Slot [8] registered
client # [ 0.505136] usbcore: registered new device driver usb
acme # [ 0.623877] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x2848df6a9de, max_idle_ns: 440795280912 ns
webserver # [ 0.324269] acpiphp: Slot [9] registered
client # [ 0.506611] NetLabel: Initializing
webserver # [ 0.324716] acpiphp: Slot [10] registered
client # [ 0.507125] NetLabel: domain hash size = 128
webserver # [ 0.325483] acpiphp: Slot [11] registered
client # [ 0.507952] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
webserver # [ 0.326275] acpiphp: Slot [12] registered
dnsserver # [ 0.412459] pci 0000:00:06.0: [1af4:1009] type 00 class 0x000200
acme # [ 0.628259] Initialise system trusted keyrings
webserver # [ 0.326712] acpiphp: Slot [13] registered
client # [ 0.508421] NetLabel: unlabeled traffic allowed by default
webserver # [ 0.327482] acpiphp: Slot [14] registered
client # [ 0.509390] PCI: Using ACPI for IRQ routing
dnsserver # [ 0.414215] pci 0000:00:06.0: reg 0x10: [io 0xc160-0xc17f]
acme # [ 0.629877] workingset: timestamp_bits=40 max_order=18 bucket_order=0
webserver # [ 0.328289] acpiphp: Slot [15] registered
client # [ 0.510430] pci 0000:00:02.0: vgaarb: setting as boot VGA device
webserver # [ 0.328714] acpiphp: Slot [16] registered
webserver # [ 0.329483] acpiphp: Slot [17] registered
client # [ 0.511121] pci 0000:00:02.0: vgaarb: bridge control possible
dnsserver # [ 0.416171] pci 0000:00:06.0: reg 0x14: [mem 0xfebd4000-0xfebd4fff]
acme # [ 0.632883] zbud: loaded
webserver # [ 0.330272] acpiphp: Slot [18] registered
client # [ 0.511121] pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
webserver # [ 0.330715] acpiphp: Slot [19] registered
client # [ 0.511127] vgaarb: loaded
webserver # [ 0.331484] acpiphp: Slot [20] registered
webserver # [ 0.332303] acpiphp: Slot [21] registered
client # [ 0.511824] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
webserver # [ 0.332738] acpiphp: Slot [22] registered
client # [ 0.512373] hpet0: 3 comparators, 64-bit 100.000000 MHz counter
dnsserver # [ 0.419215] pci 0000:00:06.0: reg 0x20: [mem 0xfe00c000-0xfe00ffff 64bit pref]
webserver # [ 0.333482] acpiphp: Slot [23] registered
webserver # [ 0.334296] acpiphp: Slot [24] registered
webserver # [ 0.334741] acpiphp: Slot [25] registered
webserver # [ 0.335483] acpiphp: Slot [26] registered
webserver # [ 0.336284] acpiphp: Slot [27] registered
client # [ 0.516164] clocksource: Switched to clocksource kvm-clock
webserver # [ 0.336717] acpiphp: Slot [28] registered
webserver # [ 0.337483] acpiphp: Slot [29] registered
dnsserver # [ 0.423434] pci 0000:00:07.0: [1af4:1009] type 00 class 0x000200
webserver # [ 0.338292] acpiphp: Slot [30] registered
client # [ 0.518750] VFS: Disk quotas dquot_6.6.0
webserver # [ 0.338714] acpiphp: Slot [31] registered
dnsserver # [ 0.425215] pci 0000:00:07.0: reg 0x10: [io 0xc180-0xc19f]
acme # [ 0.643413] jitterentropy: Initialization failed with host not compliant with requirements: 9
webserver # [ 0.339470] PCI host bridge to bus 0000:00
client # [ 0.519552] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
client # [ 0.520853] pnp: PnP ACPI init
webserver # [ 0.340243] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
dnsserver # [ 0.427167] pci 0000:00:07.0: reg 0x14: [mem 0xfebd5000-0xfebd5fff]
client # [ 0.521957] pnp: PnP ACPI: found 6 devices
webserver # [ 0.340757] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
webserver # [ 0.341751] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
webserver # [ 0.342843] pci_bus 0000:00: root bus resource [mem 0x40000000-0xfebfffff window]
webserver # [ 0.343853] pci_bus 0000:00: root bus resource [mem 0x100000000-0x17fffffff window]
webserver # [ 0.344847] pci_bus 0000:00: root bus resource [bus 00-ff]
dnsserver # [ 0.429784] pci 0000:00:07.0: reg 0x20: [mem 0xfe010000-0xfe013fff 64bit pref]
webserver # [ 0.345871] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000
client # [ 0.529317] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
webserver # [ 0.347162] pci 0000:00:01.0: [8086:7000] type 00 class 0x060100
dnsserver # [ 0.432430] pci 0000:00:08.0: [1af4:1001] type 00 class 0x010000
client # [ 0.530999] clocksource: Switched to clocksource acpi_pm
webserver # [ 0.348267] pci 0000:00:01.1: [8086:7010] type 00 class 0x010180
client # [ 0.532088] NET: Registered PF_INET protocol family
acme # [ 0.656795] Key type asymmetric registered
dnsserver # [ 0.434215] pci 0000:00:08.0: reg 0x10: [io 0xc000-0xc07f]
acme # [ 0.657636] Asymmetric key parser 'x509' registered
client # [ 0.533072] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear)
client # [ 0.534861] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear)
dnsserver # [ 0.436215] pci 0000:00:08.0: reg 0x14: [mem 0xfebd6000-0xfebd6fff]
acme # [ 0.659986] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
webserver # [ 0.351777] pci 0000:00:01.1: reg 0x20: [io 0xc1e0-0xc1ef]
client # [ 0.536438] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
client # [ 0.537955] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear)
acme # [ 0.663027] io scheduler mq-deadline registered
acme # [ 0.663951] io scheduler kyber registered
webserver # [ 0.354428] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
client # [ 0.539435] TCP bind hash table entries: 8192 (order: 6, 262144 bytes, linear)
dnsserver # [ 0.440769] pci 0000:00:08.0: reg 0x20: [mem 0xfe014000-0xfe017fff 64bit pref]
webserver # [ 0.354765] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
client # [ 0.540852] TCP: Hash tables configured (established 8192 bind 8192)
client # [ 0.542084] MPTCP token hash table entries: 1024 (order: 2, 24576 bytes, linear)
webserver # [ 0.355754] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
acme # [ 0.667181] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
client # [ 0.543516] UDP hash table entries: 512 (order: 2, 16384 bytes, linear)
webserver # [ 0.356759] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
dnsserver # [ 0.443474] pci 0000:00:09.0: [1af4:1000] type 00 class 0x020000
client # [ 0.544730] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear)
webserver # [ 0.357932] pci 0000:00:01.2: [8086:7020] type 00 class 0x0c0300
acme # [ 0.670057] 00:04: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
client # [ 0.546071] NET: Registered PF_UNIX/PF_LOCAL protocol family
dnsserver # [ 0.445215] pci 0000:00:09.0: reg 0x10: [io 0xc1a0-0xc1bf]
client # [ 0.547140] NET: Registered PF_XDP protocol family
client # [ 0.548084] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
webserver # [ 0.361064] pci 0000:00:01.2: reg 0x20: [io 0xc100-0xc11f]
client # [ 0.549231] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
acme # [ 0.674011] Linux agpgart interface v0.103
client # [ 0.550394] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
dnsserver # [ 0.449215] pci 0000:00:09.0: reg 0x14: [mem 0xfebd7000-0xfebd7fff]
acme # [ 0.675791] ACPI: bus type drm_connector registered
client # [ 0.551662] pci_bus 0000:00: resource 7 [mem 0x40000000-0xfebfffff window]
client # [ 0.552935] pci_bus 0000:00: resource 8 [mem 0x100000000-0x17fffffff window]
webserver # [ 0.364211] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000
client # [ 0.554266] pci 0000:00:01.0: PIIX3: Enabling Passive Release
acme # [ 0.678969] usbcore: registered new interface driver usbserial_generic
webserver # [ 0.365130] pci 0000:00:01.3: quirk: [io 0x0600-0x063f] claimed by PIIX4 ACPI
dnsserver # [ 0.452718] pci 0000:00:09.0: reg 0x20: [mem 0xfe018000-0xfe01bfff 64bit pref]
client # [ 0.555356] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
webserver # [ 0.365847] pci 0000:00:01.3: quirk: [io 0x0700-0x070f] claimed by PIIX4 SMB
acme # [ 0.680812] usbserial: USB Serial support registered for generic
dnsserver # [ 0.454215] pci 0000:00:09.0: reg 0x30: [mem 0xfeb80000-0xfebbffff pref]
webserver # [ 0.366988] pci 0000:00:02.0: [1234:1111] type 00 class 0x030000
acme # [ 0.681971] amd_pstate: the _CPC object is not present in SBIOS or ACPI disabled
webserver # [ 0.368953] pci 0000:00:02.0: reg 0x10: [mem 0xfd000000-0xfdffffff pref]
dnsserver # [ 0.456442] pci 0000:00:0a.0: [1af4:1052] type 00 class 0x090000
acme # [ 0.685858] drop_monitor: Initializing network drop monitor service
dnsserver # [ 0.458839] pci 0000:00:0a.0: reg 0x14: [mem 0xfebd8000-0xfebd8fff]
webserver # [ 0.371401] pci 0000:00:02.0: reg 0x18: [mem 0xfebd0000-0xfebd0fff]
dnsserver # [ 0.461215] pci 0000:00:0a.0: reg 0x20: [mem 0xfe01c000-0xfe01ffff 64bit pref]
webserver # [ 0.375161] pci 0000:00:02.0: reg 0x30: [mem 0xfebc0000-0xfebcffff pref]
dnsserver # [ 0.464024] pci 0000:00:0b.0: [1af4:1003] type 00 class 0x078000
webserver # [ 0.375791] pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
webserver # [ 0.377137] pci 0000:00:03.0: [1af4:1000] type 00 class 0x020000
dnsserver # [ 0.466761] pci 0000:00:0b.0: reg 0x10: [io 0xc0c0-0xc0ff]
dnsserver # [ 0.468215] pci 0000:00:0b.0: reg 0x14: [mem 0xfebd9000-0xfebd9fff]
webserver # [ 0.379460] pci 0000:00:03.0: reg 0x10: [io 0xc120-0xc13f]
webserver # [ 0.381422] pci 0000:00:03.0: reg 0x14: [mem 0xfebd1000-0xfebd1fff]
dnsserver # [ 0.471901] pci 0000:00:0b.0: reg 0x20: [mem 0xfe020000-0xfe023fff 64bit pref]
webserver # [ 0.386460] pci 0000:00:03.0: reg 0x20: [mem 0xfe000000-0xfe003fff 64bit pref]
dnsserver # [ 0.474432] pci 0000:00:0c.0: [1af4:1005] type 00 class 0x00ff00
webserver # [ 0.388938] pci 0000:00:03.0: reg 0x30: [mem 0xfeb40000-0xfeb7ffff pref]
dnsserver # [ 0.476215] pci 0000:00:0c.0: reg 0x10: [io 0xc1c0-0xc1df]
acme # [ 0.714817] NET: Registered PF_INET6 protocol family
dnsserver # [ 0.478125] pci 0000:00:0c.0: reg 0x14: [mem 0xfebda000-0xfebdafff]
webserver # [ 0.390997] pci 0000:00:04.0: [1af4:1005] type 00 class 0x00ff00
webserver # [ 0.392460] pci 0000:00:04.0: reg 0x10: [io 0xc140-0xc15f]
client # [ 0.595269] ACPI: \_SB_.LNKD: Enabled at IRQ 11
webserver # [ 0.394460] pci 0000:00:04.0: reg 0x14: [mem 0xfebd2000-0xfebd2fff]
dnsserver # [ 0.481687] pci 0000:00:0c.0: reg 0x20: [mem 0xfe024000-0xfe027fff 64bit pref]
dnsserver # [ 0.484778] ACPI: PCI: Interrupt link LNKA configured for IRQ 10
webserver # [ 0.397997] pci 0000:00:04.0: reg 0x20: [mem 0xfe004000-0xfe007fff 64bit pref]
dnsserver # [ 0.485648] ACPI: PCI: Interrupt link LNKB configured for IRQ 10
dnsserver # [ 0.486635] ACPI: PCI: Interrupt link LNKC configured for IRQ 11
dnsserver # [ 0.487617] ACPI: PCI: Interrupt link LNKD configured for IRQ 11
webserver # [ 0.401223] pci 0000:00:05.0: [1af4:1009] type 00 class 0x000200
dnsserver # [ 0.489290] ACPI: PCI: Interrupt link LNKS configured for IRQ 9
dnsserver # [ 0.490548] iommu: Default domain type: Translated
dnsserver # [ 0.491215] iommu: DMA domain TLB invalidation policy: lazy mode
dnsserver # [ 0.492253] ACPI: bus type USB registered
webserver # [ 0.403460] pci 0000:00:05.0: reg 0x10: [io 0xc080-0xc0bf]
dnsserver # [ 0.493069] usbcore: registered new interface driver usbfs
dnsserver # [ 0.493486] usbcore: registered new interface driver hub
webserver # [ 0.405460] pci 0000:00:05.0: reg 0x14: [mem 0xfebd3000-0xfebd3fff]
dnsserver # [ 0.494225] usbcore: registered new device driver usb
dnsserver # [ 0.495629] NetLabel: Initializing
dnsserver # [ 0.496215] NetLabel: domain hash size = 128
dnsserver # [ 0.497070] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
webserver # [ 0.408994] pci 0000:00:05.0: reg 0x20: [mem 0xfe008000-0xfe00bfff 64bit pref]
acme # [ 0.741306] Freeing initrd memory: 11300K
dnsserver # [ 0.497513] NetLabel: unlabeled traffic allowed by default
acme # [ 0.742559] Segment Routing with IPv6
dnsserver # [ 0.498483] PCI: Using ACPI for IRQ routing
acme # [ 0.743394] In-situ OAM (IOAM) with IPv6
dnsserver # [ 0.499498] pci 0000:00:02.0: vgaarb: setting as boot VGA device
acme # [ 0.744507] IPI shorthand broadcast: enabled
dnsserver # [ 0.500210] pci 0000:00:02.0: vgaarb: bridge control possible
webserver # [ 0.411685] pci 0000:00:06.0: [1af4:1009] type 00 class 0x000200
dnsserver # [ 0.500210] pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
dnsserver # [ 0.500217] vgaarb: loaded
dnsserver # [ 0.500893] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
webserver # [ 0.413461] pci 0000:00:06.0: reg 0x10: [io 0xc160-0xc17f]
acme # [ 0.748399] sched_clock: Marking stable (606017498, 141745598)->(827565136, -79802040)
dnsserver # [ 0.501464] hpet0: 3 comparators, 64-bit 100.000000 MHz counter
acme # [ 0.750192] registered taskstats version 1
webserver # [ 0.415398] pci 0000:00:06.0: reg 0x14: [mem 0xfebd4000-0xfebd4fff]
acme # [ 0.751194] Loading compiled-in X.509 certificates
webserver # [ 0.418025] pci 0000:00:06.0: reg 0x20: [mem 0xfe00c000-0xfe00ffff 64bit pref]
dnsserver # [ 0.507250] clocksource: Switched to clocksource kvm-clock
dnsserver # [ 0.509555] VFS: Disk quotas dquot_6.6.0
dnsserver # [ 0.510354] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
acme # [ 0.759221] Key type .fscrypt registered
dnsserver # [ 0.511681] pnp: PnP ACPI init
client # [ 0.635314] pci 0000:00:01.2: quirk_usb_early_handoff+0x0/0x7d0 took 76979 usecs
webserver # [ 0.421670] pci 0000:00:07.0: [1af4:1009] type 00 class 0x000200
acme # [ 0.760040] Key type fscrypt-provisioning registered
dnsserver # [ 0.512760] pnp: PnP ACPI: found 6 devices
client # [ 0.636837] PCI: CLS 0 bytes, default 64
acme # [ 0.761148] PM: Magic number: 0:598:903
webserver # [ 0.423460] pci 0000:00:07.0: reg 0x10: [io 0xc180-0xc19f]
client # [ 0.637724] Trying to unpack rootfs image as initramfs...
webserver # [ 0.425420] pci 0000:00:07.0: reg 0x14: [mem 0xfebd5000-0xfebd5fff]
client # [ 0.640113] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x2848df6a9de, max_idle_ns: 440795280912 ns
client # [ 0.643345] Initialise system trusted keyrings
acme # [ 0.767953] RAS: Correctable Errors collector initialized.
acme # [ 0.769092] clk: Disabling unused clocks
dnsserver # [ 0.520354] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
webserver # [ 0.428460] pci 0000:00:07.0: reg 0x20: [mem 0xfe010000-0xfe013fff 64bit pref]
dnsserver # [ 0.522010] clocksource: Switched to clocksource acpi_pm
client # [ 0.645979] workingset: timestamp_bits=40 max_order=18 bucket_order=0
dnsserver # [ 0.523083] NET: Registered PF_INET protocol family
acme # [ 0.771903] Freeing unused decrypted memory: 2028K
dnsserver # [ 0.524135] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear)
client # [ 0.648944] zbud: loaded
acme # [ 0.773291] Freeing unused kernel image (initmem) memory: 3120K
webserver # [ 0.431669] pci 0000:00:08.0: [1af4:1001] type 00 class 0x010000
acme # [ 0.774218] Write protecting the kernel read-only data: 28672k
dnsserver # [ 0.525955] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear)
acme # [ 0.775603] Freeing unused kernel image (rodata/data gap) memory: 1424K
webserver # [ 0.433461] pci 0000:00:08.0: reg 0x10: [io 0xc000-0xc07f]
dnsserver # [ 0.527552] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
dnsserver # [ 0.529030] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear)
webserver # [ 0.435461] pci 0000:00:08.0: reg 0x14: [mem 0xfebd6000-0xfebd6fff]
dnsserver # [ 0.530535] TCP bind hash table entries: 8192 (order: 6, 262144 bytes, linear)
dnsserver # [ 0.531942] TCP: Hash tables configured (established 8192 bind 8192)
dnsserver # [ 0.533165] MPTCP token hash table entries: 1024 (order: 2, 24576 bytes, linear)
dnsserver # [ 0.535006] UDP hash table entries: 512 (order: 2, 16384 bytes, linear)
webserver # [ 0.440460] pci 0000:00:08.0: reg 0x20: [mem 0xfe014000-0xfe017fff 64bit pref]
dnsserver # [ 0.536227] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear)
dnsserver # [ 0.537568] NET: Registered PF_UNIX/PF_LOCAL protocol family
dnsserver # [ 0.538654] NET: Registered PF_XDP protocol family
webserver # [ 0.443716] pci 0000:00:09.0: [1af4:1000] type 00 class 0x020000
dnsserver # [ 0.539589] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
dnsserver # [ 0.540742] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
webserver # [ 0.445460] pci 0000:00:09.0: reg 0x10: [io 0xc1a0-0xc1bf]
dnsserver # [ 0.541895] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
dnsserver # [ 0.543152] pci_bus 0000:00: resource 7 [mem 0x40000000-0xfebfffff window]
webserver # [ 0.447433] pci 0000:00:09.0: reg 0x14: [mem 0xfebd7000-0xfebd7fff]
dnsserver # [ 0.544503] pci_bus 0000:00: resource 8 [mem 0x100000000-0x17fffffff window]
dnsserver # [ 0.546018] pci 0000:00:01.0: PIIX3: Enabling Passive Release
client # [ 0.670943] Key type asymmetric registered
dnsserver # [ 0.547155] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
client # [ 0.671770] Asymmetric key parser 'x509' registered
webserver # [ 0.449967] pci 0000:00:09.0: reg 0x20: [mem 0xfe018000-0xfe01bfff 64bit pref]
webserver # [ 0.451460] pci 0000:00:09.0: reg 0x30: [mem 0xfeb80000-0xfebbffff pref]
client # [ 0.675038] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
client # [ 0.677078] io scheduler mq-deadline registered
webserver # [ 0.453690] pci 0000:00:0a.0: [1af4:1052] type 00 class 0x090000
client # [ 0.677995] io scheduler kyber registered
client # [ 0.681396] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
webserver # [ 0.456460] pci 0000:00:0a.0: reg 0x14: [mem 0xfebd8000-0xfebd8fff]
client # [ 0.684309] 00:04: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
webserver # [ 0.459118] pci 0000:00:0a.0: reg 0x20: [mem 0xfe01c000-0xfe01ffff 64bit pref]
webserver # [ 0.461676] pci 0000:00:0b.0: [1af4:1003] type 00 class 0x078000
client # [ 0.689090] Linux agpgart interface v0.103
client # [ 0.691036] ACPI: bus type drm_connector registered
webserver # [ 0.463461] pci 0000:00:0b.0: reg 0x10: [io 0xc0c0-0xc0ff]
client # [ 0.693222] usbcore: registered new interface driver usbserial_generic
client # [ 0.694963] usbserial: USB Serial support registered for generic
webserver # [ 0.465460] pci 0000:00:0b.0: reg 0x14: [mem 0xfebd9000-0xfebd9fff]
client # [ 0.696095] amd_pstate: the _CPC object is not present in SBIOS or ACPI disabled
client # [ 0.700099] drop_monitor: Initializing network drop monitor service
webserver # [ 0.469428] pci 0000:00:0b.0: reg 0x20: [mem 0xfe020000-0xfe023fff 64bit pref]
webserver # [ 0.471689] pci 0000:00:0c.0: [1af4:1005] type 00 class 0x00ff00
webserver # [ 0.473460] pci 0000:00:0c.0: reg 0x10: [io 0xc1c0-0xc1df]
webserver # [ 0.475450] pci 0000:00:0c.0: reg 0x14: [mem 0xfebda000-0xfebdafff]
dnsserver # [ 0.587150] ACPI: \_SB_.LNKD: Enabled at IRQ 11
webserver # [ 0.479978] pci 0000:00:0c.0: reg 0x20: [mem 0xfe024000-0xfe027fff 64bit pref]
webserver # [ 0.483016] ACPI: PCI: Interrupt link LNKA configured for IRQ 10
webserver # [ 0.483881] ACPI: PCI: Interrupt link LNKB configured for IRQ 10
acme # [ 0.847447] x86/mm: Checked W+X mappings: passed, no W+X pages found.
acme # [ 0.848460] Run /init as init process
webserver # [ 0.484859] ACPI: PCI: Interrupt link LNKC configured for IRQ 11
webserver # [ 0.485855] ACPI: PCI: Interrupt link LNKD configured for IRQ 11
webserver # [ 0.486817] ACPI: PCI: Interrupt link LNKS configured for IRQ 9
acme #
acme # <<< NixOS Stage 1 >>>
acme #
webserver # [ 0.488067] iommu: Default domain type: Translated
client # [ 0.728855] NET: Registered PF_INET6 protocol family
webserver # [ 0.488713] iommu: DMA domain TLB invalidation policy: lazy mode
webserver # [ 0.489772] ACPI: bus type USB registered
webserver # [ 0.490482] usbcore: registered new interface driver usbfs
webserver # [ 0.491468] usbcore: registered new interface driver hub
webserver # [ 0.492471] usbcore: registered new device driver usb
webserver # [ 0.494095] NetLabel: Initializing
webserver # [ 0.494682] NetLabel: domain hash size = 128
webserver # [ 0.495460] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
webserver # [ 0.496486] NetLabel: unlabeled traffic allowed by default
webserver # [ 0.497460] PCI: Using ACPI for IRQ routing
webserver # [ 0.498576] pci 0000:00:02.0: vgaarb: setting as boot VGA device
webserver # [ 0.499455] pci 0000:00:02.0: vgaarb: bridge control possible
webserver # [ 0.499455] pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
webserver # [ 0.499463] vgaarb: loaded
webserver # [ 0.500147] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
webserver # [ 0.500706] hpet0: 3 comparators, 64-bit 100.000000 MHz counter
webserver # [ 0.504494] clocksource: Switched to clocksource kvm-clock
webserver # [ 0.506781] VFS: Disk quotas dquot_6.6.0
dnsserver # [ 0.627181] pci 0000:00:01.2: quirk_usb_early_handoff+0x0/0x7d0 took 77028 usecs
webserver # [ 0.507587] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
dnsserver # [ 0.628810] PCI: CLS 0 bytes, default 64
webserver # [ 0.508913] pnp: PnP ACPI init
dnsserver # [ 0.629724] Trying to unpack rootfs image as initramfs...
acme # loading module virtio_balloon...
webserver # [ 0.510016] pnp: PnP ACPI: found 6 devices
client # [ 0.755638] Freeing initrd memory: 11292K
client # [ 0.756949] Segment Routing with IPv6
client # [ 0.757720] In-situ OAM (IOAM) with IPv6
dnsserver # [ 0.633684] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x2848df6a9de, max_idle_ns: 440795280912 ns
client # [ 0.758812] IPI shorthand broadcast: enabled
dnsserver # [ 0.636908] Initialise system trusted keyrings
acme # loading module virtio_console...
webserver # [ 0.517359] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
client # [ 0.762705] sched_clock: Marking stable (619016247, 142904146)->(845997579, -84077186)
dnsserver # [ 0.639550] workingset: timestamp_bits=40 max_order=18 bucket_order=0
webserver # [ 0.519040] clocksource: Switched to clocksource acpi_pm
client # [ 0.764476] registered taskstats version 1
webserver # [ 0.520117] NET: Registered PF_INET protocol family
dnsserver # [ 0.641519] zbud: loaded
client # [ 0.765461] Loading compiled-in X.509 certificates
webserver # [ 0.521087] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear)
acme # loading module virtio_rng...
webserver # [ 0.522897] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear)
webserver # [ 0.524485] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
webserver # [ 0.526011] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear)
acme # loading module virtio_gpu...
webserver # [ 0.527495] TCP bind hash table entries: 8192 (order: 6, 262144 bytes, linear)
client # [ 0.773498] Key type .fscrypt registered
webserver # [ 0.528961] TCP: Hash tables configured (established 8192 bind 8192)
client # [ 0.774295] Key type fscrypt-provisioning registered
client # [ 0.775396] PM: Magic number: 0:598:903
webserver # [ 0.530377] MPTCP token hash table entries: 1024 (order: 2, 24576 bytes, linear)
webserver # [ 0.531843] UDP hash table entries: 512 (order: 2, 16384 bytes, linear)
webserver # [ 0.533338] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear)
webserver # [ 0.534654] NET: Registered PF_UNIX/PF_LOCAL protocol family
acme # loading module dm_mod...
webserver # [ 0.535753] NET: Registered PF_XDP protocol family
webserver # [ 0.536695] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
client # [ 0.782136] RAS: Correctable Errors collector initialized.
webserver # [ 0.537852] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
client # [ 0.783273] clk: Disabling unused clocks
webserver # [ 0.539008] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
webserver # [ 0.540258] pci_bus 0000:00: resource 7 [mem 0x40000000-0xfebfffff window]
client # [ 0.786083] Freeing unused decrypted memory: 2028K
webserver # [ 0.541509] pci_bus 0000:00: resource 8 [mem 0x100000000-0x17fffffff window]
dnsserver # [ 0.663512] Key type asymmetric registered
client # [ 0.787538] Freeing unused kernel image (initmem) memory: 3120K
webserver # [ 0.542865] pci 0000:00:01.0: PIIX3: Enabling Passive Release
dnsserver # [ 0.664330] Asymmetric key parser 'x509' registered
client # [ 0.788435] Write protecting the kernel read-only data: 28672k
webserver # [ 0.544087] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
client # [ 0.789788] Freeing unused kernel image (rodata/data gap) memory: 1424K
dnsserver # [ 0.667528] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
dnsserver # [ 0.670846] io scheduler mq-deadline registered
acme # [ 0.919302] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: [email protected]
dnsserver # [ 0.671770] io scheduler kyber registered
acme # running udev...
dnsserver # [ 0.674847] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
dnsserver # [ 0.676798] 00:04: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
dnsserver # [ 0.680983] Linux agpgart interface v0.103
dnsserver # [ 0.682627] ACPI: bus type drm_connector registered
dnsserver # [ 0.685592] usbcore: registered new interface driver usbserial_generic
acme # Starting systemd-udevd version 256.8
dnsserver # [ 0.687523] usbserial: USB Serial support registered for generic
dnsserver # [ 0.688664] amd_pstate: the _CPC object is not present in SBIOS or ACPI disabled
dnsserver # [ 0.692689] drop_monitor: Initializing network drop monitor service
webserver # [ 0.584014] ACPI: \_SB_.LNKD: Enabled at IRQ 11
dnsserver # [ 0.721777] NET: Registered PF_INET6 protocol family
client # [ 0.861720] x86/mm: Checked W+X mappings: passed, no W+X pages found.
client # [ 0.862696] Run /init as init process
client #
client # <<< NixOS Stage 1 >>>
client #
webserver # [ 0.623989] pci 0000:00:01.2: quirk_usb_early_handoff+0x0/0x7d0 took 76852 usecs
webserver # [ 0.625519] PCI: CLS 0 bytes, default 64
webserver # [ 0.626420] Trying to unpack rootfs image as initramfs...
dnsserver # [ 0.747730] Freeing initrd memory: 11292K
dnsserver # [ 0.748990] Segment Routing with IPv6
dnsserver # [ 0.749801] In-situ OAM (IOAM) with IPv6
webserver # [ 0.628786] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x2848df6a9de, max_idle_ns: 440795280912 ns
dnsserver # [ 0.750906] IPI shorthand broadcast: enabled
webserver # [ 0.633086] Initialise system trusted keyrings
dnsserver # [ 0.754821] sched_clock: Marking stable (613016342, 141471805)->(843177220, -88689073)
acme # [ 1.004858] rtc_cmos 00:05: RTC can wake from S4
dnsserver # [ 0.756683] registered taskstats version 1
webserver # [ 0.635788] workingset: timestamp_bits=40 max_order=18 bucket_order=0
webserver # [ 0.637016] zbud: loaded
dnsserver # [ 0.757575] Loading compiled-in X.509 certificates
acme # [ 1.009108] rtc_cmos 00:05: registered as rtc0
acme # [ 1.011592] i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12
dnsserver # [ 0.765519] Key type .fscrypt registered
dnsserver # [ 0.766318] Key type fscrypt-provisioning registered
acme # [ 1.014808] rtc_cmos 00:05: setting system clock to 2024-11-28T20:52:43 UTC (1732827163)
dnsserver # [ 0.767402] PM: Magic number: 0:598:903
client # loading module virtio_balloon...
acme # [ 1.019105] serio: i8042 KBD port at 0x60,0x64 irq 1
dnsserver # [ 0.774128] RAS: Correctable Errors collector initialized.
dnsserver # [ 0.775263] clk: Disabling unused clocks
client # loading module virtio_console...
acme # [ 1.024455] rtc_cmos 00:05: alarms up to one day, y3k, 242 bytes nvram, hpet irqs
dnsserver # [ 0.778056] Freeing unused decrypted memory: 2028K
dnsserver # [ 0.779435] Freeing unused kernel image (initmem) memory: 3120K
dnsserver # [ 0.780349] Write protecting the kernel read-only data: 28672k
webserver # [ 0.659704] Key type asymmetric registered
webserver # [ 0.660529] Asymmetric key parser 'x509' registered
client # loading module virtio_rng...
dnsserver # [ 0.781717] Freeing unused kernel image (rodata/data gap) memory: 1424K
webserver # [ 0.662747] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)
acme # [ 1.032520] serio: i8042 AUX port at 0x60,0x64 irq 12
client # loading module virtio_gpu...
webserver # [ 0.665754] io scheduler mq-deadline registered
webserver # [ 0.666641] io scheduler kyber registered
webserver # [ 0.670047] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
webserver # [ 0.673037] 00:04: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
client # loading module dm_mod...
webserver # [ 0.676590] Linux agpgart interface v0.103
webserver # [ 0.678852] ACPI: bus type drm_connector registered
webserver # [ 0.680987] usbcore: registered new interface driver usbserial_generic
webserver # [ 0.683725] usbserial: USB Serial support registered for generic
webserver # [ 0.684864] amd_pstate: the _CPC object is not present in SBIOS or ACPI disabled
webserver # [ 0.687766] drop_monitor: Initializing network drop monitor service
client # [ 0.932870] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: [email protected]
client # running udev...
acme # [ 1.071907] SCSI subsystem initialized
client # Starting systemd-udevd version 256.8
webserver # [ 0.717767] NET: Registered PF_INET6 protocol family
dnsserver # [ 0.853417] x86/mm: Checked W+X mappings: passed, no W+X pages found.
dnsserver # [ 0.854398] Run /init as init process
dnsserver #
dnsserver # <<< NixOS Stage 1 >>>
dnsserver #
webserver # [ 0.743905] Freeing initrd memory: 11292K
webserver # [ 0.745154] Segment Routing with IPv6
webserver # [ 0.745947] In-situ OAM (IOAM) with IPv6
webserver # [ 0.747051] IPI shorthand broadcast: enabled
webserver # [ 0.750958] sched_clock: Marking stable (610016694, 140668318)->(840987462, -90302450)
webserver # [ 0.752812] registered taskstats version 1
webserver # [ 0.753717] Loading compiled-in X.509 certificates
acme # [ 1.124256] scsi host0: ata_piix
acme # [ 1.126107] scsi host1: ata_piix
acme # [ 1.127866] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc1e0 irq 14
acme # [ 1.128911] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc1e8 irq 15
webserver # [ 0.761629] Key type .fscrypt registered
webserver # [ 0.762441] Key type fscrypt-provisioning registered
webserver # [ 0.763535] PM: Magic number: 0:598:903
dnsserver # loading module virtio_balloon...
dnsserver # loading module virtio_console...
client # [ 1.015173] rtc_cmos 00:05: RTC can wake from S4
webserver # [ 0.770234] RAS: Correctable Errors collector initialized.
webserver # [ 0.771364] clk: Disabling unused clocks
webserver # [ 0.774145] Freeing unused decrypted memory: 2028K
dnsserver # loading module virtio_rng...
webserver # [ 0.775501] Freeing unused kernel image (initmem) memory: 3120K
webserver # [ 0.776419] Write protecting the kernel read-only data: 28672k
client # [ 1.021714] rtc_cmos 00:05: registered as rtc0
webserver # [ 0.777804] Freeing unused kernel image (rodata/data gap) memory: 1424K
dnsserver # loading module virtio_gpu...
client # [ 1.025646] rtc_cmos 00:05: setting system clock to 2024-11-28T20:52:43 UTC (1732827163)
client # [ 1.028387] i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12
client # [ 1.030294] rtc_cmos 00:05: alarms up to one day, y3k, 242 bytes nvram, hpet irqs
dnsserver # loading module dm_mod...
client # [ 1.039126] serio: i8042 KBD port at 0x60,0x64 irq 1
acme # [ 1.166039] ACPI: \_SB_.LNKC: Enabled at IRQ 10
acme # [ 1.167354] uhci_hcd 0000:00:01.2: UHCI Host Controller
acme # [ 1.169289] uhci_hcd 0000:00:01.2: new USB bus registered, assigned bus number 1
acme # [ 1.171847] uhci_hcd 0000:00:01.2: detected 2 ports
dnsserver # [ 0.924240] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: [email protected]
acme # [ 1.173792] uhci_hcd 0000:00:01.2: irq 11, io port 0x0000c100
dnsserver # running udev...
client # [ 1.050136] serio: i8042 AUX port at 0x60,0x64 irq 12
acme # [ 1.175830] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 6.06
acme # [ 1.177129] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
acme # [ 1.178319] usb usb1: Product: UHCI Host Controller
acme # [ 1.179140] usb usb1: Manufacturer: Linux 6.6.63 uhci_hcd
acme # [ 1.179997] usb usb1: SerialNumber: 0000:00:01.2
acme # [ 1.186055] hub 1-0:1.0: USB hub found
dnsserver # Starting systemd-udevd version 256.8
acme # [ 1.187758] hub 1-0:1.0: 2 ports detected
client # [ 1.084285] SCSI subsystem initialized
webserver # [ 0.849512] x86/mm: Checked W+X mappings: passed, no W+X pages found.
webserver # [ 0.850525] Run /init as init process
webserver #
webserver # <<< NixOS Stage 1 >>>
webserver #
webserver # loading module virtio_balloon...
webserver # loading module virtio_console...
dnsserver # [ 1.009774] rtc_cmos 00:05: RTC can wake from S4
acme # [ 1.258686] ACPI: \_SB_.LNKA: Enabled at IRQ 10
client # [ 1.136560] scsi host0: ata_piix
webserver # loading module virtio_rng...
client # [ 1.138974] scsi host1: ata_piix
dnsserver # [ 1.015225] rtc_cmos 00:05: registered as rtc0
client # [ 1.139604] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc1e0 irq 14
client # [ 1.140616] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc1e8 irq 15
dnsserver # [ 1.016830] i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12
dnsserver # [ 1.018934] rtc_cmos 00:05: setting system clock to 2024-11-28T20:52:43 UTC (1732827163)
webserver # loading module virtio_gpu...
dnsserver # [ 1.022136] serio: i8042 KBD port at 0x60,0x64 irq 1
webserver # loading module dm_mod...
dnsserver # [ 1.027570] rtc_cmos 00:05: alarms up to one day, y3k, 242 bytes nvram, hpet irqs
dnsserver # [ 1.033505] serio: i8042 AUX port at 0x60,0x64 irq 12
acme # [ 1.287867] ata2: found unknown device (class 0)
acme # [ 1.289251] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
webserver # [ 0.920822] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: [email protected]
webserver # running udev...
acme # [ 1.292440] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ PQ: 0 ANSI: 5
client # [ 1.178337] ACPI: \_SB_.LNKC: Enabled at IRQ 10
client # [ 1.179685] uhci_hcd 0000:00:01.2: UHCI Host Controller
webserver # Starting systemd-udevd version 256.8
client # [ 1.182922] uhci_hcd 0000:00:01.2: new USB bus registered, assigned bus number 1
acme # [ 1.308115] ACPI: \_SB_.LNKB: Enabled at IRQ 11
client # [ 1.184925] uhci_hcd 0000:00:01.2: detected 2 ports
client # [ 1.186949] uhci_hcd 0000:00:01.2: irq 11, io port 0x0000c100
client # [ 1.188971] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 6.06
client # [ 1.190284] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
client # [ 1.191460] usb usb1: Product: UHCI Host Controller
client # [ 1.192254] usb usb1: Manufacturer: Linux 6.6.63 uhci_hcd
client # [ 1.193129] usb usb1: SerialNumber: 0000:00:01.2
client # [ 1.199188] hub 1-0:1.0: USB hub found
client # [ 1.199847] hub 1-0:1.0: 2 ports detected
dnsserver # [ 1.077508] SCSI subsystem initialized
webserver # [ 1.005898] rtc_cmos 00:05: RTC can wake from S4
dnsserver # [ 1.128815] scsi host0: ata_piix
dnsserver # [ 1.130541] scsi host1: ata_piix
webserver # [ 1.009872] rtc_cmos 00:05: registered as rtc0
dnsserver # [ 1.131176] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc1e0 irq 14
webserver # [ 1.011010] i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12
dnsserver # [ 1.132216] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc1e8 irq 15
webserver # [ 1.014155] rtc_cmos 00:05: setting system clock to 2024-11-28T20:52:43 UTC (1732827163)
webserver # [ 1.016114] serio: i8042 KBD port at 0x60,0x64 irq 1
webserver # [ 1.018946] rtc_cmos 00:05: alarms up to one day, y3k, 242 bytes nvram, hpet irqs
client # [ 1.270877] ACPI: \_SB_.LNKA: Enabled at IRQ 10
webserver # [ 1.026690] serio: i8042 AUX port at 0x60,0x64 irq 12
acme # [ 1.409751] usb 1-1: new full-speed USB device number 2 using uhci_hcd
dnsserver # [ 1.170701] ACPI: \_SB_.LNKC: Enabled at IRQ 10
dnsserver # [ 1.172421] uhci_hcd 0000:00:01.2: UHCI Host Controller
dnsserver # [ 1.173762] uhci_hcd 0000:00:01.2: new USB bus registered, assigned bus number 1
client # [ 1.298151] ata2: found unknown device (class 0)
client # [ 1.299399] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
dnsserver # [ 1.176500] uhci_hcd 0000:00:01.2: detected 2 ports
dnsserver # [ 1.178517] uhci_hcd 0000:00:01.2: irq 11, io port 0x0000c100
client # [ 1.302622] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ PQ: 0 ANSI: 5
dnsserver # [ 1.180519] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 6.06
dnsserver # [ 1.181812] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
dnsserver # [ 1.182989] usb usb1: Product: UHCI Host Controller
dnsserver # [ 1.183797] usb usb1: Manufacturer: Linux 6.6.63 uhci_hcd
dnsserver # [ 1.184669] usb usb1: SerialNumber: 0000:00:01.2
dnsserver # [ 1.190765] hub 1-0:1.0: USB hub found
dnsserver # [ 1.191396] hub 1-0:1.0: 2 ports detected
webserver # [ 1.072704] SCSI subsystem initialized
client # [ 1.320196] ACPI: \_SB_.LNKB: Enabled at IRQ 11
webserver # [ 1.124044] scsi host0: ata_piix
webserver # [ 1.125739] scsi host1: ata_piix
webserver # [ 1.126386] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc1e0 irq 14
webserver # [ 1.127418] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc1e8 irq 15
dnsserver # [ 1.263428] ACPI: \_SB_.LNKA: Enabled at IRQ 10
webserver # [ 1.165695] ACPI: \_SB_.LNKC: Enabled at IRQ 10
dnsserver # [ 1.287587] ata2: found unknown device (class 0)
webserver # [ 1.167415] uhci_hcd 0000:00:01.2: UHCI Host Controller
dnsserver # [ 1.288949] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
webserver # [ 1.168265] uhci_hcd 0000:00:01.2: new USB bus registered, assigned bus number 1
webserver # [ 1.170696] uhci_hcd 0000:00:01.2: detected 2 ports
dnsserver # [ 1.291773] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ PQ: 0 ANSI: 5
webserver # [ 1.172714] uhci_hcd 0000:00:01.2: irq 11, io port 0x0000c100
webserver # [ 1.174746] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001, bcdDevice= 6.06
client # [ 1.419910] usb 1-1: new full-speed USB device number 2 using uhci_hcd
webserver # [ 1.176047] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
webserver # [ 1.177211] usb usb1: Product: UHCI Host Controller
webserver # [ 1.178005] usb usb1: Manufacturer: Linux 6.6.63 uhci_hcd
webserver # [ 1.178851] usb usb1: SerialNumber: 0000:00:01.2
webserver # [ 1.184958] hub 1-0:1.0: USB hub found
webserver # [ 1.186681] hub 1-0:1.0: 2 ports detected
dnsserver # [ 1.313000] ACPI: \_SB_.LNKB: Enabled at IRQ 11
acme # [ 1.580366] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
acme # [ 1.581789] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
acme # [ 1.583007] usb 1-1: Product: QEMU USB Tablet
acme # [ 1.583762] usb 1-1: Manufacturer: QEMU
acme # [ 1.584436] usb 1-1: SerialNumber: 28754-0000:00:01.2-1
acme # [ 1.605559] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
acme # [ 1.614207] virtio_blk virtio5: 1/0/0 default/read/poll queues
acme # [ 1.624141] virtio_blk virtio5: [vda] 2097152 512-byte logical blocks (1.07 GB/1.00 GiB)
webserver # [ 1.258301] ACPI: \_SB_.LNKA: Enabled at IRQ 10
acme # [ 1.633426] 9pnet: Installing 9P2000 support
acme # [ 1.651060] sr 1:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
acme # [ 1.652162] cdrom: Uniform CD-ROM driver Revision: 3.20
acme # [ 1.654375] hid: raw HID events driver (C) Jiri Kosina
webserver # [ 1.286779] ata2: found unknown device (class 0)
webserver # [ 1.288183] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
webserver # [ 1.291366] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ PQ: 0 ANSI: 5
dnsserver # [ 1.417476] usb 1-1: new full-speed USB device number 2 using uhci_hcd
acme # [ 1.669390] usbcore: registered new interface driver usbhid
acme # [ 1.670327] usbhid: USB HID core driver
acme # [ 1.672465] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:01.2/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input2
acme # [ 1.674907] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:01.2-1/input0
webserver # [ 1.307693] ACPI: \_SB_.LNKB: Enabled at IRQ 11
client # [ 1.589175] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
client # [ 1.590526] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
client # [ 1.591724] usb 1-1: Product: QEMU USB Tablet
client # [ 1.592469] usb 1-1: Manufacturer: QEMU
client # [ 1.593146] usb 1-1: SerialNumber: 28754-0000:00:01.2-1
client # [ 1.619840] virtio_blk virtio5: 1/0/0 default/read/poll queues
client # [ 1.621584] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
client # [ 1.636508] virtio_blk virtio5: [vda] 2097152 512-byte logical blocks (1.07 GB/1.00 GiB)
acme # kbd_mode: KDSKBMODE: Inappropriate ioctl for device
client # [ 1.646827] 9pnet: Installing 9P2000 support
acme # %Gstarting device mapper and LVM...
client # [ 1.651380] sr 1:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
client # [ 1.652468] cdrom: Uniform CD-ROM driver Revision: 3.20
webserver # [ 1.408673] usb 1-1: new full-speed USB device number 2 using uhci_hcd
acme # File descriptor 8 (/dev/console) leaked on lvm invocation. Parent PID 1: /nix/store/bi3xndigzf44416vbvq00dsk63m79rni-extra-utils/bin/ash
acme # File descriptor 9 (/dev/console) leaked on lvm invocation. Parent PID 1: /nix/store/bi3xndigzf44416vbvq00dsk63m79rni-extra-utils/bin/ash
client # [ 1.675093] hid: raw HID events driver (C) Jiri Kosina
acme # checking /dev/disk/by-label/nixos...
acme # fsck (busybox 1.36.1)
acme # [fsck.ext4 (1) -- /mnt-root/] fsck.ext4 -a /dev/disk/by-label/nixos
client # [ 1.683870] usbcore: registered new interface driver usbhid
client # [ 1.684827] usbhid: USB HID core driver
acme # nixos: clean, 12/65536 files, 13019/262144 blocks
client # [ 1.687346] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:01.2/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input2
acme # mounting /dev/disk/by-label/nixos on /...
client # [ 1.689185] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:01.2-1/input0
dnsserver # [ 1.587480] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
dnsserver # [ 1.588839] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
dnsserver # [ 1.590060] usb 1-1: Product: QEMU USB Tablet
dnsserver # [ 1.590828] usb 1-1: Manufacturer: QEMU
dnsserver # [ 1.591493] usb 1-1: SerialNumber: 28754-0000:00:01.2-1
dnsserver # [ 1.613301] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
dnsserver # [ 1.624047] virtio_blk virtio5: 1/0/0 default/read/poll queues
dnsserver # [ 1.633129] virtio_blk virtio5: [vda] 2097152 512-byte logical blocks (1.07 GB/1.00 GiB)
dnsserver # [ 1.637823] 9pnet: Installing 9P2000 support
dnsserver # [ 1.646348] sr 1:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
acme # [ 1.894318] EXT4-fs (vda): mounted filesystem 486f7ab4-d229-4417-92c9-2076d2f5aa8a r/w with ordered data mode. Quota mode: none.
dnsserver # [ 1.647382] cdrom: Uniform CD-ROM driver Revision: 3.20
client # kbd_mode: KDSKBMODE: Inappropriate ioctl for device
acme # [ 1.899757] EXT4-fs (vda): re-mounted 486f7ab4-d229-4417-92c9-2076d2f5aa8a r/w. Quota mode: none.
client # %Gstarting device mapper and LVM...
client # File descriptor 8 (/dev/console) leaked on lvm invocation. Parent PID 1: /nix/store/bi3xndigzf44416vbvq00dsk63m79rni-extra-utils/bin/ash
client # File descriptor 9 (/dev/console) leaked on lvm invocation. Parent PID 1: /nix/store/bi3xndigzf44416vbvq00dsk63m79rni-extra-utils/bin/ash
acme # mounting nix-store on /nix/.ro-store...
dnsserver # [ 1.666184] hid: raw HID events driver (C) Jiri Kosina
acme # [ 1.924985] FS-Cache: Loaded
dnsserver # [ 1.677315] usbcore: registered new interface driver usbhid
dnsserver # [ 1.678285] usbhid: USB HID core driver
acme # [ 1.929628] 9p: Installing v9fs 9p2000 file system support
dnsserver # [ 1.680895] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:01.2/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input2
dnsserver # [ 1.682791] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:01.2-1/input0
client # checking /dev/disk/by-label/nixos...
client # fsck (busybox 1.36.1)
client # [fsck.ext4 (1) -- /mnt-root/] fsck.ext4 -a /dev/disk/by-label/nixos
acme # mounting tmpfs on /nix/.rw-store...
client # nixos: clean, 12/65536 files, 13019/262144 blocks
client # mounting /dev/disk/by-label/nixos on /...
webserver # [ 1.578886] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
webserver # [ 1.580252] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
webserver # [ 1.581480] usb 1-1: Product: QEMU USB Tablet
webserver # [ 1.582245] usb 1-1: Manufacturer: QEMU
webserver # [ 1.582918] usb 1-1: SerialNumber: 28754-0000:00:01.2-1
acme # mounting overlay on /nix/store...
webserver # [ 1.600746] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
acme # mounting shared on /tmp/shared...
webserver # [ 1.615054] virtio_blk virtio5: 1/0/0 default/read/poll queues
webserver # [ 1.625989] virtio_blk virtio5: [vda] 2097152 512-byte logical blocks (1.07 GB/1.00 GiB)
acme # mounting xchg on /tmp/xchg...
webserver # [ 1.635204] 9pnet: Installing 9P2000 support
webserver # [ 1.640185] sr 1:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
webserver # [ 1.641226] cdrom: Uniform CD-ROM driver Revision: 3.20
dnsserver # kbd_mode: KDSKBMODE: Inappropriate ioctl for device
dnsserver # %Gstarting device mapper and LVM...
client # [ 1.899909] EXT4-fs (vda): mounted filesystem 8324d8c0-5f08-4324-bd34-3aecf9d9f02e r/w with ordered data mode. Quota mode: none.
dnsserver # File descriptor 8 (/dev/console) leaked on lvm invocation. Parent PID 1: /nix/store/bi3xndigzf44416vbvq00dsk63m79rni-extra-utils/bin/ash
webserver # [ 1.659701] hid: raw HID events driver (C) Jiri Kosina
dnsserver # File descriptor 9 (/dev/console) leaked on lvm invocation. Parent PID 1: /nix/store/bi3xndigzf44416vbvq00dsk63m79rni-extra-utils/bin/ash
client # [ 1.904917] EXT4-fs (vda): re-mounted 8324d8c0-5f08-4324-bd34-3aecf9d9f02e r/w. Quota mode: none.
webserver # [ 1.671260] usbcore: registered new interface driver usbhid
webserver # [ 1.672216] usbhid: USB HID core driver
client # mounting nix-store on /nix/.ro-store...
webserver # [ 1.674075] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:01.2/usb1/1-1/1-1:1.0/0003:0627:0001.0001/input/input2
webserver # [ 1.675928] hid-generic 0003:0627:0001.0001: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:01.2-1/input0
dnsserver # checking /dev/disk/by-label/nixos...
dnsserver # fsck (busybox 1.36.1)
dnsserver # [fsck.ext4 (1) -- /mnt-root/] fsck.ext4 -a /dev/disk/by-label/nixos
client # [ 1.930172] FS-Cache: Loaded
dnsserver # nixos: clean, 12/65536 files, 13019/262144 blocks
dnsserver # mounting /dev/disk/by-label/nixos on /...
client # [ 1.934897] 9p: Installing v9fs 9p2000 file system support
client # mounting tmpfs on /nix/.rw-store...
client # mounting overlay on /nix/store...
client # mounting shared on /tmp/shared...
acme #
acme # <<< NixOS Stage 2 >>>
acme #
client # mounting xchg on /tmp/xchg...
webserver # %Gkbd_mode: KDSKBMODE: Inappropriate ioctl for device
webserver # starting device mapper and LVM...
acme # [ 2.137738] EXT4-fs (vda): re-mounted 486f7ab4-d229-4417-92c9-2076d2f5aa8a r/w. Quota mode: none.
webserver # File descriptor 8 (/dev/console) leaked on lvm invocation. Parent PID 1: /nix/store/bi3xndigzf44416vbvq00dsk63m79rni-extra-utils/bin/ash
webserver # File descriptor 9 (/dev/console) leaked on lvm invocation. Parent PID 1: /nix/store/bi3xndigzf44416vbvq00dsk63m79rni-extra-utils/bin/ash
dnsserver # [ 1.893526] EXT4-fs (vda): mounted filesystem 012cbbb8-2e11-457a-ae38-e326170780a1 r/w with ordered data mode. Quota mode: none.
acme # [ 2.143540] booting system configuration /nix/store/0181bz5aah1ybf2yjxs5p07v8na816x9-nixos-system-acme-test
dnsserver # [ 1.898481] EXT4-fs (vda): re-mounted 012cbbb8-2e11-457a-ae38-e326170780a1 r/w. Quota mode: none.
dnsserver # mounting nix-store on /nix/.ro-store...
webserver # checking /dev/disk/by-label/nixos...
webserver # fsck (busybox 1.36.1)
webserver # [fsck.ext4 (1) -- /mnt-root/] fsck.ext4 -a /dev/disk/by-label/nixos
dnsserver # [ 1.923522] FS-Cache: Loaded
webserver # nixos: clean, 12/65536 files, 13019/262144 blocks
webserver # mounting /dev/disk/by-label/nixos on /...
dnsserver # [ 1.928149] 9p: Installing v9fs 9p2000 file system support
dnsserver # mounting tmpfs on /nix/.rw-store...
acme # running activation script...
dnsserver # mounting overlay on /nix/store...
dnsserver # mounting shared on /tmp/shared...
dnsserver # mounting xchg on /tmp/xchg...
client #
client # <<< NixOS Stage 2 >>>
client #
webserver # [ 1.887871] EXT4-fs (vda): mounted filesystem 9af7894e-e549-4525-9088-bed3ba7a646e r/w with ordered data mode. Quota mode: none.
webserver # [ 1.893670] EXT4-fs (vda): re-mounted 9af7894e-e549-4525-9088-bed3ba7a646e r/w. Quota mode: none.
webserver # mounting nix-store on /nix/.ro-store...
client # [ 2.147900] EXT4-fs (vda): re-mounted 8324d8c0-5f08-4324-bd34-3aecf9d9f02e r/w. Quota mode: none.
client # [ 2.150440] booting system configuration /nix/store/pym7iqvl158pcfm11zw20bz5hdn4fxqw-nixos-system-client-test
webserver # [ 1.916021] FS-Cache: Loaded
webserver # [ 1.920690] 9p: Installing v9fs 9p2000 file system support
webserver # mounting tmpfs on /nix/.rw-store...
webserver # mounting overlay on /nix/store...
client # running activation script...
webserver # mounting shared on /tmp/shared...
webserver # mounting xchg on /tmp/xchg...
dnsserver #
dnsserver # <<< NixOS Stage 2 >>>
dnsserver #
dnsserver # [ 2.137465] EXT4-fs (vda): re-mounted 012cbbb8-2e11-457a-ae38-e326170780a1 r/w. Quota mode: none.
dnsserver # [ 2.139899] booting system configuration /nix/store/jdm56ci6swvzxajb974q8gyln23z1f3s-nixos-system-dnsserver-test
dnsserver # running activation script...
acme # setting up /etc...
webserver #
webserver # <<< NixOS Stage 2 >>>
webserver #
webserver # [ 2.134663] EXT4-fs (vda): re-mounted 9af7894e-e549-4525-9088-bed3ba7a646e r/w. Quota mode: none.
webserver # [ 2.137382] booting system configuration /nix/store/zswagxrp2ycz4nwi41pby9rhx6sc7ksa-nixos-system-webserver-test
webserver # running activation script...
client # setting up /etc...
dnsserver # setting up /etc...
webserver # setting up /etc...
acme # starting systemd...
acme # [ 3.191764] systemd[1]: Inserted module 'autofs4'
acme # 104[ 3.231954] systemd[1]: systemd 256.8 running in system mode (+PAM +AUDIT -SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK -XKBCOMMON +UTMP -SYSVINIT +LIBARCHIVE)
acme # [ 3.236711] systemd[1]: Detected virtualization kvm.
acme # [ 3.237541] systemd[1]: Detected architecture x86-64.
acme # [ 3.238437] systemd[1]: Detected first boot.
acme # [ 3.241895] systemd[1]: Hostname set to <acme>.
acme # [ 3.243108] systemd[1]: Initializing machine ID from random generator.
acme # [ 3.261949] systemd[1]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
client # starting systemd...
dnsserver # starting systemd...
client # [ 3.247608] systemd[1]: Inserted module 'autofs4'
dnsserver # [ 3.150073] systemd[1]: Inserted module 'autofs4'
client # 104[ 3.294648] systemd[1]: systemd 256.8 running in system mode (+PAM +AUDIT -SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK -XKBCOMMON +UTMP -SYSVINIT +LIBARCHIVE)
client # [ 3.299427] systemd[1]: Detected virtualization kvm.
client # [ 3.300306] systemd[1]: Detected architecture x86-64.
client # [ 3.301224] systemd[1]: Detected first boot.
client # [ 3.305473] systemd[1]: Hostname set to <client>.
client # [ 3.306793] systemd[1]: Initializing machine ID from random generator.
dnsserver # 104[ 3.189158] systemd[1]: systemd 256.8 running in system mode (+PAM +AUDIT -SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK -XKBCOMMON +UTMP -SYSVINIT +LIBARCHIVE)
dnsserver # [ 3.193926] systemd[1]: Detected virtualization kvm.
dnsserver # [ 3.194784] systemd[1]: Detected architecture x86-64.
dnsserver # [ 3.195664] systemd[1]: Detected first boot.
dnsserver # [ 3.199068] systemd[1]: Hostname set to <dnsserver>.
dnsserver # [ 3.200294] systemd[1]: Initializing machine ID from random generator.
client # [ 3.328756] systemd[1]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
dnsserver # [ 3.218521] systemd[1]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
acme # [ 3.573904] systemd[1]: bpf-restrict-fs: LSM BPF program attached
webserver # starting systemd...
acme # [ 3.664924] systemd-ssh-generator[367]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 3.304092] systemd[1]: Inserted module 'autofs4'
webserver # 104[ 3.344097] systemd[1]: systemd 256.8 running in system mode (+PAM +AUDIT -SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK -XKBCOMMON +UTMP -SYSVINIT +LIBARCHIVE)
webserver # [ 3.348900] systemd[1]: Detected virtualization kvm.
webserver # [ 3.349799] systemd[1]: Detected architecture x86-64.
webserver # [ 3.350704] systemd[1]: Detected first boot.
webserver # [ 3.354280] systemd[1]: Hostname set to <webserver>.
webserver # [ 3.355528] systemd[1]: Initializing machine ID from random generator.
webserver # [ 3.374794] systemd[1]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
client # [ 3.640049] systemd[1]: bpf-restrict-fs: LSM BPF program attached
dnsserver # [ 3.525628] systemd[1]: bpf-restrict-fs: LSM BPF program attached
dnsserver # [ 3.612592] systemd-ssh-generator[370]: Disabling SSH generator logic, since sshd is not installed.
client # [ 3.737313] systemd-ssh-generator[372]: Disabling SSH generator logic, since sshd is not installed.
acme # [ 4.014530] systemd[1]: Populated /etc with preset unit settings.
webserver # [ 3.684878] systemd[1]: bpf-restrict-fs: LSM BPF program attached
webserver # [ 3.780138] systemd-ssh-generator[369]: Disabling SSH generator logic, since sshd is not installed.
dnsserver # [ 3.974213] systemd[1]: Populated /etc with preset unit settings.
client # [ 4.111771] systemd[1]: Populated /etc with preset unit settings.
acme # [ 4.325275] systemd[1]: Queued start job for default target Multi-User System.
acme # [ 4.345910] systemd[1]: Created slice Slice /system/getty.
acme # [ 4.347597] systemd[1]: Created slice Slice /system/modprobe.
acme # [ 4.349247] systemd[1]: Created slice User and Session Slice.
acme # [ 4.350368] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
acme # [ 4.351825] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
acme # [ 4.353280] systemd[1]: Expecting device /dev/hvc0...
acme # [ 4.354165] systemd[1]: Expecting device /dev/ttyS0...
acme # [ 4.355055] systemd[1]: Expecting device /sys/subsystem/net/devices/eth1...
acme # [ 4.356211] systemd[1]: Reached target Local Encrypted Volumes.
acme # [ 4.357254] systemd[1]: Reached target Containers.
acme # [ 4.358121] systemd[1]: Reached target Path Units.
acme # [ 4.358988] systemd[1]: Reached target Remote File Systems.
acme # [ 4.359950] systemd[1]: Reached target Slice Units.
acme # [ 4.360823] systemd[1]: Reached target Swaps.
acme # [ 4.364385] systemd[1]: Listening on Process Core Dump Socket.
acme # [ 4.367198] systemd[1]: Listening on Credential Encryption/Decryption.
acme # [ 4.368400] systemd[1]: Listening on Journal Socket (/dev/log).
acme # [ 4.369526] systemd[1]: Listening on Journal Sockets.
acme # [ 4.370579] systemd[1]: Listening on Userspace Out-Of-Memory (OOM) Killer Socket.
acme # [ 4.372012] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
acme # [ 4.373942] systemd[1]: Listening on udev Control Socket.
acme # [ 4.375009] systemd[1]: Listening on udev Kernel Socket.
acme # [ 4.378781] systemd[1]: Mounting Huge Pages File System...
acme # [ 4.382587] systemd[1]: Mounting POSIX Message Queue File System...
acme # [ 4.387375] systemd[1]: Mounting Kernel Debug File System...
acme # [ 4.394141] systemd[1]: Starting Create List of Static Device Nodes...
acme # [ 4.404255] systemd[1]: Starting Load Kernel Module 9pnet_virtio...
acme # [ 4.414383] systemd[1]: Starting Load Kernel Module configfs...
acme # [ 4.422712] systemd[1]: Starting Load Kernel Module drm...
acme # [ 4.429399] systemd[1]: Starting Load Kernel Module efi_pstore...
acme # [ 4.435762] systemd[1]: Starting Load Kernel Module fuse...
acme # [ 4.440717] systemd[1]: Starting mount-pstore.service...
acme # [ 4.442155] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
acme # [ 4.446390] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
acme # [ 4.458353] systemd[1]: Starting Journal Service...
acme # [ 4.463389] systemd[1]: Starting Load Kernel Modules...
acme # [ 4.468232] systemd[1]: Starting Remount Root and Kernel File Systems...
acme # [ 4.470428] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
acme # [ 4.481222] systemd[1]: Starting Coldplug All udev Devices...
acme # [ 4.488383] systemd[1]: Mounted Huge Pages File System.
acme # [ 4.490860] systemd[1]: Mounted POSIX Message Queue File System.
acme # [ 4.493854] systemd[1]: Mounted Kernel Debug File System.
acme # [ 4.498115] systemd[1]: Finished Create List of Static Device Nodes.
acme # [ 4.505814] systemd[1]: Starting Create Static Device Nodes in /dev gracefully...
webserver # [ 4.158058] systemd[1]: Populated /etc with preset unit settings.
dnsserver # [ 4.315547] systemd[1]: Queued start job for default target Multi-User System.
acme # [ 4.570885] EXT4-fs (vda): re-mounted 486f7ab4-d229-4417-92c9-2076d2f5aa8a r/w. Quota mode: none.
client # [ 4.449552] systemd[1]: Queued start job for default target Multi-User System.
dnsserver # [ 4.337697] systemd[1]: Created slice Slice /system/getty.
acme # [ 4.587130] systemd[1]: Finished Remount Root and Kernel File Systems.
dnsserver # [ 4.339459] systemd[1]: Created slice Slice /system/modprobe.
dnsserver # [ 4.341075] systemd[1]: Created slice User and Session Slice.
dnsserver # [ 4.342169] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
dnsserver # [ 4.343633] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
dnsserver # [ 4.345045] systemd[1]: Expecting device /dev/hvc0...
dnsserver # [ 4.345946] systemd[1]: Expecting device /dev/ttyS0...
acme # [ 4.594273] systemd[1]: Starting Load/Save OS Random Seed...
dnsserver # [ 4.346850] systemd[1]: Expecting device /sys/subsystem/net/devices/eth1...
client # [ 4.471095] systemd[1]: Created slice Slice /system/getty.
dnsserver # [ 4.347985] systemd[1]: Reached target Local Encrypted Volumes.
dnsserver # [ 4.349014] systemd[1]: Reached target Containers.
acme # [ 4.596705] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
client # [ 4.472941] systemd[1]: Created slice Slice /system/modprobe.
dnsserver # [ 4.349882] systemd[1]: Reached target Path Units.
dnsserver # [ 4.350740] systemd[1]: Reached target Remote File Systems.
client # [ 4.474688] systemd[1]: Created slice User and Session Slice.
dnsserver # [ 4.351677] systemd[1]: Reached target Slice Units.
client # [ 4.475949] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
dnsserver # [ 4.352552] systemd[1]: Reached target Swaps.
client # [ 4.477561] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
client # [ 4.479196] systemd[1]: Expecting device /dev/hvc0...
client # [ 4.480263] systemd[1]: Expecting device /dev/ttyS0...
dnsserver # [ 4.356714] systemd[1]: Listening on Process Core Dump Socket.
client # [ 4.481298] systemd[1]: Expecting device /sys/subsystem/net/devices/eth1...
client # [ 4.482618] systemd[1]: Reached target Local Encrypted Volumes.
dnsserver # [ 4.359559] systemd[1]: Listening on Credential Encryption/Decryption.
client # [ 4.483757] systemd[1]: Reached target Containers.
client # [ 4.484723] systemd[1]: Reached target Path Units.
dnsserver # [ 4.360802] systemd[1]: Listening on Journal Socket (/dev/log).
client # [ 4.485692] systemd[1]: Reached target Remote File Systems.
dnsserver # [ 4.361943] systemd[1]: Listening on Journal Sockets.
client # [ 4.486767] systemd[1]: Reached target Slice Units.
dnsserver # [ 4.363026] systemd[1]: Listening on Userspace Out-Of-Memory (OOM) Killer Socket.
client # [ 4.487747] systemd[1]: Reached target Swaps.
dnsserver # [ 4.364451] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
dnsserver # [ 4.366390] systemd[1]: Listening on udev Control Socket.
dnsserver # [ 4.367419] systemd[1]: Listening on udev Kernel Socket.
client # [ 4.491669] systemd[1]: Listening on Process Core Dump Socket.
client # [ 4.494781] systemd[1]: Listening on Credential Encryption/Decryption.
dnsserver # [ 4.371145] systemd[1]: Mounting Huge Pages File System...
client # [ 4.496035] systemd[1]: Listening on Journal Socket (/dev/log).
acme # [ 4.620409] systemd-journald[383]: Collecting audit messages is disabled.
client # [ 4.497210] systemd[1]: Listening on Journal Sockets.
client # [ 4.498279] systemd[1]: Listening on Userspace Out-Of-Memory (OOM) Killer Socket.
dnsserver # [ 4.374744] systemd[1]: Mounting POSIX Message Queue File System...
client # [ 4.499745] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
client # [ 4.501691] systemd[1]: Listening on udev Control Socket.
client # [ 4.502724] systemd[1]: Listening on udev Kernel Socket.
dnsserver # [ 4.380165] systemd[1]: Mounting Kernel Debug File System...
client # [ 4.506918] systemd[1]: Mounting Huge Pages File System...
dnsserver # [ 4.385002] systemd[1]: Starting Create List of Static Device Nodes...
client # [ 4.510917] systemd[1]: Mounting POSIX Message Queue File System...
acme # [ 4.637176] systemd[1]: modprobe@9pnet_virtio.service: Deactivated successfully.
client # [ 4.516431] systemd[1]: Mounting Kernel Debug File System...
acme # [ 4.642099] systemd[1]: Finished Load Kernel Module 9pnet_virtio.
dnsserver # [ 4.393873] systemd[1]: Starting Load Kernel Module 9pnet_virtio...
client # [ 4.521530] systemd[1]: Starting Create List of Static Device Nodes...
dnsserver # [ 4.403757] systemd[1]: Starting Load Kernel Module configfs...
client # [ 4.529732] systemd[1]: Starting Load Kernel Module 9pnet_virtio...
dnsserver # [ 4.411456] systemd[1]: Starting Load Kernel Module drm...
client # [ 4.538652] systemd[1]: Starting Load Kernel Module configfs...
acme # [ 4.663240] systemd[1]: [email protected]: Deactivated successfully.
acme # [ 4.668947] systemd[1]: Finished Load Kernel Module drm.
dnsserver # [ 4.421173] systemd[1]: Starting Load Kernel Module efi_pstore...
client # [ 4.550384] systemd[1]: Starting Load Kernel Module drm...
dnsserver # [ 4.430467] systemd[1]: Starting Load Kernel Module fuse...
client # [ 4.558788] systemd[1]: Starting Load Kernel Module efi_pstore...
acme # [ 4.683217] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
dnsserver # [ 4.435340] systemd[1]: Starting mount-pstore.service...
dnsserver # [ 4.437251] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
acme # [ 4.687059] systemd[1]: Finished Load Kernel Module efi_pstore.
acme # [ 4.689988] systemd[1]: [email protected]: Deactivated successfully.
dnsserver # [ 4.440852] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
client # [ 4.567754] systemd[1]: Starting Load Kernel Module fuse...
client # [ 4.572929] systemd[1]: Starting mount-pstore.service...
acme # [ 4.698111] systemd[1]: Finished Load Kernel Module configfs.
client # [ 4.574883] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
dnsserver # [ 4.452098] systemd[1]: Starting Journal Service...
acme # [ 4.702059] systemd[1]: Finished Create Static Device Nodes in /dev gracefully.
client # [ 4.577877] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
acme # [ 4.705752] systemd[1]: Mounting Kernel Configuration File System...
dnsserver # [ 4.458646] systemd[1]: Starting Load Kernel Modules...
client # [ 4.589861] systemd[1]: Starting Journal Service...
dnsserver # [ 4.467552] systemd[1]: Starting Remount Root and Kernel File Systems...
dnsserver # [ 4.469721] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
client # [ 4.595446] systemd[1]: Starting Load Kernel Modules...
acme # [ 4.722158] systemd[1]: Starting Create Static Device Nodes in /dev...
client # [ 4.600918] systemd[1]: Starting Remount Root and Kernel File Systems...
dnsserver # [ 4.477649] systemd[1]: Starting Coldplug All udev Devices...
client # [ 4.603099] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
acme # [ 4.729078] systemd[1]: Finished Load/Save OS Random Seed.
acme # [ 4.731344] systemd[1]: Reached target First Boot Complete.
dnsserver # [ 4.485013] systemd[1]: Mounted Huge Pages File System.
acme # [ 4.734405] systemd[1]: Mounted Kernel Configuration File System.
client # [ 4.610238] systemd[1]: Starting Coldplug All udev Devices...
dnsserver # [ 4.487521] systemd[1]: Mounted POSIX Message Queue File System.
dnsserver # [ 4.489577] systemd[1]: Mounted Kernel Debug File System.
acme # [ 4.737179] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
client # [ 4.616550] systemd[1]: Mounted Huge Pages File System.
client # [ 4.619628] systemd[1]: Mounted POSIX Message Queue File System.
dnsserver # [ 4.495814] systemd[1]: Finished Create List of Static Device Nodes.
client # [ 4.621989] systemd[1]: Mounted Kernel Debug File System.
client # [ 4.628274] systemd[1]: Finished Create List of Static Device Nodes.
dnsserver # [ 4.505865] systemd[1]: Starting Create Static Device Nodes in /dev gracefully...
acme # [ 4.758806] fuse: init (API version 7.39)
client # [ 4.635764] systemd[1]: Starting Create Static Device Nodes in /dev gracefully...
acme # [ 4.768829] systemd[1]: [email protected]: Deactivated successfully.
acme # [ 4.774039] systemd[1]: Finished Load Kernel Module fuse.
acme # [ 4.781456] tun: Universal TUN/TAP device driver, 1.6
acme # [ 4.802716] loop: module loaded
acme # [ 4.817056] systemd[1]: Finished Load Kernel Modules.
dnsserver # [ 4.572660] EXT4-fs (vda): re-mounted 012cbbb8-2e11-457a-ae38-e326170780a1 r/w. Quota mode: none.
acme # [ 4.821581] systemd[1]: Starting Firewall...
acme # [ 4.827085] systemd[1]: Starting Apply Kernel Variables...
dnsserver # [ 4.593811] systemd[1]: Finished Remount Root and Kernel File Systems.
client # [ 4.718919] EXT4-fs (vda): re-mounted 8324d8c0-5f08-4324-bd34-3aecf9d9f02e r/w. Quota mode: none.
client # [ 4.724563] systemd[1]: modprobe@9pnet_virtio.service: Deactivated successfully.
dnsserver # [ 4.601739] systemd[1]: Starting Load/Save OS Random Seed...
acme # [ 4.851101] systemd[1]: Finished Create Static Device Nodes in /dev.
dnsserver # [ 4.603846] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
client # [ 4.729236] systemd[1]: Finished Load Kernel Module 9pnet_virtio.
acme # [ 4.853894] systemd[1]: Reached target Preparation for Local File Systems.
dnsserver # [ 4.611631] systemd-journald[386]: Collecting audit messages is disabled.
acme # [ 4.861477] systemd[1]: Starting Rule-based Manager for Device Events and Files...
webserver # [ 4.494159] systemd[1]: Queued start job for default target Multi-User System.
dnsserver # [ 4.619288] systemd[1]: modprobe@9pnet_virtio.service: Deactivated successfully.
client # [ 4.744252] systemd[1]: Finished Remount Root and Kernel File Systems.
dnsserver # [ 4.624747] systemd[1]: Finished Load Kernel Module 9pnet_virtio.
client # [ 4.751942] systemd[1]: Starting Load/Save OS Random Seed...
client # [ 4.753936] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
client # [ 4.760000] systemd-journald[388]: Collecting audit messages is disabled.
webserver # [ 4.515921] systemd[1]: Created slice Slice /system/getty.
webserver # [ 4.517693] systemd[1]: Created slice Slice /system/modprobe.
webserver # [ 4.519399] systemd[1]: Created slice User and Session Slice.
webserver # [ 4.520523] systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
webserver # [ 4.522034] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
webserver # [ 4.523545] systemd[1]: Expecting device /dev/hvc0...
webserver # [ 4.524459] systemd[1]: Expecting device /dev/ttyS0...
webserver # [ 4.525376] systemd[1]: Expecting device /sys/subsystem/net/devices/eth1...
webserver # [ 4.526522] systemd[1]: Reached target Local Encrypted Volumes.
webserver # [ 4.527582] systemd[1]: Reached target Containers.
webserver # [ 4.528461] systemd[1]: Reached target Path Units.
webserver # [ 4.529364] systemd[1]: Reached target Remote File Systems.
client # [ 4.774338] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 4.530328] systemd[1]: Reached target Slice Units.
webserver # [ 4.531213] systemd[1]: Reached target Swaps.
client # [ 4.779174] systemd[1]: Finished Load Kernel Module drm.
dnsserver # [ 4.655282] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 4.535185] systemd[1]: Listening on Process Core Dump Socket.
dnsserver # [ 4.658974] systemd[1]: Finished Load Kernel Module drm.
webserver # [ 4.538207] systemd[1]: Listening on Credential Encryption/Decryption.
webserver # [ 4.539407] systemd[1]: Listening on Journal Socket (/dev/log).
webserver # [ 4.540586] systemd[1]: Listening on Journal Sockets.
dnsserver # [ 4.661682] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 4.541642] systemd[1]: Listening on Userspace Out-Of-Memory (OOM) Killer Socket.
webserver # [ 4.543127] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
client # [ 4.788579] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
acme # [ 4.770743] systemd-modules-load[384]: Inserted module 'bridge'[ 4.913539] systemd[1]: Started Journal Service.
webserver # [ 4.545078] systemd[1]: Listening on udev Control Socket.
webserver # [ 4.546093] systemd[1]: Listening on udev Kernel Socket.
dnsserver # [ 4.666877] systemd[1]: Finished Load Kernel Module configfs.
client # [ 4.792158] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 4.550072] systemd[1]: Mounting Huge Pages File System...
acme #
dnsserver # [ 4.672739] systemd[1]: Mounting Kernel Configuration File System...
webserver # [ 4.553764] systemd[1]: Mounting POSIX Message Queue File System...
client # [ 4.801223] systemd[1]: [email protected]: Deactivated successfully.
acme # [ 4.783477] systemd-modules-load[384]: Inserted module 'macvlan'
webserver # [ 4.558775] systemd[1]: Mounting Kernel Debug File System...
client # [ 4.806825] systemd[1]: Finished Load Kernel Module configfs.
webserver # [ 4.564277] systemd[1]: Starting Create List of Static Device Nodes...
acme # [ 4.787797] systemd-modules-load[384]: Inserted module 'tap'
client # [ 4.811979] systemd[1]: Mounting Kernel Configuration File System...
acme # [ 4.796088] systemd-modules-load[384]: Inserted module 'tun'
webserver # [ 4.573369] systemd[1]: Starting Load Kernel Module 9pnet_virtio...
acme # [ 4.799211] systemd-modules-load[384]: Inserted module 'loop'
dnsserver # [ 4.699191] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
acme # [ 4.805768] systemd[1]: Starting Flush Journal to Persistent Storage...
dnsserver # [ 4.703757] systemd[1]: Finished Load Kernel Module efi_pstore.
dnsserver # [ 4.706128] systemd[1]: Mounted Kernel Configuration File System.
webserver # [ 4.586768] systemd[1]: Starting Load Kernel Module configfs...
acme # [ 4.814725] systemd[1]: Finished Apply Kernel Variables.
webserver # [ 4.596271] systemd[1]: Starting Load Kernel Module drm...
client # [ 4.841247] systemd[1]: Finished Create Static Device Nodes in /dev gracefully.
client # [ 4.845092] systemd[1]: Mounted Kernel Configuration File System.
webserver # [ 4.602637] systemd[1]: Starting Load Kernel Module efi_pstore...
dnsserver # [ 4.725720] systemd[1]: Finished Create Static Device Nodes in /dev gracefully.
webserver # [ 4.609004] systemd[1]: Starting Load Kernel Module fuse...
dnsserver # [ 4.733511] systemd[1]: Starting Create Static Device Nodes in /dev...
webserver # [ 4.614686] systemd[1]: Starting mount-pstore.service...
dnsserver # [ 4.736110] fuse: init (API version 7.39)
webserver # [ 4.616553] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
dnsserver # [ 4.737343] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
dnsserver # [ 4.740706] systemd[1]: Finished Load/Save OS Random Seed.
client # [ 4.864957] systemd[1]: Starting Create Static Device Nodes in /dev...
webserver # [ 4.620202] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
dnsserver # [ 4.742681] systemd[1]: Reached target First Boot Complete.
dnsserver # [ 4.748239] systemd[1]: [email protected]: Deactivated successfully.
client # [ 4.873040] fuse: init (API version 7.39)
webserver # [ 4.631748] systemd[1]: Starting Journal Service...
dnsserver # [ 4.753781] systemd[1]: Finished Load Kernel Module fuse.
client # [ 4.878235] systemd[1]: Finished Load/Save OS Random Seed.
client # [ 4.879422] systemd[1]: Reached target First Boot Complete.
client # [ 4.880898] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
webserver # [ 4.637608] systemd[1]: Starting Load Kernel Modules...
client # [ 4.886765] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 4.644054] systemd[1]: Starting Remount Root and Kernel File Systems...
webserver # [ 4.645929] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
client # [ 4.892168] systemd[1]: Finished Load Kernel Module fuse.
client # [ 4.896944] systemd[1]: Mounting FUSE Control File System...
webserver # [ 4.656606] systemd[1]: Starting Coldplug All udev Devices...
acme # [ 5.026756] systemd-journald[383]: Received client request to flush runtime journal.
dnsserver # [ 4.783733] tun: Universal TUN/TAP device driver, 1.6
webserver # [ 4.663435] systemd[1]: Mounted Huge Pages File System.
webserver # [ 4.666784] systemd[1]: Mounted POSIX Message Queue File System.
webserver # [ 4.668782] systemd[1]: Mounted Kernel Debug File System.
webserver # [ 4.673066] systemd[1]: Finished Create List of Static Device Nodes.
client # [ 4.923071] systemd[1]: Mounted FUSE Control File System.
webserver # [ 4.679932] systemd[1]: Starting Create Static Device Nodes in /dev gracefully...
dnsserver # [ 4.802632] loop: module loaded
client # [ 4.933992] tun: Universal TUN/TAP device driver, 1.6
dnsserver # [ 4.816797] systemd[1]: Finished Load Kernel Modules.
dnsserver # [ 4.821462] systemd[1]: Starting Firewall...
dnsserver # [ 4.828531] systemd[1]: Starting Apply Kernel Variables...
client # [ 4.956409] loop: module loaded
client # [ 4.971247] systemd[1]: Finished Load Kernel Modules.
acme # [ 4.958661] systemd-udevd[403]: Using default interface naming scheme 'v255'.
client # [ 4.979454] systemd[1]: Starting Firewall...
dnsserver # [ 4.857748] systemd[1]: Finished Create Static Device Nodes in /dev.
dnsserver # [ 4.859042] systemd[1]: Reached target Preparation for Local File Systems.
client # [ 4.983849] systemd[1]: Starting Apply Kernel Variables...
acme # [ 4.969696] systemd[1]: Finished Flush Journal to Persistent Storage.
dnsserver # [ 4.865500] systemd[1]: Starting Rule-based Manager for Device Events and Files...
client # [ 4.995239] systemd[1]: Finished Create Static Device Nodes in /dev.
client # [ 4.996577] systemd[1]: Reached target Preparation for Local File Systems.
acme # [ 4.979739] systemd[1]: Finished Coldplug All udev Devices.
webserver # [ 4.753890] EXT4-fs (vda): re-mounted 9af7894e-e549-4525-9088-bed3ba7a646e r/w. Quota mode: none.
webserver # [ 4.757593] systemd[1]: modprobe@9pnet_virtio.service: Deactivated successfully.
client # [ 5.003744] systemd[1]: Starting Rule-based Manager for Device Events and Files...
webserver # [ 4.763016] systemd[1]: Finished Load Kernel Module 9pnet_virtio.
webserver # [ 4.778977] systemd[1]: Finished Remount Root and Kernel File Systems.
dnsserver # [ 4.903529] systemd[1]: Started Journal Service.
webserver # [ 4.785713] systemd[1]: Starting Load/Save OS Random Seed...
dnsserver # [ 4.765795] systemd-modules-load[387]: Inserted module 'bridge'
webserver # [ 4.787950] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
dnsserver # [ 4.769221] systemd-modules-load[387]: Inserted module 'macvlan'
acme # [ 5.017392] systemd[1]: Started Rule-based Manager for Device Events and Files.
dnsserver # [ 4.777432] systemd-modules-load[387]: Inserted module 'tap'
webserver # [ 4.804989] systemd-journald[385]: Collecting audit messages is disabled.
dnsserver # [ 4.783563] systemd-modules-load[387]: Inserted module 'tun'
acme # [ 5.033684] systemd[1]: Starting Load Kernel Module fuse...
dnsserver # [ 4.788845] systemd-modules-load[387]: Inserted module 'loop'
client # [ 5.056359] systemd[1]: Started Journal Service.
client # [ 4.917597] systemd-modules-load[389]: Inserted module 'bridge'
dnsserver # [ 4.796122] systemd[1]: Starting Flush Journal to Persistent Storage...
webserver # [ 4.817440] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 4.821959] systemd[1]: Finished Load Kernel Module drm.
client # [ 4.924080] systemd-modules-load[389]: Inserted module 'macvlan'
client # [ 4.930079] systemd-modules-load[389]: Inserted module 'tap'
dnsserver # [ 4.814517] systemd[1]: Finished Apply Kernel Variables.
client # [ 4.938350] systemd-modules-load[389]: Inserted module 'tun'
client # [ 4.944819] systemd-modules-load[389]: Inserted module 'loop'
webserver # [ 4.843670] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 4.848945] systemd[1]: Finished Load Kernel Module configfs.
client # [ 4.950860] systemd[1]: Starting Flush Journal to Persistent Storage...
webserver # [ 4.854335] systemd[1]: Mounting Kernel Configuration File System...
acme # [ 5.083963] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 4.859790] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
acme # [ 5.087457] systemd[1]: Finished Load Kernel Module fuse.
webserver # [ 4.862959] systemd[1]: Finished Load Kernel Module efi_pstore.
client # [ 4.968221] systemd[1]: Finished Apply Kernel Variables.
acme # [ 5.109746] systemd[1]: Starting Load Kernel Module fuse...
webserver # [ 4.885132] systemd[1]: Mounted Kernel Configuration File System.
dnsserver # [ 5.014546] systemd-journald[386]: Received client request to flush runtime journal.
webserver # [ 4.908457] systemd[1]: Finished Create Static Device Nodes in /dev gracefully.
webserver # [ 4.913972] fuse: init (API version 7.39)
webserver # [ 4.915995] systemd[1]: Starting Create Static Device Nodes in /dev...
webserver # [ 4.918791] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
webserver # [ 4.921998] systemd[1]: Finished Load/Save OS Random Seed.
webserver # [ 4.923151] systemd[1]: Reached target First Boot Complete.
client # [ 5.167715] systemd-journald[388]: Received client request to flush runtime journal.
webserver # [ 4.928023] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 4.931949] systemd[1]: Finished Load Kernel Module fuse.
acme # [ 5.158588] systemd[1]: [email protected]: Deactivated successfully.
acme # [ 5.163361] systemd[1]: Finished Load Kernel Module fuse.
dnsserver # [ 4.941857] systemd-udevd[406]: Using default interface naming scheme 'v255'.
webserver # [ 4.965103] tun: Universal TUN/TAP device driver, 1.6
dnsserver # [ 4.949448] systemd[1]: Finished Flush Journal to Persistent Storage.
acme # [ 5.205619] systemd[1]: Found device /dev/ttyS0.
acme # [ 5.207313] systemd[1]: Found device /dev/hvc0.
webserver # [ 4.983771] loop: module loaded
dnsserver # [ 4.968755] systemd[1]: Finished Coldplug All udev Devices.
webserver # [ 5.000069] systemd[1]: Finished Load Kernel Modules.
client # [ 5.102974] systemd-udevd[409]: Using default interface naming scheme 'v255'.
webserver # [ 5.005197] systemd[1]: Starting Firewall...
client # [ 5.112148] systemd[1]: Finished Flush Journal to Persistent Storage.
webserver # [ 5.011783] systemd[1]: Starting Apply Kernel Variables...
client # [ 5.121697] systemd[1]: Finished Coldplug All udev Devices.
dnsserver # [ 5.016230] systemd[1]: Started Rule-based Manager for Device Events and Files.
webserver # [ 5.040968] systemd[1]: Finished Create Static Device Nodes in /dev.
webserver # [ 5.042877] systemd[1]: Reached target Preparation for Local File Systems.
webserver # [ 5.048490] systemd[1]: Starting Rule-based Manager for Device Events and Files...
dnsserver # [ 5.029604] systemd[1]: Starting Load Kernel Module fuse...
acme # [ 5.284573] (udev-worker)[467]: Network interface NamePolicy= disabled on kernel command line.
client # [ 5.161505] systemd[1]: Started Rule-based Manager for Device Events and Files.
acme # [ 5.287658] (udev-worker)[458]: eth1: Config file /etc/systemd/network/40-eth1.link is applied to device based on potentially unpredictable interface name.
acme # [ 5.291242] (udev-worker)[458]: Network interface NamePolicy= disabled on kernel command line.
dnsserver # [ 5.078080] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 5.099839] systemd[1]: Started Journal Service.
dnsserver # [ 5.080726] systemd[1]: Finished Load Kernel Module fuse.
webserver # [ 4.960632] systemd-modules-load[386]: Inserted module 'bridge'
webserver # [ 4.965946] systemd-modules-load[386]: Inserted module 'macvlan'
webserver # [ 4.969375] systemd-modules-load[386]: Inserted module 'tap'
webserver # [ 4.972302] systemd-modules-load[386]: Inserted module 'tun'
webserver # [ 4.979225] systemd-modules-load[386]: Inserted module 'loop'
dnsserver # [ 5.102731] systemd[1]: Starting Load Kernel Module fuse...
acme # [ 5.350331] systemd[1]: Mounting /run/wrappers...
webserver # [ 4.983385] systemd[1]: Starting Flush Journal to Persistent Storage...
acme # [ 5.355650] systemd[1]: Mounting FUSE Control File System...
webserver # [ 4.990845] systemd[1]: Finished Apply Kernel Variables.
acme # [ 5.385537] systemd[1]: Mounted FUSE Control File System.
dnsserver # [ 5.151700] systemd[1]: [email protected]: Deactivated successfully.
acme # [ 5.401875] systemd[1]: Mounted /run/wrappers.
dnsserver # [ 5.155869] systemd[1]: Finished Load Kernel Module fuse.
acme # [ 5.404454] systemd[1]: Reached target Local File Systems.
acme # [ 5.408822] systemd[1]: Listening on Boot Entries Service Socket.
acme # [ 5.414075] systemd[1]: Starting Create SUID/SGID Wrappers...
acme # [ 5.416454] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
acme # [ 5.421825] systemd[1]: Starting Save Transient machine-id to Disk...
acme # [ 5.426344] systemd[1]: Starting Create System Files and Directories...
client # [ 5.304645] systemd[1]: Found device /dev/hvc0.
webserver # [ 5.211786] systemd-journald[385]: Received client request to flush runtime journal.
client # [ 5.318723] systemd[1]: Found device /dev/ttyS0.
dnsserver # [ 5.204817] systemd[1]: Found device /dev/ttyS0.
dnsserver # [ 5.206745] systemd[1]: Found device /dev/hvc0.
acme # [ 5.494952] systemd[1]: etc-machine\x2did.mount: Deactivated successfully.
acme # [ 5.504531] systemd[1]: Finished Save Transient machine-id to Disk.
client # [ 5.383441] (udev-worker)[465]: Network interface NamePolicy= disabled on kernel command line.
client # [ 5.387165] (udev-worker)[469]: eth1: Config file /etc/systemd/network/40-eth1.link is applied to device based on potentially unpredictable interface name.
client # [ 5.389916] (udev-worker)[469]: Network interface NamePolicy= disabled on kernel command line.
webserver # [ 5.146295] systemd-udevd[407]: Using default interface naming scheme 'v255'.
acme # [ 5.516240] systemd[1]: Found device Virtio network device.
webserver # [ 5.155186] systemd[1]: Finished Flush Journal to Persistent Storage.
webserver # [ 5.157840] systemd[1]: Finished Coldplug All udev Devices.
dnsserver # [ 5.279855] (udev-worker)[462]: Network interface NamePolicy= disabled on kernel command line.
dnsserver # [ 5.282844] (udev-worker)[453]: eth1: Config file /etc/systemd/network/40-eth1.link is applied to device based on potentially unpredictable interface name.
dnsserver # [ 5.285839] (udev-worker)[453]: Network interface NamePolicy= disabled on kernel command line.
webserver # [ 5.204223] systemd[1]: Started Rule-based Manager for Device Events and Files.
acme # [ 5.580085] systemd[1]: Finished Create System Files and Directories.
acme # [ 5.586547] systemd[1]: Starting Rebuild Journal Catalog...
webserver # [ 5.219427] systemd[1]: Starting Load Kernel Module fuse...
acme # [ 5.592741] systemd[1]: Starting Userspace Out-Of-Memory (OOM) Killer...
dnsserver # [ 5.347188] systemd[1]: Mounting /run/wrappers...
acme # [ 5.596913] systemd[1]: Starting Record System Boot/Shutdown in UTMP...
dnsserver # [ 5.351927] systemd[1]: Mounting FUSE Control File System...
client # [ 5.479236] systemd[1]: Mounting /run/wrappers...
dnsserver # [ 5.380104] systemd[1]: Mounted FUSE Control File System.
webserver # [ 5.268212] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 5.271894] systemd[1]: Finished Load Kernel Module fuse.
client # [ 5.522085] systemd[1]: Mounted /run/wrappers.
dnsserver # [ 5.400060] systemd[1]: Mounted /run/wrappers.
client # [ 5.522968] systemd[1]: Reached target Local File Systems.
dnsserver # [ 5.402269] systemd[1]: Reached target Local File Systems.
client # [ 5.526800] systemd[1]: Listening on Boot Entries Service Socket.
dnsserver # [ 5.405983] systemd[1]: Listening on Boot Entries Service Socket.
client # [ 5.532343] systemd[1]: Starting Create SUID/SGID Wrappers...
client # [ 5.535138] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
dnsserver # [ 5.414113] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 5.294532] systemd[1]: Starting Load Kernel Module fuse...
dnsserver # [ 5.415098] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
client # [ 5.539730] systemd[1]: Starting Save Transient machine-id to Disk...
dnsserver # [ 5.420187] systemd[1]: Starting Save Transient machine-id to Disk...
client # [ 5.545277] systemd[1]: Starting Create System Files and Directories...
dnsserver # [ 5.423620] systemd[1]: Starting Create System Files and Directories...
client # [ 5.549095] systemd[1]: Found device Virtio network device.
acme # [ 5.706122] systemd[1]: Finished Record System Boot/Shutdown in UTMP.
webserver # [ 5.344110] systemd[1]: [email protected]: Deactivated successfully.
webserver # [ 5.348898] systemd[1]: Finished Load Kernel Module fuse.
dnsserver # [ 5.472417] systemd[1]: Found device Virtio network device.
acme # [ 5.872670] mousedev: PS/2 mouse device common for all mice
dnsserver # [ 5.494189] systemd[1]: etc-machine\x2did.mount: Deactivated successfully.
client # [ 5.620801] systemd[1]: etc-machine\x2did.mount: Deactivated successfully.
dnsserver # [ 5.503794] systemd[1]: Finished Save Transient machine-id to Disk.
client # [ 5.626861] systemd[1]: Finished Save Transient machine-id to Disk.
webserver # [ 5.387115] systemd[1]: Found device /dev/ttyS0.
webserver # [ 5.396839] systemd[1]: Found device /dev/hvc0.
acme # [ 5.776189] systemd[1]: Finished Rebuild Journal Catalog.
acme # [ 5.782607] systemd[1]: Starting Update is Completed...
dnsserver # [ 5.572201] systemd[1]: Finished Create System Files and Directories.
dnsserver # [ 5.580774] systemd[1]: Starting Rebuild Journal Catalog...
webserver # [ 5.461342] (udev-worker)[465]: Network interface NamePolicy= disabled on kernel command line.
client # [ 5.704190] systemd[1]: Finished Create System Files and Directories.
client # [ 5.850625] mousedev: PS/2 mouse device common for all mice
dnsserver # [ 5.586105] systemd[1]: Starting Userspace Out-Of-Memory (OOM) Killer...
client # [ 5.709927] systemd[1]: Starting Rebuild Journal Catalog...
dnsserver # [ 5.591503] systemd[1]: Starting Record System Boot/Shutdown in UTMP...
webserver # [ 5.472534] (udev-worker)[453]: eth1: Config file /etc/systemd/network/40-eth1.link is applied to device based on potentially unpredictable interface name.
client # [ 5.718643] systemd[1]: Starting Userspace Out-Of-Memory (OOM) Killer...
webserver # [ 5.475476] (udev-worker)[453]: Network interface NamePolicy= disabled on kernel command line.
dnsserver # [ 5.740858] mousedev: PS/2 mouse device common for all mice
client # [ 5.722145] systemd[1]: Starting Record System Boot/Shutdown in UTMP...
acme # [ 5.859252] systemd[1]: Finished Update is Completed.
acme # [ 6.023522] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input3
acme # [ 5.886180] systemd-oomd[537]: No swap; memory pressure usage will be degraded
acme # [ 5.890282] systemd[1]: Started Userspace Out-Of-Memory (OOM) Killer.
webserver # [ 5.526211] systemd[1]: Mounting /run/wrappers...
webserver # [ 5.529893] systemd[1]: Mounting FUSE Control File System...
acme # [ 6.071332] ACPI: button: Power Button [PWRF]
webserver # [ 5.564735] systemd[1]: Mounted FUSE Control File System.
dnsserver # [ 5.696787] systemd[1]: Finished Record System Boot/Shutdown in UTMP.
webserver # [ 5.580132] systemd[1]: Mounted /run/wrappers.
client # [ 5.827761] systemd[1]: Finished Record System Boot/Shutdown in UTMP.
webserver # [ 5.585640] systemd[1]: Reached target Local File Systems.
webserver # [ 5.586606] systemd[1]: Listening on Boot Entries Service Socket.
webserver # [ 5.589087] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 5.591195] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 5.595403] systemd[1]: Starting Save Transient machine-id to Disk...
webserver # [ 5.599724] systemd[1]: Starting Create System Files and Directories...
client # [ 5.990703] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input3
acme # [ 6.137445] Floppy drive(s): fd0 is 2.88M AMI BIOS
acme # [ 6.140112] parport_pc 00:03: reported by Plug and Play ACPI
dnsserver # [ 5.754579] systemd[1]: Finished Rebuild Journal Catalog.
dnsserver # [ 5.761916] systemd[1]: Starting Update is Completed...
acme # [ 6.153078] parport0: PC-style at 0x378, irq 7 [PCSPP(,...)]
client # [ 5.900092] systemd[1]: Finished Rebuild Journal Catalog.
acme # [ 6.171326] piix4_smbus 0000:00:01.3: SMBus Host Controller at 0x700, revision 0
client # [ 5.910318] systemd[1]: Starting Update is Completed...
acme # [ 6.178691] FDC 0 is a S82078B
webserver # [ 5.673846] systemd[1]: etc-machine\x2did.mount: Deactivated successfully.
webserver # [ 5.682823] systemd[1]: Finished Save Transient machine-id to Disk.
webserver # [ 5.705430] systemd[1]: Found device Virtio network device.
client # [ 6.095909] ACPI: button: Power Button [PWRF]
dnsserver # [ 5.976499] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input3
acme # [ 6.232329] input: QEMU Virtio Keyboard as /devices/pci0000:00/0000:00:0a.0/virtio7/input/input4
dnsserver # [ 5.851158] systemd[1]: Finished Update is Completed.
client # [ 5.991592] systemd[1]: Finished Update is Completed.
dnsserver # [ 6.014022] ACPI: button: Power Button [PWRF]
dnsserver # [ 5.877889] systemd-oomd[539]: No swap; memory pressure usage will be degraded
webserver # [ 5.761067] systemd[1]: Finished Create System Files and Directories.
dnsserver # [ 5.881630] systemd[1]: Started Userspace Out-Of-Memory (OOM) Killer.
client # [ 6.005438] systemd-oomd[540]: No swap; memory pressure usage will be degraded
client # [ 6.008617] systemd[1]: Started Userspace Out-Of-Memory (OOM) Killer.
webserver # [ 5.767891] systemd[1]: Starting Rebuild Journal Catalog...
webserver # [ 5.773919] systemd[1]: Starting Userspace Out-Of-Memory (OOM) Killer...
acme # [ 6.285405] bochs-drm 0000:00:02.0: vgaarb: deactivate vga console
client # [ 6.161719] Floppy drive(s): fd0 is 2.88M AMI BIOS
webserver # [ 5.781219] systemd[1]: Starting Record System Boot/Shutdown in UTMP...
acme # [ 6.295873] cryptd: max_cpu_qlen set to 1000
client # [ 6.181859] parport_pc 00:03: reported by Plug and Play ACPI
client # [ 6.187862] parport0: PC-style at 0x378, irq 7 [PCSPP(,...)]
client # [ 6.194739] FDC 0 is a S82078B
acme # [ 6.336525] Console: switching to colour dummy device 80x25
dnsserver # [ 6.098834] parport_pc 00:03: reported by Plug and Play ACPI
acme # [ 6.338655] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input6
dnsserver # [ 6.112523] parport0: PC-style at 0x378, irq 7 [PCSPP(,...)]
webserver # [ 5.995579] mousedev: PS/2 mouse device common for all mice
dnsserver # [ 6.117208] Floppy drive(s): fd0 is 2.88M AMI BIOS
acme # [ 6.338930] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input5
client # [ 6.252414] piix4_smbus 0000:00:01.3: SMBus Host Controller at 0x700, revision 0
acme # [ 6.386792] [drm] Found bochs VGA, ID 0xb0c5.
acme # [ 6.387347] [drm] Framebuffer size 16384 kB @ 0xfd000000, mmio @ 0xfebd0000.
dnsserver # [ 6.139685] piix4_smbus 0000:00:01.3: SMBus Host Controller at 0x700, revision 0
webserver # [ 5.880390] systemd[1]: Finished Record System Boot/Shutdown in UTMP.
acme # [ 6.392343] AVX2 version of gcm_enc/dec engaged.
dnsserver # [ 6.145900] FDC 0 is a S82078B
acme # [ 6.403687] AES CTR mode by8 optimization enabled
acme # [ 6.408167] [drm] Found EDID data blob.
client # [ 6.285710] input: QEMU Virtio Keyboard as /devices/pci0000:00/0000:00:0a.0/virtio7/input/input4
acme # [ 6.422292] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 0
dnsserver # [ 6.195919] input: QEMU Virtio Keyboard as /devices/pci0000:00/0000:00:0a.0/virtio7/input/input4
webserver # [ 5.941147] systemd[1]: Finished Rebuild Journal Catalog.
webserver # [ 5.944699] systemd[1]: Starting Update is Completed...
client # [ 6.352703] cryptd: max_cpu_qlen set to 1000
dnsserver # [ 6.246371] cryptd: max_cpu_qlen set to 1000
client # [ 6.375582] bochs-drm 0000:00:02.0: vgaarb: deactivate vga console
dnsserver # [ 6.254129] bochs-drm 0000:00:02.0: vgaarb: deactivate vga console
client # [ 6.412471] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input6
webserver # [ 6.038161] systemd[1]: Finished Update is Completed.
webserver # [ 6.193673] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input3
client # [ 6.412786] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input5
dnsserver # [ 6.305722] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input6
webserver # [ 6.063259] systemd-oomd[539]: No swap; memory pressure usage will be degraded
webserver # [ 6.069304] systemd[1]: Started Userspace Out-Of-Memory (OOM) Killer.
client # [ 6.423538] Console: switching to colour dummy device 80x25
dnsserver # [ 6.305988] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input5
client # [ 6.431596] AVX2 version of gcm_enc/dec engaged.
webserver # [ 6.226232] ACPI: button: Power Button [PWRF]
client # [ 6.431617] AES CTR mode by8 optimization enabled
dnsserver # [ 6.319448] Console: switching to colour dummy device 80x25
client # [ 6.486614] [drm] Found bochs VGA, ID 0xb0c5.
client # [ 6.487188] [drm] Framebuffer size 16384 kB @ 0xfd000000, mmio @ 0xfebd0000.
dnsserver # [ 6.333095] AVX2 version of gcm_enc/dec engaged.
dnsserver # [ 6.333117] AES CTR mode by8 optimization enabled
client # [ 6.500960] [drm] Found EDID data blob.
dnsserver # [ 6.379954] [drm] Found bochs VGA, ID 0xb0c5.
dnsserver # [ 6.380542] [drm] Framebuffer size 16384 kB @ 0xfd000000, mmio @ 0xfebd0000.
client # [ 6.509814] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 0
dnsserver # [ 6.392714] [drm] Found EDID data blob.
dnsserver # [ 6.396661] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 0
webserver # [ 6.299359] parport_pc 00:03: reported by Plug and Play ACPI
webserver # [ 6.308277] Floppy drive(s): fd0 is 2.88M AMI BIOS
webserver # [ 6.322861] parport0: PC-style at 0x378, irq 7 [PCSPP(,...)]
webserver # [ 6.338409] FDC 0 is a S82078B
webserver # [ 6.347777] piix4_smbus 0000:00:01.3: SMBus Host Controller at 0x700, revision 0
acme # [ 6.439906] fbcon: bochs-drmdrmfb (fb0) is primary device
acme # [ 6.578861] ppdev: user-space parallel port driver
webserver # [ 6.401448] input: QEMU Virtio Keyboard as /devices/pci0000:00/0000:00:0a.0/virtio7/input/input4
webserver # [ 6.458206] bochs-drm 0000:00:02.0: vgaarb: deactivate vga console
webserver # [ 6.466657] cryptd: max_cpu_qlen set to 1000
acme # [ 6.587855] Console: switching to colour frame buffer device 160x50
acme # [ 6.870244] bochs-drm 0000:00:02.0: [drm] fb0: bochs-drmdrmfb frame buffer device
acme # [ 6.744976] 38qp3pqyqc287lwxip3cgnfqzwnawccd-mount-pstore.sh[389]: Persistent Storage backend was not registered in time.
acme # [ 6.749376] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 6.511405] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input6
acme # [ 6.752133] systemd[1]: Finished Create SUID/SGID Wrappers.
acme # [ 6.753696] systemd[1]: Finished Firewall.
acme # [ 6.755042] systemd[1]: Starting Virtual Console Setup...
acme # [ 6.755922] systemd[1]: Finished mount-pstore.service.
acme # [ 6.757220] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 6.511739] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input5
webserver # [ 6.524274] Console: switching to colour dummy device 80x25
acme # [ 6.781627] systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
webserver # [ 6.555670] AVX2 version of gcm_enc/dec engaged.
webserver # [ 6.559298] [drm] Found bochs VGA, ID 0xb0c5.
acme # [ 6.787201] systemd[1]: Stopped Virtual Console Setup.
webserver # [ 6.559869] [drm] Framebuffer size 16384 kB @ 0xfd000000, mmio @ 0xfebd0000.
acme # [ 6.788490] systemd[1]: run-credentials-systemd\x2dvconsole\x2dsetup.service.mount: Deactivated successfully.
webserver # [ 6.563778] AES CTR mode by8 optimization enabled
acme # [ 6.794394] systemd[1]: Starting Virtual Console Setup...
webserver # [ 6.579725] [drm] Found EDID data blob.
webserver # [ 6.589637] [drm] Initialized bochs-drm 1.0.0 20130925 for 0000:00:02.0 on minor 0
acme # [ 6.819904] systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
acme # [ 6.821252] systemd[1]: Stopped Virtual Console Setup.
client # [ 6.536190] fbcon: bochs-drmdrmfb (fb0) is primary device
acme # [ 6.823276] systemd[1]: Starting Virtual Console Setup...
dnsserver # [ 6.418832] fbcon: bochs-drmdrmfb (fb0) is primary device
dnsserver # [ 6.545903] ppdev: user-space parallel port driver
client # [ 6.637416] ppdev: user-space parallel port driver
client # [ 6.670358] Console: switching to colour frame buffer device 160x50
acme # [ 7.078219] kvm_amd: TSC scaling supported
acme # [ 7.078801] kvm_amd: Nested Virtualization enabled
client # [ 6.954382] bochs-drm 0000:00:02.0: [drm] fb0: bochs-drmdrmfb frame buffer device
acme # [ 7.079327] kvm_amd: Nested Paging enabled
acme # [ 7.079817] kvm_amd: LBR virtualization supported
acme # [ 7.084442] kvm_amd: Virtual VMLOAD VMSAVE supported
acme # [ 7.085116] kvm_amd: Virtual GIF supported
dnsserver # [ 6.557538] Console: switching to colour frame buffer device 160x50
dnsserver # [ 6.841268] bochs-drm 0000:00:02.0: [drm] fb0: bochs-drmdrmfb frame buffer device
dnsserver # [ 6.710915] 38qp3pqyqc287lwxip3cgnfqzwnawccd-mount-pstore.sh[392]: Persistent Storage backend was not registered in time.
dnsserver # [ 6.713264] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
dnsserver # [ 6.715306] systemd[1]: Finished Create SUID/SGID Wrappers.
acme # [ 7.105776] EDAC MC: Ver: 3.0.0
dnsserver # [ 6.716344] systemd[1]: Finished Firewall.
dnsserver # [ 6.717659] systemd[1]: Starting Virtual Console Setup...
dnsserver # [ 6.718861] systemd[1]: Finished mount-pstore.service.
client # [ 6.841060] 38qp3pqyqc287lwxip3cgnfqzwnawccd-mount-pstore.sh[394]: Persistent Storage backend was not registered in time.
client # [ 6.843255] systemd[1]: Finished Firewall.
dnsserver # [ 6.720291] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
client # [ 6.847070] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
client # [ 6.848308] systemd[1]: Finished Create SUID/SGID Wrappers.
client # [ 6.849973] systemd[1]: Starting Virtual Console Setup...
client # [ 6.853904] systemd[1]: Finished mount-pstore.service.
client # [ 6.856060] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
client # [ 6.860361] systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
client # [ 6.865076] systemd[1]: Stopped Virtual Console Setup.
client # [ 6.865943] systemd[1]: run-credentials-systemd\x2dvconsole\x2dsetup.service.mount: Deactivated successfully.
client # [ 6.875940] systemd[1]: Starting Virtual Console Setup...
dnsserver # [ 6.754114] systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
dnsserver # [ 6.758105] systemd[1]: Stopped Virtual Console Setup.
dnsserver # [ 6.759612] systemd[1]: run-credentials-systemd\x2dvconsole\x2dsetup.service.mount: Deactivated successfully.
dnsserver # [ 6.769639] systemd[1]: Starting Virtual Console Setup...
client # [ 7.140761] kvm_amd: TSC scaling supported
client # [ 7.141343] kvm_amd: Nested Virtualization enabled
client # [ 7.141979] kvm_amd: Nested Paging enabled
client # [ 7.142576] kvm_amd: LBR virtualization supported
client # [ 7.147261] kvm_amd: Virtual VMLOAD VMSAVE supported
client # [ 7.147987] kvm_amd: Virtual GIF supported
dnsserver # [ 7.030388] kvm_amd: TSC scaling supported
dnsserver # [ 7.030919] kvm_amd: Nested Virtualization enabled
dnsserver # [ 7.031508] kvm_amd: Nested Paging enabled
dnsserver # [ 7.031960] kvm_amd: LBR virtualization supported
dnsserver # [ 7.036558] kvm_amd: Virtual VMLOAD VMSAVE supported
dnsserver # [ 7.037197] kvm_amd: Virtual GIF supported
client # [ 7.168044] EDAC MC: Ver: 3.0.0
dnsserver # [ 7.057752] EDAC MC: Ver: 3.0.0
webserver # [ 6.602315] fbcon: bochs-drmdrmfb (fb0) is primary device
webserver # [ 6.779339] ppdev: user-space parallel port driver
acme # [ 7.281252] systemd[1]: Finished Virtual Console Setup.
acme # [ 7.282240] systemd[1]: Reached target System Initialization.
acme # [ 7.284331] systemd[1]: Started Discard unused filesystem blocks once a week.
acme # [ 7.285539] systemd[1]: Started Daily Cleanup of Temporary Directories.
acme # [ 7.286694] systemd[1]: Reached target Timer Units.
acme # [ 7.287523] systemd[1]: Listening on D-Bus System Message Bus Socket.
acme # [ 7.288557] systemd[1]: Listening on Nix Daemon Socket.
acme # [ 7.289711] systemd[1]: Listening on Hostname Service Socket.
acme # [ 7.290831] systemd[1]: Reached target Socket Units.
acme # [ 7.292306] systemd[1]: Reached target Basic System.
acme # [ 7.295826] systemd[1]: Starting Kernel Auditing...
acme # [ 7.299216] systemd[1]: Started backdoor.service.
acme # [ 7.302762] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
acme # [ 7.307374] systemd[1]: Started Pebble ACME server.
webserver # [ 6.799817] Console: switching to colour frame buffer device 160x50
webserver # [ 7.083788] bochs-drm 0000:00:02.0: [drm] fb0: bochs-drmdrmfb frame buffer device
acme # [ 7.312565] systemd[1]: Started Reset console on configuration changes.
acme # [ 7.318675] systemd[1]: Starting resolvconf update...
acme # [ 7.323481] systemd[1]: Starting D-Bus System Message Bus...
webserver # [ 6.963945] 38qp3pqyqc287lwxip3cgnfqzwnawccd-mount-pstore.sh[391]: Persistent Storage backend was not registered in time.
webserver # [ 6.969767] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 6.976778] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 6.977810] systemd[1]: Finished Firewall.
webserver # [ 6.978691] systemd[1]: Finished mount-pstore.service.
webserver # [ 6.982127] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 6.988364] systemd[1]: Reached target System Initialization.
webserver # [ 6.989416] systemd[1]: Started Discard unused filesystem blocks once a week.
webserver # [ 6.993261] systemd[1]: Started Daily Cleanup of Temporary Directories.
webserver # [ 6.996574] systemd[1]: Reached target Timer Units.
webserver # [ 6.997414] systemd[1]: Listening on D-Bus System Message Bus Socket.
webserver # [ 6.998435] systemd[1]: Listening on Nix Daemon Socket.
webserver # [ 7.002776] systemd[1]: Listening on Hostname Service Socket.
webserver # [ 7.004724] systemd[1]: Reached target Socket Units.
webserver # [ 7.005589] systemd[1]: Reached target Basic System.
webserver # [ 7.006465] systemd[1]: Starting Kernel Auditing...
webserver # [ 7.011446] systemd[1]: Started backdoor.service.
webserver # [ 7.012325] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
webserver # [ 7.013342] systemd[1]: Started Reset console on configuration changes.
acme # [ 7.387331] n8g01dh8avzlj2bqv4ybv9v6dx49rp6d-audit-disable[685]: No rules
acme # connecting to host...
webserver # [ 7.021787] systemd[1]: Starting resolvconf update...
webserver # [ 7.022757] systemd[1]: Starting D-Bus System Message Bus...
webserver # connecting to host...
webserver # [ 7.030162] systemd[1]: Starting Virtual Console Setup...
webserver # [ 7.031166] systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
acme # [ 7.402994] systemd[1]: Finished Kernel Auditing.
webserver # [ 7.042706] systemd[1]: Stopped Virtual Console Setup.
webserver # [ 7.048243] n8g01dh8avzlj2bqv4ybv9v6dx49rp6d-audit-disable[674]: No rules
webserver # [ 7.055310] systemd[1]: run-credentials-systemd\x2dvconsole\x2dsetup.service.mount: Deactivated successfully.
webserver # [ 7.056887] systemd[1]: Starting Virtual Console Setup...
acme # [ 7.438729] systemd[1]: Started Name Service Cache Daemon (nsncd).
webserver # [ 7.072438] systemd[1]: Finished Kernel Auditing.
acme # [ 7.441994] systemd[1]: Reached target Host and Network Name Lookups.
acme # [ 7.448265] nsncd[680]: Nov 28 20:52:50.062 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
acme # [ 7.452870] systemd[1]: Reached target User and Group Name Lookups.
acme # [ 7.454648] systemd[1]: Starting User Login Management...
acme # [ 7.463581] pebble[681]: Pebble 2024/11/28 20:52:50 Starting Pebble ACME server
webserver # [ 7.101594] systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
acme # [ 7.470339] pebble[681]: Pebble 2024/11/28 20:52:50 Setting OCSP responder URL for issued certificates to "http://acme.test:4002"
webserver # [ 7.106146] systemd[1]: Stopped Virtual Console Setup.
webserver # [ 7.107934] systemd[1]: Starting Virtual Console Setup...
client # [ 7.352030] systemd[1]: Finished Virtual Console Setup.
client # [ 7.353554] systemd[1]: Reached target System Initialization.
client # [ 7.354861] systemd[1]: Started Discard unused filesystem blocks once a week.
client # [ 7.357193] systemd[1]: Started Daily Cleanup of Temporary Directories.
client # [ 7.358398] systemd[1]: Reached target Timer Units.
client # [ 7.359359] systemd[1]: Listening on D-Bus System Message Bus Socket.
client # [ 7.360510] systemd[1]: Listening on Nix Daemon Socket.
client # [ 7.361512] systemd[1]: Listening on Hostname Service Socket.
client # [ 7.362769] systemd[1]: Reached target Socket Units.
dnsserver # [ 7.241298] systemd[1]: Finished Virtual Console Setup.
client # [ 7.363894] systemd[1]: Reached target Basic System.
dnsserver # [ 7.242278] systemd[1]: Reached target System Initialization.
acme # [ 7.490169] dbus-daemon[684]: dbus[684]: Unknown username "systemd-timesync" in message bus configuration file
client # [ 7.366134] systemd[1]: Starting Kernel Auditing...
dnsserver # [ 7.243272] systemd[1]: Started Discard unused filesystem blocks once a week.
dnsserver # [ 7.244882] systemd[1]: Started Daily Cleanup of Temporary Directories.
dnsserver # [ 7.245914] systemd[1]: Reached target Timer Units.
dnsserver # [ 7.246854] systemd[1]: Listening on D-Bus System Message Bus Socket.
client # [ 7.369254] systemd[1]: Started backdoor.service.
dnsserver # [ 7.248098] systemd[1]: Listening on Nix Daemon Socket.
dnsserver # [ 7.250236] systemd[1]: Listening on Hostname Service Socket.
webserver # [ 7.130522] systemd[1]: Started Name Service Cache Daemon (nsncd).
dnsserver # [ 7.251288] systemd[1]: Reached target Socket Units.
client # [ 7.373265] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
dnsserver # [ 7.252559] systemd[1]: Reached target Basic System.
dnsserver # [ 7.253766] systemd[1]: Starting Kernel Auditing...
webserver # [ 7.132679] nsncd[666]: Nov 28 20:52:49.756 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
dnsserver # [ 7.256105] systemd[1]: Started backdoor.service.
client # [ 7.378339] systemd[1]: Started Reset console on configuration changes.
client # [ 7.382620] systemd[1]: Starting resolvconf update...
dnsserver # [ 7.259369] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
webserver # [ 7.139186] systemd[1]: Reached target Host and Network Name Lookups.
webserver # [ 7.143566] systemd[1]: Reached target User and Group Name Lookups.
webserver # [ 7.144776] systemd[1]: Starting User Login Management...
dnsserver # [ 7.265204] systemd[1]: Started Pebble ACME challenge test server.
client # [ 7.388519] systemd[1]: Starting D-Bus System Message Bus...
acme # [ 7.517269] systemd[1]: Started D-Bus System Message Bus.
dnsserver # [ 7.269511] systemd[1]: Started Reset console on configuration changes.
webserver # [ 7.154399] dbus-daemon[669]: dbus[669]: Unknown username "systemd-timesync" in message bus configuration file
dnsserver # [ 7.275416] systemd[1]: Starting resolvconf update...
dnsserver # [ 7.279986] systemd[1]: Starting D-Bus System Message Bus...
webserver # [ 7.191119] systemd[1]: Started D-Bus System Message Bus.
client # connecting to host...
client # [ 7.449978] n8g01dh8avzlj2bqv4ybv9v6dx49rp6d-audit-disable[679]: No rules
acme # [ 7.576493] systemd[1]: Stopped target Host and Network Name Lookups.
acme # [ 7.577783] systemd[1]: Stopping Host and Network Name Lookups...
acme # [ 7.582686] systemd[1]: Stopped target User and Group Name Lookups.
acme # [ 7.584465] systemd[1]: Stopping User and Group Name Lookups...
acme # [ 7.585666] systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
acme # [ 7.587803] systemd[1]: nscd.service: Deactivated successfully.
client # [ 7.464858] systemd[1]: Finished Kernel Auditing.
dnsserver # connecting to host...
acme # [ 7.592139] systemd[1]: Stopped Name Service Cache Daemon (nsncd).
dnsserver # [ 7.350677] n8g01dh8avzlj2bqv4ybv9v6dx49rp6d-audit-disable[686]: No rules
acme # [ 7.602546] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
client # [ 7.485631] nsncd[674]: Nov 28 20:52:50.098 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
dnsserver # [ 7.366982] systemd[1]: Finished Kernel Auditing.
client # [ 7.489332] systemd[1]: Started Name Service Cache Daemon (nsncd).
client # [ 7.492283] systemd[1]: Reached target Host and Network Name Lookups.
client # [ 7.493380] systemd[1]: Reached target User and Group Name Lookups.
client # [ 7.496254] systemd[1]: Starting User Login Management...
dnsserver: Guest shell says: b'Spawning backdoor root shell...\n'
dnsserver: connected to guest root shell
dnsserver: (connecting took 7.87 seconds)
(finished: waiting for the VM to finish booting, in 7.87 seconds)
dnsserver # [ 7.388286] systemd[1]: Started Name Service Cache Daemon (nsncd).
client # [ 7.525697] dbus-daemon[677]: dbus[677]: Unknown username "systemd-timesync" in message bus configuration file
acme # [ 7.644302] systemd-logind[709]: New seat seat0.
client # [ 7.555609] systemd[1]: Started D-Bus System Message Bus.
acme # [ 7.648079] systemd-logind[709]: Watching system buttons on /dev/input/event2 (Power Button)
dnsserver # [ 7.389810] systemd[1]: Reached target Host and Network Name Lookups.
acme # [ 7.649361] systemd-logind[709]: Watching system buttons on /dev/input/event3 (QEMU Virtio Keyboard)
dnsserver # [ 7.394336] systemd[1]: Reached target User and Group Name Lookups.
acme # [ 7.650950] systemd-logind[709]: Watching system buttons on /dev/input/event0 (AT Translated Set 2 keyboard)
acme # [ 7.658104] systemd[1]: Started User Login Management.
dnsserver # [ 7.397360] nsncd[681]: Nov 28 20:52:50.008 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
dnsserver # [ 7.401511] systemd[1]: Starting User Login Management...
dnsserver # [ 7.425977] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 Creating HTTP-01 challenge server on :5002
dnsserver # [ 7.427542] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 Creating HTTPS HTTP-01 challenge server on :5003
dnsserver # [ 7.429772] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 Creating TCP and UDP DNS-01 challenge server on :53
dnsserver # [ 7.432865] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 Creating DoH server on :8443
dnsserver # [ 7.434985] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 Creating TLS-ALPN-01 challenge server on :5001
acme # [ 7.682594] systemd[1]: Finished resolvconf update.
dnsserver # [ 7.438135] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 Answering A queries with 192.168.1.4 by default
acme # [ 7.686279] systemd[1]: Reached target Preparation for Network.
dnsserver # [ 7.441364] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 Starting challenge servers
acme # [ 7.691564] systemd[1]: Starting DHCP Client...
acme # [ 7.695180] systemd[1]: Starting Address configuration of eth1...
webserver # [ 7.327282] systemd[1]: Stopped target Host and Network Name Lookups.
dnsserver # [ 7.447702] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 Starting management server on :8055
webserver # [ 7.328937] systemd[1]: Stopping Host and Network Name Lookups...
acme # [ 7.698137] systemd[1]: Started Name Service Cache Daemon (nsncd).
acme # [ 7.699323] systemd[1]: Reached target Host and Network Name Lookups.
webserver # [ 7.333829] systemd[1]: Stopped target User and Group Name Lookups.
dnsserver # [ 7.452659] dbus-daemon[685]: dbus[685]: Unknown username "systemd-timesync" in message bus configuration file
acme # [ 7.701427] systemd[1]: Reached target User and Group Name Lookups.
webserver # [ 7.335348] systemd[1]: Stopping User and Group Name Lookups...
dnsserver # [ 7.455854] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:50 open : no such file or directory
webserver # [ 7.336947] systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
acme # [ 7.705590] nsncd[741]: Nov 28 20:52:50.328 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
webserver # [ 7.341154] systemd[1]: nscd.service: Deactivated successfully.
webserver # [ 7.346824] systemd[1]: Stopped Name Service Cache Daemon (nsncd).
client # [ 7.595635] systemd[1]: Stopped target Host and Network Name Lookups.
webserver # [ 7.354669] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
client # [ 7.597509] systemd[1]: Stopping Host and Network Name Lookups...
client # [ 7.599710] systemd[1]: Stopped target User and Group Name Lookups.
client # [ 7.604202] systemd[1]: Stopping User and Group Name Lookups...
client # [ 7.605582] systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
dnsserver # [ 7.485122] systemd[1]: Started D-Bus System Message Bus.
client # [ 7.608856] systemd[1]: nscd.service: Deactivated successfully.
client # [ 7.614068] systemd[1]: Stopped Name Service Cache Daemon (nsncd).
webserver # [ 7.375079] systemd-logind[696]: New seat seat0.
webserver # [ 7.375992] systemd-logind[696]: Watching system buttons on /dev/input/event2 (Power Button)
webserver # [ 7.378975] systemd-logind[696]: Watching system buttons on /dev/input/event3 (QEMU Virtio Keyboard)
client # [ 7.624570] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
webserver # [ 7.382465] systemd-logind[696]: Watching system buttons on /dev/input/event0 (AT Translated Set 2 keyboard)
webserver # [ 7.388203] systemd[1]: Started User Login Management.
client # [ 7.630403] systemd-logind[699]: New seat seat0.
client # [ 7.636407] systemd-logind[699]: Watching system buttons on /dev/input/event2 (Power Button)
client # [ 7.638601] systemd-logind[699]: Watching system buttons on /dev/input/event3 (QEMU Virtio Keyboard)
client # [ 7.641292] systemd-logind[699]: Watching system buttons on /dev/input/event0 (AT Translated Set 2 keyboard)
client # [ 7.643854] systemd[1]: Started User Login Management.
dnsserver # [ 7.549958] systemd[1]: Stopped target Host and Network Name Lookups.
acme # [ 7.798079] network-addresses-eth1-start[753]: adding address 192.168.1.1/24... done
dnsserver # [ 7.551415] systemd[1]: Stopping Host and Network Name Lookups...
dnsserver # [ 7.555455] systemd[1]: Stopped target User and Group Name Lookups.
dnsserver # [ 7.559537] systemd[1]: Stopping User and Group Name Lookups...
client # [ 7.682567] systemd[1]: Started Name Service Cache Daemon (nsncd).
webserver # [ 7.439126] systemd[1]: Started Name Service Cache Daemon (nsncd).
client # [ 7.684577] systemd[1]: Reached target Host and Network Name Lookups.
dnsserver # [ 7.562151] systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
client # [ 7.685591] systemd[1]: Reached target User and Group Name Lookups.
dnsserver # [ 7.565467] systemd[1]: nscd.service: Deactivated successfully.
webserver # [ 7.444250] nsncd[733]: Nov 28 20:52:50.068 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
client # [ 7.687533] nsncd[732]: Nov 28 20:52:50.304 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
dnsserver # [ 7.567187] systemd[1]: Stopped Name Service Cache Daemon (nsncd).
acme # [ 7.815497] network-addresses-eth1-start[753]: adding address 2001:db8:1::1/64... done
(finished: waiting for unit pebble-challtestsrv.service, in 8.00 seconds)
webserver # [ 7.447631] systemd[1]: Finished resolvconf update.
client: waiting for unit default.target
client: waiting for the VM to finish booting
client: Guest shell says: b'Spawning backdoor root shell...\n'
client: connected to guest root shell
client: (connecting took 0.00 seconds)
(finished: waiting for the VM to finish booting, in 0.00 seconds)
webserver # [ 7.452236] systemd[1]: Reached target Preparation for Network.
client # [ 7.695493] systemd[1]: Finished resolvconf update.
webserver # [ 7.454301] systemd[1]: Reached target Host and Network Name Lookups.
dnsserver # [ 7.573949] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
client # [ 7.697221] systemd[1]: Reached target Preparation for Network.
webserver # [ 7.458667] systemd[1]: Reached target User and Group Name Lookups.
webserver # [ 7.459667] systemd[1]: Starting DHCP Client...
client # [ 7.704334] systemd[1]: Starting DHCP Client...
webserver # [ 7.463095] systemd[1]: Starting Address configuration of eth1...
dnsserver # [ 7.582452] systemd-logind[710]: New seat seat0.
webserver # [ 7.606348] kvm_amd: TSC scaling supported
webserver # [ 7.607050] kvm_amd: Nested Virtualization enabled
client # [ 7.708478] systemd[1]: Starting Address configuration of eth1...
webserver # [ 7.607598] kvm_amd: Nested Paging enabled
webserver # [ 7.608124] kvm_amd: LBR virtualization supported
dnsserver # [ 7.588358] systemd-logind[710]: Watching system buttons on /dev/input/event2 (Power Button)
acme # [ 7.838084] systemd[1]: Finished Address configuration of eth1.
dnsserver # [ 7.590530] systemd-logind[710]: Watching system buttons on /dev/input/event3 (QEMU Virtio Keyboard)
webserver # [ 7.612963] kvm_amd: Virtual VMLOAD VMSAVE supported
webserver # [ 7.613620] kvm_amd: Virtual GIF supported
dnsserver # [ 7.592952] systemd-logind[710]: Watching system buttons on /dev/input/event0 (AT Translated Set 2 keyboard)
acme # [ 7.843572] systemd[1]: Starting Networking Setup...
dnsserver # [ 7.595498] systemd[1]: Started User Login Management.
dnsserver # [ 7.632190] systemd[1]: Started Name Service Cache Daemon (nsncd).
dnsserver # [ 7.634355] systemd[1]: Reached target Host and Network Name Lookups.
dnsserver # [ 7.635883] nsncd[748]: Nov 28 20:52:50.256 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
webserver # [ 7.660698] EDAC MC: Ver: 3.0.0
dnsserver # [ 7.639580] systemd[1]: Reached target User and Group Name Lookups.
dnsserver # [ 7.651100] systemd[1]: Finished resolvconf update.
dnsserver # [ 7.651921] systemd[1]: Reached target Preparation for Network.
dnsserver # [ 7.657611] systemd[1]: Starting DHCP Client...
dnsserver # [ 7.660208] systemd[1]: Starting Address configuration of eth1...
client # [ 7.794293] network-addresses-eth1-start[756]: adding address 192.168.1.2/24... done
client # [ 7.806375] network-addresses-eth1-start[756]: adding address 2001:db8:1::2/64... done
acme # [ 7.937762] dhcpcd[768]: dhcpcd-10.1.0 starting
webserver # [ 7.574936] network-addresses-eth1-start[755]: adding address 192.168.1.4/24... done
acme # [ 7.950685] dhcpcd[782]: dev: loaded udev
client # [ 7.829211] systemd[1]: Finished Address configuration of eth1.
webserver # [ 7.589817] network-addresses-eth1-start[755]: adding address 2001:db8:1::4/64... done
client # [ 7.836574] systemd[1]: Starting Networking Setup...
acme # [ 8.110680] 8021q: 802.1Q VLAN Support v1.8
acme # [ 8.113579] 8021q: adding VLAN 0 to HW filter on device eth1
webserver # [ 7.615331] systemd[1]: Finished Address configuration of eth1.
webserver # [ 7.618513] systemd[1]: Starting Networking Setup...
dnsserver # [ 7.739259] network-addresses-eth1-start[770]: adding address 192.168.1.3/24... done
dnsserver # [ 7.752912] network-addresses-eth1-start[770]: adding address 2001:db8:1::3/64... done
acme # [ 8.010311] systemd[1]: Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
dnsserver # [ 7.774079] systemd[1]: Finished Address configuration of eth1.
dnsserver # [ 7.779423] systemd[1]: Starting Networking Setup...
webserver # [ 7.682463] dhcpcd[761]: dhcpcd-10.1.0 starting
dnsserver # [ 7.809103] dhcpcd[774]: dhcpcd-10.1.0 starting
webserver # [ 7.694622] dhcpcd[774]: dev: loaded udev
client # [ 7.943712] dhcpcd[767]: dhcpcd-10.1.0 starting
dnsserver # [ 7.822555] dhcpcd[786]: dev: loaded udev
client # [ 7.955223] dhcpcd[791]: dev: loaded udev
webserver # [ 7.856111] 8021q: 802.1Q VLAN Support v1.8
webserver # [ 7.858811] 8021q: adding VLAN 0 to HW filter on device eth1
dnsserver # [ 7.983798] 8021q: 802.1Q VLAN Support v1.8
dnsserver # [ 7.985690] 8021q: adding VLAN 0 to HW filter on device eth1
client # [ 8.116343] 8021q: 802.1Q VLAN Support v1.8
client # [ 8.118282] 8021q: adding VLAN 0 to HW filter on device eth1
webserver # [ 7.752794] systemd[1]: Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
client # [ 7.997831] systemd[1]: Stopped target Host and Network Name Lookups.
client # [ 8.003448] systemd[1]: Stopping Host and Network Name Lookups...
acme # [ 8.130792] systemd[1]: Stopped target Host and Network Name Lookups.
dnsserver # [ 7.883628] systemd[1]: Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
acme # [ 8.132466] systemd[1]: Stopping Host and Network Name Lookups...
client # [ 8.004985] systemd[1]: Stopped target User and Group Name Lookups.
acme # [ 8.133584] systemd[1]: Stopped target User and Group Name Lookups.
acme # [ 8.134695] systemd[1]: Stopping User and Group Name Lookups...
client # [ 8.008333] systemd[1]: Stopping User and Group Name Lookups...
acme # [ 8.135755] systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
client # [ 8.013617] systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
acme # [ 8.141949] systemd[1]: nscd.service: Deactivated successfully.
client # [ 8.016400] systemd[1]: nscd.service: Deactivated successfully.
client # [ 8.019630] systemd[1]: Stopped Name Service Cache Daemon (nsncd).
acme # [ 8.147649] systemd[1]: Stopped Name Service Cache Daemon (nsncd).
acme # [ 8.299403] cfg80211: Loading compiled-in X.509 certificates for regulatory database
acme # [ 8.165358] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
client # [ 8.040482] systemd[1]: Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
client # [ 8.044676] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
webserver # [ 7.816708] systemd[1]: Stopped target Host and Network Name Lookups.
webserver # [ 7.817779] systemd[1]: Stopping Host and Network Name Lookups...
acme # [ 8.327594] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
webserver # [ 7.818761] systemd[1]: Stopped target User and Group Name Lookups.
webserver # [ 7.819715] systemd[1]: Stopping User and Group Name Lookups...
webserver # [ 7.820633] systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
acme # [ 8.330738] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
webserver # [ 7.827049] systemd[1]: nscd.service: Deactivated successfully.
acme # [ 8.337654] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
acme # [ 8.338827] cfg80211: failed to load regulatory.db
client # [ 8.075087] systemd[1]: Finished Networking Setup.
client # [ 8.090693] systemd[1]: Starting Extra networking commands....
dnsserver # [ 8.112889] cfg80211: Loading compiled-in X.509 certificates for regulatory database
acme # [ 8.220926] systemd[1]: Finished Networking Setup.
acme # [ 8.225489] systemd[1]: Starting Extra networking commands....
webserver # [ 7.860937] systemd[1]: Stopped Name Service Cache Daemon (nsncd).
webserver # [ 7.863353] systemd[1]: Starting Name Service Cache Daemon (nsncd)...
dnsserver # [ 7.988132] systemd[1]: Finished Networking Setup.
dnsserver # [ 7.994038] systemd[1]: Starting Extra networking commands....
webserver # [ 8.020132] cfg80211: Loading compiled-in X.509 certificates for regulatory database
dnsserver # [ 8.144813] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
dnsserver # [ 8.148404] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
acme # [ 8.260268] systemd[1]: Started Name Service Cache Daemon (nsncd).
client # [ 8.278824] cfg80211: Loading compiled-in X.509 certificates for regulatory database
dnsserver # [ 8.155141] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
dnsserver # [ 8.156657] cfg80211: failed to load regulatory.db
acme # [ 8.262984] nsncd[820]: Nov 28 20:52:50.886 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
acme # [ 8.268396] systemd[1]: Reached target Host and Network Name Lookups.
acme # [ 8.270304] systemd[1]: Reached target User and Group Name Lookups.
webserver # [ 8.049767] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
webserver # [ 7.912859] systemd[1]: Finished Networking Setup.[ 8.054191] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
webserver #
client # [ 8.159650] systemd[1]: Started Name Service Cache Daemon (nsncd).
webserver # [ 8.059826] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
dnsserver # [ 8.040195] systemd[1]: Finished Extra networking commands..
client # [ 8.161980] systemd[1]: Reached target Host and Network Name Lookups.
webserver # [ 8.061077] cfg80211: failed to load regulatory.db
acme # [ 8.289248] systemd[1]: Finished Extra networking commands..
dnsserver # [ 8.041618] systemd[1]: Reached target Network.
client # [ 8.308183] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
acme # [ 8.290550] systemd[1]: Reached target Network.
dnsserver # [ 8.043971] systemd[1]: Starting Permit User Sessions...
acme # [ 8.295683] systemd[1]: Starting Permit User Sessions...
client # [ 8.168228] nsncd[822]: Nov 28 20:52:50.777 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"[ 8.313224] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
webserver # [ 7.927593] systemd[1]: Starting Extra networking commands....
client #
client # [ 8.174600] systemd[1]: Reached target User and Group Name Lookups.
client # [ 8.321147] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
client # [ 8.322290] cfg80211: failed to load regulatory.db
acme # [ 8.457697] 8021q: adding VLAN 0 to HW filter on device eth0
client # [ 8.191334] systemd[1]: Finished Extra networking commands..
client # [ 8.192391] systemd[1]: Reached target Network.
acme # [ 8.319919] dhcpcd[782]: eth0: waiting for carrier
acme # [ 8.321218] dhcpcd[782]: eth0: carrier acquired
client # [ 8.198208] systemd[1]: Starting Permit User Sessions...
webserver # [ 7.958986] systemd[1]: Started Name Service Cache Daemon (nsncd).
webserver # [ 7.961485] nsncd[812]: Nov 28 20:52:50.586 INFO started, config: Config { ignored_request_types: {}, worker_count: 8, handoff_timeout: 3s }, path: "/var/run/nscd/socket"
dnsserver # [ 8.224815] 8021q: adding VLAN 0 to HW filter on device eth0
webserver # [ 7.964597] systemd[1]: Reached target Host and Network Name Lookups.
webserver # [ 7.965939] systemd[1]: Reached target User and Group Name Lookups.
dnsserver # [ 8.086349] dhcpcd[786]: eth0: waiting for carrier
acme # [ 8.336084] dhcpcd[782]: DUID 00:01:00:01:2e:db:94:a2:52:54:00:12:34:56
dnsserver # [ 8.089066] dhcpcd[786]: eth0: carrier acquired
acme # [ 8.337396] dhcpcd[782]: eth0: IAID 00:12:34:56
dnsserver # [ 8.089776] systemd[1]: Finished Permit User Sessions.
acme # [ 8.338856] dhcpcd[782]: eth0: adding address fe80::5054:ff:fe12:3456
dnsserver # [ 8.093499] systemd[1]: Started Getty on tty1.
dnsserver # [ 8.095230] systemd[1]: Reached target Login Prompts.
acme # [ 8.352221] systemd[1]: Finished Permit User Sessions.
dnsserver # [ 8.104255] dhcpcd[786]: DUID 00:01:00:01:2e:db:94:a2:52:54:00:12:34:56
webserver # [ 7.985083] systemd[1]: Finished Extra networking commands..
dnsserver # [ 8.105551] dhcpcd[786]: eth0: IAID 00:12:34:56
webserver # [ 7.986135] systemd[1]: Reached target Network.
dnsserver # [ 8.106684] dhcpcd[786]: eth0: adding address fe80::5054:ff:fe12:3456
acme # [ 8.355081] systemd[1]: Started Getty on tty1.
acme # [ 8.355838] systemd[1]: Reached target Login Prompts.
webserver # [ 7.991938] systemd[1]: Starting Permit User Sessions...
webserver # [ 7.995199] systemd[1]: Finished Virtual Console Setup.
client # [ 8.240110] systemd[1]: Finished Permit User Sessions.
client # [ 8.243773] systemd[1]: Started Getty on tty1.
client # [ 8.246326] systemd[1]: Reached target Login Prompts.
client # [ 8.396930] 8021q: adding VLAN 0 to HW filter on device eth0
client # [ 8.257317] dhcpcd[791]: eth0: waiting for carrier
client # [ 8.258823] dhcpcd[791]: eth0: carrier acquired
webserver # [ 8.159443] 8021q: adding VLAN 0 to HW filter on device eth0
webserver # [ 8.021797] dhcpcd[774]: eth0: waiting for carrier
webserver # [ 8.023061] dhcpcd[774]: eth0: carrier acquired
client # [ 8.269919] dhcpcd[791]: DUID 00:01:00:01:2e:db:94:a2:52:54:00:12:34:56
client # [ 8.271099] dhcpcd[791]: eth0: IAID 00:12:34:56
client # [ 8.271991] dhcpcd[791]: eth0: adding address fe80::5054:ff:fe12:3456
webserver # [ 8.035127] dhcpcd[774]: DUID 00:01:00:01:2e:db:94:a2:52:54:00:12:34:56
webserver # [ 8.036233] dhcpcd[774]: eth0: IAID 00:12:34:56
webserver # [ 8.037188] dhcpcd[774]: eth0: adding address fe80::5054:ff:fe12:3456
webserver # [ 8.043170] systemd[1]: Finished Permit User Sessions.
webserver # [ 8.047055] systemd[1]: Started Getty on tty1.
webserver # [ 8.047813] systemd[1]: Reached target Login Prompts.
acme # [ 8.562648] pebble[681]: Pebble 2024/11/28 20:52:51 Generated new root issuer CN=Pebble Root CA 4fdfd5 with serial 40fe1ab56f125c64 and SKI 3e5babae122fc7e51d37844b87be4b1e24b346f5
acme # [ 8.566805] pebble[681]: Pebble 2024/11/28 20:52:51 Generated new intermediate issuer CN=Pebble Intermediate CA 67c76d with serial 20911f54824dc493 and SKI f0901d84c899218b75a20a3d20c734f0e0f91ba3
acme # [ 8.569841] pebble[681]: Pebble 2024/11/28 20:52:51 Generated issuance chain: Pebble Root CA 4fdfd5 -> Pebble Intermediate CA 67c76d
acme # [ 8.571947] pebble[681]: Pebble 2024/11/28 20:52:51 Using certificate validity period of 157766400 seconds
acme # [ 8.573839] pebble[681]: Pebble 2024/11/28 20:52:51 Using system DNS resolver for ACME challenges
acme # [ 8.575434] pebble[681]: Pebble 2024/11/28 20:52:51 Disabling random VA sleeps
acme # [ 8.576782] pebble[681]: Pebble 2024/11/28 20:52:51 Configured to reject 5% of good nonces
acme # [ 8.578285] pebble[681]: Pebble 2024/11/28 20:52:51 Configured to attempt authz reuse for each identifier 50% of the time
acme # [ 8.580233] pebble[681]: Pebble 2024/11/28 20:52:51 Configured to show 3 orders per page
acme # [ 8.581802] pebble[681]: Pebble 2024/11/28 20:52:51 Management interface listening on: 0.0.0.0:15000
acme # [ 8.583443] pebble[681]: Pebble 2024/11/28 20:52:51 Root CA certificate available at: https://0.0.0.0:15000/roots/0
acme # [ 8.585248] pebble[681]: Pebble 2024/11/28 20:52:51 Listening on: 0.0.0.0:443
acme # [ 8.586714] pebble[681]: Pebble 2024/11/28 20:52:51 ACME directory available at: https://0.0.0.0:443/dir
webserver # [ 8.221510] dhcpcd[774]: eth0: soliciting a DHCP lease
webserver # [ 8.376219] NET: Registered PF_PACKET protocol family
webserver # [ 8.242625] dhcpcd[774]: eth0: offered 10.0.2.15 from 10.0.2.2
dnsserver # [ 8.363984] dhcpcd[786]: eth0: soliciting a DHCP lease
webserver # [ 8.246129] dhcpcd[774]: eth0: probing address 10.0.2.15/24
dnsserver # [ 8.519204] NET: Registered PF_PACKET protocol family
dnsserver # [ 8.384463] dhcpcd[786]: eth0: offered 10.0.2.15 from 10.0.2.2
dnsserver # [ 8.388176] dhcpcd[786]: eth0: probing address 10.0.2.15/24
acme # [ 9.208308] dhcpcd[782]: eth0: soliciting a DHCP lease
acme # [ 9.364332] NET: Registered PF_PACKET protocol family
acme # [ 9.229465] dhcpcd[782]: eth0: offered 10.0.2.15 from 10.0.2.2
acme # [ 9.233174] dhcpcd[782]: eth0: probing address 10.0.2.15/24
dnsserver # [ 9.533033] dhcpcd[786]: eth0: soliciting an IPv6 router
dnsserver # [ 9.534427] dhcpcd[786]: eth0: Router Advertisement from fe80::2
dnsserver # [ 9.535432] dhcpcd[786]: eth0: adding address fec0::5054:ff:fe12:3456/64
dnsserver # [ 9.536443] dhcpcd[786]: eth0: adding route to fec0::/64
dnsserver # [ 9.537423] dhcpcd[786]: eth0: adding default route via fe80::2
client # [ 9.739863] dhcpcd[791]: eth0: soliciting a DHCP lease
client # [ 9.897548] NET: Registered PF_PACKET protocol family
client # [ 9.761606] dhcpcd[791]: eth0: offered 10.0.2.15 from 10.0.2.2
client # [ 9.764170] dhcpcd[791]: eth0: probing address 10.0.2.15/24
webserver # [ 10.041528] dhcpcd[774]: eth0: soliciting an IPv6 router
webserver # [ 10.042759] dhcpcd[774]: eth0: Router Advertisement from fe80::2
webserver # [ 10.043900] dhcpcd[774]: eth0: adding address fec0::5054:ff:fe12:3456/64
webserver # [ 10.044932] dhcpcd[774]: eth0: adding route to fec0::/64
webserver # [ 10.045829] dhcpcd[774]: eth0: adding default route via fe80::2
acme # [ 10.474639] dhcpcd[782]: eth0: soliciting an IPv6 router
acme # [ 10.475833] dhcpcd[782]: eth0: Router Advertisement from fe80::2
acme # [ 10.476938] dhcpcd[782]: eth0: adding address fec0::5054:ff:fe12:3456/64
acme # [ 10.477970] dhcpcd[782]: eth0: adding route to fec0::/64
acme # [ 10.478859] dhcpcd[782]: eth0: adding default route via fe80::2
client # [ 11.041067] dhcpcd[791]: eth0: soliciting an IPv6 router
client # [ 11.041996] dhcpcd[791]: eth0: Router Advertisement from fe80::2
client # [ 11.042925] dhcpcd[791]: eth0: adding address fec0::5054:ff:fe12:3456/64
client # [ 11.043995] dhcpcd[791]: eth0: adding route to fec0::/64
client # [ 11.044879] dhcpcd[791]: eth0: adding default route via fe80::2
webserver # [ 12.904857] dhcpcd[774]: eth0: leased 10.0.2.15 for 86400 seconds
webserver # [ 12.905897] dhcpcd[774]: eth0: adding route to 10.0.2.0/24
webserver # [ 12.906764] dhcpcd[774]: eth0: adding default route via 10.0.2.2
webserver # [ 13.004888] systemd[1]: Started DHCP Client.
webserver # [ 13.006872] systemd[1]: Reached target Network is Online.
webserver # [ 13.008522] systemd[1]: Reached target Multi-User System.
webserver # [ 13.010398] systemd[1]: Startup finished in 3.129s (kernel) + 9.878s (userspace) = 13.008s.
acme # [ 13.682121] dhcpcd[782]: eth0: leased 10.0.2.15 for 86400 seconds
acme # [ 13.683206] dhcpcd[782]: eth0: adding route to 10.0.2.0/24
acme # [ 13.684274] dhcpcd[782]: eth0: adding default route via 10.0.2.2
dnsserver # [ 13.507402] dhcpcd[786]: eth0: leased 10.0.2.15 for 86400 seconds
dnsserver # [ 13.508624] dhcpcd[786]: eth0: adding route to 10.0.2.0/24
dnsserver # [ 13.509925] dhcpcd[786]: eth0: adding default route via 10.0.2.2
acme # [ 13.781159] systemd[1]: Started DHCP Client.
acme # [ 13.785139] systemd[1]: Reached target Network is Online.
dnsserver # [ 13.618952] systemd[1]: Started DHCP Client.
dnsserver # [ 13.622673] systemd[1]: Reached target Network is Online.
acme # [ 13.787302] systemd[1]: Reached target Multi-User System.
acme # [ 13.899731] systemd[1]: Startup finished in 3.016s (kernel) + 10.768s (userspace) = 13.785s.
dnsserver # [ 13.624891] systemd[1]: Reached target Multi-User System.
dnsserver # [ 13.736709] systemd[1]: Startup finished in 2.975s (kernel) + 10.646s (userspace) = 13.622s.
client # [ 14.670038] dhcpcd[791]: eth0: leased 10.0.2.15 for 86400 seconds
client # [ 14.671370] dhcpcd[791]: eth0: adding route to 10.0.2.0/24
client # [ 14.672414] dhcpcd[791]: eth0: adding default route via 10.0.2.2
client # [ 14.768816] systemd[1]: Started DHCP Client.
client # [ 14.771114] systemd[1]: Reached target Network is Online.
client # [ 14.772830] systemd[1]: Reached target Multi-User System.
client # [ 14.773779] systemd[1]: Startup finished in 3.063s (kernel) + 11.708s (userspace) = 14.772s.
(finished: waiting for unit default.target, in 7.82 seconds)
client: must succeed: curl --data '{"host": "acme.test", "addresses": ["192.168.1.1"]}' http://192.168.1.3:8055/add-a
client # % Total % Received % Xferd Average Speed Time Time Time Current
client # Dload Upload Total Spent Left Speed
dnsserver # [ 15.464868] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:52:58 Added response for DNS A queries to "acme.test" : 192.168.1.1
client # 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 51 0 0 100 51 0 2299 --:--:-- --:--:-- --:--:-- 2428
(finished: must succeed: curl --data '{"host": "acme.test", "addresses": ["192.168.1.1"]}' http://192.168.1.3:8055/add-a, in 0.08 seconds)
acme: waiting for the VM to finish booting
acme: Guest shell says: b'Spawning backdoor root shell...\n'
acme: connected to guest root shell
acme: (connecting took 0.00 seconds)
(finished: waiting for the VM to finish booting, in 0.00 seconds)
acme: waiting for unit network-online.target
(finished: waiting for unit network-online.target, in 0.05 seconds)
acme: waiting for unit pebble.service
(finished: waiting for unit pebble.service, in 0.05 seconds)
client: must succeed: curl https://acme.test:15000/roots/0 > /tmp/ca.crt
client # % Total % Received % Xferd Average Speed Time Time Time Current
client # Dload Upload Total Spent Left Speed
client # 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 1151 100 1151 0 0 16321 0 --:--:-- --:--:-- --:--:-- 16442
(finished: must succeed: curl https://acme.test:15000/roots/0 > /tmp/ca.crt, in 0.11 seconds)
client: must succeed: curl https://acme.test:15000/intermediate-keys/0 >> /tmp/ca.crt
client # % Total % Received % Xferd Average Speed Time Time Time Current
client # Dload Upload Total Spent Left Speed
client # 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 1675 100 1675 0 0 41808 0 --:--:-- --:--:-- --:--:-- 42948
(finished: must succeed: curl https://acme.test:15000/intermediate-keys/0 >> /tmp/ca.crt, in 0.08 seconds)
subtest: Can request certificate with Lego's built in web server
webserver: waiting for the VM to finish booting
webserver: Guest shell says: b'Spawning backdoor root shell...\n'
webserver: connected to guest root shell
webserver: (connecting took 0.00 seconds)
(finished: waiting for the VM to finish booting, in 0.00 seconds)
webserver: must succeed: /run/current-system/specialisation/http01lego/bin/switch-to-configuration test
webserver # [ 16.198321] nixos[916]: switching to system configuration /nix/store/4zqlddzxvr4j37q4v8ylj8mdvjqay00v-nixos-system-webserver-test
webserver # [ 16.201161] systemd[1]: Stopped target Local File Systems.
webserver # [ 16.203318] systemd[1]: Stopped target Remote File Systems.
webserver # activating the configuration...
webserver # [ 16.648149] systemd[1]: Reload requested from client PID 916 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 16.649792] systemd[1]: Reloading...
webserver # [ 16.890392] systemd-ssh-generator[973]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 17.133814] systemd[1]: Reloading finished in 481 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 17.159205] systemd[1]: Starting Re-setup tmpfiles on a system that is already running....
webserver # [ 17.276203] systemd[1]: Finished Re-setup tmpfiles on a system that is already running..
webserver # [ 17.277538] systemd[1]: Reached target Reactivate sysinit units.
webserver # reloading the following units: dbus.service
webserver # [ 17.282304] systemd[1]: Reloading D-Bus System Message Bus...
webserver # [ 17.315683] dbus-daemon[669]: Unknown username "systemd-timesync" in message bus configuration file
webserver # [ 17.328628] dbus-daemon[669]: [system] Reloaded configuration
webserver # [ 17.330696] dbus-send[981]: method return time=1732827179.958299 sender=org.freedesktop.DBus -> destination=:1.5 serial=3 reply_serial=2
webserver # [ 17.342910] dbus-daemon[669]: Unknown username "systemd-timesync" in message bus configuration file
webserver # [ 17.354456] dbus-daemon[669]: [system] Reloaded configuration
webserver # [ 17.356133] systemd[1]: Reloaded D-Bus System Message Bus.
webserver # [ 17.365071] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 17.368976] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 17.371200] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 17.372917] systemd[1]: Reached target Local File Systems.
webserver # [ 17.374644] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 17.376374] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 17.379317] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 17.381822] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 17.388075] systemd[1]: Reached target Remote File Systems.
webserver # [ 17.403716] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 17.412967] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 17.430769] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 17.433656] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 17.436401] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 17.748675] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 17.751934] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 17.753764] systemd[1]: Started Renew ACME Certificate for http.example.test.
webserver # [ 17.760067] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 17.765200] systemd[1]: Starting Manage lock files for acme services...
webserver # [ 17.770851] systemd[1]: Starting Generate self-signed certificate authority...
webserver # [ 17.849866] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 17.908174] systemd[1]: Finished Manage lock files for acme services.
webserver # [ 17.930716] systemd[1]: acme-selfsigned-ca.service: Deactivated successfully.
webserver # [ 17.934073] systemd[1]: Finished Generate self-signed certificate authority.
webserver # [ 17.942578] systemd[1]: Starting Generate self-signed certificate for http.example.test...
webserver # [ 17.997977] acme-selfsigned-http.example.test-start[1071]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 18.002525] acme-selfsigned-http.example.test-start[1071]: Acquired lock /run/acme/1.lock
webserver # [ 18.041776] acme-selfsigned-http.example.test-start[1071]: Releasing lock /run/acme/1.lock
webserver # [ 18.044921] systemd[1]: acme-selfsigned-http.example.test.service: Deactivated successfully.
webserver # [ 18.048607] systemd[1]: Finished Generate self-signed certificate for http.example.test.
webserver # [ 18.057991] systemd[1]: Starting Renew ACME certificate for http.example.test...
webserver # [ 18.114870] acme-http.example.test-start[1085]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 18.118065] acme-http.example.test-start[1085]: Acquired lock /run/acme/1.lock
webserver # [ 18.119196] acme-http.example.test-start[1085]: + set -euo pipefail
webserver # [ 18.120278] acme-http.example.test-start[1085]: + echo 78c80081fedd8a7ae50d
webserver # [ 18.121452] acme-http.example.test-start[1085]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 18.128938] acme-http.example.test-start[1085]: + lego --accept-tos --path . -d http.example.test --email [email protected] --key-type ec256 --http --http.port :80 --server https://acme.test/dir run
webserver # [ 18.465845] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 No key found for account [email protected]. Generating a P256 key.
webserver # [ 18.469952] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 Saved key to accounts/acme.test/[email protected]/keys/[email protected]
acme # [ 18.896920] pebble[681]: Pebble 2024/11/28 20:53:01 GET /dir -> calling handler()
webserver # [ 18.531800] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] acme: Registering account for [email protected]
acme # [ 18.902365] pebble[681]: Pebble 2024/11/28 20:53:01 HEAD /nonce-plz -> calling handler()
acme # [ 18.904890] pebble[681]: Pebble 2024/11/28 20:53:01 POST /sign-me-up -> calling handler()
acme # [ 18.907944] pebble[681]: Pebble 2024/11/28 20:53:01 There are now 1 accounts in memory
webserver # [ 18.541901] acme-http.example.test-start[1088]: !!!! HEADS UP !!!!
webserver # [ 18.542888] acme-http.example.test-start[1088]: Your account credentials have been saved in your Let's Encrypt
webserver # [ 18.544506] acme-http.example.test-start[1088]: configuration directory at "accounts".
webserver # [ 18.545800] acme-http.example.test-start[1088]: You should make a secure backup of this folder now. This
webserver # [ 18.547546] acme-http.example.test-start[1088]: configuration directory will also contain certificates and
webserver # [ 18.548930] acme-http.example.test-start[1088]: private keys obtained from Let's Encrypt so making regular
webserver # [ 18.550267] acme-http.example.test-start[1088]: backups of this folder is ideal.
acme # [ 18.919624] pebble[681]: Pebble 2024/11/28 20:53:01 POST /order-plz -> calling handler()
webserver # [ 18.551695] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] [http.example.test] acme: Obtaining bundled SAN certificate
acme # [ 18.921560] pebble[681]: Pebble 2024/11/28 20:53:01 There are now 1 authorizations in the db
acme # [ 18.922795] pebble[681]: Pebble 2024/11/28 20:53:01 Added order "g_IB25WR1KtMC8Xmghxj0_141NcmCC0SLWaBpplVIjo" to the db
acme # [ 18.924264] pebble[681]: Pebble 2024/11/28 20:53:01 There are now 1 orders in the db
acme # [ 18.979835] pebble[681]: Pebble 2024/11/28 20:53:01 POST /authZ/ -> calling handler()
webserver # [ 18.612232] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] [http.example.test] AuthURL: https://acme.test/authZ/siGGdkr-2--ZSq4uOZcWK6WBzEcl485jTE6-KPcxX5A
webserver # [ 18.614432] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] [http.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 18.616437] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] [http.example.test] acme: use http-01 solver
webserver # [ 18.617952] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] [http.example.test] acme: Trying to solve HTTP-01
acme # [ 18.987687] pebble[681]: Pebble 2024/11/28 20:53:01 POST /chalZ/ -> calling handler()
acme # [ 18.990212] pebble[681]: Pebble 2024/11/28 20:53:01 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"http.example.test"}, Challenge:(*core.Challenge)(0xc0000da1e0), Account:(*core.Account)(0xc000129020), AccountURL:"https://acme.test/my-account/732aad53f2e0a1f4", Wildcard:false}
acme # [ 18.993981] pebble[681]: Pebble 2024/11/28 20:53:01 Starting 3 validations.
acme # [ 18.995201] pebble[681]: Pebble 2024/11/28 20:53:01 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/Z5QM0jsG5Llm2hgfvdEUAQDwnJSrDbRhvn2t3H0RbYY
acme # [ 18.999060] pebble[681]: Pebble 2024/11/28 20:53:01 POST /authZ/ -> calling handler()
acme # [ 19.000814] pebble[681]: Pebble 2024/11/28 20:53:01 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/Z5QM0jsG5Llm2hgfvdEUAQDwnJSrDbRhvn2t3H0RbYY
acme # [ 19.003615] pebble[681]: Pebble 2024/11/28 20:53:01 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/Z5QM0jsG5Llm2hgfvdEUAQDwnJSrDbRhvn2t3H0RbYY
webserver # [ 18.647072] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] [http.example.test] Served key authentication
webserver # [ 18.649119] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] [http.example.test] Served key authentication
webserver # [ 18.651191] acme-http.example.test-start[1088]: 2024/11/28 20:53:01 [INFO] [http.example.test] Served key authentication
acme # [ 19.019345] pebble[681]: Pebble 2024/11/28 20:53:01 authz siGGdkr-2--ZSq4uOZcWK6WBzEcl485jTE6-KPcxX5A set VALID by completed challenge FtNZpowWMiA3M5VOtaX2ek5S8O0sHFzXqSPz-B0oI4o
acme # [ 26.226512] pebble[681]: Pebble 2024/11/28 20:53:08 POST /authZ/ -> calling handler()
webserver # [ 25.858971] acme-http.example.test-start[1088]: 2024/11/28 20:53:08 [INFO] [http.example.test] The server validated our request
webserver # [ 25.860915] acme-http.example.test-start[1088]: 2024/11/28 20:53:08 [INFO] [http.example.test] acme: Validations succeeded; requesting certificates
acme # [ 26.231981] pebble[681]: Pebble 2024/11/28 20:53:08 POST /finalize-order/ -> calling handler()
acme # [ 26.233885] pebble[681]: Pebble 2024/11/28 20:53:08 Order g_IB25WR1KtMC8Xmghxj0_141NcmCC0SLWaBpplVIjo is fully authorized. Processing finalization
webserver # [ 25.868634] acme-http.example.test-start[1088]: 2024/11/28 20:53:08 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 26.238741] pebble[681]: Pebble 2024/11/28 20:53:08 Issued certificate serial 30ba67cdb9c7666f for order g_IB25WR1KtMC8Xmghxj0_141NcmCC0SLWaBpplVIjo
acme # [ 26.240838] pebble[681]: Pebble 2024/11/28 20:53:08 POST /my-order/ -> calling handler()
acme # [ 26.243060] pebble[681]: Pebble 2024/11/28 20:53:08 POST /certZ/ -> calling handler()
webserver # [ 25.877207] acme-http.example.test-start[1088]: 2024/11/28 20:53:08 [INFO] [http.example.test] Server responded with a certificate.
webserver # [ 25.883759] acme-http.example.test-start[1085]: + mv domainhash.txt certificates/
webserver # [ 25.890979] acme-http.example.test-start[1085]: + chown acme:acme certificates/domainhash.txt certificates/http.example.test.crt certificates/http.example.test.issuer.crt certificates/http.example.test.json certificates/http.example.test.key
webserver # [ 25.901068] acme-http.example.test-start[1085]: + cmp -s certificates/http.example.test.crt out/fullchain.pem
webserver # [ 25.905667] acme-http.example.test-start[1085]: + touch out/renewed
webserver # [ 25.911663] acme-http.example.test-start[1085]: + echo Installing new certificate
webserver # [ 25.913090] acme-http.example.test-start[1085]: Installing new certificate
webserver # [ 25.914447] acme-http.example.test-start[1085]: + cp -vp certificates/http.example.test.crt out/fullchain.pem
webserver # [ 25.920288] acme-http.example.test-start[1098]: 'certificates/http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 25.922808] acme-http.example.test-start[1085]: + cp -vp certificates/http.example.test.key out/key.pem
webserver # [ 25.928272] acme-http.example.test-start[1099]: 'certificates/http.example.test.key' -> 'out/key.pem'
webserver # [ 25.930650] acme-http.example.test-start[1085]: + cp -vp certificates/http.example.test.issuer.crt out/chain.pem
webserver # [ 25.936077] acme-http.example.test-start[1100]: 'certificates/http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 25.938526] acme-http.example.test-start[1085]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 25.944776] acme-http.example.test-start[1085]: + cat out/key.pem out/fullchain.pem
webserver # [ 25.951248] acme-http.example.test-start[1085]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 25.958108] acme-http.example.test-start[1085]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 25.959725] acme-http.example.test-start[1085]: Releasing lock /run/acme/1.lock
webserver # [ 26.003666] systemd[1]: acme-http.example.test.service: Deactivated successfully.
webserver # [ 26.009062] systemd[1]: Finished Renew ACME certificate for http.example.test.
webserver # [ 26.010355] systemd[1]: acme-http.example.test.service: Consumed 210ms CPU time, 52.5M memory peak, 12K written to disk, 13.6K incoming IP traffic, 9K outgoing IP traffic.
webserver # [ 26.016933] systemd[1]: Reached target acme-finished-http.example.test.target.
webserver # the following new units were started: acme-finished-http.example.test.target, acme-fixperms.service, acme-http.example.test.timer, acme-lockfiles.service, run-credentials-systemd\x2dtmpfiles\x2dresetup.service.mount, sysinit-reactivation.target, systemd-tmpfiles-resetup.service
webserver # [ 26.275917] nixos[916]: finished switching to system configuration /nix/store/4zqlddzxvr4j37q4v8ylj8mdvjqay00v-nixos-system-webserver-test
(finished: must succeed: /run/current-system/specialisation/http01lego/bin/switch-to-configuration test, in 10.53 seconds)
webserver # [ 26.321143] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 26.323528] systemd[1]: Generate self-signed certificate for http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/http.example.test/key.pem).
webserver # [ 26.332334] systemd[1]: Starting Renew ACME certificate for http.example.test...
webserver # [ 26.391158] acme-http.example.test-start[1115]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 26.394596] acme-http.example.test-start[1115]: Acquired lock /run/acme/1.lock
webserver # [ 26.395884] acme-http.example.test-start[1115]: + set -euo pipefail
webserver # [ 26.397429] acme-http.example.test-start[1115]: + echo 78c80081fedd8a7ae50d
webserver # [ 26.398581] acme-http.example.test-start[1115]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 26.402808] acme-http.example.test-start[1115]: + '[' -e certificates/http.example.test.key ']'
webserver # [ 26.404659] acme-http.example.test-start[1115]: + '[' -e certificates/http.example.test.crt ']'
webserver # [ 26.406352] acme-http.example.test-start[1118]: ++ find accounts -name [email protected]
webserver # [ 26.418618] acme-http.example.test-start[1115]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 26.420513] acme-http.example.test-start[1115]: + lego --accept-tos --path . -d http.example.test --email [email protected] --key-type ec256 --http --http.port :80 --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 26.870451] pebble[681]: Pebble 2024/11/28 20:53:09 GET /dir -> calling handler()
webserver # [ 26.505094] acme-http.example.test-start[1119]: 2024/11/28 20:53:09 [http.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 26.511353] acme-http.example.test-start[1115]: + mv domainhash.txt certificates/
webserver # [ 26.518043] acme-http.example.test-start[1115]: + chown acme:acme certificates/domainhash.txt certificates/http.example.test.crt certificates/http.example.test.issuer.crt certificates/http.example.test.json certificates/http.example.test.key
webserver # [ 26.528201] acme-http.example.test-start[1115]: + cmp -s certificates/http.example.test.crt out/fullchain.pem
webserver # [ 26.532961] acme-http.example.test-start[1115]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 26.539828] acme-http.example.test-start[1115]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 26.541168] acme-http.example.test-start[1115]: Releasing lock /run/acme/1.lock
webserver # [ 26.578947] systemd[1]: acme-http.example.test.service: Deactivated successfully.
webserver # [ 26.583304] systemd[1]: Finished Renew ACME certificate for http.example.test.
webserver # [ 26.584642] systemd[1]: acme-http.example.test.service: Consumed 141ms CPU time, 20.6M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver: waiting for unit acme-finished-http.example.test.target
(finished: waiting for unit acme-finished-http.example.test.target, in 0.05 seconds)
webserver: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem
(finished: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem, in 0.03 seconds)
webserver: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem | openssl x509 -noout -text
(finished: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem | openssl x509 -noout -text, in 0.08 seconds)
First DNSName in fullchain.pem: dns:http.example.test
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/cert.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/fullchain.pem, in 0.04 seconds)
(finished: subtest: Can request certificate with Lego's built in web server, in 11.15 seconds)
subtest: Assert that account hash didn't unexpectedly change
webserver: must succeed: ls /var/lib/acme/.lego/accounts/
(finished: must succeed: ls /var/lib/acme/.lego/accounts/, in 0.02 seconds)
Account hash: d590213ed52603e9128d
(finished: subtest: Assert that account hash didn't unexpectedly change, in 0.02 seconds)
subtest: Can renew certificates when they expire
webserver: must succeed: sha256sum /var/lib/acme/http.example.test/cert.pem
(finished: must succeed: sha256sum /var/lib/acme/http.example.test/cert.pem, in 0.02 seconds)
webserver: must succeed: /tmp/specialisation/renew/bin/switch-to-configuration test
webserver # [ 27.375626] nixos[1164]: switching to system configuration /nix/store/id3kl9byv3vny0gbmcn62303n4r1aass-nixos-system-webserver-test
webserver # [ 27.379255] systemd[1]: Stopped target Remote File Systems.
webserver # [ 27.381045] systemd[1]: Stopped target Local File Systems.
webserver # activating the configuration...
webserver # [ 27.794899] systemd[1]: Reload requested from client PID 1164 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 27.796797] systemd[1]: Reloading...
webserver # [ 28.032472] systemd-ssh-generator[1222]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 28.271116] systemd[1]: Reloading finished in 472 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 28.289201] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 28.290323] systemd[1]: Stopping Reactivate sysinit units...
webserver # [ 28.291875] systemd[1]: Reached target Reactivate sysinit units.
webserver # [ 28.295394] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 28.297340] systemd[1]: Reached target Local File Systems.
webserver # [ 28.301711] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 28.305064] systemd[1]: Generate self-signed certificate for http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/http.example.test/key.pem).
webserver # [ 28.312240] systemd[1]: Starting Renew ACME certificate for http.example.test...
webserver # [ 28.340884] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 28.351066] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 28.355061] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 28.356992] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 28.358695] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 28.362221] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 28.366280] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 28.386627] systemd[1]: Reached target Remote File Systems.
webserver # [ 28.420330] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 28.424621] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 28.427817] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 28.457246] acme-http.example.test-start[1227]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 28.461072] acme-http.example.test-start[1227]: Acquired lock /run/acme/1.lock
webserver # [ 28.462294] acme-http.example.test-start[1227]: + set -euo pipefail
webserver # [ 28.463784] acme-http.example.test-start[1227]: + echo 78c80081fedd8a7ae50d
webserver # [ 28.465279] acme-http.example.test-start[1227]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 28.470438] acme-http.example.test-start[1227]: + '[' -e certificates/http.example.test.key ']'
webserver # [ 28.472370] acme-http.example.test-start[1227]: + '[' -e certificates/http.example.test.crt ']'
webserver # [ 28.473883] acme-http.example.test-start[1240]: ++ find accounts -name [email protected]
webserver # [ 28.483589] acme-http.example.test-start[1227]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 28.485262] acme-http.example.test-start[1227]: + lego --accept-tos --path . -d http.example.test --email [email protected] --key-type ec256 --http --http.port :80 --server https://acme.test/dir renew --no-random-sleep --days 9999
acme # [ 28.986239] pebble[681]: Pebble 2024/11/28 20:53:11 GET /dir -> calling handler()
webserver # [ 28.620357] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] acme: Trying renewal with 43823 hours remaining
acme # [ 28.990511] pebble[681]: Pebble 2024/11/28 20:53:11 HEAD /nonce-plz -> calling handler()
webserver # [ 28.623072] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] acme: Obtaining bundled SAN certificate
acme # [ 28.993506] pebble[681]: Pebble 2024/11/28 20:53:11 POST /order-plz -> calling handler()
acme # [ 28.994656] pebble[681]: Pebble 2024/11/28 20:53:11 There are now 2 authorizations in the db
acme # [ 28.995839] pebble[681]: Pebble 2024/11/28 20:53:11 Added order "Mq0q0cbtms-bGsUpfPLGSe8hMb1tG9D5ms_TyK0-mwg" to the db
acme # [ 28.997301] pebble[681]: Pebble 2024/11/28 20:53:11 There are now 2 orders in the db
acme # [ 29.050346] pebble[681]: Pebble 2024/11/28 20:53:11 POST /authZ/ -> calling handler()
webserver # [ 28.682793] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/authZ/dyoDJVsnqeE9LTlB7ut5ZIAokJqqmfVH7UvqK3R6-6o :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: KAXbOdgkBwuoqz7zDFMmFg
webserver # [ 28.802579] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 28.806474] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 28.809128] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 28.811295] systemd[1]: Generate self-signed certificate for http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/http.example.test/key.pem).
acme # [ 29.209661] pebble[681]: Pebble 2024/11/28 20:53:11 POST /authZ/ -> calling handler()
acme # [ 29.212941] pebble[681]: Pebble 2024/11/28 20:53:11 POST /chalZ/ -> calling handler()
webserver # [ 28.844461] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] AuthURL: https://acme.test/authZ/dyoDJVsnqeE9LTlB7ut5ZIAokJqqmfVH7UvqK3R6-6o
webserver # [ 28.846523] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 28.848170] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] acme: use http-01 solver
acme # [ 29.214205] pebble[681]: Pebble 2024/11/28 20:53:11 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"http.example.test"}, Challenge:(*core.Challenge)(0xc0000da820), Account:(*core.Account)(0xc000129020), AccountURL:"https://acme.test/my-account/732aad53f2e0a1f4", Wildcard:false}
acme # [ 29.217751] pebble[681]: Pebble 2024/11/28 20:53:11 Starting 3 validations.
webserver # [ 28.849680] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] acme: Trying to solve HTTP-01
acme # [ 29.218734] pebble[681]: Pebble 2024/11/28 20:53:11 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/iuD2tWxd_CWULPxrPCS2z5tWfUW4NHCz-R3vw5YUCTE
acme # [ 29.221808] pebble[681]: Pebble 2024/11/28 20:53:11 POST /authZ/ -> calling handler()
acme # [ 29.222934] pebble[681]: Pebble 2024/11/28 20:53:11 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/iuD2tWxd_CWULPxrPCS2z5tWfUW4NHCz-R3vw5YUCTE
acme # [ 29.225598] pebble[681]: Pebble 2024/11/28 20:53:11 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/iuD2tWxd_CWULPxrPCS2z5tWfUW4NHCz-R3vw5YUCTE
webserver # [ 28.861675] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] Served key authentication
webserver # [ 28.864530] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] Served key authentication
webserver # [ 28.866288] acme-http.example.test-start[1242]: 2024/11/28 20:53:11 [INFO] [http.example.test] Served key authentication
acme # [ 29.236049] pebble[681]: Pebble 2024/11/28 20:53:11 authz dyoDJVsnqeE9LTlB7ut5ZIAokJqqmfVH7UvqK3R6-6o set VALID by completed challenge POrFBG-XZ8vzAokSFjO53v5rNDoHxpJ7WBi0aYFG3Nw
acme # [ 32.843852] pebble[681]: Pebble 2024/11/28 20:53:15 POST /authZ/ -> calling handler()
webserver # [ 32.476882] acme-http.example.test-start[1242]: 2024/11/28 20:53:15 [INFO] [http.example.test] The server validated our request
acme # [ 32.845425] pebble[681]: Pebble 2024/11/28 20:53:15 POST /finalize-order/ -> calling handler()
webserver # [ 32.478886] acme-http.example.test-start[1242]: 2024/11/28 20:53:15 [INFO] [http.example.test] acme: Validations succeeded; requesting certificates
acme # [ 32.847267] pebble[681]: Pebble 2024/11/28 20:53:15 Order Mq0q0cbtms-bGsUpfPLGSe8hMb1tG9D5ms_TyK0-mwg is fully authorized. Processing finalization
webserver # [ 32.481669] acme-http.example.test-start[1242]: 2024/11/28 20:53:15 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 32.851721] pebble[681]: Pebble 2024/11/28 20:53:15 Issued certificate serial 058f4c0a50572bff for order Mq0q0cbtms-bGsUpfPLGSe8hMb1tG9D5ms_TyK0-mwg
acme # [ 32.853842] pebble[681]: Pebble 2024/11/28 20:53:15 POST /my-order/ -> calling handler()
acme # [ 32.855250] pebble[681]: Pebble 2024/11/28 20:53:15 POST /certZ/ -> calling handler()
webserver # [ 32.489271] acme-http.example.test-start[1242]: 2024/11/28 20:53:15 [INFO] [http.example.test] Server responded with a certificate.
webserver # [ 32.497876] acme-http.example.test-start[1227]: + mv domainhash.txt certificates/
webserver # [ 32.504300] acme-http.example.test-start[1227]: + chown acme:acme certificates/domainhash.txt certificates/http.example.test.crt certificates/http.example.test.issuer.crt certificates/http.example.test.json certificates/http.example.test.key
webserver # [ 32.514068] acme-http.example.test-start[1227]: + cmp -s certificates/http.example.test.crt out/fullchain.pem
webserver # [ 32.518289] acme-http.example.test-start[1227]: + touch out/renewed
webserver # [ 32.523957] acme-http.example.test-start[1227]: + echo Installing new certificate
webserver # [ 32.525215] acme-http.example.test-start[1227]: Installing new certificate
webserver # [ 32.526377] acme-http.example.test-start[1227]: + cp -vp certificates/http.example.test.crt out/fullchain.pem
webserver # [ 32.531828] acme-http.example.test-start[1312]: 'certificates/http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 32.533905] acme-http.example.test-start[1227]: + cp -vp certificates/http.example.test.key out/key.pem
webserver # [ 32.538979] acme-http.example.test-start[1313]: 'certificates/http.example.test.key' -> 'out/key.pem'
webserver # [ 32.541071] acme-http.example.test-start[1227]: + cp -vp certificates/http.example.test.issuer.crt out/chain.pem
webserver # [ 32.546482] acme-http.example.test-start[1314]: 'certificates/http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 32.548422] acme-http.example.test-start[1227]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 32.554364] acme-http.example.test-start[1227]: + cat out/key.pem out/fullchain.pem
webserver # [ 32.560384] acme-http.example.test-start[1227]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 32.567032] acme-http.example.test-start[1227]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 32.568196] acme-http.example.test-start[1227]: Releasing lock /run/acme/1.lock
webserver # [ 32.611512] systemd[1]: acme-http.example.test.service: Deactivated successfully.
webserver # [ 32.613208] systemd[1]: Finished Renew ACME certificate for http.example.test.
webserver # [ 32.615110] systemd[1]: acme-http.example.test.service: Consumed 176ms CPU time, 20.1M memory peak, 13.4K incoming IP traffic, 9.1K outgoing IP traffic.
webserver # [ 32.874895] nixos[1164]: finished switching to system configuration /nix/store/id3kl9byv3vny0gbmcn62303n4r1aass-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/renew/bin/switch-to-configuration test, in 5.96 seconds)
webserver # [ 32.917376] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 32.919430] systemd[1]: Generate self-signed certificate for http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/http.example.test/key.pem).
webserver # [ 32.927835] systemd[1]: Starting Renew ACME certificate for http.example.test...
webserver # [ 32.985606] acme-http.example.test-start[1329]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 32.988794] acme-http.example.test-start[1329]: Acquired lock /run/acme/1.lock
webserver # [ 32.989945] acme-http.example.test-start[1329]: + set -euo pipefail
webserver # [ 32.991198] acme-http.example.test-start[1329]: + echo 78c80081fedd8a7ae50d
webserver # [ 32.992215] acme-http.example.test-start[1329]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 32.996508] acme-http.example.test-start[1329]: + '[' -e certificates/http.example.test.key ']'
webserver # [ 32.997962] acme-http.example.test-start[1329]: + '[' -e certificates/http.example.test.crt ']'
webserver # [ 32.999713] acme-http.example.test-start[1332]: ++ find accounts -name [email protected]
webserver # [ 33.007204] acme-http.example.test-start[1329]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 33.008885] acme-http.example.test-start[1329]: + lego --accept-tos --path . -d http.example.test --email [email protected] --key-type ec256 --http --http.port :80 --server https://acme.test/dir renew --no-random-sleep --days 9999
acme # [ 33.459969] pebble[681]: Pebble 2024/11/28 20:53:16 GET /dir -> calling handler()
webserver # [ 33.092916] acme-http.example.test-start[1333]: 2024/11/28 20:53:15 [INFO] [http.example.test] acme: Trying renewal with 43823 hours remaining
webserver # [ 33.095215] acme-http.example.test-start[1333]: 2024/11/28 20:53:15 [INFO] [http.example.test] acme: Obtaining bundled SAN certificate
acme # [ 33.465156] pebble[681]: Pebble 2024/11/28 20:53:16 HEAD /nonce-plz -> calling handler()
acme # [ 33.466694] pebble[681]: Pebble 2024/11/28 20:53:16 POST /order-plz -> calling handler()
acme # [ 33.468456] pebble[681]: Pebble 2024/11/28 20:53:16 Added order "C3_8ACBgshhuskfQAAN-jHTFe7Ew1YeaDdpA3yEb5Rg" to the db
acme # [ 33.470312] pebble[681]: Pebble 2024/11/28 20:53:16 There are now 3 orders in the db
acme # [ 33.527472] pebble[681]: Pebble 2024/11/28 20:53:16 POST /authZ/ -> calling handler()
webserver # [ 33.159823] acme-http.example.test-start[1333]: 2024/11/28 20:53:15 [INFO] [http.example.test] AuthURL: https://acme.test/authZ/siGGdkr-2--ZSq4uOZcWK6WBzEcl485jTE6-KPcxX5A
acme # [ 33.530538] pebble[681]: Pebble 2024/11/28 20:53:16 POST /finalize-order/ -> calling handler()
webserver # [ 33.162496] acme-http.example.test-start[1333]: 2024/11/28 20:53:15 [INFO] [http.example.test] acme: authorization already valid; skipping challenge
webserver # [ 33.164252] acme-http.example.test-start[1333]: 2024/11/28 20:53:15 [INFO] [http.example.test] acme: Validations succeeded; requesting certificates
acme # [ 33.533057] pebble[681]: Pebble 2024/11/28 20:53:16 Order C3_8ACBgshhuskfQAAN-jHTFe7Ew1YeaDdpA3yEb5Rg is fully authorized. Processing finalization
webserver # [ 33.166396] acme-http.example.test-start[1333]: 2024/11/28 20:53:15 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 33.537028] pebble[681]: Pebble 2024/11/28 20:53:16 Issued certificate serial 7e9aea18acf5e200 for order C3_8ACBgshhuskfQAAN-jHTFe7Ew1YeaDdpA3yEb5Rg
acme # [ 33.539275] pebble[681]: Pebble 2024/11/28 20:53:16 POST /my-order/ -> calling handler()
acme # [ 33.542058] pebble[681]: Pebble 2024/11/28 20:53:16 POST /certZ/ -> calling handler()
webserver # [ 33.176419] acme-http.example.test-start[1333]: 2024/11/28 20:53:15 [INFO] [http.example.test] Server responded with a certificate.
webserver # [ 33.183582] acme-http.example.test-start[1329]: + mv domainhash.txt certificates/
webserver # [ 33.190108] acme-http.example.test-start[1329]: + chown acme:acme certificates/domainhash.txt certificates/http.example.test.crt certificates/http.example.test.issuer.crt certificates/http.example.test.json certificates/http.example.test.key
webserver # [ 33.200084] acme-http.example.test-start[1329]: + cmp -s certificates/http.example.test.crt out/fullchain.pem
webserver # [ 33.204583] acme-http.example.test-start[1329]: + touch out/renewed
webserver # [ 33.210457] acme-http.example.test-start[1329]: + echo Installing new certificate
webserver # [ 33.211801] acme-http.example.test-start[1329]: Installing new certificate
webserver # [ 33.213069] acme-http.example.test-start[1329]: + cp -vp certificates/http.example.test.crt out/fullchain.pem
webserver # [ 33.218608] acme-http.example.test-start[1342]: 'certificates/http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 33.221241] acme-http.example.test-start[1329]: + cp -vp certificates/http.example.test.key out/key.pem
webserver # [ 33.226229] acme-http.example.test-start[1343]: 'certificates/http.example.test.key' -> 'out/key.pem'
webserver # [ 33.228657] acme-http.example.test-start[1329]: + cp -vp certificates/http.example.test.issuer.crt out/chain.pem
webserver # [ 33.233835] acme-http.example.test-start[1344]: 'certificates/http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 33.236192] acme-http.example.test-start[1329]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 33.242263] acme-http.example.test-start[1329]: + cat out/key.pem out/fullchain.pem
webserver # [ 33.248768] acme-http.example.test-start[1329]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 33.255761] acme-http.example.test-start[1329]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 33.257046] acme-http.example.test-start[1329]: Releasing lock /run/acme/1.lock
webserver # [ 33.301548] systemd[1]: acme-http.example.test.service: Deactivated successfully.
webserver # [ 33.305586] systemd[1]: Finished Renew ACME certificate for http.example.test.
webserver # [ 33.308259] systemd[1]: acme-http.example.test.service: Consumed 161ms CPU time, 21M memory peak, 8K incoming IP traffic, 4.9K outgoing IP traffic.
webserver: waiting for unit acme-finished-http.example.test.target
(finished: waiting for unit acme-finished-http.example.test.target, in 0.05 seconds)
webserver: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem
(finished: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem, in 0.02 seconds)
webserver: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem | openssl x509 -noout -text
(finished: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem | openssl x509 -noout -text, in 0.05 seconds)
First DNSName in fullchain.pem: dns:http.example.test
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/cert.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/fullchain.pem, in 0.04 seconds)
webserver: must succeed: sha256sum /var/lib/acme/http.example.test/cert.pem
(finished: must succeed: sha256sum /var/lib/acme/http.example.test/cert.pem, in 0.02 seconds)
(finished: subtest: Can renew certificates when they expire, in 6.68 seconds)
subtest: Handles email change correctly
webserver: must succeed: sha256sum /var/lib/acme/http.example.test/cert.pem
(finished: must succeed: sha256sum /var/lib/acme/http.example.test/cert.pem, in 0.02 seconds)
webserver: must succeed: /tmp/specialisation/accountchange/bin/switch-to-configuration test
webserver # [ 34.054494] nixos[1387]: switching to system configuration /nix/store/rx5pj5mfrhkg2qlnwz6bb1cbnv38j5dm-nixos-system-webserver-test
webserver # [ 34.057216] systemd[1]: Stopped target Remote File Systems.
webserver # [ 34.059333] systemd[1]: Stopped target Local File Systems.
webserver # activating the configuration...
webserver # [ 34.469502] systemd[1]: Reload requested from client PID 1387 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 34.471394] systemd[1]: Reloading...
webserver # [ 34.707517] systemd-ssh-generator[1444]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 34.956116] systemd[1]: Reloading finished in 482 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 34.972891] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 34.974642] systemd[1]: Stopping Reactivate sysinit units...
webserver # [ 34.975586] systemd[1]: Reached target Reactivate sysinit units.
webserver # [ 34.982059] systemd[1]: Reached target Remote File Systems.
webserver # [ 34.982983] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 34.985139] systemd[1]: Generate self-signed certificate for http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/http.example.test/key.pem).
webserver # [ 34.992065] systemd[1]: Starting Renew ACME certificate for http.example.test...
webserver # [ 35.023501] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 35.028406] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 35.029528] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 35.033090] systemd[1]: Reached target Local File Systems.
webserver # [ 35.033973] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 35.036156] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 35.039473] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 35.042519] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 35.050250] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 35.061563] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 35.101286] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 35.103927] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 35.105478] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 35.144595] acme-http.example.test-start[1449]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 35.149083] acme-http.example.test-start[1449]: Acquired lock /run/acme/1.lock
webserver # [ 35.150143] acme-http.example.test-start[1449]: + set -euo pipefail
webserver # [ 35.151054] acme-http.example.test-start[1449]: + echo 78c80081fedd8a7ae50d
webserver # [ 35.152037] acme-http.example.test-start[1449]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 35.157385] acme-http.example.test-start[1449]: + '[' -e certificates/http.example.test.key ']'
webserver # [ 35.158645] acme-http.example.test-start[1449]: + '[' -e certificates/http.example.test.crt ']'
webserver # [ 35.160128] acme-http.example.test-start[1463]: ++ find accounts -name [email protected]
webserver # [ 35.169100] acme-http.example.test-start[1449]: + '[' -n '' ']'
webserver # [ 35.170508] acme-http.example.test-start[1449]: + lego --accept-tos --path . -d http.example.test --email [email protected] --key-type ec256 --http --http.port :80 --server https://acme.test/dir run
webserver # [ 35.241187] acme-http.example.test-start[1465]: 2024/11/28 20:53:17 No key found for account [email protected]. Generating a P256 key.
webserver # [ 35.242920] acme-http.example.test-start[1465]: 2024/11/28 20:53:17 Saved key to accounts/acme.test/[email protected]/keys/[email protected]
acme # [ 35.665212] pebble[681]: Pebble 2024/11/28 20:53:18 GET /dir -> calling handler()
webserver # [ 35.297976] acme-http.example.test-start[1465]: 2024/11/28 20:53:17 [INFO] acme: Registering account for [email protected]
acme # [ 35.668720] pebble[681]: Pebble 2024/11/28 20:53:18 HEAD /nonce-plz -> calling handler()
acme # [ 35.670301] pebble[681]: Pebble 2024/11/28 20:53:18 POST /sign-me-up -> calling handler()
webserver # [ 35.304509] acme-http.example.test-start[1465]: !!!! HEADS UP !!!!
acme # [ 35.672218] pebble[681]: Pebble 2024/11/28 20:53:18 There are now 2 accounts in memory
webserver # [ 35.305452] acme-http.example.test-start[1465]: Your account credentials have been saved in your Let's Encrypt
webserver # [ 35.306816] acme-http.example.test-start[1465]: configuration directory at "accounts".
webserver # [ 35.307932] acme-http.example.test-start[1465]: You should make a secure backup of this folder now. This
webserver # [ 35.309234] acme-http.example.test-start[1465]: configuration directory will also contain certificates and
webserver # [ 35.310559] acme-http.example.test-start[1465]: private keys obtained from Let's Encrypt so making regular
webserver # [ 35.312468] acme-http.example.test-start[1465]: backups of this folder is ideal.
acme # [ 35.680733] pebble[681]: Pebble 2024/11/28 20:53:18 POST /order-plz -> calling handler()
acme # [ 35.681891] pebble[681]: Pebble 2024/11/28 20:53:18 There are now 3 authorizations in the db
webserver # [ 35.313972] acme-http.example.test-start[1465]: 2024/11/28 20:53:17 [INFO] [http.example.test] acme: Obtaining bundled SAN certificate
acme # [ 35.683082] pebble[681]: Pebble 2024/11/28 20:53:18 Added order "nWDUEqQkqwn2Z8Rdl7a4KJM-svGqE4UClKP5JxnS7kk" to the db
acme # [ 35.684544] pebble[681]: Pebble 2024/11/28 20:53:18 There are now 4 orders in the db
acme # [ 35.738765] pebble[681]: Pebble 2024/11/28 20:53:18 POST /authZ/ -> calling handler()
webserver # [ 35.371438] acme-http.example.test-start[1465]: 2024/11/28 20:53:18 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/authZ/sAH0yJ4gNKVeqUuso-OCs3jRYDid7EPe7JrBH1V9sEc :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: AmaWKZrWxbNTfzMjJw5sGg
webserver # [ 35.494448] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 35.499062] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 35.500672] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 35.503329] systemd[1]: Generate self-signed certificate for http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/http.example.test/key.pem).
acme # [ 35.985505] pebble[681]: Pebble 2024/11/28 20:53:18 POST /authZ/ -> calling handler()
acme # [ 35.988817] pebble[681]: Pebble 2024/11/28 20:53:18 POST /chalZ/ -> calling handler()
webserver # [ 35.620285] acme-http.example.test-start[1465]: 2024/11/28 20:53:18 [INFO] [http.example.test] AuthURL: https://acme.test/authZ/sAH0yJ4gNKVeqUuso-OCs3jRYDid7EPe7JrBH1V9sEc
webserver # [ 35.622350] acme-http.example.test-start[1465]: 2024/11/28 20:53:18 [INFO] [http.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 35.624061] acme-http.example.test-start[1465]: 2024/11/28 20:53:18 [INFO] [http.example.test] acme: use http-01 solver
acme # [ 35.989981] pebble[681]: Pebble 2024/11/28 20:53:18 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"http.example.test"}, Challenge:(*core.Challenge)(0xc0000dadc0), Account:(*core.Account)(0xc0002c59e0), AccountURL:"https://acme.test/my-account/1cefef2cc41a0758", Wildcard:false}
acme # [ 35.993580] pebble[681]: Pebble 2024/11/28 20:53:18 Starting 3 validations.
webserver # [ 35.625565] acme-http.example.test-start[1465]: 2024/11/28 20:53:18 [INFO] [http.example.test] acme: Trying to solve HTTP-01
acme # [ 35.994606] pebble[681]: Pebble 2024/11/28 20:53:18 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/vXNnDg3owrFcc_0IcTN88SE-AZKFL4l9lKiYcxhIwqY
acme # [ 35.997827] pebble[681]: Pebble 2024/11/28 20:53:18 POST /authZ/ -> calling handler()
acme # [ 35.999771] pebble[681]: Pebble 2024/11/28 20:53:18 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/vXNnDg3owrFcc_0IcTN88SE-AZKFL4l9lKiYcxhIwqY
acme # [ 36.002796] pebble[681]: Pebble 2024/11/28 20:53:18 Attempting to validate w/ HTTP: http://http.example.test:80/.well-known/acme-challenge/vXNnDg3owrFcc_0IcTN88SE-AZKFL4l9lKiYcxhIwqY
webserver # [ 35.638962] acme-http.example.test-start[1465]: 2024/11/28 20:53:18 [INFO] [http.example.test] Served key authentication
webserver # [ 35.641383] acme-http.example.test-start[1465]: 2024/11/28 20:53:18 [INFO] [http.example.test] Served key authentication
webserver # [ 35.643266] acme-http.example.test-start[1465]: 2024/11/28 20:53:18 [INFO] [http.example.test] Served key authentication
acme # [ 36.011303] pebble[681]: Pebble 2024/11/28 20:53:18 authz sAH0yJ4gNKVeqUuso-OCs3jRYDid7EPe7JrBH1V9sEc set VALID by completed challenge WPZJwENEwUzIj1W8H1OVkR2lnzO4Wwmcq6qZmiVf1cQ
acme # [ 40.581307] pebble[681]: Pebble 2024/11/28 20:53:23 POST /authZ/ -> calling handler()
webserver # [ 40.214092] acme-http.example.test-start[1465]: 2024/11/28 20:53:22 [INFO] [http.example.test] The server validated our request
acme # [ 40.583342] pebble[681]: Pebble 2024/11/28 20:53:23 POST /finalize-order/ -> calling handler()
webserver # [ 40.215776] acme-http.example.test-start[1465]: 2024/11/28 20:53:22 [INFO] [http.example.test] acme: Validations succeeded; requesting certificates
acme # [ 40.585249] pebble[681]: Pebble 2024/11/28 20:53:23 Order nWDUEqQkqwn2Z8Rdl7a4KJM-svGqE4UClKP5JxnS7kk is fully authorized. Processing finalization
webserver # [ 40.220069] acme-http.example.test-start[1465]: 2024/11/28 20:53:22 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 40.590076] pebble[681]: Pebble 2024/11/28 20:53:23 Issued certificate serial 182c6cd10779ac14 for order nWDUEqQkqwn2Z8Rdl7a4KJM-svGqE4UClKP5JxnS7kk
acme # [ 40.592194] pebble[681]: Pebble 2024/11/28 20:53:23 POST /my-order/ -> calling handler()
acme # [ 40.593773] pebble[681]: Pebble 2024/11/28 20:53:23 POST /certZ/ -> calling handler()
webserver # [ 40.228165] acme-http.example.test-start[1465]: 2024/11/28 20:53:22 [INFO] [http.example.test] Server responded with a certificate.
webserver # [ 40.234380] acme-http.example.test-start[1449]: + mv domainhash.txt certificates/
webserver # [ 40.240895] acme-http.example.test-start[1449]: + chown acme:acme certificates/domainhash.txt certificates/http.example.test.crt certificates/http.example.test.issuer.crt certificates/http.example.test.json certificates/http.example.test.key
webserver # [ 40.250499] acme-http.example.test-start[1449]: + cmp -s certificates/http.example.test.crt out/fullchain.pem
webserver # [ 40.254759] acme-http.example.test-start[1449]: + touch out/renewed
webserver # [ 40.260455] acme-http.example.test-start[1449]: + echo Installing new certificate
webserver # [ 40.261722] acme-http.example.test-start[1449]: Installing new certificate
webserver # [ 40.262833] acme-http.example.test-start[1449]: + cp -vp certificates/http.example.test.crt out/fullchain.pem
webserver # [ 40.268640] acme-http.example.test-start[1534]: 'certificates/http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 40.270624] acme-http.example.test-start[1449]: + cp -vp certificates/http.example.test.key out/key.pem
webserver # [ 40.275707] acme-http.example.test-start[1535]: 'certificates/http.example.test.key' -> 'out/key.pem'
webserver # [ 40.278100] acme-http.example.test-start[1449]: + cp -vp certificates/http.example.test.issuer.crt out/chain.pem
webserver # [ 40.283092] acme-http.example.test-start[1536]: 'certificates/http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 40.285358] acme-http.example.test-start[1449]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 40.291416] acme-http.example.test-start[1449]: + cat out/key.pem out/fullchain.pem
webserver # [ 40.297647] acme-http.example.test-start[1449]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 40.304287] acme-http.example.test-start[1449]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 40.305445] acme-http.example.test-start[1449]: Releasing lock /run/acme/1.lock
webserver # [ 40.348357] systemd[1]: acme-http.example.test.service: Deactivated successfully.
webserver # [ 40.351061] systemd[1]: Finished Renew ACME certificate for http.example.test.
webserver # [ 40.352168] systemd[1]: acme-http.example.test.service: Consumed 170ms CPU time, 20M memory peak, 14K incoming IP traffic, 9.8K outgoing IP traffic.
webserver # [ 40.611606] nixos[1387]: finished switching to system configuration /nix/store/rx5pj5mfrhkg2qlnwz6bb1cbnv38j5dm-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/accountchange/bin/switch-to-configuration test, in 7.01 seconds)
webserver # [ 40.654082] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 40.656280] systemd[1]: Generate self-signed certificate for http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/http.example.test/key.pem).
webserver # [ 40.664592] systemd[1]: Starting Renew ACME certificate for http.example.test...
webserver # [ 40.723732] acme-http.example.test-start[1551]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 40.726982] acme-http.example.test-start[1551]: Acquired lock /run/acme/1.lock
webserver # [ 40.728152] acme-http.example.test-start[1551]: + set -euo pipefail
webserver # [ 40.729564] acme-http.example.test-start[1551]: + echo 78c80081fedd8a7ae50d
webserver # [ 40.730588] acme-http.example.test-start[1551]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 40.734636] acme-http.example.test-start[1551]: + '[' -e certificates/http.example.test.key ']'
webserver # [ 40.736129] acme-http.example.test-start[1551]: + '[' -e certificates/http.example.test.crt ']'
webserver # [ 40.737892] acme-http.example.test-start[1554]: ++ find accounts -name [email protected]
webserver # [ 40.745264] acme-http.example.test-start[1551]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 40.746815] acme-http.example.test-start[1551]: + lego --accept-tos --path . -d http.example.test --email [email protected] --key-type ec256 --http --http.port :80 --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 41.201624] pebble[681]: Pebble 2024/11/28 20:53:23 GET /dir -> calling handler()
webserver # [ 40.834489] acme-http.example.test-start[1555]: 2024/11/28 20:53:23 [http.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 40.841299] acme-http.example.test-start[1551]: + mv domainhash.txt certificates/
webserver # [ 40.847735] acme-http.example.test-start[1551]: + chown acme:acme certificates/domainhash.txt certificates/http.example.test.crt certificates/http.example.test.issuer.crt certificates/http.example.test.json certificates/http.example.test.key
webserver # [ 40.857384] acme-http.example.test-start[1551]: + cmp -s certificates/http.example.test.crt out/fullchain.pem
webserver # [ 40.861796] acme-http.example.test-start[1551]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 40.868320] acme-http.example.test-start[1551]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 40.869473] acme-http.example.test-start[1551]: Releasing lock /run/acme/1.lock
webserver # [ 40.906973] systemd[1]: acme-http.example.test.service: Deactivated successfully.
webserver # [ 40.912077] systemd[1]: Finished Renew ACME certificate for http.example.test.
webserver # [ 40.913165] systemd[1]: acme-http.example.test.service: Consumed 144ms CPU time, 20.3M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver: waiting for unit acme-finished-http.example.test.target
(finished: waiting for unit acme-finished-http.example.test.target, in 0.04 seconds)
webserver: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem
(finished: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem, in 0.02 seconds)
webserver: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem | openssl x509 -noout -text
(finished: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/http.example.test/fullchain.pem | openssl x509 -noout -text, in 0.05 seconds)
First DNSName in fullchain.pem: dns:http.example.test
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/cert.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/http.example.test/fullchain.pem, in 0.04 seconds)
webserver: must succeed: sha256sum /var/lib/acme/http.example.test/cert.pem
(finished: must succeed: sha256sum /var/lib/acme/http.example.test/cert.pem, in 0.02 seconds)
(finished: subtest: Handles email change correctly, in 7.60 seconds)
webserver: must succeed: /tmp/specialisation/general/bin/switch-to-configuration test
webserver # stopping the following units: acme-finished-http.example.test.target, acme-fixperms.service, acme-http.example.test.timer, systemd-modules-load.service, systemd-tmpfiles-resetup.service
webserver # [ 41.628382] nixos[1598]: switching to system configuration /nix/store/cc8skkiwi71197296pcgbwqzjl94c90d-nixos-system-webserver-test
webserver # [ 41.631344] systemd[1]: Stopped target acme-finished-http.example.test.target.
webserver # [ 41.634069] systemd[1]: Stopped target Local File Systems.
webserver # [ 41.637166] systemd[1]: acme-fixperms.service: Deactivated successfully.
webserver # [ 41.638201] systemd[1]: Stopped Fix owner and group of all ACME certificates.
webserver # [ 41.643699] systemd[1]: acme-http.example.test.timer: Deactivated successfully.
webserver # [ 41.645162] systemd[1]: Stopped Renew ACME Certificate for http.example.test.
webserver # [ 41.648041] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 41.648977] systemd[1]: systemd-tmpfiles-resetup.service: Deactivated successfully.
webserver # [ 41.652131] systemd[1]: Stopped Re-setup tmpfiles on a system that is already running..
webserver # [ 41.653325] systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dresetup.service.mount: Deactivated successfully.
webserver # [ 41.656065] systemd[1]: systemd-modules-load.service: Deactivated successfully.
webserver # [ 41.657552] systemd[1]: Stopped Load Kernel Modules.
webserver # [ 41.660361] systemd[1]: Stopped target Remote File Systems.
webserver # activating the configuration...
webserver # [ 42.076979] systemd[1]: Reload requested from client PID 1598 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 42.078841] systemd[1]: Reloading...
webserver # [ 42.316000] systemd-ssh-generator[1657]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 42.603437] systemd[1]: Reloading finished in 522 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 42.630222] systemd[1]: Starting Re-setup tmpfiles on a system that is already running....
webserver # [ 42.743219] systemd[1]: Finished Re-setup tmpfiles on a system that is already running..
webserver # [ 42.745245] systemd[1]: Reached target Reactivate sysinit units.
webserver # reloading the following units: dbus.service
webserver # [ 42.749956] systemd[1]: Reloading D-Bus System Message Bus...
webserver # [ 42.781442] dbus-daemon[669]: Unknown username "systemd-timesync" in message bus configuration file
webserver # [ 42.793287] dbus-daemon[669]: [system] Reloaded configuration
webserver # [ 42.795269] dbus-send[1665]: method return time=1732827205.424239 sender=org.freedesktop.DBus -> destination=:1.9 serial=3 reply_serial=2
webserver # [ 42.808520] dbus-daemon[669]: Unknown username "systemd-timesync" in message bus configuration file
webserver # [ 42.820046] dbus-daemon[669]: [system] Reloaded configuration
webserver # [ 42.821210] systemd[1]: Reloaded D-Bus System Message Bus.
webserver # starting the following units: acme-fixperms.service, systemd-modules-load.service, systemd-tmpfiles-resetup.service
webserver # [ 42.833421] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 42.835937] systemd[1]: Started Renew ACME Certificate for a.example.test.
webserver # [ 42.838625] systemd[1]: Started Renew ACME Certificate for b.example.test.
webserver # [ 42.839914] systemd[1]: Started Renew ACME Certificate for c.example.test.
webserver # [ 42.844776] systemd[1]: Reached target Remote File Systems.
webserver # [ 42.853342] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 42.859907] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 42.860960] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 42.862885] systemd[1]: Reached target Local File Systems.
webserver # [ 42.866354] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 42.867798] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 42.873448] systemd[1]: Starting Load Kernel Modules...
webserver # [ 42.876467] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 42.879140] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 42.893080] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 42.920800] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 42.945168] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 42.946765] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 42.949947] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 42.976831] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 42.982892] systemd-modules-load[1670]: Inserted module 'tls'
webserver # [ 42.992256] systemd[1]: Finished Load Kernel Modules.
webserver # [ 43.288616] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 43.292083] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 43.295134] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 43.301100] systemd[1]: Starting Generate self-signed certificate for a.example.test...
webserver # [ 43.306124] systemd[1]: Starting Generate self-signed certificate for b.example.test...
webserver # [ 43.310954] systemd[1]: Starting Generate self-signed certificate for c.example.test...
webserver # [ 43.436245] acme-selfsigned-a.example.test-start[1745]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 43.440940] acme-selfsigned-a.example.test-start[1745]: Acquired lock /run/acme/1.lock
webserver # [ 43.447268] acme-selfsigned-c.example.test-start[1747]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 43.450757] acme-selfsigned-b.example.test-start[1746]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 43.455201] acme-selfsigned-c.example.test-start[1747]: Acquired lock /run/acme/3.lock
webserver # [ 43.456900] acme-selfsigned-b.example.test-start[1746]: Acquired lock /run/acme/2.lock
webserver # [ 43.524274] acme-selfsigned-a.example.test-start[1745]: Releasing lock /run/acme/1.lock
webserver # [ 43.529085] systemd[1]: acme-selfsigned-a.example.test.service: Deactivated successfully.
webserver # [ 43.532638] systemd[1]: Finished Generate self-signed certificate for a.example.test.
webserver # [ 43.535487] acme-selfsigned-c.example.test-start[1747]: Releasing lock /run/acme/3.lock
webserver # [ 43.539612] systemd[1]: acme-selfsigned-c.example.test.service: Deactivated successfully.
webserver # [ 43.541422] acme-selfsigned-b.example.test-start[1746]: Releasing lock /run/acme/2.lock
webserver # [ 43.543626] systemd[1]: Finished Generate self-signed certificate for c.example.test.
webserver # [ 43.548754] systemd[1]: acme-selfsigned-b.example.test.service: Deactivated successfully.
webserver # [ 43.554196] systemd[1]: Finished Generate self-signed certificate for b.example.test.
webserver # [ 43.564706] systemd[1]: Starting Nginx Web Server...
webserver # [ 43.669321] nginx-pre-start[1788]: nginx: the configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf syntax is ok
webserver # [ 43.671381] nginx-pre-start[1788]: nginx: configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf test is successful
webserver # [ 43.679667] systemd[1]: Started Nginx Web Server.
webserver # [ 43.686306] systemd[1]: Starting Renew ACME certificate for a.example.test...
webserver # [ 43.778958] acme-a.example.test-start[1791]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 43.783513] acme-a.example.test-start[1791]: Acquired lock /run/acme/1.lock
webserver # [ 43.784812] acme-a.example.test-start[1791]: + set -euo pipefail
webserver # [ 43.785927] acme-a.example.test-start[1793]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 43.794758] acme-a.example.test-start[1793]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 43.804383] acme-a.example.test-start[1791]: + echo 9c8503f9419119933b04
webserver # [ 43.806402] acme-a.example.test-start[1791]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 43.810139] nginx[1790]: 2024/11/28 20:53:26 [notice] 1790#1790: using the "epoll" event method
webserver # [ 43.811597] nginx[1790]: 2024/11/28 20:53:26 [notice] 1790#1790: nginx/1.26.2
webserver # [ 43.812983] nginx[1790]: 2024/11/28 20:53:26 [notice] 1790#1790: built by gcc 13.3.0 (GCC)
webserver # [ 43.814482] nginx[1790]: 2024/11/28 20:53:26 [notice] 1790#1790: OS: Linux 6.6.63
webserver # [ 43.815780] nginx[1790]: 2024/11/28 20:53:26 [notice] 1790#1790: getrlimit(RLIMIT_NOFILE): 1024:524288
webserver # [ 43.817767] nginx[1790]: 2024/11/28 20:53:26 [notice] 1790#1790: start worker processes
webserver # [ 43.818926] nginx[1790]: 2024/11/28 20:53:26 [notice] 1790#1790: start worker process 1796
webserver # [ 43.820366] acme-a.example.test-start[1791]: + lego --accept-tos --path . -d a.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
acme # [ 44.265474] pebble[681]: Pebble 2024/11/28 20:53:26 GET /dir -> calling handler()
acme # [ 44.267921] pebble[681]: Pebble 2024/11/28 20:53:26 HEAD /nonce-plz -> calling handler()
webserver # [ 43.900034] acme-a.example.test-start[1797]: 2024/11/28 20:53:26 [INFO] [a.example.test] acme: Obtaining bundled SAN certificate
acme # [ 44.270687] pebble[681]: Pebble 2024/11/28 20:53:26 POST /order-plz -> calling handler()
acme # [ 44.272109] pebble[681]: Pebble 2024/11/28 20:53:26 There are now 4 authorizations in the db
acme # [ 44.273524] pebble[681]: Pebble 2024/11/28 20:53:26 Added order "OkpBihTlVVajqr3pTKE1Yb7sT0TSQQDsyUktLguNr4o" to the db
acme # [ 44.275299] pebble[681]: Pebble 2024/11/28 20:53:26 There are now 5 orders in the db
acme # [ 44.327293] pebble[681]: Pebble 2024/11/28 20:53:26 POST /authZ/ -> calling handler()
webserver # [ 43.959589] acme-a.example.test-start[1797]: 2024/11/28 20:53:26 [INFO] [a.example.test] AuthURL: https://acme.test/authZ/hOXvQIaXT0xXwMRK1nVTzyqmoorxmgpvgAUb7HY5jZI
acme # [ 44.330084] pebble[681]: Pebble 2024/11/28 20:53:26 POST /chalZ/ -> calling handler()
webserver # [ 43.961974] acme-a.example.test-start[1797]: 2024/11/28 20:53:26 [INFO] [a.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 43.963629] acme-a.example.test-start[1797]: 2024/11/28 20:53:26 [INFO] [a.example.test] acme: use http-01 solver
webserver # [ 43.965119] acme-a.example.test-start[1797]: 2024/11/28 20:53:26 [INFO] [a.example.test] acme: Trying to solve HTTP-01
acme # [ 44.332359] pebble[681]: Pebble 2024/11/28 20:53:26 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"a.example.test"}, Challenge:(*core.Challenge)(0xc0000db2c0), Account:(*core.Account)(0xc000129020), AccountURL:"https://acme.test/my-account/732aad53f2e0a1f4", Wildcard:false}
acme # [ 44.336622] pebble[681]: Pebble 2024/11/28 20:53:26 Starting 3 validations.
acme # [ 44.337870] pebble[681]: Pebble 2024/11/28 20:53:26 Attempting to validate w/ HTTP: http://a.example.test:80/.well-known/acme-challenge/PX4fkINiswfM0q9dtVuA-o10MU0XGLs4YeKqx1EWreE
acme # [ 44.341031] pebble[681]: Pebble 2024/11/28 20:53:26 POST /authZ/ -> calling handler()
acme # [ 44.342385] pebble[681]: Pebble 2024/11/28 20:53:26 Attempting to validate w/ HTTP: http://a.example.test:80/.well-known/acme-challenge/PX4fkINiswfM0q9dtVuA-o10MU0XGLs4YeKqx1EWreE
acme # [ 44.346172] pebble[681]: Pebble 2024/11/28 20:53:26 Attempting to validate w/ HTTP: http://a.example.test:80/.well-known/acme-challenge/PX4fkINiswfM0q9dtVuA-o10MU0XGLs4YeKqx1EWreE
acme # [ 44.352885] pebble[681]: Pebble 2024/11/28 20:53:26 authz hOXvQIaXT0xXwMRK1nVTzyqmoorxmgpvgAUb7HY5jZI set VALID by completed challenge H63a0WDM1wtQW8BuvHgG6GW1jAFIDep7RfQzKDuHw64
acme # [ 48.584776] pebble[681]: Pebble 2024/11/28 20:53:31 POST /authZ/ -> calling handler()
webserver # [ 48.217602] acme-a.example.test-start[1797]: 2024/11/28 20:53:30 [INFO] [a.example.test] The server validated our request
acme # [ 48.586726] pebble[681]: Pebble 2024/11/28 20:53:31 POST /finalize-order/ -> calling handler()
webserver # [ 48.219417] acme-a.example.test-start[1797]: 2024/11/28 20:53:30 [INFO] [a.example.test] acme: Validations succeeded; requesting certificates
acme # [ 48.589174] pebble[681]: Pebble 2024/11/28 20:53:31 Order OkpBihTlVVajqr3pTKE1Yb7sT0TSQQDsyUktLguNr4o is fully authorized. Processing finalization
webserver # [ 48.224069] acme-a.example.test-start[1797]: 2024/11/28 20:53:30 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 48.594796] pebble[681]: Pebble 2024/11/28 20:53:31 Issued certificate serial 0bab4b1216628acd for order OkpBihTlVVajqr3pTKE1Yb7sT0TSQQDsyUktLguNr4o
acme # [ 48.597836] pebble[681]: Pebble 2024/11/28 20:53:31 POST /my-order/ -> calling handler()
acme # [ 48.599327] pebble[681]: Pebble 2024/11/28 20:53:31 POST /certZ/ -> calling handler()
webserver # [ 48.233355] acme-a.example.test-start[1797]: 2024/11/28 20:53:30 [INFO] [a.example.test] Server responded with a certificate.
webserver # [ 48.240612] acme-a.example.test-start[1791]: + mv domainhash.txt certificates/
webserver # [ 48.247066] acme-a.example.test-start[1791]: + chown acme:nginx certificates/a.example.test.crt certificates/a.example.test.issuer.crt certificates/a.example.test.json certificates/a.example.test.key certificates/domainhash.txt
webserver # [ 48.257304] acme-a.example.test-start[1791]: + cmp -s certificates/a.example.test.crt out/fullchain.pem
webserver # [ 48.262247] acme-a.example.test-start[1791]: + touch out/renewed
webserver # [ 48.267758] acme-a.example.test-start[1791]: + echo Installing new certificate
webserver # [ 48.269082] acme-a.example.test-start[1791]: Installing new certificate
webserver # [ 48.270148] acme-a.example.test-start[1791]: + cp -vp certificates/a.example.test.crt out/fullchain.pem
webserver # [ 48.276381] acme-a.example.test-start[1805]: 'certificates/a.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 48.278084] acme-a.example.test-start[1791]: + cp -vp certificates/a.example.test.key out/key.pem
webserver # [ 48.283663] acme-a.example.test-start[1806]: 'certificates/a.example.test.key' -> 'out/key.pem'
webserver # [ 48.285393] acme-a.example.test-start[1791]: + cp -vp certificates/a.example.test.issuer.crt out/chain.pem
webserver # [ 48.290841] acme-a.example.test-start[1807]: 'certificates/a.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 48.292943] acme-a.example.test-start[1791]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 48.299164] acme-a.example.test-start[1791]: + cat out/key.pem out/fullchain.pem
webserver # [ 48.305698] acme-a.example.test-start[1791]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 48.312423] acme-a.example.test-start[1791]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 48.313680] acme-a.example.test-start[1791]: Releasing lock /run/acme/1.lock
webserver # [ 48.357507] systemd[1]: acme-a.example.test.service: Deactivated successfully.
webserver # [ 48.361597] systemd[1]: Finished Renew ACME certificate for a.example.test.
webserver # [ 48.364166] systemd[1]: acme-a.example.test.service: Consumed 158ms CPU time, 20.2M memory peak, 11.3K incoming IP traffic, 6.9K outgoing IP traffic.
webserver # [ 48.370789] systemd[1]: Reached target acme-account-d590213ed52603e9128d.target.
webserver # [ 48.377098] systemd[1]: Starting Renew ACME certificate for b.example.test...
webserver # [ 48.382246] systemd[1]: Starting Renew ACME certificate for c.example.test...
webserver # [ 48.491530] acme-b.example.test-start[1817]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 48.493822] acme-c.example.test-start[1818]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 48.497491] acme-b.example.test-start[1817]: Acquired lock /run/acme/2.lock
webserver # [ 48.498568] acme-b.example.test-start[1817]: + set -euo pipefail
webserver # [ 48.500441] acme-b.example.test-start[1821]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 48.502218] acme-c.example.test-start[1818]: Acquired lock /run/acme/3.lock
webserver # [ 48.503671] acme-c.example.test-start[1818]: + set -euo pipefail
webserver # [ 48.505079] acme-c.example.test-start[1822]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 48.511463] acme-c.example.test-start[1822]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 48.513235] acme-b.example.test-start[1821]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 48.523082] acme-c.example.test-start[1818]: + echo ced4ccfc78dd04ff3014
webserver # [ 48.524504] acme-c.example.test-start[1818]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 48.526199] acme-b.example.test-start[1817]: + echo 0fe0254e2c124c865860
webserver # [ 48.527541] acme-b.example.test-start[1817]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 48.532100] acme-c.example.test-start[1818]: + lego --accept-tos --path . -d c.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
webserver # [ 48.535271] acme-b.example.test-start[1817]: + lego --accept-tos --path . -d b.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
acme # [ 49.057989] pebble[681]: Pebble 2024/11/28 20:53:31 GET /dir -> calling handler()
acme # [ 49.060526] pebble[681]: Pebble 2024/11/28 20:53:31 GET /dir -> calling handler()
acme # [ 49.062108] pebble[681]: Pebble 2024/11/28 20:53:31 HEAD /nonce-plz -> calling handler()
webserver # [ 48.693454] acme-c.example.test-start[1828]: 2024/11/28 20:53:31 [INFO] [c.example.test] acme: Obtaining bundled SAN certificate
acme # [ 49.064060] pebble[681]: Pebble 2024/11/28 20:53:31 POST /order-plz -> calling handler()
webserver # [ 48.696422] acme-b.example.test-start[1827]: 2024/11/28 20:53:31 [INFO] [b.example.test] acme: Obtaining bundled SAN certificate
acme # [ 49.065254] pebble[681]: Pebble 2024/11/28 20:53:31 There are now 5 authorizations in the db
acme # [ 49.066455] pebble[681]: Pebble 2024/11/28 20:53:31 Added order "SXvFAYkMUnaUNkTuDyPWmINDlRF-98R96CS3xiEje4Y" to the db
acme # [ 49.068056] pebble[681]: Pebble 2024/11/28 20:53:31 There are now 6 orders in the db
acme # [ 49.069732] pebble[681]: Pebble 2024/11/28 20:53:31 HEAD /nonce-plz -> calling handler()
acme # [ 49.071255] pebble[681]: Pebble 2024/11/28 20:53:31 POST /order-plz -> calling handler()
webserver # [ 48.705168] acme-b.example.test-start[1827]: 2024/11/28 20:53:31 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/order-plz :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: q3h65556oIGroOPbKNrm9g
acme # [ 49.126528] pebble[681]: Pebble 2024/11/28 20:53:31 POST /authZ/ -> calling handler()
webserver # [ 48.758887] acme-c.example.test-start[1828]: 2024/11/28 20:53:31 [INFO] [c.example.test] AuthURL: https://acme.test/authZ/MuXET695pPk9uFnHLEADFGAqowmRgLouavI8uqcpmkA
webserver # [ 48.761255] acme-c.example.test-start[1828]: 2024/11/28 20:53:31 [INFO] [c.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 48.763159] acme-c.example.test-start[1828]: 2024/11/28 20:53:31 [INFO] [c.example.test] acme: use http-01 solver
acme # [ 49.132728] pebble[681]: Pebble 2024/11/28 20:53:31 POST /chalZ/ -> calling handler()
webserver # [ 48.764748] acme-c.example.test-start[1828]: 2024/11/28 20:53:31 [INFO] [c.example.test] acme: Trying to solve HTTP-01
acme # [ 49.134743] pebble[681]: Pebble 2024/11/28 20:53:31 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"c.example.test"}, Challenge:(*core.Challenge)(0xc0000db7c0), Account:(*core.Account)(0xc000129020), AccountURL:"https://acme.test/my-account/732aad53f2e0a1f4", Wildcard:false}
acme # [ 49.138519] pebble[681]: Pebble 2024/11/28 20:53:31 Starting 3 validations.
acme # [ 49.140198] pebble[681]: Pebble 2024/11/28 20:53:31 Attempting to validate w/ HTTP: http://c.example.test:80/.well-known/acme-challenge/7QPxKHQQPp4BPo-KIY6xFDlIorYyHSdLeAOp4OKK_ZQ
acme # [ 49.142735] pebble[681]: Pebble 2024/11/28 20:53:31 POST /authZ/ -> calling handler()
acme # [ 49.144668] pebble[681]: Pebble 2024/11/28 20:53:31 Attempting to validate w/ HTTP: http://c.example.test:80/.well-known/acme-challenge/7QPxKHQQPp4BPo-KIY6xFDlIorYyHSdLeAOp4OKK_ZQ
acme # [ 49.147469] pebble[681]: Pebble 2024/11/28 20:53:31 Attempting to validate w/ HTTP: http://c.example.test:80/.well-known/acme-challenge/7QPxKHQQPp4BPo-KIY6xFDlIorYyHSdLeAOp4OKK_ZQ
acme # [ 49.153565] pebble[681]: Pebble 2024/11/28 20:53:31 authz MuXET695pPk9uFnHLEADFGAqowmRgLouavI8uqcpmkA set VALID by completed challenge 6SLPnS3QiXCHQ_ExR7_xnuKnFJ7rPUyrac8R2cVH5t8
acme # [ 49.370347] pebble[681]: Pebble 2024/11/28 20:53:31 POST /order-plz -> calling handler()
acme # [ 49.371570] pebble[681]: Pebble 2024/11/28 20:53:31 There are now 6 authorizations in the db
acme # [ 49.372775] pebble[681]: Pebble 2024/11/28 20:53:31 Added order "1NjpeVNE-i9U0qOEQ6M3-HYrRKxm9LFTnT_NfXEjqyI" to the db
acme # [ 49.374239] pebble[681]: Pebble 2024/11/28 20:53:31 There are now 7 orders in the db
acme # [ 49.427476] pebble[681]: Pebble 2024/11/28 20:53:32 POST /authZ/ -> calling handler()
webserver # [ 49.060185] acme-b.example.test-start[1827]: 2024/11/28 20:53:31 [INFO] [b.example.test] AuthURL: https://acme.test/authZ/Ts1XQgWyH3nrfLoQY4wt-yD7wqG9vaPIpprnZOjJJcI
acme # [ 49.429034] pebble[681]: Pebble 2024/11/28 20:53:32 POST /chalZ/ -> calling handler()
webserver # [ 49.062192] acme-b.example.test-start[1827]: 2024/11/28 20:53:31 [INFO] [b.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 49.063936] acme-b.example.test-start[1827]: 2024/11/28 20:53:31 [INFO] [b.example.test] acme: use http-01 solver
webserver # [ 49.065564] acme-b.example.test-start[1827]: 2024/11/28 20:53:31 [INFO] [b.example.test] acme: Trying to solve HTTP-01
acme # [ 49.430986] pebble[681]: Pebble 2024/11/28 20:53:32 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"b.example.test"}, Challenge:(*core.Challenge)(0xc0000dbc20), Account:(*core.Account)(0xc000129020), AccountURL:"https://acme.test/my-account/732aad53f2e0a1f4", Wildcard:false}
acme # [ 49.435313] pebble[681]: Pebble 2024/11/28 20:53:32 Starting 3 validations.
acme # [ 49.436746] pebble[681]: Pebble 2024/11/28 20:53:32 Attempting to validate w/ HTTP: http://b.example.test:80/.well-known/acme-challenge/hIEr4yQQp66xbydYL12TObgsqMYq5BYI8Dmlu6zxqjY
acme # [ 49.439762] pebble[681]: Pebble 2024/11/28 20:53:32 POST /authZ/ -> calling handler()
acme # [ 49.441065] pebble[681]: Pebble 2024/11/28 20:53:32 Attempting to validate w/ HTTP: http://b.example.test:80/.well-known/acme-challenge/hIEr4yQQp66xbydYL12TObgsqMYq5BYI8Dmlu6zxqjY
acme # [ 49.443949] pebble[681]: Pebble 2024/11/28 20:53:32 Attempting to validate w/ HTTP: http://b.example.test:80/.well-known/acme-challenge/hIEr4yQQp66xbydYL12TObgsqMYq5BYI8Dmlu6zxqjY
acme # [ 49.450826] pebble[681]: Pebble 2024/11/28 20:53:32 authz Ts1XQgWyH3nrfLoQY4wt-yD7wqG9vaPIpprnZOjJJcI set VALID by completed challenge aOqYJkHhLimjvV4UK0QPwPVYcVumt89cpUbiaH2yp-g
acme # [ 53.420286] pebble[681]: Pebble 2024/11/28 20:53:36 POST /authZ/ -> calling handler()
webserver # [ 53.052896] acme-c.example.test-start[1828]: 2024/11/28 20:53:35 [INFO] [c.example.test] The server validated our request
acme # [ 53.422532] pebble[681]: Pebble 2024/11/28 20:53:36 POST /finalize-order/ -> calling handler()
webserver # [ 53.054519] acme-c.example.test-start[1828]: 2024/11/28 20:53:35 [INFO] [c.example.test] acme: Validations succeeded; requesting certificates
acme # [ 53.424663] pebble[681]: Pebble 2024/11/28 20:53:36 Order SXvFAYkMUnaUNkTuDyPWmINDlRF-98R96CS3xiEje4Y is fully authorized. Processing finalization
webserver # [ 53.059126] acme-c.example.test-start[1828]: 2024/11/28 20:53:35 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 53.429593] pebble[681]: Pebble 2024/11/28 20:53:36 Issued certificate serial 5cac8b33510126e5 for order SXvFAYkMUnaUNkTuDyPWmINDlRF-98R96CS3xiEje4Y
acme # [ 53.431490] pebble[681]: Pebble 2024/11/28 20:53:36 POST /my-order/ -> calling handler()
acme # [ 53.432902] pebble[681]: Pebble 2024/11/28 20:53:36 POST /certZ/ -> calling handler()
webserver # [ 53.066923] acme-c.example.test-start[1828]: 2024/11/28 20:53:35 [INFO] [c.example.test] Server responded with a certificate.
webserver # [ 53.073230] acme-c.example.test-start[1818]: + mv domainhash.txt certificates/
webserver # [ 53.079244] acme-c.example.test-start[1818]: + chown acme:nginx certificates/c.example.test.crt certificates/c.example.test.issuer.crt certificates/c.example.test.json certificates/c.example.test.key certificates/domainhash.txt
webserver # [ 53.088696] acme-c.example.test-start[1818]: + cmp -s certificates/c.example.test.crt out/fullchain.pem
webserver # [ 53.092942] acme-c.example.test-start[1818]: + touch out/renewed
webserver # [ 53.098682] acme-c.example.test-start[1818]: + echo Installing new certificate
webserver # [ 53.099936] acme-c.example.test-start[1818]: Installing new certificate
webserver # [ 53.101322] acme-c.example.test-start[1818]: + cp -vp certificates/c.example.test.crt out/fullchain.pem
webserver # [ 53.106540] acme-c.example.test-start[1841]: 'certificates/c.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 53.108553] acme-c.example.test-start[1818]: + cp -vp certificates/c.example.test.key out/key.pem
webserver # [ 53.113697] acme-c.example.test-start[1842]: 'certificates/c.example.test.key' -> 'out/key.pem'
webserver # [ 53.116060] acme-c.example.test-start[1818]: + cp -vp certificates/c.example.test.issuer.crt out/chain.pem
webserver # [ 53.121226] acme-c.example.test-start[1843]: 'certificates/c.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 53.123440] acme-c.example.test-start[1818]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 53.129374] acme-c.example.test-start[1818]: + cat out/key.pem out/fullchain.pem
webserver # [ 53.135189] acme-c.example.test-start[1818]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 53.141748] acme-c.example.test-start[1818]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 53.142910] acme-c.example.test-start[1818]: Releasing lock /run/acme/3.lock
webserver # [ 53.185663] systemd[1]: acme-c.example.test.service: Deactivated successfully.
webserver # [ 53.187603] systemd[1]: Finished Renew ACME certificate for c.example.test.
webserver # [ 53.189443] systemd[1]: acme-c.example.test.service: Consumed 166ms CPU time, 20M memory peak, 11.3K incoming IP traffic, 7K outgoing IP traffic.
acme # [ 55.910318] pebble[681]: Pebble 2024/11/28 20:53:38 POST /authZ/ -> calling handler()
acme # [ 55.913541] pebble[681]: Pebble 2024/11/28 20:53:38 POST /finalize-order/ -> calling handler()
webserver # [ 55.545365] acme-b.example.test-start[1827]: 2024/11/28 20:53:38 [INFO] [b.example.test] The server validated our request
acme # [ 55.915112] pebble[681]: Pebble 2024/11/28 20:53:38 Order 1NjpeVNE-i9U0qOEQ6M3-HYrRKxm9LFTnT_NfXEjqyI is fully authorized. Processing finalization
webserver # [ 55.547043] acme-b.example.test-start[1827]: 2024/11/28 20:53:38 [INFO] [b.example.test] acme: Validations succeeded; requesting certificates
webserver # [ 55.549287] acme-b.example.test-start[1827]: 2024/11/28 20:53:38 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 55.918929] pebble[681]: Pebble 2024/11/28 20:53:38 Issued certificate serial 166f3c6595ade2c3 for order 1NjpeVNE-i9U0qOEQ6M3-HYrRKxm9LFTnT_NfXEjqyI
acme # [ 55.921324] pebble[681]: Pebble 2024/11/28 20:53:38 POST /my-order/ -> calling handler()
acme # [ 55.923638] pebble[681]: Pebble 2024/11/28 20:53:38 POST /certZ/ -> calling handler()
webserver # [ 55.555909] acme-b.example.test-start[1827]: 2024/11/28 20:53:38 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/certZ/166f3c6595ade2c3 :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: ODGzXMJ1KtkoOlSFtcl17A
acme # [ 56.037549] pebble[681]: Pebble 2024/11/28 20:53:38 POST /certZ/ -> calling handler()
webserver # [ 55.671813] acme-b.example.test-start[1827]: 2024/11/28 20:53:38 [INFO] [b.example.test] Server responded with a certificate.
webserver # [ 55.678188] acme-b.example.test-start[1817]: + mv domainhash.txt certificates/
webserver # [ 55.684410] acme-b.example.test-start[1817]: + chown acme:nginx certificates/b.example.test.crt certificates/b.example.test.issuer.crt certificates/b.example.test.json certificates/b.example.test.key certificates/domainhash.txt
webserver # [ 55.693971] acme-b.example.test-start[1817]: + cmp -s certificates/b.example.test.crt out/fullchain.pem
webserver # [ 55.698233] acme-b.example.test-start[1817]: + touch out/renewed
webserver # [ 55.703773] acme-b.example.test-start[1817]: + echo Installing new certificate
webserver # [ 55.704860] acme-b.example.test-start[1817]: Installing new certificate
webserver # [ 55.705973] acme-b.example.test-start[1817]: + cp -vp certificates/b.example.test.crt out/fullchain.pem
webserver # [ 55.711572] acme-b.example.test-start[1857]: 'certificates/b.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 55.713630] acme-b.example.test-start[1817]: + cp -vp certificates/b.example.test.key out/key.pem
webserver # [ 55.718749] acme-b.example.test-start[1858]: 'certificates/b.example.test.key' -> 'out/key.pem'
webserver # [ 55.720832] acme-b.example.test-start[1817]: + cp -vp certificates/b.example.test.issuer.crt out/chain.pem
webserver # [ 55.726091] acme-b.example.test-start[1859]: 'certificates/b.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 55.728062] acme-b.example.test-start[1817]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 55.733831] acme-b.example.test-start[1817]: + cat out/key.pem out/fullchain.pem
webserver # [ 55.739956] acme-b.example.test-start[1817]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 55.746691] acme-b.example.test-start[1817]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 55.747835] acme-b.example.test-start[1817]: Releasing lock /run/acme/2.lock
webserver # [ 55.790723] systemd[1]: acme-b.example.test.service: Deactivated successfully.
webserver # [ 55.796102] systemd[1]: Finished Renew ACME certificate for b.example.test.
webserver # [ 55.798502] systemd[1]: acme-b.example.test.service: Consumed 167ms CPU time, 20M memory peak, 8K written to disk, 12.3K incoming IP traffic, 8.4K outgoing IP traffic.
webserver # [ 55.806174] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 55.866369] systemd[1]: Reloading Nginx Web Server...
webserver # [ 55.938234] nginx[1872]: nginx: the configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf syntax is ok
webserver # [ 55.940082] nginx[1872]: nginx: configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf test is successful
webserver # [ 55.993665] nginx[1790]: 2024/11/28 20:53:38 [notice] 1790#1790: signal 1 (SIGHUP) received from 1874, reconfiguring
webserver # [ 55.995507] nginx[1790]: 2024/11/28 20:53:38 [notice] 1790#1790: reconfiguring
webserver # [ 55.999827] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 56.006139] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 56.012965] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 56.014246] systemd[1]: Reached target acme-finished-a.example.test.target.
webserver # [ 56.016929] systemd[1]: Reached target acme-finished-b.example.test.target.
webserver # [ 56.018187] systemd[1]: Reached target acme-finished-c.example.test.target.
webserver # [ 56.027443] nginx[1790]: 2024/11/28 20:53:38 [notice] 1790#1790: using the "epoll" event method
webserver # [ 56.029596] nginx[1790]: 2024/11/28 20:53:38 [notice] 1790#1790: start worker processes
webserver # [ 56.030758] nginx[1790]: 2024/11/28 20:53:38 [notice] 1790#1790: start worker process 1877
webserver # [ 56.131144] nginx[1796]: 2024/11/28 20:53:38 [notice] 1796#1796: gracefully shutting down
webserver # [ 56.132341] nginx[1796]: 2024/11/28 20:53:38 [notice] 1796#1796: exiting
webserver # [ 56.133343] nginx[1796]: 2024/11/28 20:53:38 [notice] 1796#1796: exit
webserver # [ 56.135614] nginx[1790]: 2024/11/28 20:53:38 [notice] 1790#1790: signal 17 (SIGCHLD) received from 1796
webserver # [ 56.137054] nginx[1790]: 2024/11/28 20:53:38 [notice] 1790#1790: worker process 1796 exited with code 0
webserver # [ 56.138697] nginx[1790]: 2024/11/28 20:53:38 [notice] 1790#1790: signal 29 (SIGIO) received
webserver # the following new units were started: acme-a.example.test.timer, acme-account-d590213ed52603e9128d.target, acme-b.example.test.timer, acme-c.example.test.timer, acme-finished-a.example.test.target, acme-finished-b.example.test.target, acme-finished-c.example.test.target, nginx.service
webserver # [ 56.276341] nixos[1598]: finished switching to system configuration /nix/store/cc8skkiwi71197296pcgbwqzjl94c90d-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/general/bin/switch-to-configuration test, in 15.11 seconds)
subtest: Can request certificate with HTTP-01 challenge
webserver # [ 56.324080] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 56.329151] systemd[1]: Generate self-signed certificate for a.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/a.example.test/key.pem).
webserver # [ 56.334215] systemd[1]: Starting Renew ACME certificate for a.example.test...
webserver # [ 56.395506] acme-a.example.test-start[1883]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 56.398651] acme-a.example.test-start[1883]: Acquired lock /run/acme/1.lock
webserver # [ 56.399767] acme-a.example.test-start[1883]: + set -euo pipefail
webserver # [ 56.401322] acme-a.example.test-start[1885]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 56.407445] acme-a.example.test-start[1885]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 56.415073] acme-a.example.test-start[1883]: + echo 9c8503f9419119933b04
webserver # [ 56.416135] acme-a.example.test-start[1883]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 56.420219] acme-a.example.test-start[1883]: + '[' -e certificates/a.example.test.key ']'
webserver # [ 56.421643] acme-a.example.test-start[1883]: + '[' -e certificates/a.example.test.crt ']'
webserver # [ 56.423380] acme-a.example.test-start[1888]: ++ find accounts -name [email protected]
webserver # [ 56.430665] acme-a.example.test-start[1883]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 56.432272] acme-a.example.test-start[1883]: + lego --accept-tos --path . -d a.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 56.885072] pebble[681]: Pebble 2024/11/28 20:53:39 GET /dir -> calling handler()
webserver # [ 56.517830] acme-a.example.test-start[1889]: 2024/11/28 20:53:39 [a.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 56.524912] acme-a.example.test-start[1883]: + mv domainhash.txt certificates/
webserver # [ 56.531350] acme-a.example.test-start[1883]: + chown acme:nginx certificates/a.example.test.crt certificates/a.example.test.issuer.crt certificates/a.example.test.json certificates/a.example.test.key certificates/domainhash.txt
webserver # [ 56.541201] acme-a.example.test-start[1883]: + cmp -s certificates/a.example.test.crt out/fullchain.pem
webserver # [ 56.545626] acme-a.example.test-start[1883]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 56.552193] acme-a.example.test-start[1883]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 56.553531] acme-a.example.test-start[1883]: Releasing lock /run/acme/1.lock
webserver # [ 56.590838] systemd[1]: acme-a.example.test.service: Deactivated successfully.
webserver # [ 56.596077] systemd[1]: Finished Renew ACME certificate for a.example.test.
webserver # [ 56.597334] systemd[1]: acme-a.example.test.service: Consumed 146ms CPU time, 19.6M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 56.606737] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 56.667215] systemd[1]: Reloading Nginx Web Server...
webserver # [ 56.739790] nginx[1906]: nginx: the configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf syntax is ok
webserver # [ 56.741659] nginx[1906]: nginx: configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf test is successful
webserver # [ 56.793893] nginx[1790]: 2024/11/28 20:53:39 [notice] 1790#1790: signal 1 (SIGHUP) received from 1908, reconfiguring
webserver # [ 56.795707] nginx[1790]: 2024/11/28 20:53:39 [notice] 1790#1790: reconfiguring
webserver # [ 56.799431] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 56.806507] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 56.810638] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-a.example.test.target
webserver # [ 56.837076] nginx[1790]: 2024/11/28 20:53:39 [notice] 1790#1790: using the "epoll" event method
webserver # [ 56.838593] nginx[1790]: 2024/11/28 20:53:39 [notice] 1790#1790: start worker processes
webserver # [ 56.841057] nginx[1790]: 2024/11/28 20:53:39 [notice] 1790#1790: start worker process 1915
(finished: waiting for unit acme-finished-a.example.test.target, in 0.06 seconds)
webserver: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/a.example.test/fullchain.pem
(finished: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/a.example.test/fullchain.pem, in 0.02 seconds)
webserver: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/a.example.test/fullchain.pem | openssl x509 -noout -text
webserver # [ 56.943293] nginx[1877]: 2024/11/28 20:53:39 [notice] 1877#1877: gracefully shutting down
webserver # [ 56.944708] nginx[1877]: 2024/11/28 20:53:39 [notice] 1877#1877: exiting
webserver # [ 56.946167] nginx[1877]: 2024/11/28 20:53:39 [notice] 1877#1877: exit
webserver # [ 56.948197] nginx[1790]: 2024/11/28 20:53:39 [notice] 1790#1790: signal 17 (SIGCHLD) received from 1877
webserver # [ 56.949546] nginx[1790]: 2024/11/28 20:53:39 [notice] 1790#1790: worker process 1877 exited with code 0
webserver # [ 56.951167] nginx[1790]: 2024/11/28 20:53:39 [notice] 1790#1790: signal 29 (SIGIO) received
(finished: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/a.example.test/fullchain.pem | openssl x509 -noout -text, in 0.06 seconds)
First DNSName in fullchain.pem: dns:a.example.test
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/a.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/a.example.test/cert.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/a.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/a.example.test/fullchain.pem, in 0.04 seconds)
webserver: waiting for unit nginx.service
(finished: waiting for unit nginx.service, in 0.05 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null 2>&1
webserver # [ 57.151810] nginx[1915]: 2024/11/28 20:53:39 [info] 1915#1915: *10 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null 2>&1, in 0.07 seconds)
(finished: subtest: Can request certificate with HTTP-01 challenge, in 0.87 seconds)
subtest: Runs 1 cert for account creation before others
webserver # [ 57.193607] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 57.197142] systemd[1]: Generate self-signed certificate for b.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/b.example.test/key.pem).
webserver # [ 57.202411] systemd[1]: Starting Renew ACME certificate for b.example.test...
webserver # [ 57.263462] acme-b.example.test-start[1939]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 57.266765] acme-b.example.test-start[1939]: Acquired lock /run/acme/2.lock
webserver # [ 57.267987] acme-b.example.test-start[1939]: + set -euo pipefail
webserver # [ 57.269619] acme-b.example.test-start[1941]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 57.276088] acme-b.example.test-start[1941]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 57.283821] acme-b.example.test-start[1939]: + echo 0fe0254e2c124c865860
webserver # [ 57.284838] acme-b.example.test-start[1939]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 57.289118] acme-b.example.test-start[1939]: + '[' -e certificates/b.example.test.key ']'
webserver # [ 57.290292] acme-b.example.test-start[1939]: + '[' -e certificates/b.example.test.crt ']'
webserver # [ 57.291965] acme-b.example.test-start[1944]: ++ find accounts -name [email protected]
webserver # [ 57.299422] acme-b.example.test-start[1939]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 57.301027] acme-b.example.test-start[1939]: + lego --accept-tos --path . -d b.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 57.751615] pebble[681]: Pebble 2024/11/28 20:53:40 GET /dir -> calling handler()
webserver # [ 57.385106] acme-b.example.test-start[1945]: 2024/11/28 20:53:40 [b.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 57.390786] acme-b.example.test-start[1939]: + mv domainhash.txt certificates/
webserver # [ 57.397353] acme-b.example.test-start[1939]: + chown acme:nginx certificates/b.example.test.crt certificates/b.example.test.issuer.crt certificates/b.example.test.json certificates/b.example.test.key certificates/domainhash.txt
webserver # [ 57.406790] acme-b.example.test-start[1939]: + cmp -s certificates/b.example.test.crt out/fullchain.pem
webserver # [ 57.411303] acme-b.example.test-start[1939]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 57.417855] acme-b.example.test-start[1939]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 57.418979] acme-b.example.test-start[1939]: Releasing lock /run/acme/2.lock
webserver # [ 57.457296] systemd[1]: acme-b.example.test.service: Deactivated successfully.
webserver # [ 57.459098] systemd[1]: Finished Renew ACME certificate for b.example.test.
webserver # [ 57.461163] systemd[1]: acme-b.example.test.service: Consumed 144ms CPU time, 19.4M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 57.469970] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 57.531196] systemd[1]: Reloading Nginx Web Server...
webserver # [ 57.603677] nginx[1962]: nginx: the configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf syntax is ok
webserver # [ 57.605488] nginx[1962]: nginx: configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf test is successful
webserver # [ 57.658668] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: signal 1 (SIGHUP) received from 1964, reconfiguring
webserver # [ 57.660539] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: reconfiguring
webserver # [ 57.663292] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 57.670699] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 57.674768] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-b.example.test.target
webserver # [ 57.700598] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: using the "epoll" event method
webserver # [ 57.702227] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: start worker processes
webserver # [ 57.703802] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: start worker process 1971
(finished: waiting for unit acme-finished-b.example.test.target, in 0.06 seconds)
webserver # [ 57.775139] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 57.777434] systemd[1]: Generate self-signed certificate for c.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/c.example.test/key.pem).
webserver # [ 57.784207] systemd[1]: Starting Renew ACME certificate for c.example.test...
webserver # [ 57.803917] nginx[1915]: 2024/11/28 20:53:40 [notice] 1915#1915: gracefully shutting down
webserver # [ 57.805461] nginx[1915]: 2024/11/28 20:53:40 [notice] 1915#1915: exiting
webserver # [ 57.806606] nginx[1915]: 2024/11/28 20:53:40 [notice] 1915#1915: exit
webserver # [ 57.813227] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: signal 17 (SIGCHLD) received from 1915
webserver # [ 57.814585] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: worker process 1915 exited with code 0
webserver # [ 57.815922] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: signal 29 (SIGIO) received
webserver # [ 57.852149] acme-c.example.test-start[1977]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 57.855153] acme-c.example.test-start[1977]: Acquired lock /run/acme/3.lock
webserver # [ 57.856272] acme-c.example.test-start[1977]: + set -euo pipefail
webserver # [ 57.857776] acme-c.example.test-start[1979]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 57.863759] acme-c.example.test-start[1979]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 57.871590] acme-c.example.test-start[1977]: + echo ced4ccfc78dd04ff3014
webserver # [ 57.872851] acme-c.example.test-start[1977]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 57.877246] acme-c.example.test-start[1977]: + '[' -e certificates/c.example.test.key ']'
webserver # [ 57.878462] acme-c.example.test-start[1977]: + '[' -e certificates/c.example.test.crt ']'
webserver # [ 57.880232] acme-c.example.test-start[1982]: ++ find accounts -name [email protected]
webserver # [ 57.887655] acme-c.example.test-start[1977]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 57.889284] acme-c.example.test-start[1977]: + lego --accept-tos --path . -d c.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 58.343382] pebble[681]: Pebble 2024/11/28 20:53:40 GET /dir -> calling handler()
webserver # [ 57.977582] acme-c.example.test-start[1983]: 2024/11/28 20:53:40 [c.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 57.984522] acme-c.example.test-start[1977]: + mv domainhash.txt certificates/
webserver # [ 57.990900] acme-c.example.test-start[1977]: + chown acme:nginx certificates/c.example.test.crt certificates/c.example.test.issuer.crt certificates/c.example.test.json certificates/c.example.test.key certificates/domainhash.txt
webserver # [ 58.000257] acme-c.example.test-start[1977]: + cmp -s certificates/c.example.test.crt out/fullchain.pem
webserver # [ 58.004614] acme-c.example.test-start[1977]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 58.010930] acme-c.example.test-start[1977]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 58.012351] acme-c.example.test-start[1977]: Releasing lock /run/acme/3.lock
webserver # [ 58.051563] systemd[1]: acme-c.example.test.service: Deactivated successfully.
webserver # [ 58.054594] systemd[1]: Finished Renew ACME certificate for c.example.test.
webserver # [ 58.056333] systemd[1]: acme-c.example.test.service: Consumed 148ms CPU time, 19.9M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 58.065093] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 58.121026] systemd[1]: Reloading Nginx Web Server...
webserver # [ 58.192072] nginx[2000]: nginx: the configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf syntax is ok
webserver # [ 58.195066] nginx[2000]: nginx: configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf test is successful
webserver # [ 58.246622] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: signal 1 (SIGHUP) received from 2002, reconfiguring
webserver # [ 58.248166] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: reconfiguring
webserver # [ 58.251173] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 58.258538] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 58.265662] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-c.example.test.target
webserver # [ 58.289582] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: using the "epoll" event method
webserver # [ 58.291210] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: start worker processes
webserver # [ 58.293271] nginx[1790]: 2024/11/28 20:53:40 [notice] 1790#1790: start worker process 2009
(finished: waiting for unit acme-finished-c.example.test.target, in 0.06 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername b.example.test -connect b.example.test:443 < /dev/null 2>&1
webserver # [ 58.356125] nginx[2009]: 2024/11/28 20:53:40 [info] 2009#2009: *11 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername b.example.test -connect b.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername c.example.test -connect c.example.test:443 < /dev/null 2>&1
webserver # [ 58.388304] nginx[2009]: 2024/11/28 20:53:41 [info] 2009#2009: *12 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername c.example.test -connect c.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
(finished: subtest: Runs 1 cert for account creation before others, in 1.23 seconds)
subtest: Certificates and accounts have safe + valid permissions
webserver: must succeed: test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test/*.pem | tee /dev/stderr | grep '640 acme nginx' | wc -l) -eq 5
webserver # [ 58.394299] nginx[1971]: 2024/11/28 20:53:41 [notice] 1971#1971: gracefully shutting down
webserver # [ 58.395487] nginx[1971]: 2024/11/28 20:53:41 [notice] 1971#1971: exiting
webserver # [ 58.396544] nginx[1971]: 2024/11/28 20:53:41 [notice] 1971#1971: exit
webserver # [ 58.403508] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: signal 17 (SIGCHLD) received from 1971
webserver # [ 58.405397] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: worker process 1971 exited with code 0
webserver # [ 58.406957] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: signal 29 (SIGIO) received
webserver # 640 acme nginx
webserver # 640 acme nginx
webserver # 640 acme nginx
webserver # 640 acme nginx
webserver # 640 acme nginx
(finished: must succeed: test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test/*.pem | tee /dev/stderr | grep '640 acme nginx' | wc -l) -eq 5, in 0.05 seconds)
webserver: must succeed: test $(stat -L -c '%a %U %G' /var/lib/acme/.lego/a.example.test/**/a.example.test* | tee /dev/stderr | grep '600 acme nginx' | wc -l) -eq 4
webserver # 600 acme nginx
webserver # 600 acme nginx
webserver # 600 acme nginx
webserver # 600 acme nginx
(finished: must succeed: test $(stat -L -c '%a %U %G' /var/lib/acme/.lego/a.example.test/**/a.example.test* | tee /dev/stderr | grep '600 acme nginx' | wc -l) -eq 4, in 0.04 seconds)
webserver: must succeed: test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test | tee /dev/stderr | grep '750 acme nginx' | wc -l) -eq 1
webserver # 750 acme nginx
(finished: must succeed: test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test | tee /dev/stderr | grep '750 acme nginx' | wc -l) -eq 1, in 0.03 seconds)
webserver: must succeed: test $(find /var/lib/acme/accounts -type f -exec stat -L -c '%a %U %G' {} \; | tee /dev/stderr | grep -v '600 acme nginx' | wc -l) -eq 0
webserver # find: ‘/var/lib/acme/accounts’: No such file or directory
(finished: must succeed: test $(find /var/lib/acme/accounts -type f -exec stat -L -c '%a %U %G' {} \; | tee /dev/stderr | grep -v '600 acme nginx' | wc -l) -eq 0, in 0.03 seconds)
(finished: subtest: Certificates and accounts have safe + valid permissions, in 0.15 seconds)
subtest: Can generate valid selfsigned certs
webserver: must succeed: systemctl clean acme-a.example.test.service --what=state
webserver # [ 58.583059] systemd[1]: acme-a.example.test.service: Deactivated successfully.
(finished: must succeed: systemctl clean acme-a.example.test.service --what=state, in 0.05 seconds)
webserver: must succeed: systemctl start acme-selfsigned-a.example.test.service
webserver # [ 58.616331] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 58.623204] systemd[1]: Starting Generate self-signed certificate for a.example.test...
webserver # [ 58.679158] acme-selfsigned-a.example.test-start[2050]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 58.682452] acme-selfsigned-a.example.test-start[2050]: Acquired lock /run/acme/1.lock
webserver # [ 58.719760] acme-selfsigned-a.example.test-start[2050]: Releasing lock /run/acme/1.lock
webserver # [ 58.723072] systemd[1]: acme-selfsigned-a.example.test.service: Deactivated successfully.
webserver # [ 58.727080] systemd[1]: Finished Generate self-signed certificate for a.example.test.
(finished: must succeed: systemctl start acme-selfsigned-a.example.test.service, in 0.15 seconds)
webserver: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/a.example.test/fullchain.pem
(finished: must succeed: grep -o 'END CERTIFICATE' /var/lib/acme/a.example.test/fullchain.pem, in 0.02 seconds)
webserver: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/a.example.test/fullchain.pem | openssl x509 -noout -text
(finished: must succeed: grep -m1 -B50 'END CERTIFICATE' /var/lib/acme/a.example.test/fullchain.pem | openssl x509 -noout -text, in 0.05 seconds)
First DNSName in fullchain.pem: dns:a.example.test
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/a.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/a.example.test/cert.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/a.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/a.example.test/fullchain.pem, in 0.04 seconds)
webserver: must succeed: test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test/*.pem | tee /dev/stderr | grep '640 acme nginx' | wc -l) -eq 5
webserver # 640 acme nginx
webserver # 640 acme nginx
webserver # 640 acme nginx
webserver # 640 acme nginx
webserver # 640 acme nginx
(finished: must succeed: test $(stat -L -c '%a %U %G' /var/lib/acme/a.example.test/*.pem | tee /dev/stderr | grep '640 acme nginx' | wc -l) -eq 5, in 0.04 seconds)
webserver: must succeed: systemctl start nginx-config-reload.service
webserver # [ 58.960730] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 59.020076] systemd[1]: Reloading Nginx Web Server...
webserver # [ 59.091275] nginx[2093]: nginx: the configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf syntax is ok
webserver # [ 59.093087] nginx[2093]: nginx: configuration file /nix/store/2f7n2yk30slq8p0cjyfypvj1yzykkmjr-nginx.conf test is successful
webserver # [ 59.144728] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: signal 1 (SIGHUP) received from 2095, reconfiguring
webserver # [ 59.146580] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: reconfiguring
webserver # [ 59.150983] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 59.157753] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 59.160601] systemd[1]: Finished nginx-config-reload.service.
(finished: must succeed: systemctl start nginx-config-reload.service, in 0.24 seconds)
(finished: subtest: Can generate valid selfsigned certs, in 0.63 seconds)
subtest: Correctly implements OCSP stapling
webserver # [ 59.187132] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: using the "epoll" event method
webserver # [ 59.188487] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: start worker processes
webserver # [ 59.189617] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: start worker process 2102
webserver: must succeed: /tmp/specialisation/ocsp_stapling/bin/switch-to-configuration test
webserver # [ 59.292097] nginx[2009]: 2024/11/28 20:53:41 [notice] 2009#2009: gracefully shutting down
webserver # [ 59.293333] nginx[2009]: 2024/11/28 20:53:41 [notice] 2009#2009: exiting
webserver # [ 59.294289] nginx[2009]: 2024/11/28 20:53:41 [notice] 2009#2009: exit
webserver # [ 59.298808] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: signal 17 (SIGCHLD) received from 2009
webserver # [ 59.300496] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: worker process 2009 exited with code 0
webserver # [ 59.302147] nginx[1790]: 2024/11/28 20:53:41 [notice] 1790#1790: signal 29 (SIGIO) received
webserver # stopping the following units: acme-b.example.test.timer, acme-c.example.test.timer, acme-finished-b.example.test.target, acme-finished-c.example.test.target, acme-fixperms.service
webserver # [ 59.679801] nixos[2107]: switching to system configuration /nix/store/ywj6fff7jrfapn01d52fdqii1fm0mcsr-nixos-system-webserver-test
webserver # [ 59.683142] systemd[1]: acme-fixperms.service: Deactivated successfully.
webserver # [ 59.684163] systemd[1]: Stopped Fix owner and group of all ACME certificates.
webserver # [ 59.690343] systemd[1]: acme-c.example.test.timer: Deactivated successfully.
webserver # [ 59.691568] systemd[1]: Stopped Renew ACME Certificate for c.example.test.
webserver # [ 59.693753] systemd[1]: Stopped target Remote File Systems.
webserver # [ 59.695835] systemd[1]: acme-b.example.test.timer: Deactivated successfully.
webserver # [ 59.697134] systemd[1]: Stopped Renew ACME Certificate for b.example.test.
webserver # [ 59.699656] systemd[1]: Stopped target Local File Systems.
webserver # [ 59.701957] systemd[1]: Stopped target acme-finished-b.example.test.target.
webserver # [ 59.704668] systemd[1]: Stopped target acme-finished-c.example.test.target.
webserver # activating the configuration...
webserver # [ 60.106153] systemd[1]: Reload requested from client PID 2107 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 60.108095] systemd[1]: Reloading...
webserver # [ 60.346881] systemd-ssh-generator[2167]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 60.582439] systemd[1]: Reloading finished in 472 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 60.600154] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 60.601521] systemd[1]: Stopping Reactivate sysinit units...
webserver # [ 60.602496] systemd[1]: Reached target Reactivate sysinit units.
webserver # restarting the following units: acme-a.example.test.timer, nginx.service
webserver # [ 60.605826] systemd[1]: acme-a.example.test.timer: Deactivated successfully.
webserver # [ 60.607292] systemd[1]: Stopped Renew ACME Certificate for a.example.test.
webserver # [ 60.609278] systemd[1]: Stopping Renew ACME Certificate for a.example.test...
webserver # [ 60.610335] systemd[1]: Started Renew ACME Certificate for a.example.test.
webserver # [ 60.612830] nginx[1790]: 2024/11/28 20:53:43 [notice] 1790#1790: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 60.615514] nginx[2102]: 2024/11/28 20:53:43 [notice] 2102#2102: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 60.617708] nginx[2102]: 2024/11/28 20:53:43 [notice] 2102#2102: exiting
webserver # [ 60.618725] systemd[1]: Stopping Nginx Web Server...
webserver # [ 60.619528] nginx[2102]: 2024/11/28 20:53:43 [notice] 2102#2102: exit
webserver # [ 60.623061] nginx[1790]: 2024/11/28 20:53:43 [notice] 1790#1790: signal 17 (SIGCHLD) received from 2102
webserver # [ 60.624388] nginx[1790]: 2024/11/28 20:53:43 [notice] 1790#1790: worker process 2102 exited with code 0
webserver # [ 60.625681] nginx[1790]: 2024/11/28 20:53:43 [notice] 1790#1790: exit
webserver # [ 60.629789] systemd[1]: nginx.service: Deactivated successfully.
webserver # [ 60.632080] systemd[1]: Stopped Nginx Web Server.
webserver # [ 60.640246] systemd[1]: Starting Nginx Web Server...
webserver # [ 60.724095] nginx-pre-start[2176]: nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/var/lib/acme/a.example.test/fullchain.pem"
webserver # [ 60.726458] nginx-pre-start[2176]: nginx: the configuration file /nix/store/123wzd5hlzix4rfr098jxj4c8d2im674-nginx.conf syntax is ok
webserver # [ 60.728441] nginx-pre-start[2176]: nginx: configuration file /nix/store/123wzd5hlzix4rfr098jxj4c8d2im674-nginx.conf test is successful
webserver # [ 60.734650] systemd[1]: Started Nginx Web Server.
webserver # starting the following units: acme-fixperms.service
webserver # [ 60.749063] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 60.752211] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 60.766716] systemd[1]: Reached target Remote File Systems.
webserver # [ 60.767795] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 60.783632] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 60.794202] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 60.800075] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 60.801796] systemd[1]: Reached target Local File Systems.
webserver # [ 60.813139] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 60.820085] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 60.821040] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 60.822507] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 60.824962] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 60.827209] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 60.876463] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 60.881807] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 60.882966] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 60.905121] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 60.941697] nginx[2178]: nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/var/lib/acme/a.example.test/fullchain.pem"
webserver # [ 60.944098] nginx[2178]: 2024/11/28 20:53:43 [notice] 2178#2178: using the "epoll" event method
webserver # [ 60.945612] nginx[2178]: 2024/11/28 20:53:43 [notice] 2178#2178: nginx/1.26.2
webserver # [ 60.947478] nginx[2178]: 2024/11/28 20:53:43 [notice] 2178#2178: built by gcc 13.3.0 (GCC)
webserver # [ 60.948754] nginx[2178]: 2024/11/28 20:53:43 [notice] 2178#2178: OS: Linux 6.6.63
webserver # [ 60.949886] nginx[2178]: 2024/11/28 20:53:43 [notice] 2178#2178: getrlimit(RLIMIT_NOFILE): 1024:524288
webserver # [ 60.951405] nginx[2178]: 2024/11/28 20:53:43 [notice] 2178#2178: start worker processes
webserver # [ 60.952854] nginx[2178]: 2024/11/28 20:53:43 [notice] 2178#2178: start worker process 2197
webserver # [ 61.211630] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 61.215119] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 61.216704] systemd[1]: Generate self-signed certificate for a.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/a.example.test/key.pem).
webserver # [ 61.223322] systemd[1]: Starting Renew ACME certificate for a.example.test...
webserver # [ 61.279908] acme-a.example.test-start[2256]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 61.283082] acme-a.example.test-start[2256]: Acquired lock /run/acme/1.lock
webserver # [ 61.284204] acme-a.example.test-start[2256]: + set -euo pipefail
webserver # [ 61.285707] acme-a.example.test-start[2258]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 61.291780] acme-a.example.test-start[2258]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 61.299419] acme-a.example.test-start[2256]: + echo 9c8503f9419119933b04
webserver # [ 61.300769] acme-a.example.test-start[2256]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 61.304994] acme-a.example.test-start[2256]: + lego --accept-tos --path . -d a.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run --must-staple
webserver # [ 61.348855] acme-a.example.test-start[2261]: 2024/11/28 20:53:43 No key found for account [email protected]. Generating a P256 key.
webserver # [ 61.351227] acme-a.example.test-start[2261]: 2024/11/28 20:53:43 Saved key to accounts/acme.test/[email protected]/keys/[email protected]
acme # [ 61.756350] pebble[681]: Pebble 2024/11/28 20:53:44 GET /dir -> calling handler()
webserver # [ 61.388706] acme-a.example.test-start[2261]: 2024/11/28 20:53:44 [INFO] acme: Registering account for [email protected]
acme # [ 61.758726] pebble[681]: Pebble 2024/11/28 20:53:44 HEAD /nonce-plz -> calling handler()
acme # [ 61.760451] pebble[681]: Pebble 2024/11/28 20:53:44 POST /sign-me-up -> calling handler()
webserver # [ 61.395441] acme-a.example.test-start[2261]: !!!! HEADS UP !!!!
acme # [ 61.762715] pebble[681]: Pebble 2024/11/28 20:53:44 There are now 3 accounts in memory
webserver # [ 61.396339] acme-a.example.test-start[2261]: Your account credentials have been saved in your Let's Encrypt
acme # [ 61.764924] pebble[681]: Pebble 2024/11/28 20:53:44 POST /order-plz -> calling handler()
webserver # [ 61.397917] acme-a.example.test-start[2261]: configuration directory at "accounts".
acme # [ 61.766306] pebble[681]: Pebble 2024/11/28 20:53:44 There are now 7 authorizations in the db
webserver # [ 61.399090] acme-a.example.test-start[2261]: You should make a secure backup of this folder now. This
acme # [ 61.767749] pebble[681]: Pebble 2024/11/28 20:53:44 Added order "EHasfm58lh3b5n_GqUAdHZ_9QmOMGThf6K-jv01hdxg" to the db
webserver # [ 61.400385] acme-a.example.test-start[2261]: configuration directory will also contain certificates and
acme # [ 61.769500] pebble[681]: Pebble 2024/11/28 20:53:44 There are now 8 orders in the db
webserver # [ 61.401674] acme-a.example.test-start[2261]: private keys obtained from Let's Encrypt so making regular
webserver # [ 61.402952] acme-a.example.test-start[2261]: backups of this folder is ideal.
webserver # [ 61.403983] acme-a.example.test-start[2261]: 2024/11/28 20:53:44 [INFO] [a.example.test] acme: Obtaining bundled SAN certificate
acme # [ 61.822801] pebble[681]: Pebble 2024/11/28 20:53:44 POST /authZ/ -> calling handler()
webserver # [ 61.455443] acme-a.example.test-start[2261]: 2024/11/28 20:53:44 [INFO] [a.example.test] AuthURL: https://acme.test/authZ/-LRjjhSJFIukOOfu4x18ymnO2ijWpAEpPCawVk6xVTg
acme # [ 61.824418] pebble[681]: Pebble 2024/11/28 20:53:44 POST /chalZ/ -> calling handler()
webserver # [ 61.457371] acme-a.example.test-start[2261]: 2024/11/28 20:53:44 [INFO] [a.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 61.459053] acme-a.example.test-start[2261]: 2024/11/28 20:53:44 [INFO] [a.example.test] acme: use http-01 solver
webserver # [ 61.460589] acme-a.example.test-start[2261]: 2024/11/28 20:53:44 [INFO] [a.example.test] acme: Trying to solve HTTP-01
webserver # [ 61.462288] acme-a.example.test-start[2261]: 2024/11/28 20:53:44 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/chalZ/L113f4OliJdadjj8IohA3njfjNlkVKvrVfDBb-tX0jg :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: 14bg8w7lRP_p-oX8aAju9g
acme # [ 62.122893] pebble[681]: Pebble 2024/11/28 20:53:44 POST /chalZ/ -> calling handler()
acme # [ 62.125108] pebble[681]: Pebble 2024/11/28 20:53:44 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"a.example.test"}, Challenge:(*core.Challenge)(0xc00009b180), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 62.130053] pebble[681]: Pebble 2024/11/28 20:53:44 Starting 3 validations.
acme # [ 62.131288] pebble[681]: Pebble 2024/11/28 20:53:44 Attempting to validate w/ HTTP: http://a.example.test:80/.well-known/acme-challenge/p2PJbu0nQ4RMVCIv6IylKPQi3ihKhEZK9vWOvG0BhA0
acme # [ 62.133854] pebble[681]: Pebble 2024/11/28 20:53:44 POST /authZ/ -> calling handler()
acme # [ 62.135773] pebble[681]: Pebble 2024/11/28 20:53:44 Attempting to validate w/ HTTP: http://a.example.test:80/.well-known/acme-challenge/p2PJbu0nQ4RMVCIv6IylKPQi3ihKhEZK9vWOvG0BhA0
acme # [ 62.138989] pebble[681]: Pebble 2024/11/28 20:53:44 Attempting to validate w/ HTTP: http://a.example.test:80/.well-known/acme-challenge/p2PJbu0nQ4RMVCIv6IylKPQi3ihKhEZK9vWOvG0BhA0
acme # [ 62.146262] pebble[681]: Pebble 2024/11/28 20:53:44 authz -LRjjhSJFIukOOfu4x18ymnO2ijWpAEpPCawVk6xVTg set VALID by completed challenge L113f4OliJdadjj8IohA3njfjNlkVKvrVfDBb-tX0jg
acme # [ 66.162698] pebble[681]: Pebble 2024/11/28 20:53:48 POST /authZ/ -> calling handler()
webserver # [ 65.795610] acme-a.example.test-start[2261]: 2024/11/28 20:53:48 [INFO] [a.example.test] The server validated our request
acme # [ 66.164306] pebble[681]: Pebble 2024/11/28 20:53:48 POST /finalize-order/ -> calling handler()
webserver # [ 65.797269] acme-a.example.test-start[2261]: 2024/11/28 20:53:48 [INFO] [a.example.test] acme: Validations succeeded; requesting certificates
acme # [ 66.166152] pebble[681]: Pebble 2024/11/28 20:53:48 Order EHasfm58lh3b5n_GqUAdHZ_9QmOMGThf6K-jv01hdxg is fully authorized. Processing finalization
webserver # [ 65.800473] acme-a.example.test-start[2261]: 2024/11/28 20:53:48 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 66.170611] pebble[681]: Pebble 2024/11/28 20:53:48 Issued certificate serial 516bed3c31692c1c for order EHasfm58lh3b5n_GqUAdHZ_9QmOMGThf6K-jv01hdxg
acme # [ 66.172833] pebble[681]: Pebble 2024/11/28 20:53:48 POST /my-order/ -> calling handler()
acme # [ 66.174218] pebble[681]: Pebble 2024/11/28 20:53:48 POST /certZ/ -> calling handler()
webserver # [ 65.808206] acme-a.example.test-start[2261]: 2024/11/28 20:53:48 [INFO] [a.example.test] Server responded with a certificate.
webserver # [ 65.815185] acme-a.example.test-start[2256]: + mv domainhash.txt certificates/
webserver # [ 65.820890] acme-a.example.test-start[2256]: + chown acme:nginx certificates/a.example.test.crt certificates/a.example.test.issuer.crt certificates/a.example.test.json certificates/a.example.test.key certificates/domainhash.txt
webserver # [ 65.830283] acme-a.example.test-start[2256]: + cmp -s certificates/a.example.test.crt out/fullchain.pem
webserver # [ 65.834353] acme-a.example.test-start[2256]: + touch out/renewed
webserver # [ 65.839703] acme-a.example.test-start[2256]: + echo Installing new certificate
webserver # [ 65.840882] acme-a.example.test-start[2256]: Installing new certificate
webserver # [ 65.842130] acme-a.example.test-start[2256]: + cp -vp certificates/a.example.test.crt out/fullchain.pem
webserver # [ 65.847531] acme-a.example.test-start[2269]: 'certificates/a.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 65.849408] acme-a.example.test-start[2256]: + cp -vp certificates/a.example.test.key out/key.pem
webserver # [ 65.854577] acme-a.example.test-start[2270]: 'certificates/a.example.test.key' -> 'out/key.pem'
webserver # [ 65.856560] acme-a.example.test-start[2256]: + cp -vp certificates/a.example.test.issuer.crt out/chain.pem
webserver # [ 65.861497] acme-a.example.test-start[2271]: 'certificates/a.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 65.863578] acme-a.example.test-start[2256]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 65.869551] acme-a.example.test-start[2256]: + cat out/key.pem out/fullchain.pem
webserver # [ 65.875773] acme-a.example.test-start[2256]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 65.882624] acme-a.example.test-start[2256]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 65.884444] acme-a.example.test-start[2256]: Releasing lock /run/acme/1.lock
webserver # [ 65.926547] systemd[1]: acme-a.example.test.service: Deactivated successfully.
webserver # [ 65.928715] systemd[1]: Finished Renew ACME certificate for a.example.test.
webserver # [ 65.931183] systemd[1]: acme-a.example.test.service: Consumed 158ms CPU time, 20.8M memory peak, 12.6K incoming IP traffic, 8.5K outgoing IP traffic.
webserver # [ 65.939723] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 65.998645] systemd[1]: Reloading Nginx Web Server...
webserver # [ 66.069259] nginx[2284]: nginx: the configuration file /nix/store/123wzd5hlzix4rfr098jxj4c8d2im674-nginx.conf syntax is ok
webserver # [ 66.070984] nginx[2284]: nginx: configuration file /nix/store/123wzd5hlzix4rfr098jxj4c8d2im674-nginx.conf test is successful
webserver # [ 66.124330] nginx[2178]: 2024/11/28 20:53:48 [notice] 2178#2178: signal 1 (SIGHUP) received from 2286, reconfiguring
webserver # [ 66.126218] nginx[2178]: 2024/11/28 20:53:48 [notice] 2178#2178: reconfiguring
webserver # [ 66.130845] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 66.137655] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 66.140169] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 66.154035] nginx[2178]: 2024/11/28 20:53:48 [notice] 2178#2178: using the "epoll" event method
webserver # [ 66.155297] nginx[2178]: 2024/11/28 20:53:48 [notice] 2178#2178: start worker processes
webserver # [ 66.156443] nginx[2178]: 2024/11/28 20:53:48 [notice] 2178#2178: start worker process 2289
webserver # [ 66.255128] nginx[2197]: 2024/11/28 20:53:48 [notice] 2197#2197: gracefully shutting down
webserver # [ 66.256296] nginx[2197]: 2024/11/28 20:53:48 [notice] 2197#2197: exiting
webserver # [ 66.257251] nginx[2197]: 2024/11/28 20:53:48 [notice] 2197#2197: exit
webserver # [ 66.262463] nginx[2178]: 2024/11/28 20:53:48 [notice] 2178#2178: signal 17 (SIGCHLD) received from 2197
webserver # [ 66.263824] nginx[2178]: 2024/11/28 20:53:48 [notice] 2178#2178: worker process 2197 exited with code 0
webserver # [ 66.265281] nginx[2178]: 2024/11/28 20:53:48 [notice] 2178#2178: signal 29 (SIGIO) received
webserver # [ 66.396867] nixos[2107]: finished switching to system configuration /nix/store/ywj6fff7jrfapn01d52fdqii1fm0mcsr-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/ocsp_stapling/bin/switch-to-configuration test, in 7.18 seconds)
webserver # [ 66.439120] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 66.443454] systemd[1]: Generate self-signed certificate for a.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/a.example.test/key.pem).
webserver # [ 66.449778] systemd[1]: Starting Renew ACME certificate for a.example.test...
webserver # [ 66.508425] acme-a.example.test-start[2295]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 66.511534] acme-a.example.test-start[2295]: Acquired lock /run/acme/1.lock
webserver # [ 66.512635] acme-a.example.test-start[2295]: + set -euo pipefail
webserver # [ 66.514273] acme-a.example.test-start[2297]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 66.520096] acme-a.example.test-start[2297]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 66.527727] acme-a.example.test-start[2295]: + echo 9c8503f9419119933b04
webserver # [ 66.528765] acme-a.example.test-start[2295]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 66.532815] acme-a.example.test-start[2295]: + '[' -e certificates/a.example.test.key ']'
webserver # [ 66.534202] acme-a.example.test-start[2295]: + '[' -e certificates/a.example.test.crt ']'
webserver # [ 66.535953] acme-a.example.test-start[2300]: ++ find accounts -name [email protected]
webserver # [ 66.543265] acme-a.example.test-start[2295]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 66.544929] acme-a.example.test-start[2295]: + lego --accept-tos --path . -d a.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --must-staple --days 30
acme # [ 66.996157] pebble[681]: Pebble 2024/11/28 20:53:49 GET /dir -> calling handler()
webserver # [ 66.629804] acme-a.example.test-start[2301]: 2024/11/28 20:53:49 [a.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 66.636552] acme-a.example.test-start[2295]: + mv domainhash.txt certificates/
webserver # [ 66.642752] acme-a.example.test-start[2295]: + chown acme:nginx certificates/a.example.test.crt certificates/a.example.test.issuer.crt certificates/a.example.test.json certificates/a.example.test.key certificates/domainhash.txt
webserver # [ 66.652120] acme-a.example.test-start[2295]: + cmp -s certificates/a.example.test.crt out/fullchain.pem
webserver # [ 66.656455] acme-a.example.test-start[2295]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 66.663107] acme-a.example.test-start[2295]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 66.664246] acme-a.example.test-start[2295]: Releasing lock /run/acme/1.lock
webserver # [ 66.701799] systemd[1]: acme-a.example.test.service: Deactivated successfully.
webserver # [ 66.704586] systemd[1]: Finished Renew ACME certificate for a.example.test.
webserver # [ 66.706500] systemd[1]: acme-a.example.test.service: Consumed 145ms CPU time, 20.3M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 66.714871] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 66.770351] systemd[1]: Reloading Nginx Web Server...
webserver # [ 66.839387] nginx[2318]: nginx: the configuration file /nix/store/123wzd5hlzix4rfr098jxj4c8d2im674-nginx.conf syntax is ok
webserver # [ 66.841155] nginx[2318]: nginx: configuration file /nix/store/123wzd5hlzix4rfr098jxj4c8d2im674-nginx.conf test is successful
webserver # [ 66.893561] nginx[2178]: 2024/11/28 20:53:49 [notice] 2178#2178: signal 1 (SIGHUP) received from 2320, reconfiguring
webserver # [ 66.895797] nginx[2178]: 2024/11/28 20:53:49 [notice] 2178#2178: reconfiguring
webserver # [ 66.902114] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 66.910354] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 66.911658] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-a.example.test.target
webserver # [ 66.929846] nginx[2178]: 2024/11/28 20:53:49 [notice] 2178#2178: using the "epoll" event method
webserver # [ 66.931161] nginx[2178]: 2024/11/28 20:53:49 [notice] 2178#2178: start worker processes
webserver # [ 66.933506] nginx[2178]: 2024/11/28 20:53:49 [notice] 2178#2178: start worker process 2326
(finished: waiting for unit acme-finished-a.example.test.target, in 0.05 seconds)
client: must succeed: openssl s_client -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null | openssl x509 -noout -ocsp_uri
client # Connecting to 192.168.1.4
client # depth=2 CN=Pebble Root CA 4fdfd5
client # verify return:1
client # depth=1 CN=Pebble Intermediate CA 67c76d
client # verify return:1
client # depth=0
client # verify return:1
client # DONE
webserver # [ 67.008723] nginx[2326]: 2024/11/28 20:53:49 [info] 2326#2326: *4 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null | openssl x509 -noout -ocsp_uri, in 0.06 seconds)
OCSP Responder URL: http://acme.test:4002
(finished: subtest: Correctly implements OCSP stapling, in 7.86 seconds)
subtest: Can request certificate with HTTP-01 using lego's internal web server
webserver # [ 67.031457] nginx[2289]: 2024/11/28 20:53:49 [notice] 2289#2289: gracefully shutting down
webserver # [ 67.033161] nginx[2289]: 2024/11/28 20:53:49 [notice] 2289#2289: exiting
webserver # [ 67.034525] nginx[2289]: 2024/11/28 20:53:49 [notice] 2289#2289: exit
webserver # [ 67.036528] nginx[2178]: 2024/11/28 20:53:49 [notice] 2178#2178: signal 17 (SIGCHLD) received from 2289
webserver # [ 67.038442] nginx[2178]: 2024/11/28 20:53:49 [notice] 2178#2178: worker process 2289 exited with code 0
webserver # [ 67.039807] nginx[2178]: 2024/11/28 20:53:49 [notice] 2178#2178: signal 29 (SIGIO) received
webserver: must succeed: /tmp/specialisation/lego_server/bin/switch-to-configuration test
webserver # stopping the following units: [ 67.725451] nixos[2336]: switching to system configuration /nix/store/x1372dffgshnmfszszgz4vmzijw6rcrm-nixos-system-webserver-test
webserver # acme-a.example.test.timer, acme-finished-a.example.test.target, acme-fixperms.service, acme-lockfiles.service, systemd-tmpfiles-resetup.service
webserver # [ 67.730359] systemd[1]: Stopped target Remote File Systems.
webserver # [ 67.734106] systemd[1]: acme-lockfiles.service: Deactivated successfully.
webserver # [ 67.735148] systemd[1]: Stopped Manage lock files for acme services.
webserver # [ 67.741236] systemd[1]: acme-fixperms.service: Deactivated successfully.
webserver # [ 67.743366] systemd[1]: Stopped Fix owner and group of all ACME certificates.
webserver # [ 67.748075] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 67.749622] systemd[1]: systemd-tmpfiles-resetup.service: Deactivated successfully.
webserver # [ 67.752257] systemd[1]: Stopped Re-setup tmpfiles on a system that is already running..
webserver # [ 67.755227] systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dresetup.service.mount: Deactivated successfully.
webserver # [ 67.757934] systemd[1]: Stopped target acme-finished-a.example.test.target.
webserver # [ 67.760354] systemd[1]: Stopped target Local File Systems.
webserver # [ 67.762586] systemd[1]: acme-a.example.test.timer: Deactivated successfully.
webserver # activating the configuration...
webserver # [ 67.764707] systemd[1]: Stopped Renew ACME Certificate for a.example.test.
webserver # [ 68.312790] systemd[1]: Reload requested from client PID 2336 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 68.314918] systemd[1]: Reloading...
webserver # [ 68.603817] systemd-ssh-generator[2398]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 68.901201] systemd[1]: Reloading finished in 583 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 68.929205] systemd[1]: Starting Re-setup tmpfiles on a system that is already running....
webserver # [ 69.047657] systemd[1]: Finished Re-setup tmpfiles on a system that is already running..
webserver # [ 69.049220] systemd[1]: Reached target Reactivate sysinit units.
webserver # restarting the following units: nginx.service
webserver # [ 69.058223] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 69.062236] systemd[1]: Starting Manage lock files for acme services...
webserver # [ 69.063440] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 69.067548] systemd[1]: Stopping Nginx Web Server...
webserver # [ 69.069356] nginx[2178]: 2024/11/28 20:53:51 [notice] 2178#2178: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 69.071818] nginx[2326]: 2024/11/28 20:53:51 [notice] 2326#2326: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 69.073872] nginx[2326]: 2024/11/28 20:53:51 [notice] 2326#2326: exiting
webserver # [ 69.075932] nginx[2326]: 2024/11/28 20:53:51 [notice] 2326#2326: exit
webserver # [ 69.078189] nginx[2178]: 2024/11/28 20:53:51 [notice] 2178#2178: signal 17 (SIGCHLD) received from 2326
webserver # [ 69.080366] nginx[2178]: 2024/11/28 20:53:51 [notice] 2178#2178: worker process 2326 exited with code 0
webserver # [ 69.081812] nginx[2178]: 2024/11/28 20:53:51 [notice] 2178#2178: exit
webserver # [ 69.087898] systemd[1]: nginx.service: Deactivated successfully.
webserver # [ 69.093092] systemd[1]: Stopped Nginx Web Server.
webserver # [ 69.148955] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 69.181827] systemd[1]: Finished Manage lock files for acme services.
webserver # [ 69.187393] systemd[1]: Starting Generate self-signed certificate for lego.example.test...
webserver # [ 69.243900] acme-selfsigned-lego.example.test-start[2417]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 69.247334] acme-selfsigned-lego.example.test-start[2417]: Acquired lock /run/acme/1.lock
webserver # [ 69.286401] acme-selfsigned-lego.example.test-start[2417]: Releasing lock /run/acme/1.lock
webserver # [ 69.289631] systemd[1]: acme-selfsigned-lego.example.test.service: Deactivated successfully.
webserver # [ 69.293081] systemd[1]: Finished Generate self-signed certificate for lego.example.test.
webserver # [ 69.302080] systemd[1]: Starting Nginx Web Server...
webserver # [ 69.380611] nginx-pre-start[2432]: nginx: the configuration file /nix/store/76z58ka4zp0x7vcv43vpng5frrfp8lz0-nginx.conf syntax is ok
webserver # [ 69.382604] nginx-pre-start[2432]: nginx: configuration file /nix/store/76z58ka4zp0x7vcv43vpng5frrfp8lz0-nginx.conf test is successful
webserver # [ 69.389934] systemd[1]: Started Nginx Web Server.
webserver # starting the following units: acme-fixperms.service, acme-lockfiles.service, systemd-tmpfiles-resetup.service
webserver # [ 69.397360] systemd[1]: Starting Renew ACME certificate for lego.example.test...
webserver # [ 69.401829] systemd[1]: Started Renew ACME Certificate for lego.example.test.
webserver # [ 69.407936] systemd[1]: Reached target Remote File Systems.
webserver # [ 69.408869] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 69.411701] systemd[1]: Generate self-signed certificate for lego.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/lego.example.test/key.pem).
webserver # [ 69.430429] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 69.435836] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 69.436777] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 69.439481] systemd[1]: Reached target Local File Systems.
webserver # [ 69.442114] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 69.444655] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 69.449111] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 69.450684] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 69.479771] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 69.502734] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 69.520605] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 69.524647] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 69.525637] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 69.607745] acme-lego.example.test-start[2435]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 69.614135] acme-lego.example.test-start[2435]: Acquired lock /run/acme/1.lock
webserver # [ 69.615299] acme-lego.example.test-start[2435]: + set -euo pipefail
webserver # [ 69.616708] acme-lego.example.test-start[2435]: + echo c6418a03e1c517eb4b15
webserver # [ 69.619091] acme-lego.example.test-start[2435]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 69.623864] acme-lego.example.test-start[2435]: + lego --accept-tos --path . -d lego.example.test --email [email protected] --key-type ec256 --http --http.port :80 --server https://acme.test/dir run
webserver # [ 69.648234] nginx[2434]: 2024/11/28 20:53:52 [notice] 2434#2434: using the "epoll" event method
webserver # [ 69.650201] nginx[2434]: 2024/11/28 20:53:52 [notice] 2434#2434: nginx/1.26.2
webserver # [ 69.651581] nginx[2434]: 2024/11/28 20:53:52 [notice] 2434#2434: built by gcc 13.3.0 (GCC)
webserver # [ 69.653821] nginx[2434]: 2024/11/28 20:53:52 [notice] 2434#2434: OS: Linux 6.6.63
webserver # [ 69.655510] nginx[2434]: 2024/11/28 20:53:52 [notice] 2434#2434: getrlimit(RLIMIT_NOFILE): 1024:524288
webserver # [ 69.657228] nginx[2434]: 2024/11/28 20:53:52 [notice] 2434#2434: start worker processes
webserver # [ 69.659091] nginx[2434]: 2024/11/28 20:53:52 [notice] 2434#2434: start worker process 2459
acme # [ 70.135305] pebble[681]: Pebble 2024/11/28 20:53:52 GET /dir -> calling handler()
webserver # [ 69.768696] acme-lego.example.test-start[2453]: 2024/11/28 20:53:52 [INFO] [lego.example.test] acme: Obtaining bundled SAN certificate
acme # [ 70.139194] pebble[681]: Pebble 2024/11/28 20:53:52 HEAD /nonce-plz -> calling handler()
acme # [ 70.142480] pebble[681]: Pebble 2024/11/28 20:53:52 POST /order-plz -> calling handler()
acme # [ 70.143878] pebble[681]: Pebble 2024/11/28 20:53:52 There are now 8 authorizations in the db
acme # [ 70.145286] pebble[681]: Pebble 2024/11/28 20:53:52 Added order "2CpB8aWBtGguno0kGvQF-CoshzKdx347UOUuNH_uwsI" to the db
acme # [ 70.147120] pebble[681]: Pebble 2024/11/28 20:53:52 There are now 9 orders in the db
acme # [ 70.199616] pebble[681]: Pebble 2024/11/28 20:53:52 POST /authZ/ -> calling handler()
acme # [ 70.201373] pebble[681]: Pebble 2024/11/28 20:53:52 POST /chalZ/ -> calling handler()
webserver # [ 69.832836] acme-lego.example.test-start[2453]: 2024/11/28 20:53:52 [INFO] [lego.example.test] AuthURL: https://acme.test/authZ/OafkMVqd2f_wwhlz6UJOsigpW7_fiNoC12dnVyepago
webserver # [ 69.835541] acme-lego.example.test-start[2453]: 2024/11/28 20:53:52 [INFO] [lego.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 69.837639] acme-lego.example.test-start[2453]: 2024/11/28 20:53:52 [INFO] [lego.example.test] acme: use http-01 solver
acme # [ 70.203616] pebble[681]: Pebble 2024/11/28 20:53:52 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"lego.example.test"}, Challenge:(*core.Challenge)(0xc0000da640), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
webserver # [ 69.839570] acme-lego.example.test-start[2453]: 2024/11/28 20:53:52 [INFO] [lego.example.test] acme: Trying to solve HTTP-01
acme # [ 70.208293] pebble[681]: Pebble 2024/11/28 20:53:52 Starting 3 validations.
acme # [ 70.209819] pebble[681]: Pebble 2024/11/28 20:53:52 Attempting to validate w/ HTTP: http://lego.example.test:80/.well-known/acme-challenge/BikpfLbNIpOM7cl5v1bapKs2wv7I0Dv8TZS5_4X0R-U
acme # [ 70.212729] pebble[681]: Pebble 2024/11/28 20:53:52 POST /authZ/ -> calling handler()
acme # [ 70.215064] pebble[681]: Pebble 2024/11/28 20:53:52 Attempting to validate w/ HTTP: http://lego.example.test:80/.well-known/acme-challenge/BikpfLbNIpOM7cl5v1bapKs2wv7I0Dv8TZS5_4X0R-U
acme # [ 70.218637] pebble[681]: Pebble 2024/11/28 20:53:52 Attempting to validate w/ HTTP: http://lego.example.test:80/.well-known/acme-challenge/BikpfLbNIpOM7cl5v1bapKs2wv7I0Dv8TZS5_4X0R-U
webserver # [ 69.858155] acme-lego.example.test-start[2453]: 2024/11/28 20:53:52 [INFO] [lego.example.test] Served key authentication
webserver # [ 69.859910] acme-lego.example.test-start[2453]: 2024/11/28 20:53:52 [INFO] [lego.example.test] Served key authentication
webserver # [ 69.862499] acme-lego.example.test-start[2453]: 2024/11/28 20:53:52 [INFO] [lego.example.test] Served key authentication
acme # [ 70.230784] pebble[681]: Pebble 2024/11/28 20:53:52 authz OafkMVqd2f_wwhlz6UJOsigpW7_fiNoC12dnVyepago set VALID by completed challenge BqHLpD_FZYoYd6ONmY0c2dKkIhWkwA8cl8TmhpWVadw
webserver # [ 69.958731] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 69.962475] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 69.964063] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 69.966734] systemd[1]: Generate self-signed certificate for lego.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/lego.example.test/key.pem).
acme # [ 76.818364] pebble[681]: Pebble 2024/11/28 20:53:59 POST /authZ/ -> calling handler()
webserver # [ 76.451755] acme-lego.example.test-start[2453]: 2024/11/28 20:53:59 [INFO] [lego.example.test] The server validated our request
acme # [ 76.820284] pebble[681]: Pebble 2024/11/28 20:53:59 POST /finalize-order/ -> calling handler()
webserver # [ 76.454356] acme-lego.example.test-start[2453]: 2024/11/28 20:53:59 [INFO] [lego.example.test] acme: Validations succeeded; requesting certificates
acme # [ 76.823255] pebble[681]: Pebble 2024/11/28 20:53:59 Order 2CpB8aWBtGguno0kGvQF-CoshzKdx347UOUuNH_uwsI is fully authorized. Processing finalization
webserver # [ 76.458963] acme-lego.example.test-start[2453]: 2024/11/28 20:53:59 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 76.830037] pebble[681]: Pebble 2024/11/28 20:53:59 Issued certificate serial 61a37c11892ef408 for order 2CpB8aWBtGguno0kGvQF-CoshzKdx347UOUuNH_uwsI
acme # [ 76.832881] pebble[681]: Pebble 2024/11/28 20:53:59 POST /my-order/ -> calling handler()
acme # [ 76.835600] pebble[681]: Pebble 2024/11/28 20:53:59 POST /certZ/ -> calling handler()
webserver # [ 76.470262] acme-lego.example.test-start[2453]: 2024/11/28 20:53:59 [INFO] [lego.example.test] Server responded with a certificate.
webserver # [ 76.480384] acme-lego.example.test-start[2435]: + mv domainhash.txt certificates/
webserver # [ 76.488661] acme-lego.example.test-start[2435]: + chown root:nginx certificates/domainhash.txt certificates/lego.example.test.crt certificates/lego.example.test.issuer.crt certificates/lego.example.test.json certificates/lego.example.test.key
webserver # [ 76.502375] acme-lego.example.test-start[2435]: + cmp -s certificates/lego.example.test.crt out/fullchain.pem
webserver # [ 76.508258] acme-lego.example.test-start[2435]: + touch out/renewed
webserver # [ 76.515793] acme-lego.example.test-start[2435]: + echo Installing new certificate
webserver # [ 76.517118] acme-lego.example.test-start[2435]: Installing new certificate
webserver # [ 76.518251] acme-lego.example.test-start[2435]: + cp -vp certificates/lego.example.test.crt out/fullchain.pem
webserver # [ 76.526348] acme-lego.example.test-start[2518]: 'certificates/lego.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 76.528265] acme-lego.example.test-start[2435]: + cp -vp certificates/lego.example.test.key out/key.pem
webserver # [ 76.536295] acme-lego.example.test-start[2519]: 'certificates/lego.example.test.key' -> 'out/key.pem'
webserver # [ 76.539519] acme-lego.example.test-start[2435]: + cp -vp certificates/lego.example.test.issuer.crt out/chain.pem
webserver # [ 76.548048] acme-lego.example.test-start[2520]: 'certificates/lego.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 76.550887] acme-lego.example.test-start[2435]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 76.559282] acme-lego.example.test-start[2435]: + cat out/key.pem out/fullchain.pem
webserver # [ 76.567683] acme-lego.example.test-start[2435]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 76.577046] acme-lego.example.test-start[2435]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 76.578485] acme-lego.example.test-start[2435]: Releasing lock /run/acme/1.lock
webserver # [ 76.639686] systemd[1]: acme-lego.example.test.service: Deactivated successfully.
webserver # [ 76.645405] systemd[1]: Finished Renew ACME certificate for lego.example.test.
webserver # [ 76.646789] systemd[1]: acme-lego.example.test.service: Consumed 186ms CPU time, 20.9M memory peak, 4K written to disk, 12.9K incoming IP traffic, 8.3K outgoing IP traffic.
webserver # [ 76.657781] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 76.740348] systemd[1]: Reloading Nginx Web Server...
webserver # [ 76.819549] nginx[2533]: nginx: the configuration file /nix/store/76z58ka4zp0x7vcv43vpng5frrfp8lz0-nginx.conf syntax is ok
webserver # [ 76.822079] nginx[2533]: nginx: configuration file /nix/store/76z58ka4zp0x7vcv43vpng5frrfp8lz0-nginx.conf test is successful
webserver # [ 76.884225] nginx[2434]: 2024/11/28 20:53:59 [notice] 2434#2434: signal 1 (SIGHUP) received from 2535, reconfiguring
webserver # [ 76.887188] nginx[2434]: 2024/11/28 20:53:59 [notice] 2434#2434: reconfiguring
webserver # [ 76.892340] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 76.898561] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 76.903545] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 76.906357] systemd[1]: Reached target acme-finished-lego.example.test.target.
webserver # [ 76.917285] nginx[2434]: 2024/11/28 20:53:59 [notice] 2434#2434: using the "epoll" event method
webserver # [ 76.919257] nginx[2434]: 2024/11/28 20:53:59 [notice] 2434#2434: start worker processes
webserver # [ 76.920492] nginx[2434]: 2024/11/28 20:53:59 [notice] 2434#2434: start worker process 2538
webserver # [ 77.022733] nginx[2459]: 2024/11/28 20:53:59 [notice] 2459#2459: gracefully shutting down
webserver # [ 77.025078] nginx[2459]: 2024/11/28 20:53:59 [notice] 2459#2459: exiting
webserver # [ 77.026197] nginx[2459]: 2024/11/28 20:53:59 [notice] 2459#2459: exit
webserver # [ 77.033625] nginx[2434]: 2024/11/28 20:53:59 [notice] 2434#2434: signal 17 (SIGCHLD) received from 2459
webserver # [ 77.035275] nginx[2434]: 2024/11/28 20:53:59 [notice] 2434#2434: worker process 2459 exited with code 0
webserver # [ 77.036715] nginx[2434]: 2024/11/28 20:53:59 [notice] 2434#2434: signal 29 (SIGIO) received
webserver # the following new units were started: acme-finished-lego.example.test.target, acme-lego.example.test.timer
webserver # [ 77.164972] nixos[2336]: finished switching to system configuration /nix/store/x1372dffgshnmfszszgz4vmzijw6rcrm-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/lego_server/bin/switch-to-configuration test, in 10.10 seconds)
webserver # [ 77.221269] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 77.223446] systemd[1]: Generate self-signed certificate for lego.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/lego.example.test/key.pem).
webserver # [ 77.231516] systemd[1]: Starting Renew ACME certificate for lego.example.test...
webserver # [ 77.295578] acme-lego.example.test-start[2544]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 77.299072] acme-lego.example.test-start[2544]: Acquired lock /run/acme/1.lock
webserver # [ 77.300164] acme-lego.example.test-start[2544]: + set -euo pipefail
webserver # [ 77.301494] acme-lego.example.test-start[2544]: + echo c6418a03e1c517eb4b15
webserver # [ 77.302521] acme-lego.example.test-start[2544]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 77.307607] acme-lego.example.test-start[2544]: + '[' -e certificates/lego.example.test.key ']'
webserver # [ 77.308866] acme-lego.example.test-start[2544]: + '[' -e certificates/lego.example.test.crt ']'
webserver # [ 77.310726] acme-lego.example.test-start[2547]: ++ find accounts -name [email protected]
webserver # [ 77.319363] acme-lego.example.test-start[2544]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 77.321058] acme-lego.example.test-start[2544]: + lego --accept-tos --path . -d lego.example.test --email [email protected] --key-type ec256 --http --http.port :80 --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 77.781151] pebble[681]: Pebble 2024/11/28 20:54:00 GET /dir -> calling handler()
webserver # [ 77.413974] acme-lego.example.test-start[2548]: 2024/11/28 20:54:00 [lego.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 77.421532] acme-lego.example.test-start[2544]: + mv domainhash.txt certificates/
webserver # [ 77.430042] acme-lego.example.test-start[2544]: + chown root:nginx certificates/domainhash.txt certificates/lego.example.test.crt certificates/lego.example.test.issuer.crt certificates/lego.example.test.json certificates/lego.example.test.key
webserver # [ 77.441743] acme-lego.example.test-start[2544]: + cmp -s certificates/lego.example.test.crt out/fullchain.pem
webserver # [ 77.447250] acme-lego.example.test-start[2544]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 77.455395] acme-lego.example.test-start[2544]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 77.456686] acme-lego.example.test-start[2544]: Releasing lock /run/acme/1.lock
webserver # [ 77.501690] systemd[1]: acme-lego.example.test.service: Deactivated successfully.
webserver # [ 77.508095] systemd[1]: Finished Renew ACME certificate for lego.example.test.
webserver # [ 77.509564] systemd[1]: acme-lego.example.test.service: Consumed 151ms CPU time, 19.8M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 77.522618] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 77.596548] systemd[1]: Reloading Nginx Web Server...
webserver # [ 77.673655] nginx[2565]: nginx: the configuration file /nix/store/76z58ka4zp0x7vcv43vpng5frrfp8lz0-nginx.conf syntax is ok
webserver # [ 77.675524] nginx[2565]: nginx: configuration file /nix/store/76z58ka4zp0x7vcv43vpng5frrfp8lz0-nginx.conf test is successful
webserver # [ 77.736273] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: signal 1 (SIGHUP) received from 2567, reconfiguring
webserver # [ 77.738060] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: reconfiguring
webserver # [ 77.742947] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 77.751498] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 77.753230] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-lego.example.test.target
webserver # [ 77.774578] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: using the "epoll" event method
webserver # [ 77.777359] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: start worker processes
webserver # [ 77.779722] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: start worker process 2573
(finished: waiting for unit acme-finished-lego.example.test.target, in 0.06 seconds)
webserver: waiting for unit nginx.service
webserver # [ 77.882803] nginx[2538]: 2024/11/28 20:54:00 [notice] 2538#2538: gracefully shutting down
webserver # [ 77.885472] nginx[2538]: 2024/11/28 20:54:00 [notice] 2538#2538: exiting
webserver # [ 77.886554] nginx[2538]: 2024/11/28 20:54:00 [notice] 2538#2538: exit
webserver # [ 77.893884] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: signal 17 (SIGCHLD) received from 2538
(finished: waiting for unit nginx.service, in 0.07 seconds)
webserver # [ 77.896029] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: worker process 2538 exited with code 0
webserver: must succeed: echo HENLO && systemctl cat nginx.service
webserver # [ 77.897675] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: signal 29 (SIGIO) received
(finished: must succeed: echo HENLO && systemctl cat nginx.service, in 0.04 seconds)
webserver: must succeed: test "$(stat -c '%U' /var/lib/acme/* | uniq)" = "root"
(finished: must succeed: test "$(stat -c '%U' /var/lib/acme/* | uniq)" = "root", in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null 2>&1
webserver # [ 78.002472] nginx[2573]: 2024/11/28 20:54:00 [info] 2573#2573: *1 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername lego.example.test -connect lego.example.test:443 < /dev/null 2>&1
webserver # [ 78.041548] nginx[2573]: 2024/11/28 20:54:00 [info] 2573#2573: *2 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername lego.example.test -connect lego.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
(finished: subtest: Can request certificate with HTTP-01 using lego's internal web server, in 11.02 seconds)
subtest: Can request certificate with HTTP-01 when nginx startup is delayed
webserver # [ 78.086606] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 78.088306] systemd[1]: Stopping Nginx Web Server...
webserver # [ 78.090348] nginx[2573]: 2024/11/28 20:54:00 [notice] 2573#2573: exiting
webserver # [ 78.092244] nginx[2573]: 2024/11/28 20:54:00 [notice] 2573#2573: exit
webserver # [ 78.095111] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: signal 17 (SIGCHLD) received from 2573
webserver # [ 78.096551] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: worker process 2573 exited with code 0
webserver # [ 78.098291] nginx[2434]: 2024/11/28 20:54:00 [notice] 2434#2434: exit
webserver # [ 78.104375] systemd[1]: nginx.service: Deactivated successfully.
webserver # [ 78.110073] systemd[1]: Stopped Nginx Web Server.
webserver # [ 78.110925] systemd[1]: nginx.service: Consumed 322ms CPU time, 6.3M memory peak, 1.7K incoming IP traffic, 5.5K outgoing IP traffic.
webserver: must succeed: /tmp/specialisation/slow_startup/bin/switch-to-configuration test
webserver # [ 78.652620] nixos[2605]: switching to system configuration /nix/store/k34645ygzns5k8d34i1387cz702a3127-nixos-system-webserver-test
webserver # stopping the following units: acme-finished-lego.example.test.target, acme-fixperms.service, acme-lego.example.test.timer, acme-lockfiles.service, systemd-tmpfiles-resetup.service
webserver # [ 78.659298] systemd[1]: acme-fixperms.service: Deactivated successfully.
webserver # [ 78.660526] systemd[1]: Stopped Fix owner and group of all ACME certificates.
webserver # [ 78.666563] systemd[1]: acme-lego.example.test.timer: Deactivated successfully.
webserver # [ 78.669275] systemd[1]: Stopped Renew ACME Certificate for lego.example.test.
webserver # [ 78.670391] systemd[1]: acme-lockfiles.service: Deactivated successfully.
webserver # [ 78.671446] systemd[1]: Stopped Manage lock files for acme services.
webserver # [ 78.676936] systemd[1]: Stopped target acme-finished-lego.example.test.target.
webserver # [ 78.679348] systemd[1]: Stopped target Local File Systems.
webserver # [ 78.681495] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 78.683131] systemd[1]: systemd-tmpfiles-resetup.service: Deactivated successfully.
webserver # [ 78.684442] systemd[1]: Stopped Re-setup tmpfiles on a system that is already running..
webserver # [ 78.687209] systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dresetup.service.mount: Deactivated successfully.
webserver # [ 78.690817] systemd[1]: Stopped target Remote File Systems.
webserver # activating the configuration...
webserver # [ 79.125739] systemd[1]: Reload requested from client PID 2605 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 79.127630] systemd[1]: Reloading...
webserver # [ 79.360959] systemd-ssh-generator[2666]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 79.637954] systemd[1]: Reloading finished in 508 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 79.665124] systemd[1]: Starting Re-setup tmpfiles on a system that is already running....
webserver # [ 79.782128] systemd[1]: Finished Re-setup tmpfiles on a system that is already running..
webserver # [ 79.783870] systemd[1]: Reached target Reactivate sysinit units.
webserver # starting the following units: acme-fixperms.service, acme-lockfiles.service, systemd-tmpfiles-resetup.service
webserver # [ 79.792176] systemd[1]: Started Renew ACME Certificate for a.example.test.
webserver # [ 79.794299] systemd[1]: Started Renew ACME Certificate for slow.example.test.
webserver # [ 79.803323] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 79.808916] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 79.809887] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 79.811634] systemd[1]: Reached target Local File Systems.
webserver # [ 79.812675] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 79.814780] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 79.818228] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 79.821090] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 79.830722] systemd[1]: Reached target Remote File Systems.
webserver # [ 79.854679] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 79.864386] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 79.876965] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 79.880637] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 79.884112] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 80.221339] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 80.225120] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 80.232073] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 80.237494] systemd[1]: Starting Manage lock files for acme services...
webserver # [ 80.239430] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 80.243219] systemd[1]: Starting my-slow-service.service...
webserver # [ 80.353739] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 80.366534] systemd[1]: Finished Manage lock files for acme services.
webserver # [ 80.367686] systemd[1]: Generate self-signed certificate for a.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/a.example.test/key.pem).
webserver # [ 80.374369] systemd[1]: Starting Generate self-signed certificate for slow.example.test...
webserver # [ 80.432979] acme-selfsigned-slow.example.test-start[2759]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 80.436587] acme-selfsigned-slow.example.test-start[2759]: Acquired lock /run/acme/2.lock
webserver # [ 80.477296] acme-selfsigned-slow.example.test-start[2759]: Releasing lock /run/acme/2.lock
webserver # [ 80.480429] systemd[1]: acme-selfsigned-slow.example.test.service: Deactivated successfully.
webserver # [ 80.483602] systemd[1]: Finished Generate self-signed certificate for slow.example.test.
webserver # [ 85.301282] systemd[1]: Started my-slow-service.service.
webserver # [ 85.307677] systemd[1]: Starting Nginx Web Server...
webserver # [ 85.420132] nginx-pre-start[2777]: nginx: the configuration file /nix/store/q5n8p4dnyymyhq5h6s8iz530x4gpzx17-nginx.conf syntax is ok
webserver # [ 85.422778] nginx-pre-start[2777]: nginx: configuration file /nix/store/q5n8p4dnyymyhq5h6s8iz530x4gpzx17-nginx.conf test is successful
webserver # [ 85.432450] systemd[1]: Started Nginx Web Server.
webserver # [ 85.439983] systemd[1]: Starting Renew ACME certificate for a.example.test...
webserver # [ 85.571565] acme-a.example.test-start[2780]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 85.576542] acme-a.example.test-start[2780]: Acquired lock /run/acme/1.lock
webserver # [ 85.577836] acme-a.example.test-start[2780]: + set -euo pipefail
webserver # [ 85.581061] acme-a.example.test-start[2782]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 85.588481] acme-a.example.test-start[2782]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 85.601639] acme-a.example.test-start[2780]: + echo 9c8503f9419119933b04
webserver # [ 85.602921] acme-a.example.test-start[2780]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 85.608809] acme-a.example.test-start[2780]: + lego --accept-tos --path . -d a.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
webserver # [ 85.623233] nginx[2779]: 2024/11/28 20:54:08 [notice] 2779#2779: using the "epoll" event method
webserver # [ 85.625989] nginx[2779]: 2024/11/28 20:54:08 [notice] 2779#2779: nginx/1.26.2
webserver # [ 85.627584] nginx[2779]: 2024/11/28 20:54:08 [notice] 2779#2779: built by gcc 13.3.0 (GCC)
webserver # [ 85.629264] nginx[2779]: 2024/11/28 20:54:08 [notice] 2779#2779: OS: Linux 6.6.63
webserver # [ 85.631093] nginx[2779]: 2024/11/28 20:54:08 [notice] 2779#2779: getrlimit(RLIMIT_NOFILE): 1024:524288
webserver # [ 85.632422] nginx[2779]: 2024/11/28 20:54:08 [notice] 2779#2779: start worker processes
webserver # [ 85.634068] nginx[2779]: 2024/11/28 20:54:08 [notice] 2779#2779: start worker process 2786
acme # [ 86.131895] pebble[681]: Pebble 2024/11/28 20:54:08 GET /dir -> calling handler()
webserver # [ 85.765133] acme-a.example.test-start[2785]: 2024/11/28 20:54:08 [INFO] [a.example.test] acme: Obtaining bundled SAN certificate
acme # [ 86.135828] pebble[681]: Pebble 2024/11/28 20:54:08 HEAD /nonce-plz -> calling handler()
acme # [ 86.137960] pebble[681]: Pebble 2024/11/28 20:54:08 POST /order-plz -> calling handler()
acme # [ 86.140423] pebble[681]: Pebble 2024/11/28 20:54:08 Added order "uc84pY9o50K96fd9nbfhBbQ7vARcSTZ9-pkbzR8sFKU" to the db
acme # [ 86.142518] pebble[681]: Pebble 2024/11/28 20:54:08 There are now 10 orders in the db
acme # [ 86.198355] pebble[681]: Pebble 2024/11/28 20:54:08 POST /authZ/ -> calling handler()
webserver # [ 85.831393] acme-a.example.test-start[2785]: 2024/11/28 20:54:08 [INFO] [a.example.test] AuthURL: https://acme.test/authZ/-LRjjhSJFIukOOfu4x18ymnO2ijWpAEpPCawVk6xVTg
acme # [ 86.200294] pebble[681]: Pebble 2024/11/28 20:54:08 POST /finalize-order/ -> calling handler()
webserver # [ 85.833949] acme-a.example.test-start[2785]: 2024/11/28 20:54:08 [INFO] [a.example.test] acme: authorization already valid; skipping challenge
acme # [ 86.203168] pebble[681]: Pebble 2024/11/28 20:54:08 Order uc84pY9o50K96fd9nbfhBbQ7vARcSTZ9-pkbzR8sFKU is fully authorized. Processing finalization
webserver # [ 85.835799] acme-a.example.test-start[2785]: 2024/11/28 20:54:08 [INFO] [a.example.test] acme: Validations succeeded; requesting certificates
webserver # [ 85.839082] acme-a.example.test-start[2785]: 2024/11/28 20:54:08 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 86.210107] pebble[681]: Pebble 2024/11/28 20:54:08 Issued certificate serial 5dbe7136ffc13af2 for order uc84pY9o50K96fd9nbfhBbQ7vARcSTZ9-pkbzR8sFKU
acme # [ 86.212598] pebble[681]: Pebble 2024/11/28 20:54:08 POST /my-order/ -> calling handler()
webserver # [ 85.847398] acme-a.example.test-start[2785]: 2024/11/28 20:54:08 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/my-order/uc84pY9o50K96fd9nbfhBbQ7vARcSTZ9-pkbzR8sFKU :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: SHKQiuJIdYL0qyAp3f2VCg
acme # [ 86.414877] pebble[681]: Pebble 2024/11/28 20:54:09 POST /my-order/ -> calling handler()
acme # [ 86.416857] pebble[681]: Pebble 2024/11/28 20:54:09 POST /certZ/ -> calling handler()
webserver # [ 86.051569] acme-a.example.test-start[2785]: 2024/11/28 20:54:08 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/certZ/5dbe7136ffc13af2 :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: vB_PpW3HIeqseUT1cDl7zw
acme # [ 86.683627] pebble[681]: Pebble 2024/11/28 20:54:09 POST /certZ/ -> calling handler()
webserver # [ 86.315791] acme-a.example.test-start[2785]: 2024/11/28 20:54:08 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/certZ/5dbe7136ffc13af2 :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: Tc81H5jEf5LiMea2XAP0nQ
acme # [ 86.919058] pebble[681]: Pebble 2024/11/28 20:54:09 POST /certZ/ -> calling handler()
webserver # [ 86.554308] acme-a.example.test-start[2785]: 2024/11/28 20:54:09 [INFO] [a.example.test] Server responded with a certificate.
webserver # [ 86.560638] acme-a.example.test-start[2780]: + mv domainhash.txt certificates/
webserver # [ 86.567748] acme-a.example.test-start[2780]: + chown acme:nginx certificates/a.example.test.crt certificates/a.example.test.issuer.crt certificates/a.example.test.json certificates/a.example.test.key certificates/domainhash.txt
webserver # [ 86.578438] acme-a.example.test-start[2780]: + cmp -s certificates/a.example.test.crt out/fullchain.pem
webserver # [ 86.582907] acme-a.example.test-start[2780]: + touch out/renewed
webserver # [ 86.589481] acme-a.example.test-start[2780]: + echo Installing new certificate
webserver # [ 86.590688] acme-a.example.test-start[2780]: Installing new certificate
webserver # [ 86.591766] acme-a.example.test-start[2780]: + cp -vp certificates/a.example.test.crt out/fullchain.pem
webserver # [ 86.597741] acme-a.example.test-start[2795]: 'certificates/a.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 86.600355] acme-a.example.test-start[2780]: + cp -vp certificates/a.example.test.key out/key.pem
webserver # [ 86.605687] acme-a.example.test-start[2796]: 'certificates/a.example.test.key' -> 'out/key.pem'
webserver # [ 86.608197] acme-a.example.test-start[2780]: + cp -vp certificates/a.example.test.issuer.crt out/chain.pem
webserver # [ 86.613745] acme-a.example.test-start[2797]: 'certificates/a.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 86.615932] acme-a.example.test-start[2780]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 86.622576] acme-a.example.test-start[2780]: + cat out/key.pem out/fullchain.pem
webserver # [ 86.629493] acme-a.example.test-start[2780]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 86.636839] acme-a.example.test-start[2780]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 86.637970] acme-a.example.test-start[2780]: Releasing lock /run/acme/1.lock
webserver # [ 86.683986] systemd[1]: acme-a.example.test.service: Deactivated successfully.
webserver # [ 86.689079] systemd[1]: Finished Renew ACME certificate for a.example.test.
webserver # [ 86.690161] systemd[1]: acme-a.example.test.service: Consumed 184ms CPU time, 20.8M memory peak, 9.4K incoming IP traffic, 7K outgoing IP traffic.
webserver # [ 86.701625] systemd[1]: Starting Renew ACME certificate for slow.example.test...
webserver # [ 86.762216] acme-slow.example.test-start[2807]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 86.765923] acme-slow.example.test-start[2807]: Acquired lock /run/acme/2.lock
webserver # [ 86.767431] acme-slow.example.test-start[2807]: + set -euo pipefail
webserver # [ 86.768887] acme-slow.example.test-start[2809]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 86.776076] acme-slow.example.test-start[2809]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 86.785400] acme-slow.example.test-start[2807]: + echo 5e47a70b1338fcb3915d
webserver # [ 86.786510] acme-slow.example.test-start[2807]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 86.791232] acme-slow.example.test-start[2807]: + lego --accept-tos --path . -d slow.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
acme # [ 87.246559] pebble[681]: Pebble 2024/11/28 20:54:09 GET /dir -> calling handler()
webserver # [ 86.878803] acme-slow.example.test-start[2812]: 2024/11/28 20:54:09 [INFO] [slow.example.test] acme: Obtaining bundled SAN certificate
acme # [ 87.249082] pebble[681]: Pebble 2024/11/28 20:54:09 HEAD /nonce-plz -> calling handler()
acme # [ 87.251206] pebble[681]: Pebble 2024/11/28 20:54:09 POST /order-plz -> calling handler()
acme # [ 87.253619] pebble[681]: Pebble 2024/11/28 20:54:09 There are now 9 authorizations in the db
acme # [ 87.255461] pebble[681]: Pebble 2024/11/28 20:54:09 Added order "aCGClHcLpQclxHeGn8-kBowyyybmEaBcyInBJ-OqJHI" to the db
acme # [ 87.257593] pebble[681]: Pebble 2024/11/28 20:54:09 There are now 11 orders in the db
acme # [ 87.315113] pebble[681]: Pebble 2024/11/28 20:54:09 POST /authZ/ -> calling handler()
webserver # [ 86.947409] acme-slow.example.test-start[2812]: 2024/11/28 20:54:09 [INFO] [slow.example.test] AuthURL: https://acme.test/authZ/co0I6biOEfCn0L3--QlQk72-gsNGtz9XcYyMif25nEM
webserver # [ 86.949834] acme-slow.example.test-start[2812]: 2024/11/28 20:54:09 [INFO] [slow.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 86.951524] acme-slow.example.test-start[2812]: 2024/11/28 20:54:09 [INFO] [slow.example.test] acme: use http-01 solver
webserver # [ 86.953078] acme-slow.example.test-start[2812]: 2024/11/28 20:54:09 [INFO] [slow.example.test] acme: Trying to solve HTTP-01
acme # [ 87.323209] pebble[681]: Pebble 2024/11/28 20:54:09 POST /chalZ/ -> calling handler()
acme # [ 87.326135] pebble[681]: Pebble 2024/11/28 20:54:09 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"slow.example.test"}, Challenge:(*core.Challenge)(0xc0000db0e0), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 87.330897] pebble[681]: Pebble 2024/11/28 20:54:09 Starting 3 validations.
acme # [ 87.332597] pebble[681]: Pebble 2024/11/28 20:54:09 Attempting to validate w/ HTTP: http://slow.example.test:80/.well-known/acme-challenge/NegY_HPFQ9RMvgCc7MRdu0Sxvq39xYQMPAOztBgkcm8
acme # [ 87.336282] pebble[681]: Pebble 2024/11/28 20:54:09 POST /authZ/ -> calling handler()
acme # [ 87.338112] pebble[681]: Pebble 2024/11/28 20:54:09 Attempting to validate w/ HTTP: http://slow.example.test:80/.well-known/acme-challenge/NegY_HPFQ9RMvgCc7MRdu0Sxvq39xYQMPAOztBgkcm8
acme # [ 87.342473] pebble[681]: Pebble 2024/11/28 20:54:09 Attempting to validate w/ HTTP: http://slow.example.test:80/.well-known/acme-challenge/NegY_HPFQ9RMvgCc7MRdu0Sxvq39xYQMPAOztBgkcm8
acme # [ 87.349992] pebble[681]: Pebble 2024/11/28 20:54:09 authz co0I6biOEfCn0L3--QlQk72-gsNGtz9XcYyMif25nEM set VALID by completed challenge k0-ROSMrbC_Tswmuzin3UKQLXfRddEhMa_YxI_zyZrY
acme # [ 94.764540] pebble[681]: Pebble 2024/11/28 20:54:17 POST /authZ/ -> calling handler()
webserver # [ 94.397198] acme-slow.example.test-start[2812]: 2024/11/28 20:54:17 [INFO] [slow.example.test] The server validated our request
webserver # [ 94.398891] acme-slow.example.test-start[2812]: 2024/11/28 20:54:17 [INFO] [slow.example.test] acme: Validations succeeded; requesting certificates
acme # [ 94.766763] pebble[681]: Pebble 2024/11/28 20:54:17 POST /finalize-order/ -> calling handler()
webserver # [ 94.402707] acme-slow.example.test-start[2812]: 2024/11/28 20:54:17 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 94.770201] pebble[681]: Pebble 2024/11/28 20:54:17 Order aCGClHcLpQclxHeGn8-kBowyyybmEaBcyInBJ-OqJHI is fully authorized. Processing finalization
acme # [ 94.777313] pebble[681]: Pebble 2024/11/28 20:54:17 POST /my-order/ -> calling handler()
acme # [ 94.779631] pebble[681]: Pebble 2024/11/28 20:54:17 Issued certificate serial 29128232790823d1 for order aCGClHcLpQclxHeGn8-kBowyyybmEaBcyInBJ-OqJHI
acme # [ 95.281482] pebble[681]: Pebble 2024/11/28 20:54:17 POST /my-order/ -> calling handler()
acme # [ 95.283531] pebble[681]: Pebble 2024/11/28 20:54:17 POST /certZ/ -> calling handler()
webserver # [ 94.918857] acme-slow.example.test-start[2812]: 2024/11/28 20:54:17 [INFO] [slow.example.test] Server responded with a certificate.
webserver # [ 94.925923] acme-slow.example.test-start[2807]: + mv domainhash.txt certificates/
webserver # [ 94.933281] acme-slow.example.test-start[2807]: + chown acme:nginx certificates/domainhash.txt certificates/slow.example.test.crt certificates/slow.example.test.issuer.crt certificates/slow.example.test.json certificates/slow.example.test.key
webserver # [ 94.943873] acme-slow.example.test-start[2807]: + cmp -s certificates/slow.example.test.crt out/fullchain.pem
webserver # [ 94.948672] acme-slow.example.test-start[2807]: + touch out/renewed
webserver # [ 94.954971] acme-slow.example.test-start[2807]: + echo Installing new certificate
webserver # [ 94.956198] acme-slow.example.test-start[2807]: Installing new certificate
webserver # [ 94.957236] acme-slow.example.test-start[2807]: + cp -vp certificates/slow.example.test.crt out/fullchain.pem
webserver # [ 94.964119] acme-slow.example.test-start[2821]: 'certificates/slow.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 94.965874] acme-slow.example.test-start[2807]: + cp -vp certificates/slow.example.test.key out/key.pem
webserver # [ 94.971893] acme-slow.example.test-start[2822]: 'certificates/slow.example.test.key' -> 'out/key.pem'
webserver # [ 94.973867] acme-slow.example.test-start[2807]: + cp -vp certificates/slow.example.test.issuer.crt out/chain.pem
webserver # [ 94.979714] acme-slow.example.test-start[2823]: 'certificates/slow.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 94.982130] acme-slow.example.test-start[2807]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 94.988680] acme-slow.example.test-start[2807]: + cat out/key.pem out/fullchain.pem
webserver # [ 94.995617] acme-slow.example.test-start[2807]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 95.002990] acme-slow.example.test-start[2807]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 95.004232] acme-slow.example.test-start[2807]: Releasing lock /run/acme/2.lock
webserver # [ 95.052120] systemd[1]: acme-slow.example.test.service: Deactivated successfully.
webserver # [ 95.055090] systemd[1]: Finished Renew ACME certificate for slow.example.test.
webserver # [ 95.056264] systemd[1]: acme-slow.example.test.service: Consumed 168ms CPU time, 20.9M memory peak, 8K written to disk, 12K incoming IP traffic, 7.7K outgoing IP traffic.
webserver # [ 95.066136] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 95.132048] systemd[1]: Reloading Nginx Web Server...
webserver # [ 95.209639] nginx[2836]: nginx: the configuration file /nix/store/q5n8p4dnyymyhq5h6s8iz530x4gpzx17-nginx.conf syntax is ok
webserver # [ 95.211440] nginx[2836]: nginx: configuration file /nix/store/q5n8p4dnyymyhq5h6s8iz530x4gpzx17-nginx.conf test is successful
webserver # [ 95.268393] nginx[2779]: 2024/11/28 20:54:17 [notice] 2779#2779: signal 1 (SIGHUP) received from 2838, reconfiguring
webserver # [ 95.270379] nginx[2779]: 2024/11/28 20:54:17 [notice] 2779#2779: reconfiguring
webserver # [ 95.276080] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 95.282305] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 95.284219] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 95.285853] systemd[1]: Reached target acme-finished-a.example.test.target.
webserver # [ 95.288735] systemd[1]: Reached target acme-finished-slow.example.test.target.
webserver # [ 95.305168] nginx[2779]: 2024/11/28 20:54:17 [notice] 2779#2779: using the "epoll" event method
webserver # [ 95.307206] nginx[2779]: 2024/11/28 20:54:17 [notice] 2779#2779: start worker processes
webserver # [ 95.308478] nginx[2779]: 2024/11/28 20:54:17 [notice] 2779#2779: start worker process 2841
webserver # [ 95.407549] nginx[2786]: 2024/11/28 20:54:18 [notice] 2786#2786: gracefully shutting down
webserver # [ 95.410076] nginx[2786]: 2024/11/28 20:54:18 [notice] 2786#2786: exiting
webserver # [ 95.411148] nginx[2786]: 2024/11/28 20:54:18 [notice] 2786#2786: exit
webserver # [ 95.418571] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: signal 17 (SIGCHLD) received from 2786
webserver # [ 95.420140] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: worker process 2786 exited with code 0
webserver # [ 95.421532] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: signal 29 (SIGIO) received
webserver # the following new units were started: acme-a.example.test.timer, acme-finished-a.example.test.target, acme-finished-slow.example.test.target, acme-slow.example.test.timer, my-slow-service.service, nginx.service
webserver # [ 95.547714] nixos[2605]: finished switching to system configuration /nix/store/k34645ygzns5k8d34i1387cz702a3127-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/slow_startup/bin/switch-to-configuration test, in 17.39 seconds)
webserver # [ 95.608483] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 95.612246] systemd[1]: Generate self-signed certificate for slow.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/slow.example.test/key.pem).
webserver # [ 95.619658] systemd[1]: Starting Renew ACME certificate for slow.example.test...
webserver # [ 95.703964] acme-slow.example.test-start[2847]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 95.708941] acme-slow.example.test-start[2847]: Acquired lock /run/acme/2.lock
webserver # [ 95.710983] acme-slow.example.test-start[2847]: + set -euo pipefail
webserver # [ 95.713194] acme-slow.example.test-start[2849]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 95.723195] acme-slow.example.test-start[2849]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 95.735732] acme-slow.example.test-start[2847]: + echo 5e47a70b1338fcb3915d
webserver # [ 95.737299] acme-slow.example.test-start[2847]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 95.744299] acme-slow.example.test-start[2847]: + '[' -e certificates/slow.example.test.key ']'
webserver # [ 95.746152] acme-slow.example.test-start[2847]: + '[' -e certificates/slow.example.test.crt ']'
webserver # [ 95.748898] acme-slow.example.test-start[2852]: ++ find accounts -name [email protected]
webserver # [ 95.760629] acme-slow.example.test-start[2847]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 95.762991] acme-slow.example.test-start[2847]: + lego --accept-tos --path . -d slow.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 96.236914] pebble[681]: Pebble 2024/11/28 20:54:18 GET /dir -> calling handler()
webserver # [ 95.869967] acme-slow.example.test-start[2853]: 2024/11/28 20:54:18 [slow.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 95.878621] acme-slow.example.test-start[2847]: + mv domainhash.txt certificates/
webserver # [ 95.886724] acme-slow.example.test-start[2847]: + chown acme:nginx certificates/domainhash.txt certificates/slow.example.test.crt certificates/slow.example.test.issuer.crt certificates/slow.example.test.json certificates/slow.example.test.key
webserver # [ 95.898665] acme-slow.example.test-start[2847]: + cmp -s certificates/slow.example.test.crt out/fullchain.pem
webserver # [ 95.903921] acme-slow.example.test-start[2847]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 95.911583] acme-slow.example.test-start[2847]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 95.912870] acme-slow.example.test-start[2847]: Releasing lock /run/acme/2.lock
webserver # [ 95.954564] systemd[1]: acme-slow.example.test.service: Deactivated successfully.
webserver # [ 95.960066] systemd[1]: Finished Renew ACME certificate for slow.example.test.
webserver # [ 95.962284] systemd[1]: acme-slow.example.test.service: Consumed 189ms CPU time, 19.9M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 95.972152] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 96.042848] systemd[1]: Reloading Nginx Web Server...
webserver # [ 96.122398] nginx[2869]: nginx: the configuration file /nix/store/q5n8p4dnyymyhq5h6s8iz530x4gpzx17-nginx.conf syntax is ok
webserver # [ 96.124284] nginx[2869]: nginx: configuration file /nix/store/q5n8p4dnyymyhq5h6s8iz530x4gpzx17-nginx.conf test is successful
webserver # [ 96.181320] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: signal 1 (SIGHUP) received from 2871, reconfiguring
webserver # [ 96.183123] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: reconfiguring
webserver # [ 96.186478] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 96.193979] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 96.199091] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-slow.example.test.target
webserver # [ 96.223390] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: using the "epoll" event method
webserver # [ 96.226778] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: start worker processes
webserver # [ 96.228051] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: start worker process 2877
(finished: waiting for unit acme-finished-slow.example.test.target, in 0.06 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/slow.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/slow.example.test/cert.pem, in 0.05 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/slow.example.test/fullchain.pem
webserver # [ 96.327343] nginx[2841]: 2024/11/28 20:54:18 [notice] 2841#2841: gracefully shutting down
webserver # [ 96.329736] nginx[2841]: 2024/11/28 20:54:18 [notice] 2841#2841: exiting
webserver # [ 96.331129] nginx[2841]: 2024/11/28 20:54:18 [notice] 2841#2841: exit
webserver # [ 96.335786] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: signal 17 (SIGCHLD) received from 2841
webserver # [ 96.337684] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: worker process 2841 exited with code 0
webserver # [ 96.340226] nginx[2779]: 2024/11/28 20:54:18 [notice] 2779#2779: signal 29 (SIGIO) received
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/slow.example.test/fullchain.pem, in 0.06 seconds)
webserver: waiting for unit nginx.service
(finished: waiting for unit nginx.service, in 0.06 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername slow.example.test -connect slow.example.test:443 < /dev/null 2>&1
webserver # [ 96.464929] nginx[2877]: 2024/11/28 20:54:19 [info] 2877#2877: *4 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername slow.example.test -connect slow.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
(finished: subtest: Can request certificate with HTTP-01 when nginx startup is delayed, in 18.43 seconds)
subtest: Can limit concurrency of running renewals
webserver: must succeed: /tmp/specialisation/concurrency_limit/bin/switch-to-configuration test
webserver # stopping the following units: acme-finished-slow.example.test.target, acme-fixperms.service, acme-lockfiles.service, acme-slow.example.test.timer, my-slow-service.service
webserver # [ 97.018532] nixos[2897]: switching to system configuration /nix/store/6q9yiwg8lji7dan2jy35asdck4h5a9nw-nixos-system-webserver-test
webserver # [ 97.021195] systemd[1]: acme-slow.example.test.timer: Deactivated successfully.
webserver # [ 97.022968] systemd[1]: Stopped Renew ACME Certificate for slow.example.test.
webserver # [ 97.025102] systemd[1]: acme-lockfiles.service: Deactivated successfully.
webserver # [ 97.026419] systemd[1]: Stopped Manage lock files for acme services.
webserver # [ 97.033602] systemd[1]: acme-fixperms.service: Deactivated successfully.
webserver # [ 97.035961] systemd[1]: Stopped Fix owner and group of all ACME certificates.
webserver # [ 97.041564] systemd[1]: Stopped target Remote File Systems.
webserver # [ 97.045451] systemd[1]: Stopping my-slow-service.service...
webserver # [ 97.047331] systemd[1]: Stopped target Local File Systems.
webserver # [ 97.052905] systemd[1]: Stopped target acme-finished-slow.example.test.target.
webserver # [ 97.057766] systemd[1]: my-slow-service.service: Deactivated successfully.
webserver # [ 97.059863] systemd[1]: Stopped my-slow-service.service.
webserver # activating the configuration...
webserver # [ 97.486585] systemd[1]: Reload requested from client PID 2897 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 97.488416] systemd[1]: Reloading...
webserver # [ 97.727718] systemd-ssh-generator[2960]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 97.834475] systemd[1]: /etc/systemd/system/acme-h.example.test.service:15: Unknown key 'ExecPreStart' in section [Service], ignoring.
webserver # [ 97.842835] systemd[1]: /etc/systemd/system/acme-g.example.test.service:15: Unknown key 'ExecPreStart' in section [Service], ignoring.
webserver # [ 97.852533] systemd[1]: /etc/systemd/system/acme-f.example.test.service:15: Unknown key 'ExecPreStart' in section [Service], ignoring.
webserver # [ 98.031515] systemd[1]: Reloading finished in 541 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 98.051580] systemd[1]: Stopped target Reactivate sysinit units.
webserver # restarting the following units: acme-a.example.test.timer, nginx.service
webserver # [ 98.054215] systemd[1]: Stopping Reactivate sysinit units...
webserver # [ 98.055131] systemd[1]: Reached target Reactivate sysinit units.
webserver # [ 98.057353] systemd[1]: acme-a.example.test.timer: Deactivated successfully.
webserver # [ 98.059202] systemd[1]: Stopped Renew ACME Certificate for a.example.test.
webserver # [ 98.060422] systemd[1]: Stopping Renew ACME Certificate for a.example.test...
webserver # [ 98.061546] systemd[1]: Started Renew ACME Certificate for a.example.test.
webserver # [ 98.071249] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 98.078360] systemd[1]: Starting Manage lock files for acme services...
webserver # [ 98.079576] nginx[2779]: 2024/11/28 20:54:20 [notice] 2779#2779: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 98.082408] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 98.087680] nginx[2877]: 2024/11/28 20:54:20 [notice] 2877#2877: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 98.089441] nginx[2877]: 2024/11/28 20:54:20 [notice] 2877#2877: exiting
webserver # [ 98.091578] nginx[2877]: 2024/11/28 20:54:20 [notice] 2877#2877: exit
webserver # [ 98.092735] systemd[1]: Stopping Nginx Web Server...
webserver # [ 98.098106] nginx[2779]: 2024/11/28 20:54:20 [notice] 2779#2779: signal 17 (SIGCHLD) received from 2877
webserver # [ 98.100167] nginx[2779]: 2024/11/28 20:54:20 [notice] 2779#2779: worker process 2877 exited with code 0
webserver # [ 98.102630] nginx[2779]: 2024/11/28 20:54:20 [notice] 2779#2779: exit
webserver # [ 98.119074] systemd[1]: nginx.service: Deactivated successfully.
webserver # [ 98.126404] systemd[1]: Stopped Nginx Web Server.
webserver # [ 98.206711] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 98.221542] systemd[1]: Finished Manage lock files for acme services.
webserver # [ 98.228067] systemd[1]: Starting Generate self-signed certificate for f.example.test...
webserver # [ 98.233415] systemd[1]: Starting Generate self-signed certificate for g.example.test...
webserver # [ 98.238114] systemd[1]: Starting Generate self-signed certificate for h.example.test...
webserver # [ 98.367428] acme-selfsigned-f.example.test-start[2980]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 98.372505] acme-selfsigned-f.example.test-start[2980]: Acquired lock /run/acme/1.lock
webserver # [ 98.378869] acme-selfsigned-g.example.test-start[2981]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 98.381513] acme-selfsigned-h.example.test-start[2982]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 98.418580] acme-selfsigned-f.example.test-start[2980]: Releasing lock /run/acme/1.lock
webserver # [ 98.422124] acme-selfsigned-g.example.test-start[2981]: Acquired lock /run/acme/1.lock
webserver # [ 98.423355] systemd[1]: acme-selfsigned-f.example.test.service: Deactivated successfully.
webserver # [ 98.431302] systemd[1]: Finished Generate self-signed certificate for f.example.test.
webserver # [ 98.468384] acme-selfsigned-g.example.test-start[2981]: Releasing lock /run/acme/1.lock
webserver # [ 98.470811] acme-selfsigned-h.example.test-start[2982]: Acquired lock /run/acme/1.lock
webserver # [ 98.473509] systemd[1]: acme-selfsigned-g.example.test.service: Deactivated successfully.
webserver # [ 98.475619] systemd[1]: Finished Generate self-signed certificate for g.example.test.
webserver # [ 98.517952] acme-selfsigned-h.example.test-start[2982]: Releasing lock /run/acme/1.lock
webserver # [ 98.521115] systemd[1]: acme-selfsigned-h.example.test.service: Deactivated successfully.
webserver # [ 98.524080] systemd[1]: Finished Generate self-signed certificate for h.example.test.
webserver # [ 98.532921] systemd[1]: Starting Nginx Web Server...
webserver # [ 98.616337] nginx-pre-start[3023]: nginx: the configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf syntax is ok
webserver # [ 98.618539] nginx-pre-start[3023]: nginx: configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf test is successful
webserver # starting the following units: acme-fixperms.service, acme-lockfiles.service
webserver # [ 98.629061] systemd[1]: Started Nginx Web Server.
webserver # [ 98.634261] systemd[1]: Starting Renew ACME certificate for f.example.test...
webserver # [ 98.639218] systemd[1]: Starting Renew ACME certificate for g.example.test...
webserver # [ 98.646089] systemd[1]: Starting Renew ACME certificate for h.example.test...
webserver # [ 98.662773] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 98.671759] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 98.674262] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 98.675974] systemd[1]: Reached target Local File Systems.
webserver # [ 98.678384] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 98.682872] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 98.688815] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 98.690396] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 98.738091] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 98.748618] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 98.761894] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 98.768492] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 98.770804] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 98.785065] systemd[1]: Reached target Remote File Systems.
webserver # [ 98.939685] acme-f.example.test-start[3026]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 98.947891] acme-f.example.test-start[3026]: Acquired lock /run/acme/1.lock
webserver # [ 98.949919] acme-f.example.test-start[3026]: + set -euo pipefail
webserver # [ 98.951951] acme-f.example.test-start[3046]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 98.957397] acme-g.example.test-start[3027]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 98.961618] acme-h.example.test-start[3028]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 98.967650] acme-f.example.test-start[3046]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 98.979945] acme-f.example.test-start[3026]: + echo d07e734c1d0376cedcbe
webserver # [ 98.982639] acme-f.example.test-start[3026]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 98.987964] acme-f.example.test-start[3026]: + lego --accept-tos --path . -d f.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
webserver # [ 98.996197] nginx[3025]: 2024/11/28 20:54:21 [notice] 3025#3025: using the "epoll" event method
webserver # [ 98.998788] nginx[3025]: 2024/11/28 20:54:21 [notice] 3025#3025: nginx/1.26.2
webserver # [ 99.000224] nginx[3025]: 2024/11/28 20:54:21 [notice] 3025#3025: built by gcc 13.3.0 (GCC)
webserver # [ 99.002299] nginx[3025]: 2024/11/28 20:54:21 [notice] 3025#3025: OS: Linux 6.6.63
webserver # [ 99.003687] nginx[3025]: 2024/11/28 20:54:21 [notice] 3025#3025: getrlimit(RLIMIT_NOFILE): 1024:524288
webserver # [ 99.005192] nginx[3025]: 2024/11/28 20:54:21 [notice] 3025#3025: start worker processes
webserver # [ 99.006896] nginx[3025]: 2024/11/28 20:54:21 [notice] 3025#3025: start worker process 3056
acme # [ 99.494419] pebble[681]: Pebble 2024/11/28 20:54:22 GET /dir -> calling handler()
webserver # [ 99.129132] acme-f.example.test-start[3054]: 2024/11/28 20:54:21 [INFO] [f.example.test] acme: Obtaining bundled SAN certificate
acme # [ 99.499895] pebble[681]: Pebble 2024/11/28 20:54:22 HEAD /nonce-plz -> calling handler()
acme # [ 99.501976] pebble[681]: Pebble 2024/11/28 20:54:22 POST /order-plz -> calling handler()
acme # [ 99.504671] pebble[681]: Pebble 2024/11/28 20:54:22 There are now 10 authorizations in the db
acme # [ 99.506310] pebble[681]: Pebble 2024/11/28 20:54:22 Added order "21SnEKOruVhu3T8JlfQ9m5MbC2mDJ2sceVTX3usgSDw" to the db
acme # [ 99.508549] pebble[681]: Pebble 2024/11/28 20:54:22 There are now 12 orders in the db
acme # [ 99.562366] pebble[681]: Pebble 2024/11/28 20:54:22 POST /authZ/ -> calling handler()
webserver # [ 99.195217] acme-f.example.test-start[3054]: 2024/11/28 20:54:21 [INFO] [f.example.test] AuthURL: https://acme.test/authZ/khn7N6q3oaKHPJTGroIIsVXp69BOZXJb1nsVZKNeeNQ
acme # [ 99.564402] pebble[681]: Pebble 2024/11/28 20:54:22 POST /chalZ/ -> calling handler()
webserver # [ 99.197401] acme-f.example.test-start[3054]: 2024/11/28 20:54:21 [INFO] [f.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 99.199918] acme-f.example.test-start[3054]: 2024/11/28 20:54:21 [INFO] [f.example.test] acme: use http-01 solver
webserver # [ 99.201924] acme-f.example.test-start[3054]: 2024/11/28 20:54:21 [INFO] [f.example.test] acme: Trying to solve HTTP-01
acme # [ 99.567181] pebble[681]: Pebble 2024/11/28 20:54:22 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"f.example.test"}, Challenge:(*core.Challenge)(0xc0000dbae0), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 99.571886] pebble[681]: Pebble 2024/11/28 20:54:22 Starting 3 validations.
acme # [ 99.573877] pebble[681]: Pebble 2024/11/28 20:54:22 Attempting to validate w/ HTTP: http://f.example.test:80/.well-known/acme-challenge/1Ue9Zd6RsZFrS_oCAobl-9C8bspeH4_7taUkEboLjZg
acme # [ 99.577407] pebble[681]: Pebble 2024/11/28 20:54:22 POST /authZ/ -> calling handler()
acme # [ 99.580079] pebble[681]: Pebble 2024/11/28 20:54:22 Attempting to validate w/ HTTP: http://f.example.test:80/.well-known/acme-challenge/1Ue9Zd6RsZFrS_oCAobl-9C8bspeH4_7taUkEboLjZg
acme # [ 99.583818] pebble[681]: Pebble 2024/11/28 20:54:22 Attempting to validate w/ HTTP: http://f.example.test:80/.well-known/acme-challenge/1Ue9Zd6RsZFrS_oCAobl-9C8bspeH4_7taUkEboLjZg
acme # [ 99.592466] pebble[681]: Pebble 2024/11/28 20:54:22 authz khn7N6q3oaKHPJTGroIIsVXp69BOZXJb1nsVZKNeeNQ set VALID by completed challenge Wb2iCFQyXRdtJi2ej7kuGXPFys-VmvMv5XZFMLAu024
webserver # [ 99.290174] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 99.294165] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 99.297081] systemd[1]: Started Renew ACME Certificate for f.example.test.
webserver # [ 99.298160] systemd[1]: Started Renew ACME Certificate for g.example.test.
webserver # [ 99.299614] systemd[1]: Started Renew ACME Certificate for h.example.test.
webserver # [ 99.300710] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 99.302750] systemd[1]: Generate self-signed certificate for a.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/a.example.test/key.pem).
webserver # [ 99.312095] systemd[1]: Starting Renew ACME certificate for a.example.test...
webserver # [ 99.313649] systemd[1]: Generate self-signed certificate for f.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/f.example.test/key.pem).
webserver # [ 99.316593] systemd[1]: Generate self-signed certificate for g.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/g.example.test/key.pem).
webserver # [ 99.319220] systemd[1]: Generate self-signed certificate for h.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/h.example.test/key.pem).
webserver # [ 99.377832] acme-a.example.test-start[3111]: Waiting to acquire lock /run/acme/1.lock
acme # [ 106.103966] pebble[681]: Pebble 2024/11/28 20:54:28 POST /authZ/ -> calling handler()
webserver # [ 105.736844] acme-f.example.test-start[3054]: 2024/11/28 20:54:28 [INFO] [f.example.test] The server validated our request
acme # [ 106.105955] pebble[681]: Pebble 2024/11/28 20:54:28 POST /finalize-order/ -> calling handler()
webserver # [ 105.738581] acme-f.example.test-start[3054]: 2024/11/28 20:54:28 [INFO] [f.example.test] acme: Validations succeeded; requesting certificates
acme # [ 106.108761] pebble[681]: Pebble 2024/11/28 20:54:28 Order 21SnEKOruVhu3T8JlfQ9m5MbC2mDJ2sceVTX3usgSDw is fully authorized. Processing finalization
webserver # [ 105.743917] acme-f.example.test-start[3054]: 2024/11/28 20:54:28 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 106.115034] pebble[681]: Pebble 2024/11/28 20:54:28 Issued certificate serial 13227d57c9792bc5 for order 21SnEKOruVhu3T8JlfQ9m5MbC2mDJ2sceVTX3usgSDw
acme # [ 106.117596] pebble[681]: Pebble 2024/11/28 20:54:28 POST /my-order/ -> calling handler()
acme # [ 106.120330] pebble[681]: Pebble 2024/11/28 20:54:28 POST /certZ/ -> calling handler()
webserver # [ 105.754761] acme-f.example.test-start[3054]: 2024/11/28 20:54:28 [INFO] [f.example.test] Server responded with a certificate.
webserver # [ 105.762730] acme-f.example.test-start[3026]: + mv domainhash.txt certificates/
webserver # [ 105.770654] acme-f.example.test-start[3026]: + chown acme:nginx certificates/domainhash.txt certificates/f.example.test.crt certificates/f.example.test.issuer.crt certificates/f.example.test.json certificates/f.example.test.key
webserver # [ 105.782507] acme-f.example.test-start[3026]: + cmp -s certificates/f.example.test.crt out/fullchain.pem
webserver # [ 105.787801] acme-f.example.test-start[3026]: + touch out/renewed
webserver # [ 105.795216] acme-f.example.test-start[3026]: + echo Installing new certificate
webserver # [ 105.796430] acme-f.example.test-start[3026]: Installing new certificate
webserver # [ 105.797619] acme-f.example.test-start[3026]: + cp -vp certificates/f.example.test.crt out/fullchain.pem
webserver # [ 105.804733] acme-f.example.test-start[3117]: 'certificates/f.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 105.807406] acme-f.example.test-start[3026]: + cp -vp certificates/f.example.test.key out/key.pem
webserver # [ 105.814333] acme-f.example.test-start[3118]: 'certificates/f.example.test.key' -> 'out/key.pem'
webserver # [ 105.816529] acme-f.example.test-start[3026]: + cp -vp certificates/f.example.test.issuer.crt out/chain.pem
webserver # [ 105.823534] acme-f.example.test-start[3119]: 'certificates/f.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 105.825840] acme-f.example.test-start[3026]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 105.833725] acme-f.example.test-start[3026]: + cat out/key.pem out/fullchain.pem
webserver # [ 105.841845] acme-f.example.test-start[3026]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 105.850391] acme-f.example.test-start[3026]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 105.851609] acme-f.example.test-start[3026]: Releasing lock /run/acme/1.lock
webserver # [ 105.856120] acme-g.example.test-start[3027]: Acquired lock /run/acme/1.lock
webserver # [ 105.857493] acme-g.example.test-start[3027]: + set -euo pipefail
webserver # [ 105.860557] acme-g.example.test-start[3124]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 105.868867] acme-g.example.test-start[3124]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 105.880966] acme-g.example.test-start[3027]: + echo 7d5deeca526eb059c225
webserver # [ 105.883316] acme-g.example.test-start[3027]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 105.889848] acme-g.example.test-start[3027]: + lego --accept-tos --path . -d g.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
webserver # [ 105.938488] systemd[1]: acme-f.example.test.service: Deactivated successfully.
webserver # [ 105.940615] systemd[1]: Finished Renew ACME certificate for f.example.test.
webserver # [ 105.943274] systemd[1]: acme-f.example.test.service: Consumed 177ms CPU time, 20M memory peak, 8K written to disk, 11.3K incoming IP traffic, 7K outgoing IP traffic.
acme # [ 106.376732] pebble[681]: Pebble 2024/11/28 20:54:29 GET /dir -> calling handler()
webserver # [ 106.010265] acme-g.example.test-start[3128]: 2024/11/28 20:54:28 [INFO] [g.example.test] acme: Obtaining bundled SAN certificate
acme # [ 106.378667] pebble[681]: Pebble 2024/11/28 20:54:29 HEAD /nonce-plz -> calling handler()
acme # [ 106.381134] pebble[681]: Pebble 2024/11/28 20:54:29 POST /order-plz -> calling handler()
acme # [ 106.382605] pebble[681]: Pebble 2024/11/28 20:54:29 There are now 11 authorizations in the db
acme # [ 106.384203] pebble[681]: Pebble 2024/11/28 20:54:29 Added order "EWtK0g-g9KG-zc4OLRfTZY-XAYFXz8WVhLa4Ewd6mTA" to the db
acme # [ 106.386159] pebble[681]: Pebble 2024/11/28 20:54:29 There are now 13 orders in the db
acme # [ 106.438198] pebble[681]: Pebble 2024/11/28 20:54:29 POST /authZ/ -> calling handler()
webserver # [ 106.070702] acme-g.example.test-start[3128]: 2024/11/28 20:54:28 [INFO] [g.example.test] AuthURL: https://acme.test/authZ/1ZLb_D6G-h1Npc3UsV6e8yrD0r65nUV4zmFr2mO6SGg
acme # [ 106.441458] pebble[681]: Pebble 2024/11/28 20:54:29 POST /chalZ/ -> calling handler()
webserver # [ 106.073376] acme-g.example.test-start[3128]: 2024/11/28 20:54:28 [INFO] [g.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 106.075047] acme-g.example.test-start[3128]: 2024/11/28 20:54:28 [INFO] [g.example.test] acme: use http-01 solver
webserver # [ 106.076660] acme-g.example.test-start[3128]: 2024/11/28 20:54:28 [INFO] [g.example.test] acme: Trying to solve HTTP-01
acme # [ 106.443944] pebble[681]: Pebble 2024/11/28 20:54:29 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"g.example.test"}, Challenge:(*core.Challenge)(0xc000250320), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 106.448597] pebble[681]: Pebble 2024/11/28 20:54:29 Starting 3 validations.
acme # [ 106.450208] pebble[681]: Pebble 2024/11/28 20:54:29 Attempting to validate w/ HTTP: http://g.example.test:80/.well-known/acme-challenge/ttE8tuZOYSlQMhl671iSJHl_vY4ST1MHP_shfYeaPLY
acme # [ 106.453234] pebble[681]: Pebble 2024/11/28 20:54:29 POST /authZ/ -> calling handler()
acme # [ 106.455917] pebble[681]: Pebble 2024/11/28 20:54:29 Attempting to validate w/ HTTP: http://g.example.test:80/.well-known/acme-challenge/ttE8tuZOYSlQMhl671iSJHl_vY4ST1MHP_shfYeaPLY
acme # [ 106.459195] pebble[681]: Pebble 2024/11/28 20:54:29 Attempting to validate w/ HTTP: http://g.example.test:80/.well-known/acme-challenge/ttE8tuZOYSlQMhl671iSJHl_vY4ST1MHP_shfYeaPLY
acme # [ 106.465602] pebble[681]: Pebble 2024/11/28 20:54:29 authz 1ZLb_D6G-h1Npc3UsV6e8yrD0r65nUV4zmFr2mO6SGg set VALID by completed challenge xQu2WI_70k8ovpaqLHQ0PQnV8Zj70uih9Wc3luCyY60
acme # [ 113.710988] pebble[681]: Pebble 2024/11/28 20:54:36 POST /authZ/ -> calling handler()
webserver # [ 113.343944] acme-g.example.test-start[3128]: 2024/11/28 20:54:35 [INFO] [g.example.test] The server validated our request
acme # [ 113.712830] pebble[681]: Pebble 2024/11/28 20:54:36 POST /finalize-order/ -> calling handler()
webserver # [ 113.345621] acme-g.example.test-start[3128]: 2024/11/28 20:54:35 [INFO] [g.example.test] acme: Validations succeeded; requesting certificates
acme # [ 113.714822] pebble[681]: Pebble 2024/11/28 20:54:36 Order EWtK0g-g9KG-zc4OLRfTZY-XAYFXz8WVhLa4Ewd6mTA is fully authorized. Processing finalization
webserver # [ 113.347761] acme-g.example.test-start[3128]: 2024/11/28 20:54:35 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 113.719521] pebble[681]: Pebble 2024/11/28 20:54:36 Issued certificate serial 2fcbfdbd2484b8b6 for order EWtK0g-g9KG-zc4OLRfTZY-XAYFXz8WVhLa4Ewd6mTA
acme # [ 113.721842] pebble[681]: Pebble 2024/11/28 20:54:36 POST /my-order/ -> calling handler()
acme # [ 113.724252] pebble[681]: Pebble 2024/11/28 20:54:36 POST /certZ/ -> calling handler()
webserver # [ 113.358347] acme-g.example.test-start[3128]: 2024/11/28 20:54:35 [INFO] [g.example.test] Server responded with a certificate.
webserver # [ 113.364951] acme-g.example.test-start[3027]: + mv domainhash.txt certificates/
webserver # [ 113.371917] acme-g.example.test-start[3027]: + chown acme:nginx certificates/domainhash.txt certificates/g.example.test.crt certificates/g.example.test.issuer.crt certificates/g.example.test.json certificates/g.example.test.key
webserver # [ 113.381950] acme-g.example.test-start[3027]: + cmp -s certificates/g.example.test.crt out/fullchain.pem
webserver # [ 113.386354] acme-g.example.test-start[3027]: + touch out/renewed
webserver # [ 113.392711] acme-g.example.test-start[3027]: + echo Installing new certificate
webserver # [ 113.393823] acme-g.example.test-start[3027]: Installing new certificate
webserver # [ 113.394801] acme-g.example.test-start[3027]: + cp -vp certificates/g.example.test.crt out/fullchain.pem
webserver # [ 113.401559] acme-g.example.test-start[3140]: 'certificates/g.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 113.403351] acme-g.example.test-start[3027]: + cp -vp certificates/g.example.test.key out/key.pem
webserver # [ 113.409449] acme-g.example.test-start[3141]: 'certificates/g.example.test.key' -> 'out/key.pem'
webserver # [ 113.411515] acme-g.example.test-start[3027]: + cp -vp certificates/g.example.test.issuer.crt out/chain.pem
webserver # [ 113.417295] acme-g.example.test-start[3142]: 'certificates/g.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 113.419715] acme-g.example.test-start[3027]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 113.426453] acme-g.example.test-start[3027]: + cat out/key.pem out/fullchain.pem
webserver # [ 113.433391] acme-g.example.test-start[3027]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 113.440204] acme-g.example.test-start[3027]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 113.441330] acme-g.example.test-start[3027]: Releasing lock /run/acme/1.lock
webserver # [ 113.443799] acme-h.example.test-start[3028]: Acquired lock /run/acme/1.lock
webserver # [ 113.444826] acme-h.example.test-start[3028]: + set -euo pipefail
webserver # [ 113.448129] acme-h.example.test-start[3147]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 113.455457] acme-h.example.test-start[3147]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 113.465101] acme-h.example.test-start[3028]: + echo d7c572bdb30a61353658
webserver # [ 113.467349] acme-h.example.test-start[3028]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 113.472699] acme-h.example.test-start[3028]: + lego --accept-tos --path . -d h.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
webserver # [ 113.517658] systemd[1]: acme-g.example.test.service: Deactivated successfully.
webserver # [ 113.523069] systemd[1]: Finished Renew ACME certificate for g.example.test.
webserver # [ 113.524156] systemd[1]: acme-g.example.test.service: Consumed 171ms CPU time, 20.7M memory peak, 8K written to disk, 11.3K incoming IP traffic, 6.9K outgoing IP traffic.
acme # [ 113.950660] pebble[681]: Pebble 2024/11/28 20:54:36 GET /dir -> calling handler()
acme # [ 113.953087] pebble[681]: Pebble 2024/11/28 20:54:36 HEAD /nonce-plz -> calling handler()
webserver # [ 113.585300] acme-h.example.test-start[3151]: 2024/11/28 20:54:36 [INFO] [h.example.test] acme: Obtaining bundled SAN certificate
acme # [ 113.955931] pebble[681]: Pebble 2024/11/28 20:54:36 POST /order-plz -> calling handler()
acme # [ 113.957288] pebble[681]: Pebble 2024/11/28 20:54:36 There are now 12 authorizations in the db
acme # [ 113.958658] pebble[681]: Pebble 2024/11/28 20:54:36 Added order "WTOAtCiI4N7Y99pd35ci1NxXUIhNCZxYSXXWdPR_ij8" to the db
acme # [ 113.960375] pebble[681]: Pebble 2024/11/28 20:54:36 There are now 14 orders in the db
acme # [ 114.012735] pebble[681]: Pebble 2024/11/28 20:54:36 POST /authZ/ -> calling handler()
webserver # [ 113.645436] acme-h.example.test-start[3151]: 2024/11/28 20:54:36 [INFO] [h.example.test] AuthURL: https://acme.test/authZ/BP1yt4dkhTxCS5jkkcuT4eDqdZKvhn3BS9WmW8U_dIk
acme # [ 114.014410] pebble[681]: Pebble 2024/11/28 20:54:36 POST /chalZ/ -> calling handler()
webserver # [ 113.647405] acme-h.example.test-start[3151]: 2024/11/28 20:54:36 [INFO] [h.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 113.649099] acme-h.example.test-start[3151]: 2024/11/28 20:54:36 [INFO] [h.example.test] acme: use http-01 solver
webserver # [ 113.650529] acme-h.example.test-start[3151]: 2024/11/28 20:54:36 [INFO] [h.example.test] acme: Trying to solve HTTP-01
webserver # [ 113.652194] acme-h.example.test-start[3151]: 2024/11/28 20:54:36 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/chalZ/UnfD7SUaQTgZNAoC__vvj14tXkWkuTW98c62i_DZ2IQ :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: M5iYLunady5P6DusPgMxxw
acme # [ 114.246636] pebble[681]: Pebble 2024/11/28 20:54:36 POST /chalZ/ -> calling handler()
acme # [ 114.248141] pebble[681]: Pebble 2024/11/28 20:54:36 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"h.example.test"}, Challenge:(*core.Challenge)(0xc000250820), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 114.252307] pebble[681]: Pebble 2024/11/28 20:54:36 Starting 3 validations.
acme # [ 114.253471] pebble[681]: Pebble 2024/11/28 20:54:36 Attempting to validate w/ HTTP: http://h.example.test:80/.well-known/acme-challenge/PR2Nth5S8NyWR0yQ6YtPVitrNYOeHJco_MqcHqc8js0
acme # [ 114.256457] pebble[681]: Pebble 2024/11/28 20:54:36 POST /authZ/ -> calling handler()
acme # [ 114.258525] pebble[681]: Pebble 2024/11/28 20:54:36 Attempting to validate w/ HTTP: http://h.example.test:80/.well-known/acme-challenge/PR2Nth5S8NyWR0yQ6YtPVitrNYOeHJco_MqcHqc8js0
acme # [ 114.262233] pebble[681]: Pebble 2024/11/28 20:54:36 Attempting to validate w/ HTTP: http://h.example.test:80/.well-known/acme-challenge/PR2Nth5S8NyWR0yQ6YtPVitrNYOeHJco_MqcHqc8js0
acme # [ 114.268612] pebble[681]: Pebble 2024/11/28 20:54:36 authz BP1yt4dkhTxCS5jkkcuT4eDqdZKvhn3BS9WmW8U_dIk set VALID by completed challenge UnfD7SUaQTgZNAoC__vvj14tXkWkuTW98c62i_DZ2IQ
acme # [ 120.634956] pebble[681]: Pebble 2024/11/28 20:54:43 POST /authZ/ -> calling handler()
webserver # [ 120.267924] acme-h.example.test-start[3151]: 2024/11/28 20:54:42 [INFO] [h.example.test] The server validated our request
acme # [ 120.637062] pebble[681]: Pebble 2024/11/28 20:54:43 POST /finalize-order/ -> calling handler()
webserver # [ 120.269496] acme-h.example.test-start[3151]: 2024/11/28 20:54:42 [INFO] [h.example.test] acme: Validations succeeded; requesting certificates
webserver # [ 120.271741] acme-h.example.test-start[3151]: 2024/11/28 20:54:42 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 120.639199] pebble[681]: Pebble 2024/11/28 20:54:43 Order WTOAtCiI4N7Y99pd35ci1NxXUIhNCZxYSXXWdPR_ij8 is fully authorized. Processing finalization
acme # [ 120.644305] pebble[681]: Pebble 2024/11/28 20:54:43 Issued certificate serial 154db368df7c4b32 for order WTOAtCiI4N7Y99pd35ci1NxXUIhNCZxYSXXWdPR_ij8
acme # [ 120.646493] pebble[681]: Pebble 2024/11/28 20:54:43 POST /my-order/ -> calling handler()
acme # [ 120.648063] pebble[681]: Pebble 2024/11/28 20:54:43 POST /certZ/ -> calling handler()
webserver # [ 120.282593] acme-h.example.test-start[3151]: 2024/11/28 20:54:42 [INFO] [h.example.test] Server responded with a certificate.
webserver # [ 120.289163] acme-h.example.test-start[3028]: + mv domainhash.txt certificates/
webserver # [ 120.295663] acme-h.example.test-start[3028]: + chown acme:nginx certificates/domainhash.txt certificates/h.example.test.crt certificates/h.example.test.issuer.crt certificates/h.example.test.json certificates/h.example.test.key
webserver # [ 120.305086] acme-h.example.test-start[3028]: + cmp -s certificates/h.example.test.crt out/fullchain.pem
webserver # [ 120.309304] acme-h.example.test-start[3028]: + touch out/renewed
webserver # [ 120.315124] acme-h.example.test-start[3028]: + echo Installing new certificate
webserver # [ 120.316417] acme-h.example.test-start[3028]: Installing new certificate
webserver # [ 120.317457] acme-h.example.test-start[3028]: + cp -vp certificates/h.example.test.crt out/fullchain.pem
webserver # [ 120.323070] acme-h.example.test-start[3163]: 'certificates/h.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 120.325039] acme-h.example.test-start[3028]: + cp -vp certificates/h.example.test.key out/key.pem
webserver # [ 120.330141] acme-h.example.test-start[3164]: 'certificates/h.example.test.key' -> 'out/key.pem'
webserver # [ 120.332499] acme-h.example.test-start[3028]: + cp -vp certificates/h.example.test.issuer.crt out/chain.pem
webserver # [ 120.337527] acme-h.example.test-start[3165]: 'certificates/h.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 120.339399] acme-h.example.test-start[3028]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 120.345355] acme-h.example.test-start[3028]: + cat out/key.pem out/fullchain.pem
webserver # [ 120.351444] acme-h.example.test-start[3028]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 120.358419] acme-h.example.test-start[3028]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 120.359675] acme-h.example.test-start[3028]: Releasing lock /run/acme/1.lock
webserver # [ 120.362809] acme-a.example.test-start[3111]: Acquired lock /run/acme/1.lock
webserver # [ 120.364788] acme-a.example.test-start[3111]: + set -euo pipefail
webserver # [ 120.367202] acme-a.example.test-start[3170]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 120.374439] acme-a.example.test-start[3170]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 120.385685] acme-a.example.test-start[3111]: + echo 9c8503f9419119933b04
webserver # [ 120.386722] acme-a.example.test-start[3111]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 120.392598] acme-a.example.test-start[3111]: + '[' -e certificates/a.example.test.key ']'
webserver # [ 120.393800] acme-a.example.test-start[3111]: + '[' -e certificates/a.example.test.crt ']'
webserver # [ 120.395736] acme-a.example.test-start[3174]: ++ find accounts -name [email protected]
webserver # [ 120.406655] acme-a.example.test-start[3111]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 120.408267] acme-a.example.test-start[3111]: + lego --accept-tos --path . -d a.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
webserver # [ 120.439133] systemd[1]: acme-h.example.test.service: Deactivated successfully.
webserver # [ 120.446652] systemd[1]: Finished Renew ACME certificate for h.example.test.
webserver # [ 120.448227] systemd[1]: acme-h.example.test.service: Consumed 165ms CPU time, 20.8M memory peak, 8K written to disk, 11.8K incoming IP traffic, 7.7K outgoing IP traffic.
acme # [ 120.886181] pebble[681]: Pebble 2024/11/28 20:54:43 GET /dir -> calling handler()
webserver # [ 120.520777] acme-a.example.test-start[3175]: 2024/11/28 20:54:43 [a.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 120.527797] acme-a.example.test-start[3111]: + mv domainhash.txt certificates/
webserver # [ 120.534532] acme-a.example.test-start[3111]: + chown acme:nginx certificates/a.example.test.crt certificates/a.example.test.issuer.crt certificates/a.example.test.json certificates/a.example.test.key certificates/domainhash.txt
webserver # [ 120.544126] acme-a.example.test-start[3111]: + cmp -s certificates/a.example.test.crt out/fullchain.pem
webserver # [ 120.548587] acme-a.example.test-start[3111]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 120.555368] acme-a.example.test-start[3111]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 120.556505] acme-a.example.test-start[3111]: Releasing lock /run/acme/1.lock
webserver # [ 120.594495] systemd[1]: acme-a.example.test.service: Deactivated successfully.
webserver # [ 120.598086] systemd[1]: Finished Renew ACME certificate for a.example.test.
webserver # [ 120.599162] systemd[1]: acme-a.example.test.service: Consumed 152ms CPU time, 19.9M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 120.608990] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 120.668445] systemd[1]: Reloading Nginx Web Server...
webserver # [ 120.742419] nginx[3196]: nginx: the configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf syntax is ok
webserver # [ 120.744224] nginx[3196]: nginx: configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf test is successful
webserver # [ 120.797444] nginx[3025]: 2024/11/28 20:54:43 [notice] 3025#3025: signal 1 (SIGHUP) received from 3198, reconfiguring
webserver # [ 120.799324] nginx[3025]: 2024/11/28 20:54:43 [notice] 3025#3025: reconfiguring
webserver # [ 120.804087] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 120.810263] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 120.816557] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 120.817585] systemd[1]: Reached target acme-finished-f.example.test.target.
webserver # [ 120.819240] systemd[1]: Reached target acme-finished-g.example.test.target.
webserver # [ 120.821862] systemd[1]: Reached target acme-finished-h.example.test.target.
webserver # [ 120.835065] nginx[3025]: 2024/11/28 20:54:43 [notice] 3025#3025: using the "epoll" event method
webserver # [ 120.836306] nginx[3025]: 2024/11/28 20:54:43 [notice] 3025#3025: start worker processes
webserver # [ 120.837718] nginx[3025]: 2024/11/28 20:54:43 [notice] 3025#3025: start worker process 3201
webserver # [ 120.938867] nginx[3056]: 2024/11/28 20:54:43 [notice] 3056#3056: gracefully shutting down
webserver # [ 120.940068] nginx[3056]: 2024/11/28 20:54:43 [notice] 3056#3056: exiting
webserver # [ 120.941059] nginx[3056]: 2024/11/28 20:54:43 [notice] 3056#3056: exit
webserver # [ 120.943482] nginx[3025]: 2024/11/28 20:54:43 [notice] 3025#3025: signal 17 (SIGCHLD) received from 3056
webserver # [ 120.944855] nginx[3025]: 2024/11/28 20:54:43 [notice] 3025#3025: worker process 3056 exited with code 0
webserver # [ 120.946259] nginx[3025]: 2024/11/28 20:54:43 [notice] 3025#3025: signal 29 (SIGIO) received
webserver # the following new units were started: acme-f.example.test.timer, acme-finished-f.example.test.target, acme-finished-g.example.test.target, acme-finished-h.example.test.target, acme-g.example.test.timer, acme-h.example.test.timer
webserver # [ 121.079763] nixos[2897]: finished switching to system configuration /nix/store/6q9yiwg8lji7dan2jy35asdck4h5a9nw-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/concurrency_limit/bin/switch-to-configuration test, in 24.58 seconds)
webserver # [ 121.128204] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 121.130421] systemd[1]: Generate self-signed certificate for f.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/f.example.test/key.pem).
webserver # [ 121.137189] systemd[1]: Starting Renew ACME certificate for f.example.test...
webserver # [ 121.199246] acme-f.example.test-start[3207]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 121.202534] acme-f.example.test-start[3207]: Acquired lock /run/acme/1.lock
webserver # [ 121.203648] acme-f.example.test-start[3207]: + set -euo pipefail
webserver # [ 121.205276] acme-f.example.test-start[3209]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 121.211632] acme-f.example.test-start[3209]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 121.219800] acme-f.example.test-start[3207]: + echo d07e734c1d0376cedcbe
webserver # [ 121.220846] acme-f.example.test-start[3207]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 121.225265] acme-f.example.test-start[3207]: + '[' -e certificates/f.example.test.key ']'
webserver # [ 121.226459] acme-f.example.test-start[3207]: + '[' -e certificates/f.example.test.crt ']'
webserver # [ 121.228212] acme-f.example.test-start[3212]: ++ find accounts -name [email protected]
webserver # [ 121.235849] acme-f.example.test-start[3207]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 121.237496] acme-f.example.test-start[3207]: + lego --accept-tos --path . -d f.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 121.690405] pebble[681]: Pebble 2024/11/28 20:54:44 GET /dir -> calling handler()
webserver # [ 121.322913] acme-f.example.test-start[3213]: 2024/11/28 20:54:43 [f.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 121.329805] acme-f.example.test-start[3207]: + mv domainhash.txt certificates/
webserver # [ 121.336547] acme-f.example.test-start[3207]: + chown acme:nginx certificates/domainhash.txt certificates/f.example.test.crt certificates/f.example.test.issuer.crt certificates/f.example.test.json certificates/f.example.test.key
webserver # [ 121.346124] acme-f.example.test-start[3207]: + cmp -s certificates/f.example.test.crt out/fullchain.pem
webserver # [ 121.350622] acme-f.example.test-start[3207]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 121.357094] acme-f.example.test-start[3207]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 121.358231] acme-f.example.test-start[3207]: Releasing lock /run/acme/1.lock
webserver # [ 121.396593] systemd[1]: acme-f.example.test.service: Deactivated successfully.
webserver # [ 121.399609] systemd[1]: Finished Renew ACME certificate for f.example.test.
webserver # [ 121.401075] systemd[1]: acme-f.example.test.service: Consumed 147ms CPU time, 20.3M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 121.410120] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 121.468973] systemd[1]: Reloading Nginx Web Server...
webserver # [ 121.545334] nginx[3230]: nginx: the configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf syntax is ok
webserver # [ 121.548043] nginx[3230]: nginx: configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf test is successful
webserver # [ 121.599842] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: signal 1 (SIGHUP) received from 3232, reconfiguring
webserver # [ 121.602245] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: reconfiguring
webserver # [ 121.608065] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 121.612481] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 121.618718] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-f.example.test.target
webserver # [ 121.642833] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: using the "epoll" event method
webserver # [ 121.644715] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: start worker processes
webserver # [ 121.646559] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: start worker process 3238
(finished: waiting for unit acme-finished-f.example.test.target, in 0.06 seconds)
webserver # [ 121.722293] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 121.725286] systemd[1]: Generate self-signed certificate for g.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/g.example.test/key.pem).
webserver # [ 121.731933] systemd[1]: Starting Renew ACME certificate for g.example.test...
webserver # [ 121.748286] nginx[3201]: 2024/11/28 20:54:44 [notice] 3201#3201: gracefully shutting down
webserver # [ 121.749559] nginx[3201]: 2024/11/28 20:54:44 [notice] 3201#3201: exiting
webserver # [ 121.751174] nginx[3201]: 2024/11/28 20:54:44 [notice] 3201#3201: exit
webserver # [ 121.757794] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: signal 17 (SIGCHLD) received from 3201
webserver # [ 121.759259] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: worker process 3201 exited with code 0
webserver # [ 121.761105] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: signal 29 (SIGIO) received
webserver # [ 121.801854] acme-g.example.test-start[3245]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 121.805131] acme-g.example.test-start[3245]: Acquired lock /run/acme/1.lock
webserver # [ 121.806249] acme-g.example.test-start[3245]: + set -euo pipefail
webserver # [ 121.807848] acme-g.example.test-start[3247]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 121.814145] acme-g.example.test-start[3247]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 121.822098] acme-g.example.test-start[3245]: + echo 7d5deeca526eb059c225
webserver # [ 121.823136] acme-g.example.test-start[3245]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 121.827357] acme-g.example.test-start[3245]: + '[' -e certificates/g.example.test.key ']'
webserver # [ 121.828769] acme-g.example.test-start[3245]: + '[' -e certificates/g.example.test.crt ']'
webserver # [ 121.830372] acme-g.example.test-start[3250]: ++ find accounts -name [email protected]
webserver # [ 121.838065] acme-g.example.test-start[3245]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 121.839701] acme-g.example.test-start[3245]: + lego --accept-tos --path . -d g.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 122.294117] pebble[681]: Pebble 2024/11/28 20:54:44 GET /dir -> calling handler()
webserver # [ 121.926930] acme-g.example.test-start[3251]: 2024/11/28 20:54:44 [g.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 121.934190] acme-g.example.test-start[3245]: + mv domainhash.txt certificates/
webserver # [ 121.940967] acme-g.example.test-start[3245]: + chown acme:nginx certificates/domainhash.txt certificates/g.example.test.crt certificates/g.example.test.issuer.crt certificates/g.example.test.json certificates/g.example.test.key
webserver # [ 121.950803] acme-g.example.test-start[3245]: + cmp -s certificates/g.example.test.crt out/fullchain.pem
webserver # [ 121.955399] acme-g.example.test-start[3245]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 121.962263] acme-g.example.test-start[3245]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 121.963432] acme-g.example.test-start[3245]: Releasing lock /run/acme/1.lock
webserver # [ 122.002611] systemd[1]: acme-g.example.test.service: Deactivated successfully.
webserver # [ 122.007107] systemd[1]: Finished Renew ACME certificate for g.example.test.
webserver # [ 122.009164] systemd[1]: acme-g.example.test.service: Consumed 150ms CPU time, 20.4M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 122.018144] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 122.081208] systemd[1]: Reloading Nginx Web Server...
webserver # [ 122.154764] nginx[3268]: nginx: the configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf syntax is ok
webserver # [ 122.156544] nginx[3268]: nginx: configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf test is successful
webserver # [ 122.211236] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: signal 1 (SIGHUP) received from 3270, reconfiguring
webserver # [ 122.212810] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: reconfiguring
webserver # [ 122.217887] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 122.223962] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 122.228685] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-g.example.test.target
webserver # [ 122.255793] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: using the "epoll" event method
webserver # [ 122.257135] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: start worker processes
webserver # [ 122.258503] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: start worker process 3276
(finished: waiting for unit acme-finished-g.example.test.target, in 0.06 seconds)
webserver # [ 122.332698] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 122.336564] systemd[1]: Generate self-signed certificate for h.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/h.example.test/key.pem).
webserver # [ 122.344492] systemd[1]: Starting Renew ACME certificate for h.example.test...
webserver # [ 122.356416] nginx[3238]: 2024/11/28 20:54:44 [notice] 3238#3238: gracefully shutting down
webserver # [ 122.358450] nginx[3238]: 2024/11/28 20:54:44 [notice] 3238#3238: exiting
webserver # [ 122.360108] nginx[3238]: 2024/11/28 20:54:44 [notice] 3238#3238: exit
webserver # [ 122.366962] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: signal 17 (SIGCHLD) received from 3238
webserver # [ 122.368453] nginx[3025]: 2024/11/28 20:54:44 [notice] 3025#3025: worker process 3238 exited with code 0
webserver # [ 122.370219] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: signal 29 (SIGIO) received
webserver # [ 122.417935] acme-h.example.test-start[3283]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 122.421380] acme-h.example.test-start[3283]: Acquired lock /run/acme/1.lock
webserver # [ 122.422658] acme-h.example.test-start[3283]: + set -euo pipefail
webserver # [ 122.423932] acme-h.example.test-start[3285]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 122.430871] acme-h.example.test-start[3285]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 122.439492] acme-h.example.test-start[3283]: + echo d7c572bdb30a61353658
webserver # [ 122.440498] acme-h.example.test-start[3283]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 122.445111] acme-h.example.test-start[3283]: + '[' -e certificates/h.example.test.key ']'
webserver # [ 122.446299] acme-h.example.test-start[3283]: + '[' -e certificates/h.example.test.crt ']'
webserver # [ 122.448101] acme-h.example.test-start[3288]: ++ find accounts -name [email protected]
webserver # [ 122.456074] acme-h.example.test-start[3283]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 122.457744] acme-h.example.test-start[3283]: + lego --accept-tos --path . -d h.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 122.915878] pebble[681]: Pebble 2024/11/28 20:54:45 GET /dir -> calling handler()
webserver # [ 122.548610] acme-h.example.test-start[3289]: 2024/11/28 20:54:45 [h.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 122.555571] acme-h.example.test-start[3283]: + mv domainhash.txt certificates/
webserver # [ 122.562207] acme-h.example.test-start[3283]: + chown acme:nginx certificates/domainhash.txt certificates/h.example.test.crt certificates/h.example.test.issuer.crt certificates/h.example.test.json certificates/h.example.test.key
webserver # [ 122.571675] acme-h.example.test-start[3283]: + cmp -s certificates/h.example.test.crt out/fullchain.pem
webserver # [ 122.576227] acme-h.example.test-start[3283]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 122.582745] acme-h.example.test-start[3283]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 122.584063] acme-h.example.test-start[3283]: Releasing lock /run/acme/1.lock
webserver # [ 122.624671] systemd[1]: acme-h.example.test.service: Deactivated successfully.
webserver # [ 122.627602] systemd[1]: Finished Renew ACME certificate for h.example.test.
webserver # [ 122.629306] systemd[1]: acme-h.example.test.service: Consumed 153ms CPU time, 19.9M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 122.638678] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 122.703122] systemd[1]: Reloading Nginx Web Server...
webserver # [ 122.781152] nginx[3306]: nginx: the configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf syntax is ok
webserver # [ 122.783228] nginx[3306]: nginx: configuration file /nix/store/z649fqsr2mdp1gfzprygf459gmjnm4mp-nginx.conf test is successful
webserver # [ 122.839428] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: signal 1 (SIGHUP) received from 3308, reconfiguring
webserver # [ 122.840977] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: reconfiguring
webserver # [ 122.845815] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 122.852393] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 122.858724] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-h.example.test.target
webserver # [ 122.885083] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: using the "epoll" event method
webserver # [ 122.886950] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: start worker processes
webserver # [ 122.888193] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: start worker process 3315
(finished: waiting for unit acme-finished-h.example.test.target, in 0.06 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername f.example.test -connect f.example.test:443 < /dev/null 2>&1
webserver # [ 122.956883] nginx[3276]: 2024/11/28 20:54:45 [info] 3276#3276: *10 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername f.example.test -connect f.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername g.example.test -connect g.example.test:443 < /dev/null 2>&1
webserver # [ 122.988089] nginx[3276]: 2024/11/28 20:54:45 [notice] 3276#3276: gracefully shutting down
webserver # [ 122.989403] nginx[3276]: 2024/11/28 20:54:45 [notice] 3276#3276: exiting
webserver # [ 122.990381] nginx[3276]: 2024/11/28 20:54:45 [notice] 3276#3276: exit
webserver # [ 122.991753] nginx[3315]: 2024/11/28 20:54:45 [info] 3315#3315: *11 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername g.example.test -connect g.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername h.example.test -connect h.example.test:443 < /dev/null 2>&1
webserver # [ 122.999893] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: signal 17 (SIGCHLD) received from 3276
webserver # [ 123.001510] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: worker process 3276 exited with code 0
webserver # [ 123.003152] nginx[3025]: 2024/11/28 20:54:45 [notice] 3025#3025: signal 29 (SIGIO) received
webserver # [ 123.024390] nginx[3315]: 2024/11/28 20:54:45 [info] 3315#3315: *12 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername h.example.test -connect h.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
(finished: subtest: Can limit concurrency of running renewals, in 26.56 seconds)
subtest: Works with caddy
webserver: must succeed: /tmp/specialisation/caddy/bin/switch-to-configuration test
webserver # stopping the following units: acme-a.example.test.timer, acme-f.example.test.timer, acme-finished-a.example.test.target, acme-finished-f.example.test.target, acme-finished-g.example.test.target, acme-finished-h.example.test.target, acme-fixperms.service, acme-g.example.test.timer, acme-h.example.test.timer, acme-lockfiles.service, nginx.service, systemd-modules-load.service, systemd-sysctl.service, systemd-tmpfiles-resetup.service
webserver # [ 123.564371] nixos[3324]: switching to system configuration /nix/store/0jk9hmidd206w31b1wpnf7mzrh0gfsp6-nixos-system-webserver-test
webserver # [ 123.567743] systemd[1]: systemd-modules-load.service: Deactivated successfully.
webserver # [ 123.568979] systemd[1]: Stopped Load Kernel Modules.
webserver # [ 123.573531] systemd[1]: acme-fixperms.service: Deactivated successfully.
webserver # [ 123.574678] systemd[1]: Stopped Fix owner and group of all ACME certificates.
webserver # [ 123.579577] systemd[1]: acme-h.example.test.timer: Deactivated successfully.
webserver # [ 123.581218] systemd[1]: Stopped Renew ACME Certificate for h.example.test.
webserver # [ 123.583286] systemd[1]: acme-g.example.test.timer: Deactivated successfully.
webserver # [ 123.584902] systemd[1]: Stopped Renew ACME Certificate for g.example.test.
webserver # [ 123.587855] systemd[1]: acme-a.example.test.timer: Deactivated successfully.
webserver # [ 123.589217] systemd[1]: Stopped Renew ACME Certificate for a.example.test.
webserver # [ 123.591944] systemd[1]: Stopped target acme-finished-g.example.test.target.
webserver # [ 123.594284] systemd[1]: systemd-sysctl.service: Deactivated successfully.
webserver # [ 123.595795] systemd[1]: Stopped Apply Kernel Variables.
webserver # [ 123.598431] systemd[1]: run-credentials-systemd\x2dsysctl.service.mount: Deactivated successfully.
webserver # [ 123.601218] systemd[1]: acme-lockfiles.service: Deactivated successfully.
webserver # [ 123.603218] systemd[1]: Stopped Manage lock files for acme services.
webserver # [ 123.609702] systemd[1]: Stopped target acme-finished-f.example.test.target.
webserver # [ 123.611409] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 123.614226] systemd[1]: systemd-tmpfiles-resetup.service: Deactivated successfully.
webserver # [ 123.615725] systemd[1]: Stopped Re-setup tmpfiles on a system that is already running..
webserver # [ 123.617643] systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dresetup.service.mount: Deactivated successfully.
webserver # [ 123.623217] nginx[3025]: 2024/11/28 20:54:46 [notice] 3025#3025: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 123.625457] systemd[1]: Stopping Nginx Web Server...
webserver # [ 123.626990] nginx[3315]: 2024/11/28 20:54:46 [notice] 3315#3315: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 123.628963] nginx[3315]: 2024/11/28 20:54:46 [notice] 3315#3315: exiting
webserver # [ 123.630127] nginx[3315]: 2024/11/28 20:54:46 [notice] 3315#3315: exit
webserver # [ 123.631242] systemd[1]: acme-f.example.test.timer: Deactivated successfully.
webserver # [ 123.632673] systemd[1]: Stopped Renew ACME Certificate for f.example.test.
webserver # [ 123.635078] systemd[1]: Stopped target Local File Systems.
webserver # [ 123.637076] nginx[3025]: 2024/11/28 20:54:46 [notice] 3025#3025: signal 17 (SIGCHLD) received from 3315
webserver # [ 123.639269] nginx[3025]: 2024/11/28 20:54:46 [notice] 3025#3025: worker process 3315 exited with code 0
webserver # [ 123.641108] nginx[3025]: 2024/11/28 20:54:46 [notice] 3025#3025: exit
webserver # [ 123.642223] systemd[1]: Stopped target acme-finished-h.example.test.target.
webserver # [ 123.646607] systemd[1]: Stopped target acme-finished-a.example.test.target.
webserver # [ 123.650117] systemd[1]: nginx.service: Deactivated successfully.
webserver # [ 123.652138] systemd[1]: Stopped Nginx Web Server.
webserver # [ 123.652981] systemd[1]: nginx.service: Consumed 561ms CPU time, 7.6M memory peak, 7K incoming IP traffic, 13.5K outgoing IP traffic.
webserver # [ 123.660273] systemd[1]: Stopped target Remote File Systems.
webserver # activating the configuration...
webserver # removing group ‘nginx’
webserver # removing user ‘nginx’
webserver # [ 124.076429] systemd[1]: Reload requested from client PID 3324 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 124.078241] systemd[1]: Reloading...
webserver # [ 124.320444] systemd-ssh-generator[3388]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 124.572291] systemd[1]: Reloading finished in 492 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 124.600255] systemd[1]: Starting Re-setup tmpfiles on a system that is already running....
webserver # [ 124.716724] systemd[1]: Finished Re-setup tmpfiles on a system that is already running..
webserver # [ 124.718372] systemd[1]: Reached target Reactivate sysinit units.
webserver # starting the following units: acme-fixperms.service, acme-lockfiles.service, systemd-modules-load.service, systemd-sysctl.service, systemd-tmpfiles-resetup.service
webserver # [ 124.725521] systemd[1]: Starting Load Kernel Modules...
webserver # [ 124.733408] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 124.739516] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 124.740467] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 124.742240] systemd[1]: Reached target Local File Systems.
webserver # [ 124.743626] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 124.746385] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 124.750202] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 124.753370] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 124.770426] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 124.776118] systemd[1]: Reached target Remote File Systems.
webserver # [ 124.787443] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 124.809917] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 124.814595] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 124.819788] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 124.843187] systemd[1]: Finished Load Kernel Modules.
webserver # [ 124.847644] systemd[1]: Starting Apply Kernel Variables...
webserver # [ 124.896518] systemd[1]: Finished Apply Kernel Variables.
webserver # [ 125.152077] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 125.157057] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 125.158771] systemd[1]: Started Renew ACME Certificate for example.test.
webserver # [ 125.165087] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 125.171244] systemd[1]: Starting Manage lock files for acme services...
webserver # [ 125.172767] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 125.235091] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 125.267541] systemd[1]: Finished Manage lock files for acme services.
webserver # [ 125.273876] systemd[1]: Starting Generate self-signed certificate for example.test...
webserver # [ 125.332141] acme-selfsigned-example.test-start[3480]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 125.335484] acme-selfsigned-example.test-start[3480]: Acquired lock /run/acme/1.lock
webserver # [ 125.373682] acme-selfsigned-example.test-start[3480]: Releasing lock /run/acme/1.lock
webserver # [ 125.376618] systemd[1]: acme-selfsigned-example.test.service: Deactivated successfully.
webserver # [ 125.382068] systemd[1]: Finished Generate self-signed certificate for example.test.
webserver # [ 125.392269] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 125.453079] acme-example.test-start[3494]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 125.456242] acme-example.test-start[3494]: Acquired lock /run/acme/1.lock
webserver # [ 125.457772] acme-example.test-start[3494]: + set -euo pipefail
webserver # [ 125.458723] acme-example.test-start[3494]: + echo f296e6482529fca9f20a
webserver # [ 125.459722] acme-example.test-start[3494]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 125.463772] acme-example.test-start[3494]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir run
acme # [ 125.916046] pebble[681]: Pebble 2024/11/28 20:54:48 GET /dir -> calling handler()
webserver # [ 125.549368] acme-example.test-start[3497]: 2024/11/28 20:54:48 [INFO] [*.example.test] acme: Obtaining bundled SAN certificate
acme # [ 125.918402] pebble[681]: Pebble 2024/11/28 20:54:48 HEAD /nonce-plz -> calling handler()
acme # [ 125.921208] pebble[681]: Pebble 2024/11/28 20:54:48 POST /order-plz -> calling handler()
acme # [ 125.923736] pebble[681]: Pebble 2024/11/28 20:54:48 There are now 13 authorizations in the db
acme # [ 125.925309] pebble[681]: Pebble 2024/11/28 20:54:48 Added order "Eg5kd029kFn0Za5nmLmKA79_N3kkLRfKmJPQwUuRdrs" to the db
acme # [ 125.927278] pebble[681]: Pebble 2024/11/28 20:54:48 There are now 15 orders in the db
acme # [ 125.981285] pebble[681]: Pebble 2024/11/28 20:54:48 POST /authZ/ -> calling handler()
webserver # [ 125.613683] acme-example.test-start[3497]: 2024/11/28 20:54:48 [INFO] [*.example.test] AuthURL: https://acme.test/authZ/mwUYNL6IWPmpIxFQpeKKPb2IMnbh6j6U33014RgM4qQ
webserver # [ 125.615664] acme-example.test-start[3497]: 2024/11/28 20:54:48 [INFO] [*.example.test] acme: Could not find solver for: dns-account-01
webserver # [ 125.617278] acme-example.test-start[3497]: 2024/11/28 20:54:48 [INFO] [*.example.test] acme: use dns-01 solver
webserver # [ 125.618659] acme-example.test-start[3497]: 2024/11/28 20:54:48 [INFO] [*.example.test] acme: Preparing to solve DNS-01
webserver # [ 135.630425] acme-example.test-start[3497]: 2024/11/28 20:54:58 [INFO] [_acme-challenge.example.test.] dns-hook.sh present _acme-challenge.example.test. 0jzaxJlhq-RUmeVg1LRrjuqs4mj9pN7XlsrjtjGBTfs
webserver # [ 135.661200] acme-example.test-start[3497]: 2024/11/28 20:54:58 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 135.663494] acme-example.test-start[3497]: 2024/11/28 20:54:58 Dload Upload Total Spent Left Speed
dnsserver # [ 135.787184] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:54:58 Added DNS-01 TXT challenge for Host "_acme-challenge.example.test." - Value "0jzaxJlhq-RUmeVg1LRrjuqs4mj9pN7XlsrjtjGBTfs"
webserver # [ 135.667413] acme-example.test-start[3497]: 2024/11/28 20:54:58 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 97 0 0 100 97 0 13821 --:--:-- --:--:-- --:--:-- 16166
webserver # [ 135.674108] acme-example.test-start[3497]: 2024/11/28 20:54:58 [INFO] [*.example.test] acme: Trying to solve DNS-01
webserver # [ 145.676986] acme-example.test-start[3497]: 2024/11/28 20:55:08 [INFO] [*.example.test] acme: Checking DNS record propagation. [nameservers=192.168.1.3:53,10.0.2.3:53]
webserver # [ 146.677440] acme-example.test-start[3497]: 2024/11/28 20:55:09 [INFO] Wait for propagation [timeout: 1s, interval: 1s]
acme # [ 147.050791] pebble[681]: Pebble 2024/11/28 20:55:09 POST /chalZ/ -> calling handler()
acme # [ 147.052446] pebble[681]: Pebble 2024/11/28 20:55:09 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"example.test"}, Challenge:(*core.Challenge)(0xc000250d20), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:true}
acme # [ 147.057553] pebble[681]: Pebble 2024/11/28 20:55:09 Starting 3 validations.
acme # [ 147.060077] pebble[681]: Pebble 2024/11/28 20:55:09 POST /authZ/ -> calling handler()
acme # [ 147.062757] pebble[681]: Pebble 2024/11/28 20:55:09 authz mwUYNL6IWPmpIxFQpeKKPb2IMnbh6j6U33014RgM4qQ set VALID by completed challenge eTQd5PHR1OuFL1prdVWqvJOXAoMr_XRpeMp3QFZ6VGI
acme # [ 152.176625] pebble[681]: Pebble 2024/11/28 20:55:14 POST /authZ/ -> calling handler()
webserver # [ 151.809132] acme-example.test-start[3497]: 2024/11/28 20:55:14 [INFO] [*.example.test] The server validated our request
webserver # [ 151.811437] acme-example.test-start[3497]: 2024/11/28 20:55:14 [INFO] [*.example.test] acme: Cleaning DNS-01 challenge
webserver # [ 161.820209] acme-example.test-start[3497]: 2024/11/28 20:55:24 [INFO] [_acme-challenge.example.test.] dns-hook.sh cleanup _acme-challenge.example.test. 0jzaxJlhq-RUmeVg1LRrjuqs4mj9pN7XlsrjtjGBTfs
webserver # [ 161.841196] acme-example.test-start[3497]: 2024/11/28 20:55:24 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 161.844410] acme-example.test-start[3497]: 2024/11/28 20:55:24 Dload Upload Total Spent Left Speed
dnsserver # [ 161.967846] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:55:24 Removed DNS-01 TXT challenge for Host "_acme-challenge.example.test."
webserver # [ 161.849260] acme-example.test-start[3497]: 2024/11/28 20:55:24 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 41 0 0 100 41 0 5862 --:--:-- --:--:-- --:--:-- 6833
webserver # [ 161.857093] acme-example.test-start[3497]: 2024/11/28 20:55:24 [INFO] [*.example.test] acme: Validations succeeded; requesting certificates
acme # [ 162.229362] pebble[681]: Pebble 2024/11/28 20:55:24 POST /finalize-order/ -> calling handler()
webserver # [ 161.861270] acme-example.test-start[3497]: 2024/11/28 20:55:24 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 162.230661] pebble[681]: Pebble 2024/11/28 20:55:24 Order Eg5kd029kFn0Za5nmLmKA79_N3kkLRfKmJPQwUuRdrs is fully authorized. Processing finalization
acme # [ 162.234501] pebble[681]: Pebble 2024/11/28 20:55:24 Issued certificate serial 62c2e77bcbfaf97e for order Eg5kd029kFn0Za5nmLmKA79_N3kkLRfKmJPQwUuRdrs
acme # [ 162.236587] pebble[681]: Pebble 2024/11/28 20:55:24 POST /my-order/ -> calling handler()
acme # [ 162.239082] pebble[681]: Pebble 2024/11/28 20:55:24 POST /certZ/ -> calling handler()
webserver # [ 161.871822] acme-example.test-start[3497]: 2024/11/28 20:55:24 [INFO] [*.example.test] Server responded with a certificate.
webserver # [ 161.880348] acme-example.test-start[3494]: + mv domainhash.txt certificates/
webserver # [ 161.888100] acme-example.test-start[3494]: + chown acme:caddy certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 161.899574] acme-example.test-start[3494]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 161.903885] acme-example.test-start[3494]: + touch out/renewed
webserver # [ 161.909836] acme-example.test-start[3494]: + echo Installing new certificate
webserver # [ 161.911109] acme-example.test-start[3494]: Installing new certificate
webserver # [ 161.912339] acme-example.test-start[3494]: + cp -vp certificates/_.example.test.crt out/fullchain.pem
webserver # [ 161.917777] acme-example.test-start[3511]: 'certificates/_.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 161.919772] acme-example.test-start[3494]: + cp -vp certificates/_.example.test.key out/key.pem
webserver # [ 161.925193] acme-example.test-start[3512]: 'certificates/_.example.test.key' -> 'out/key.pem'
webserver # [ 161.927071] acme-example.test-start[3494]: + cp -vp certificates/_.example.test.issuer.crt out/chain.pem
webserver # [ 161.932730] acme-example.test-start[3513]: 'certificates/_.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 161.934645] acme-example.test-start[3494]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 161.940807] acme-example.test-start[3494]: + cat out/key.pem out/fullchain.pem
webserver # [ 161.947112] acme-example.test-start[3494]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 161.953880] acme-example.test-start[3494]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 161.955035] acme-example.test-start[3494]: Releasing lock /run/acme/1.lock
webserver # [ 162.016504] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 162.020080] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 162.021159] systemd[1]: acme-example.test.service: Consumed 204ms CPU time, 23.2M memory peak, 4K written to disk, 11.9K incoming IP traffic, 8.7K outgoing IP traffic.
webserver # [ 162.029269] systemd[1]: Reached target acme-finished-example.test.target.
webserver # [ 162.032684] systemd[1]: Starting Caddy...
webserver # [ 162.292175] caddy[3524]: {"level":"info","ts":1732827324.9211054,"msg":"using config from file","file":"/etc/caddy/caddy_config"}
webserver # [ 162.299486] caddy[3524]: {"level":"info","ts":1732827324.9293735,"msg":"adapted config to JSON","adapter":"caddyfile"}
webserver # [ 162.323719] systemd[1]: Started Caddy.
webserver # the following new units were started: acme-example.test.timer, acme-finished-example.test.target, caddy.service
webserver # [ 162.580713] nixos[3324]: finished switching to system configuration /nix/store/0jk9hmidd206w31b1wpnf7mzrh0gfsp6-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/caddy/bin/switch-to-configuration test, in 39.52 seconds)
webserver # [ 162.624305] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 162.626786] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 162.633159] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 162.693787] acme-example.test-start[3536]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 162.696953] acme-example.test-start[3536]: Acquired lock /run/acme/1.lock
webserver # [ 162.698060] acme-example.test-start[3536]: + set -euo pipefail
webserver # [ 162.699107] acme-example.test-start[3536]: + echo f296e6482529fca9f20a
webserver # [ 162.700442] acme-example.test-start[3536]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 162.704526] acme-example.test-start[3536]: + '[' -e certificates/_.example.test.key ']'
webserver # [ 162.705905] acme-example.test-start[3536]: + '[' -e certificates/_.example.test.crt ']'
webserver # [ 162.707624] acme-example.test-start[3539]: ++ find accounts -name [email protected]
webserver # [ 162.714982] acme-example.test-start[3536]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 162.716656] acme-example.test-start[3536]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 163.167409] pebble[681]: Pebble 2024/11/28 20:55:25 GET /dir -> calling handler()
webserver # [ 162.801332] acme-example.test-start[3540]: 2024/11/28 20:55:25 [*.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 162.806990] acme-example.test-start[3536]: + mv domainhash.txt certificates/
webserver # [ 162.813335] acme-example.test-start[3536]: + chown acme:caddy certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 162.822585] acme-example.test-start[3536]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 162.826936] acme-example.test-start[3536]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 162.833398] acme-example.test-start[3536]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 162.834507] acme-example.test-start[3536]: Releasing lock /run/acme/1.lock
webserver # [ 162.871790] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 162.876114] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 162.877432] systemd[1]: acme-example.test.service: Consumed 141ms CPU time, 19.4M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver: waiting for unit acme-finished-example.test.target
(finished: waiting for unit acme-finished-example.test.target, in 0.05 seconds)
webserver: waiting for unit caddy.service
(finished: waiting for unit caddy.service, in 0.05 seconds)
webserver: must succeed: systemctl restart caddy.service
webserver # [ 163.009958] systemd[1]: Stopping Caddy...
webserver # [ 163.024132] systemd[1]: caddy.service: Deactivated successfully.
webserver # [ 163.027075] systemd[1]: Stopped Caddy.
webserver # [ 163.027774] systemd[1]: caddy.service: Consumed 113ms CPU time, 33.4M memory peak, 4K written to disk, 40B incoming IP traffic, 60B outgoing IP traffic.
webserver # [ 163.036630] systemd[1]: Starting Caddy...
webserver # [ 163.126923] caddy[3569]: {"level":"info","ts":1732827325.7565277,"msg":"using config from file","file":"/etc/caddy/caddy_config"}
webserver # [ 163.129496] caddy[3569]: {"level":"info","ts":1732827325.7594159,"msg":"adapted config to JSON","adapter":"caddyfile"}
webserver # [ 163.137093] systemd[1]: Started Caddy.
(finished: must succeed: systemctl restart caddy.service, in 0.16 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null 2>&1
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
(finished: subtest: Works with caddy, in 40.15 seconds)
subtest: security.acme changes reflect on caddy
webserver: must succeed: /tmp/specialisation/caddy_change_acme_conf/bin/switch-to-configuration test
webserver # stopping the following units: acme-account-d590213ed52603e9128d.target
webserver # [ 163.662321] nixos[3582]: switching to system configuration /nix/store/s2804imv6j06dgz2j2k3lvq33kycp083-nixos-system-webserver-test
webserver # [ 163.665170] systemd[1]: Stopped target Local File Systems.
webserver # [ 163.667490] systemd[1]: Stopped target acme-account-d590213ed52603e9128d.target.
webserver # [ 163.670637] systemd[1]: Stopped target Remote File Systems.
webserver # activating the configuration...
webserver # [ 164.082827] systemd[1]: Reload requested from client PID 3582 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 164.084484] systemd[1]: Reloading...
webserver # [ 164.321839] systemd-ssh-generator[3640]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 164.565421] systemd[1]: Reloading finished in 479 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 164.582545] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 164.583778] systemd[1]: Stopping Reactivate sysinit units...
webserver # [ 164.584868] systemd[1]: Reached target Reactivate sysinit units.
webserver # [ 164.587990] systemd[1]: Reached target Remote File Systems.
webserver # [ 164.589206] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 164.592402] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 164.600405] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 164.633083] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 164.634961] systemd[1]: Reached target Local File Systems.
webserver # [ 164.659288] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 164.665507] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 164.666781] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 164.668852] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 164.672764] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 164.676250] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 164.686397] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 164.726095] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 164.728087] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 164.730222] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 164.744862] acme-example.test-start[3645]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 164.748552] acme-example.test-start[3645]: Acquired lock /run/acme/1.lock
webserver # [ 164.749607] acme-example.test-start[3645]: + set -euo pipefail
webserver # [ 164.750618] acme-example.test-start[3645]: + echo f296e6482529fca9f20a
webserver # [ 164.752029] acme-example.test-start[3645]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 164.757413] acme-example.test-start[3645]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec384 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir run
webserver # [ 164.830201] acme-example.test-start[3655]: 2024/11/28 20:55:27 No key found for account [email protected]. Generating a P384 key.
webserver # [ 164.835644] acme-example.test-start[3655]: 2024/11/28 20:55:27 Saved key to accounts/acme.test/[email protected]/keys/[email protected]
acme # [ 165.268286] pebble[681]: Pebble 2024/11/28 20:55:27 GET /dir -> calling handler()
acme # [ 165.269857] pebble[681]: Pebble 2024/11/28 20:55:27 HEAD /nonce-plz -> calling handler()
webserver # [ 164.902147] acme-example.test-start[3655]: 2024/11/28 20:55:27 [INFO] acme: Registering account for [email protected]
acme # [ 165.273185] pebble[681]: Pebble 2024/11/28 20:55:27 POST /sign-me-up -> calling handler()
acme # [ 165.279744] pebble[681]: Pebble 2024/11/28 20:55:27 There are now 4 accounts in memory
webserver # [ 164.913993] acme-example.test-start[3655]: !!!! HEADS UP !!!!
acme # [ 165.282072] pebble[681]: Pebble 2024/11/28 20:55:27 POST /order-plz -> calling handler()
webserver # [ 164.915301] acme-example.test-start[3655]: Your account credentials have been saved in your Let's Encrypt
webserver # [ 164.916624] acme-example.test-start[3655]: configuration directory at "accounts".
acme # [ 165.284923] pebble[681]: Pebble 2024/11/28 20:55:27 There are now 14 authorizations in the db
webserver # [ 164.917721] acme-example.test-start[3655]: You should make a secure backup of this folder now. This
acme # [ 165.286293] pebble[681]: Pebble 2024/11/28 20:55:27 Added order "UJOdQ7zShOKKO2L7-fFETk5uWfJT4ZmM3QYzTmBXohc" to the db
webserver # [ 164.919186] acme-example.test-start[3655]: configuration directory will also contain certificates and
acme # [ 165.287905] pebble[681]: Pebble 2024/11/28 20:55:27 There are now 16 orders in the db
webserver # [ 164.921307] acme-example.test-start[3655]: private keys obtained from Let's Encrypt so making regular
webserver # [ 164.922787] acme-example.test-start[3655]: backups of this folder is ideal.
webserver # [ 164.924052] acme-example.test-start[3655]: 2024/11/28 20:55:27 [INFO] [*.example.test] acme: Obtaining bundled SAN certificate
acme # [ 165.348489] pebble[681]: Pebble 2024/11/28 20:55:27 POST /authZ/ -> calling handler()
webserver # [ 164.981152] acme-example.test-start[3655]: 2024/11/28 20:55:27 [INFO] [*.example.test] AuthURL: https://acme.test/authZ/Afzls4D_EiUlmWprFGQdOhRAsIaVwx0ZYMSFnK222aY
webserver # [ 164.983298] acme-example.test-start[3655]: 2024/11/28 20:55:27 [INFO] [*.example.test] acme: Could not find solver for: dns-account-01
webserver # [ 164.985534] acme-example.test-start[3655]: 2024/11/28 20:55:27 [INFO] [*.example.test] acme: use dns-01 solver
webserver # [ 164.987220] acme-example.test-start[3655]: 2024/11/28 20:55:27 [INFO] [*.example.test] acme: Preparing to solve DNS-01
webserver # [ 165.115949] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 165.119477] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 165.121431] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 165.123512] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 174.995542] acme-example.test-start[3655]: 2024/11/28 20:55:37 [INFO] [_acme-challenge.example.test.] dns-hook.sh present _acme-challenge.example.test. ug_Qal516gKbLrO27YNBK9UJJMyBeh3u3_JRTTthxxY
webserver # [ 175.013744] acme-example.test-start[3655]: 2024/11/28 20:55:37 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 175.015753] acme-example.test-start[3655]: 2024/11/28 20:55:37 Dload Upload Total Spent Left Speed
dnsserver # [ 175.138436] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:55:37 Added DNS-01 TXT challenge for Host "_acme-challenge.example.test." - Value "ug_Qal516gKbLrO27YNBK9UJJMyBeh3u3_JRTTthxxY"
webserver # [ 175.019095] acme-example.test-start[3655]: 2024/11/28 20:55:37 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 97 0 0 100 97 0 20433 --:--:-- --:--:-- --:--:-- 24250
webserver # [ 175.024627] acme-example.test-start[3655]: 2024/11/28 20:55:37 [INFO] [*.example.test] acme: Trying to solve DNS-01
webserver # [ 185.028452] acme-example.test-start[3655]: 2024/11/28 20:55:47 [INFO] [*.example.test] acme: Checking DNS record propagation. [nameservers=192.168.1.3:53,10.0.2.3:53]
webserver # [ 186.028753] acme-example.test-start[3655]: 2024/11/28 20:55:48 [INFO] Wait for propagation [timeout: 1s, interval: 1s]
acme # [ 186.400316] pebble[681]: Pebble 2024/11/28 20:55:49 POST /chalZ/ -> calling handler()
acme # [ 186.403618] pebble[681]: Pebble 2024/11/28 20:55:49 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"example.test"}, Challenge:(*core.Challenge)(0xc0002500a0), Account:(*core.Account)(0xc0003c6120), AccountURL:"https://acme.test/my-account/464f812ae6348091", Wildcard:true}
acme # [ 186.407586] pebble[681]: Pebble 2024/11/28 20:55:49 Starting 3 validations.
acme # [ 186.409197] pebble[681]: Pebble 2024/11/28 20:55:49 POST /authZ/ -> calling handler()
acme # [ 186.412449] pebble[681]: Pebble 2024/11/28 20:55:49 authz Afzls4D_EiUlmWprFGQdOhRAsIaVwx0ZYMSFnK222aY set VALID by completed challenge bntlwB9xvf_TNoYHTjdZFEmfjHlEeLvLRQ2lEKhAs54
acme # [ 190.441435] pebble[681]: Pebble 2024/11/28 20:55:53 POST /authZ/ -> calling handler()
webserver # [ 190.073979] acme-example.test-start[3655]: 2024/11/28 20:55:52 [INFO] [*.example.test] The server validated our request
webserver # [ 190.076429] acme-example.test-start[3655]: 2024/11/28 20:55:52 [INFO] [*.example.test] acme: Cleaning DNS-01 challenge
webserver # [ 200.085901] acme-example.test-start[3655]: 2024/11/28 20:56:02 [INFO] [_acme-challenge.example.test.] dns-hook.sh cleanup _acme-challenge.example.test. ug_Qal516gKbLrO27YNBK9UJJMyBeh3u3_JRTTthxxY
webserver # [ 200.105473] acme-example.test-start[3655]: 2024/11/28 20:56:02 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 200.107550] acme-example.test-start[3655]: 2024/11/28 20:56:02 Dload Upload Total Spent Left Speed
dnsserver # [ 200.230748] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:56:02 Removed DNS-01 TXT challenge for Host "_acme-challenge.example.test."
webserver # [ 200.111126] acme-example.test-start[3655]: 2024/11/28 20:56:02 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 41 0 0 100 41 0 7910 --:--:-- --:--:-- --:--:-- 8200
webserver # [ 200.118074] acme-example.test-start[3655]: 2024/11/28 20:56:02 [INFO] [*.example.test] acme: Validations succeeded; requesting certificates
acme # [ 200.491394] pebble[681]: Pebble 2024/11/28 20:56:03 POST /finalize-order/ -> calling handler()
acme # [ 200.496057] pebble[681]: Pebble 2024/11/28 20:56:03 Order UJOdQ7zShOKKO2L7-fFETk5uWfJT4ZmM3QYzTmBXohc is fully authorized. Processing finalization
webserver # [ 200.131139] acme-example.test-start[3655]: 2024/11/28 20:56:02 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 200.500855] pebble[681]: Pebble 2024/11/28 20:56:03 Issued certificate serial 19d3fc386b81d0c1 for order UJOdQ7zShOKKO2L7-fFETk5uWfJT4ZmM3QYzTmBXohc
acme # [ 200.503624] pebble[681]: Pebble 2024/11/28 20:56:03 POST /my-order/ -> calling handler()
acme # [ 200.506448] pebble[681]: Pebble 2024/11/28 20:56:03 POST /certZ/ -> calling handler()
webserver # [ 200.141430] acme-example.test-start[3655]: 2024/11/28 20:56:02 [INFO] [*.example.test] Server responded with a certificate.
webserver # [ 200.148645] acme-example.test-start[3645]: + mv domainhash.txt certificates/
webserver # [ 200.156572] acme-example.test-start[3645]: + chown acme:caddy certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 200.166962] acme-example.test-start[3645]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 200.171909] acme-example.test-start[3645]: + touch out/renewed
webserver # [ 200.180309] acme-example.test-start[3645]: + echo Installing new certificate
webserver # [ 200.181494] acme-example.test-start[3645]: Installing new certificate
webserver # [ 200.182565] acme-example.test-start[3645]: + cp -vp certificates/_.example.test.crt out/fullchain.pem
webserver # [ 200.189778] acme-example.test-start[3734]: 'certificates/_.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 200.191635] acme-example.test-start[3645]: + cp -vp certificates/_.example.test.key out/key.pem
webserver # [ 200.199618] acme-example.test-start[3735]: 'certificates/_.example.test.key' -> 'out/key.pem'
webserver # [ 200.202531] acme-example.test-start[3645]: + cp -vp certificates/_.example.test.issuer.crt out/chain.pem
webserver # [ 200.209048] acme-example.test-start[3736]: 'certificates/_.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 200.211781] acme-example.test-start[3645]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 200.218757] acme-example.test-start[3645]: + cat out/key.pem out/fullchain.pem
webserver # [ 200.226158] acme-example.test-start[3645]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 200.234096] acme-example.test-start[3645]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 200.235521] acme-example.test-start[3645]: Releasing lock /run/acme/1.lock
webserver # [ 200.316148] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 200.319291] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 200.320583] systemd[1]: acme-example.test.service: Consumed 225ms CPU time, 21.7M memory peak, 12K written to disk, 12.7K incoming IP traffic, 10.1K outgoing IP traffic.
webserver # [ 200.328563] systemd[1]: Reloading Caddy...
webserver # [ 200.429808] caddy[3747]: {"level":"info","ts":1732827363.0594585,"msg":"using config from file","file":"/etc/caddy/caddy_config"}
webserver # [ 200.432495] caddy[3747]: {"level":"info","ts":1732827363.0624135,"msg":"adapted config to JSON","adapter":"caddyfile"}
webserver # [ 200.453236] systemd[1]: Reloaded Caddy.
webserver # [ 200.709969] nixos[3582]: finished switching to system configuration /nix/store/s2804imv6j06dgz2j2k3lvq33kycp083-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/caddy_change_acme_conf/bin/switch-to-configuration test, in 37.50 seconds)
webserver # [ 200.764087] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 200.766471] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 200.775372] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 200.845079] acme-example.test-start[3758]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 200.849859] acme-example.test-start[3758]: Acquired lock /run/acme/1.lock
webserver # [ 200.851233] acme-example.test-start[3758]: + set -euo pipefail
webserver # [ 200.852489] acme-example.test-start[3758]: + echo f296e6482529fca9f20a
webserver # [ 200.853773] acme-example.test-start[3758]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 200.859219] acme-example.test-start[3758]: + '[' -e certificates/_.example.test.key ']'
webserver # [ 200.861467] acme-example.test-start[3758]: + '[' -e certificates/_.example.test.crt ']'
webserver # [ 200.863282] acme-example.test-start[3761]: ++ find accounts -name [email protected]
webserver # [ 200.872658] acme-example.test-start[3758]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 200.874448] acme-example.test-start[3758]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec384 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 201.343776] pebble[681]: Pebble 2024/11/28 20:56:03 GET /dir -> calling handler()
webserver # [ 200.982363] acme-example.test-start[3762]: 2024/11/28 20:56:03 [*.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 200.989210] acme-example.test-start[3758]: + mv domainhash.txt certificates/
webserver # [ 200.997580] acme-example.test-start[3758]: + chown acme:caddy certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 201.008553] acme-example.test-start[3758]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 201.013431] acme-example.test-start[3758]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 201.020973] acme-example.test-start[3758]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 201.022155] acme-example.test-start[3758]: Releasing lock /run/acme/1.lock
webserver # [ 201.065824] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 201.072157] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 201.073532] systemd[1]: acme-example.test.service: Consumed 165ms CPU time, 19.6M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver: waiting for unit acme-finished-example.test.target
(finished: waiting for unit acme-finished-example.test.target, in 0.06 seconds)
webserver: waiting for unit caddy.service
(finished: waiting for unit caddy.service, in 0.06 seconds)
webserver: must succeed: systemctl restart caddy.service
webserver # [ 201.237571] systemd[1]: Stopping Caddy...
webserver # [ 201.247297] systemd[1]: caddy.service: Deactivated successfully.
webserver # [ 201.249519] systemd[1]: Stopped Caddy.
webserver # [ 201.253143] systemd[1]: caddy.service: Consumed 169ms CPU time, 29.7M memory peak, 4K written to disk, 1.6K incoming IP traffic, 1.7K outgoing IP traffic.
webserver # [ 201.261442] systemd[1]: Starting Caddy...
webserver # [ 201.362274] caddy[3790]: {"level":"info","ts":1732827363.9918528,"msg":"using config from file","file":"/etc/caddy/caddy_config"}
webserver # [ 201.365535] caddy[3790]: {"level":"info","ts":1732827363.9946663,"msg":"adapted config to JSON","adapter":"caddyfile"}
webserver # [ 201.380209] systemd[1]: Started Caddy.
(finished: must succeed: systemctl restart caddy.service, in 0.19 seconds)
client: must succeed: openssl s_client -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null | openssl x509 -noout -text | grep -i Public-Key
client # Connecting to 192.168.1.4
client # depth=2 CN=Pebble Root CA 4fdfd5
client # verify return:1
client # depth=1 CN=Pebble Intermediate CA 67c76d
client # verify return:1
client # depth=0
client # verify return:1
client # DONE
(finished: must succeed: openssl s_client -CAfile /tmp/ca.crt -servername a.example.test -connect a.example.test:443 < /dev/null | openssl x509 -noout -text | grep -i Public-Key, in 0.08 seconds)
Key type: Public-Key: (384 bit)
(finished: subtest: security.acme changes reflect on caddy, in 38.29 seconds)
subtest: Works with nginx
webserver: must succeed: /tmp/specialisation/nginx/bin/switch-to-configuration test
webserver # stopping the following units: acme-fixperms.service, caddy.service, systemd-modules-load.service, systemd-sysctl.service, systemd-tmpfiles-resetup.service[ 201.999412] nixos[3804]: switching to system configuration /nix/store/i8vd95jlwxlwyp2rpya6i08bl5ssv80p-nixos-system-webserver-test
webserver #
webserver # [ 202.003237] systemd[1]: Stopping Caddy...
webserver # [ 202.005820] systemd[1]: systemd-modules-load.service: Deactivated successfully.
webserver # [ 202.008505] systemd[1]: Stopped Load Kernel Modules.
webserver # [ 202.013792] systemd[1]: Stopped target Remote File Systems.
webserver # [ 202.014703] systemd[1]: Stopped target Local File Systems.
webserver # [ 202.019232] systemd[1]: caddy.service: Deactivated successfully.
webserver # [ 202.023504] systemd[1]: Stopped Caddy.
webserver # [ 202.025245] systemd[1]: caddy.service: Consumed 86ms CPU time, 15.2M memory peak, 4K written to disk, 926B incoming IP traffic, 2.4K outgoing IP traffic.
webserver # [ 202.032072] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 202.034477] systemd[1]: acme-fixperms.service: Deactivated successfully.
webserver # [ 202.035538] systemd[1]: Stopped Fix owner and group of all ACME certificates.
webserver # [ 202.037740] systemd[1]: systemd-tmpfiles-resetup.service: Deactivated successfully.
webserver # [ 202.040557] systemd[1]: Stopped Re-setup tmpfiles on a system that is already running..
webserver # [ 202.044736] systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dresetup.service.mount: Deactivated successfully.
webserver # [ 202.048713] systemd[1]: systemd-sysctl.service: Deactivated successfully.
webserver # [ 202.051133] systemd[1]: Stopped Apply Kernel Variables.
webserver # activating the configuration...
webserver # [ 202.053136] systemd[1]: run-credentials-systemd\x2dsysctl.service.mount: Deactivated successfully.
webserver # removing group ‘caddy’
webserver # removing user ‘caddy’
webserver # removing obsolete symlink ‘/etc/caddy/caddy_config’...
webserver # [ 202.489294] systemd[1]: Reload requested from client PID 3804 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 202.491272] systemd[1]: Reloading...
webserver # [ 202.726222] systemd-ssh-generator[3866]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 203.119668] systemd[1]: Reloading finished in 626 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 203.155094] systemd[1]: Starting Re-setup tmpfiles on a system that is already running....
webserver # [ 203.308119] systemd[1]: Finished Re-setup tmpfiles on a system that is already running..
webserver # [ 203.311273] systemd[1]: Reached target Reactivate sysinit units.
webserver # restarting the following units: acme-example.test.timer
webserver # [ 203.318513] systemd[1]: acme-example.test.timer: Deactivated successfully.
webserver # [ 203.321171] systemd[1]: Stopped Renew ACME Certificate for example.test.
webserver # [ 203.322855] systemd[1]: Stopping Renew ACME Certificate for example.test...
webserver # [ 203.324619] systemd[1]: Started Renew ACME Certificate for example.test.
webserver # starting the following units: acme-fixperms.service, systemd-modules-load.service, systemd-sysctl.service, systemd-tmpfiles-resetup.service
webserver # [ 203.333950] systemd[1]: Reached target Remote File Systems.
webserver # [ 203.336710] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 203.339376] systemd[1]: Reached target Local File Systems.
webserver # [ 203.352185] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 203.354295] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 203.358808] systemd[1]: Started Renew ACME Certificate for nginx-different-key.example.test.
webserver # [ 203.362982] systemd[1]: Started Renew ACME Certificate for nginx-dns.example.test.
webserver # [ 203.364393] systemd[1]: Started Renew ACME Certificate for nginx-http.example.test.
webserver # [ 203.380106] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 203.386914] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 203.389667] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 203.393885] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 203.398100] systemd[1]: Starting Load Kernel Modules...
webserver # [ 203.400138] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 203.403153] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 203.428325] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 203.494486] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 203.498084] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 203.499385] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 203.526109] systemd[1]: Finished Load Kernel Modules.
webserver # [ 203.532644] systemd[1]: Starting Apply Kernel Variables...
webserver # [ 203.574982] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 203.601081] systemd[1]: Finished Apply Kernel Variables.
webserver # [ 204.036917] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 204.040631] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 204.043241] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 204.046514] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 204.053102] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 204.059237] systemd[1]: Starting Generate self-signed certificate for nginx-different-key.example.test...
webserver # [ 204.065536] systemd[1]: Starting Generate self-signed certificate for nginx-dns.example.test...
webserver # [ 204.072304] systemd[1]: Starting Generate self-signed certificate for nginx-http.example.test...
webserver # [ 204.252490] acme-selfsigned-nginx-dns.example.test-start[3959]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 204.254457] acme-example.test-start[3957]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 204.261529] acme-example.test-start[3957]: Acquired lock /run/acme/1.lock
webserver # [ 204.264372] acme-example.test-start[3957]: + set -euo pipefail
webserver # [ 204.265462] acme-example.test-start[3957]: + echo f296e6482529fca9f20a
webserver # [ 204.268577] acme-example.test-start[3957]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 204.271212] acme-selfsigned-nginx-dns.example.test-start[3959]: Acquired lock /run/acme/3.lock
webserver # [ 204.272722] acme-selfsigned-nginx-different-key.example.test-start[3958]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 204.279524] acme-selfsigned-nginx-http.example.test-start[3960]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 204.280938] acme-selfsigned-nginx-different-key.example.test-start[3958]: Acquired lock /run/acme/2.lock
webserver # [ 204.283672] acme-example.test-start[3957]: + '[' -e certificates/_.example.test.key ']'
webserver # [ 204.284923] acme-example.test-start[3957]: + '[' -e certificates/_.example.test.crt ']'
webserver # [ 204.287332] acme-example.test-start[3969]: ++ find accounts -name [email protected]
webserver # [ 204.290959] acme-selfsigned-nginx-http.example.test-start[3960]: Acquired lock /run/acme/4.lock
webserver # [ 204.311515] acme-example.test-start[3957]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 204.314534] acme-example.test-start[3957]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir renew --no-random-sleep --days 30
webserver # [ 204.404196] acme-selfsigned-nginx-different-key.example.test-start[3958]: Releasing lock /run/acme/2.lock
webserver # [ 204.412236] systemd[1]: acme-selfsigned-nginx-different-key.example.test.service: Deactivated successfully.
webserver # [ 204.417686] systemd[1]: Finished Generate self-signed certificate for nginx-different-key.example.test.
webserver # [ 204.425412] acme-selfsigned-nginx-dns.example.test-start[3959]: Releasing lock /run/acme/3.lock
webserver # [ 204.429953] systemd[1]: acme-selfsigned-nginx-dns.example.test.service: Deactivated successfully.
webserver # [ 204.436130] systemd[1]: Finished Generate self-signed certificate for nginx-dns.example.test.
webserver # [ 204.440206] acme-selfsigned-nginx-http.example.test-start[3960]: Releasing lock /run/acme/4.lock
webserver # [ 204.446076] systemd[1]: acme-selfsigned-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 204.449599] systemd[1]: Finished Generate self-signed certificate for nginx-http.example.test.
acme # [ 204.885814] pebble[681]: Pebble 2024/11/28 20:56:07 GET /dir -> calling handler()
webserver # [ 204.518543] acme-example.test-start[3979]: 2024/11/28 20:56:07 [*.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 204.525944] acme-example.test-start[3957]: + mv domainhash.txt certificates/
webserver # [ 204.533990] acme-example.test-start[3957]: + chown acme:acme certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 204.544095] acme-example.test-start[3957]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 204.548796] acme-example.test-start[3957]: + touch out/renewed
webserver # [ 204.555415] acme-example.test-start[3957]: + echo Installing new certificate
webserver # [ 204.556786] acme-example.test-start[3957]: Installing new certificate
webserver # [ 204.558035] acme-example.test-start[3957]: + cp -vp certificates/_.example.test.crt out/fullchain.pem
webserver # [ 204.565686] acme-example.test-start[4012]: 'certificates/_.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 204.572658] acme-example.test-start[3957]: + cp -vp certificates/_.example.test.key out/key.pem
webserver # [ 204.587950] acme-example.test-start[4013]: 'certificates/_.example.test.key' -> 'out/key.pem'
webserver # [ 204.591571] acme-example.test-start[3957]: + cp -vp certificates/_.example.test.issuer.crt out/chain.pem
webserver # [ 204.603521] acme-example.test-start[4014]: 'certificates/_.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 204.606728] acme-example.test-start[3957]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 204.619297] acme-example.test-start[3957]: + cat out/key.pem out/fullchain.pem
webserver # [ 204.636478] acme-example.test-start[3957]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 204.648088] acme-example.test-start[3957]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 204.649381] acme-example.test-start[3957]: Releasing lock /run/acme/1.lock
webserver # [ 204.797731] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 204.799737] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 204.802259] systemd[1]: acme-example.test.service: Consumed 197ms CPU time, 20.5M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 204.811810] systemd[1]: Reached target acme-account-d590213ed52603e9128d.target.
webserver # [ 204.823979] systemd[1]: Starting Renew ACME certificate for nginx-dns.example.test...
webserver # [ 204.933045] acme-nginx-dns.example.test-start[4024]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 204.937603] acme-nginx-dns.example.test-start[4024]: Acquired lock /run/acme/3.lock
webserver # [ 204.938824] acme-nginx-dns.example.test-start[4024]: + set -euo pipefail
webserver # [ 204.939851] acme-nginx-dns.example.test-start[4024]: + echo 59d0420c322ea19728a7
webserver # [ 204.940959] acme-nginx-dns.example.test-start[4024]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 204.946554] acme-nginx-dns.example.test-start[4024]: + lego --accept-tos --path . -d nginx-dns.example.test --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir -d nginx-dns-alias.example.test run
acme # [ 205.411513] pebble[681]: Pebble 2024/11/28 20:56:08 GET /dir -> calling handler()
webserver # [ 205.044478] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns.example.test, nginx-dns-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 205.415159] pebble[681]: Pebble 2024/11/28 20:56:08 HEAD /nonce-plz -> calling handler()
acme # [ 205.416929] pebble[681]: Pebble 2024/11/28 20:56:08 POST /order-plz -> calling handler()
acme # [ 205.419384] pebble[681]: Pebble 2024/11/28 20:56:08 There are now 15 authorizations in the db
acme # [ 205.421244] pebble[681]: Pebble 2024/11/28 20:56:08 There are now 16 authorizations in the db
acme # [ 205.422921] pebble[681]: Pebble 2024/11/28 20:56:08 Added order "aLicHfICjaX_ZcICWCiAyJti9xUeFrdTGGPoK1z1blk" to the db
acme # [ 205.424986] pebble[681]: Pebble 2024/11/28 20:56:08 There are now 17 orders in the db
acme # [ 205.478677] pebble[681]: Pebble 2024/11/28 20:56:08 POST /authZ/ -> calling handler()
webserver # [ 205.111159] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/authZ/oE-bBMN3iG8JHaRfZr_aX1f29Et3w7L8CsdMcRCajJg :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: rijLY95xMA_IQqAQ8lvjHg
acme # [ 205.534051] pebble[681]: Pebble 2024/11/28 20:56:08 POST /authZ/ -> calling handler()
acme # [ 205.667781] pebble[681]: Pebble 2024/11/28 20:56:08 POST /authZ/ -> calling handler()
webserver # [ 205.300920] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns.example.test] AuthURL: https://acme.test/authZ/oE-bBMN3iG8JHaRfZr_aX1f29Et3w7L8CsdMcRCajJg
webserver # [ 205.303778] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns-alias.example.test] AuthURL: https://acme.test/authZ/iKpJgCOMM2hEwbVHlIv7ez80wZ94FuiImpvSJktIBLY
webserver # [ 205.306251] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns-alias.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 205.308535] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns-alias.example.test] acme: Could not find solver for: http-01
webserver # [ 205.311587] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns-alias.example.test] acme: Could not find solver for: dns-account-01
webserver # [ 205.313751] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns-alias.example.test] acme: use dns-01 solver
webserver # [ 205.315857] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 205.318082] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns.example.test] acme: Could not find solver for: http-01
webserver # [ 205.320198] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns.example.test] acme: Could not find solver for: dns-account-01
webserver # [ 205.322450] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns.example.test] acme: use dns-01 solver
webserver # [ 205.324370] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:07 [INFO] [nginx-dns-alias.example.test] acme: Preparing to solve DNS-01
webserver # [ 215.319812] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:17 [INFO] [_acme-challenge.nginx-dns-alias.example.test.] dns-hook.sh present _acme-challenge.nginx-dns-alias.example.test. fXtWyR2SODWESlsXEgaZ0s1TvDDdXbGAcrJwfCAJMEY
webserver # [ 215.341049] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:17 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 215.343172] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:17 Dload Upload Total Spent Left Speed
dnsserver # [ 215.465852] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:56:18 Added DNS-01 TXT challenge for Host "_acme-challenge.nginx-dns-alias.example.test." - Value "fXtWyR2SODWESlsXEgaZ0s1TvDDdXbGAcrJwfCAJMEY"
webserver # [ 215.346193] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:17 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 113 0 0 100 113 0 21601 --:--:-- --:--:-- --:--:-- 22600
webserver # [ 215.353429] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:17 [INFO] [nginx-dns-alias.example.test] acme: Trying to solve DNS-01
webserver # [ 225.357343] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:27 [INFO] [nginx-dns-alias.example.test] acme: Checking DNS record propagation. [nameservers=192.168.1.3:53,10.0.2.3:53]
webserver # [ 226.360692] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:28 [INFO] Wait for propagation [timeout: 1s, interval: 1s]
acme # [ 226.732378] pebble[681]: Pebble 2024/11/28 20:56:29 POST /chalZ/ -> calling handler()
acme # [ 226.733786] pebble[681]: Pebble 2024/11/28 20:56:29 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-dns-alias.example.test"}, Challenge:(*core.Challenge)(0xc000250640), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 226.737584] pebble[681]: Pebble 2024/11/28 20:56:29 Starting 3 validations.
acme # [ 226.739382] pebble[681]: Pebble 2024/11/28 20:56:29 POST /authZ/ -> calling handler()
acme # [ 226.742247] pebble[681]: Pebble 2024/11/28 20:56:29 authz iKpJgCOMM2hEwbVHlIv7ez80wZ94FuiImpvSJktIBLY set VALID by completed challenge YjqT9e21As-nKNcDiig2N5gcQCw_uNyOMGZmucKrJZY
acme # [ 229.897833] pebble[681]: Pebble 2024/11/28 20:56:32 POST /authZ/ -> calling handler()
webserver # [ 229.530740] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:32 [INFO] [nginx-dns-alias.example.test] The server validated our request
webserver # [ 229.533520] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:32 [INFO] [nginx-dns-alias.example.test] acme: Cleaning DNS-01 challenge
webserver # [ 239.540814] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:42 [INFO] [_acme-challenge.nginx-dns-alias.example.test.] dns-hook.sh cleanup _acme-challenge.nginx-dns-alias.example.test. fXtWyR2SODWESlsXEgaZ0s1TvDDdXbGAcrJwfCAJMEY
webserver # [ 239.559935] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:42 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 239.562208] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:42 Dload Upload Total Spent Left Speed
dnsserver # [ 239.685061] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:56:42 Removed DNS-01 TXT challenge for Host "_acme-challenge.nginx-dns-alias.example.test."
webserver # [ 239.565828] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:42 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 57 0 0 100 57 0 10622 --:--:-- --:--:-- --:--:-- 11400
webserver # [ 239.571646] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:42 [INFO] sequence: wait for 1s
webserver # [ 240.573611] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:43 [INFO] [nginx-dns.example.test] acme: Preparing to solve DNS-01
webserver # [ 250.583364] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:53 [INFO] [_acme-challenge.nginx-dns.example.test.] dns-hook.sh present _acme-challenge.nginx-dns.example.test. ck7f1z2J-0ctrx_POqexJOXeUSVn_9TOsZPPuw5NtPM
webserver # [ 250.601964] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:53 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 250.604634] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:53 Dload Upload Total Spent Left Speed
dnsserver # [ 250.725056] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:56:53 Added DNS-01 TXT challenge for Host "_acme-challenge.nginx-dns.example.test." - Value "ck7f1z2J-0ctrx_POqexJOXeUSVn_9TOsZPPuw5NtPM"
webserver # [ 250.608148] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:53 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 107 0 0 100 107 0 19317 --:--:-- --:--:-- --:--:-- 21400
webserver # [ 250.614517] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:56:53 [INFO] [nginx-dns.example.test] acme: Trying to solve DNS-01
webserver # [ 260.617415] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:03 [INFO] [nginx-dns.example.test] acme: Checking DNS record propagation. [nameservers=192.168.1.3:53,10.0.2.3:53]
webserver # [ 261.617965] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:04 [INFO] Wait for propagation [timeout: 1s, interval: 1s]
acme # [ 261.990365] pebble[681]: Pebble 2024/11/28 20:57:04 POST /chalZ/ -> calling handler()
acme # [ 261.991688] pebble[681]: Pebble 2024/11/28 20:57:04 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-dns.example.test"}, Challenge:(*core.Challenge)(0xc000250b40), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 261.995304] pebble[681]: Pebble 2024/11/28 20:57:04 Starting 3 validations.
acme # [ 261.996371] pebble[681]: Pebble 2024/11/28 20:57:04 POST /authZ/ -> calling handler()
acme # [ 261.997920] pebble[681]: Pebble 2024/11/28 20:57:04 authz oE-bBMN3iG8JHaRfZr_aX1f29Et3w7L8CsdMcRCajJg set VALID by completed challenge jMYNG4KIXUGmXDRdAvPL67LXXODe0RErT-cA4QK81DY
acme # [ 266.309547] pebble[681]: Pebble 2024/11/28 20:57:08 POST /authZ/ -> calling handler()
webserver # [ 265.941993] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:08 [INFO] [nginx-dns.example.test] The server validated our request
webserver # [ 265.944260] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:08 [INFO] [nginx-dns.example.test] acme: Cleaning DNS-01 challenge
webserver # [ 275.950843] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:18 [INFO] [_acme-challenge.nginx-dns.example.test.] dns-hook.sh cleanup _acme-challenge.nginx-dns.example.test. ck7f1z2J-0ctrx_POqexJOXeUSVn_9TOsZPPuw5NtPM
webserver # [ 275.972087] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:18 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 275.974657] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:18 Dload Upload Total Spent Left Speed
dnsserver # [ 276.095400] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:57:18 Removed DNS-01 TXT challenge for Host "_acme-challenge.nginx-dns.example.test."
webserver # [ 275.978126] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:18 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 51 0 0 100 51 0 9497 --:--:-- --:--:-- --:--:-- 10200
webserver # [ 275.985068] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:18 [INFO] [nginx-dns.example.test, nginx-dns-alias.example.test] acme: Validations succeeded; requesting certificates
webserver # [ 275.990104] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:18 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 276.358453] pebble[681]: Pebble 2024/11/28 20:57:18 POST /finalize-order/ -> calling handler()
acme # [ 276.359795] pebble[681]: Pebble 2024/11/28 20:57:18 Order aLicHfICjaX_ZcICWCiAyJti9xUeFrdTGGPoK1z1blk is fully authorized. Processing finalization
acme # [ 276.363347] pebble[681]: Pebble 2024/11/28 20:57:18 Issued certificate serial 74b5822d4f52dc02 for order aLicHfICjaX_ZcICWCiAyJti9xUeFrdTGGPoK1z1blk
acme # [ 276.365365] pebble[681]: Pebble 2024/11/28 20:57:18 POST /my-order/ -> calling handler()
acme # [ 276.367830] pebble[681]: Pebble 2024/11/28 20:57:18 POST /certZ/ -> calling handler()
webserver # [ 276.002230] acme-nginx-dns.example.test-start[4027]: 2024/11/28 20:57:18 [INFO] [nginx-dns.example.test] Server responded with a certificate.
webserver # [ 276.009153] acme-nginx-dns.example.test-start[4024]: + mv domainhash.txt certificates/
webserver # [ 276.016104] acme-nginx-dns.example.test-start[4024]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-dns.example.test.crt certificates/nginx-dns.example.test.issuer.crt certificates/nginx-dns.example.test.json certificates/nginx-dns.example.test.key
webserver # [ 276.026703] acme-nginx-dns.example.test-start[4024]: + cmp -s certificates/nginx-dns.example.test.crt out/fullchain.pem
webserver # [ 276.031351] acme-nginx-dns.example.test-start[4024]: + touch out/renewed
webserver # [ 276.037574] acme-nginx-dns.example.test-start[4024]: + echo Installing new certificate
webserver # [ 276.038756] acme-nginx-dns.example.test-start[4024]: Installing new certificate
webserver # [ 276.039815] acme-nginx-dns.example.test-start[4024]: + cp -vp certificates/nginx-dns.example.test.crt out/fullchain.pem
webserver # [ 276.046671] acme-nginx-dns.example.test-start[4044]: 'certificates/nginx-dns.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 276.048510] acme-nginx-dns.example.test-start[4024]: + cp -vp certificates/nginx-dns.example.test.key out/key.pem
webserver # [ 276.054465] acme-nginx-dns.example.test-start[4045]: 'certificates/nginx-dns.example.test.key' -> 'out/key.pem'
webserver # [ 276.056598] acme-nginx-dns.example.test-start[4024]: + cp -vp certificates/nginx-dns.example.test.issuer.crt out/chain.pem
webserver # [ 276.062505] acme-nginx-dns.example.test-start[4046]: 'certificates/nginx-dns.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 276.064610] acme-nginx-dns.example.test-start[4024]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 276.071193] acme-nginx-dns.example.test-start[4024]: + cat out/key.pem out/fullchain.pem
webserver # [ 276.077774] acme-nginx-dns.example.test-start[4024]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 276.085176] acme-nginx-dns.example.test-start[4024]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 276.086465] acme-nginx-dns.example.test-start[4024]: Releasing lock /run/acme/3.lock
webserver # [ 276.132961] systemd[1]: acme-nginx-dns.example.test.service: Deactivated successfully.
webserver # [ 276.138077] systemd[1]: Finished Renew ACME certificate for nginx-dns.example.test.
webserver # [ 276.139295] systemd[1]: acme-nginx-dns.example.test.service: Consumed 244ms CPU time, 21.9M memory peak, 4K written to disk, 19.6K incoming IP traffic, 14.5K outgoing IP traffic.
webserver # [ 276.150135] systemd[1]: Starting Nginx Web Server...
webserver # [ 276.236243] nginx-pre-start[4057]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 276.238407] nginx-pre-start[4057]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 276.246968] systemd[1]: Started Nginx Web Server.
webserver # [ 276.254123] systemd[1]: Starting Renew ACME certificate for nginx-different-key.example.test...
webserver # [ 276.261852] systemd[1]: Starting Renew ACME certificate for nginx-http.example.test...
webserver # [ 276.404438] acme-nginx-http.example.test-start[4061]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 276.408929] acme-nginx-different-key.example.test-start[4060]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 276.412633] acme-nginx-different-key.example.test-start[4060]: Acquired lock /run/acme/2.lock
webserver # [ 276.415479] acme-nginx-different-key.example.test-start[4060]: + set -euo pipefail
webserver # [ 276.416905] acme-nginx-different-key.example.test-start[4064]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 276.419345] acme-nginx-http.example.test-start[4061]: Acquired lock /run/acme/4.lock
webserver # [ 276.422195] acme-nginx-http.example.test-start[4061]: + set -euo pipefail
webserver # [ 276.423411] acme-nginx-http.example.test-start[4065]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 276.431328] acme-nginx-http.example.test-start[4065]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 276.433143] acme-nginx-different-key.example.test-start[4064]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 276.450236] acme-nginx-different-key.example.test-start[4060]: + echo 4e6cd57b5b6e5fd2c9cb
webserver # [ 276.451515] acme-nginx-different-key.example.test-start[4060]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 276.452957] acme-nginx-http.example.test-start[4061]: + echo 197b6592b1395f3f8747
webserver # [ 276.454094] acme-nginx-http.example.test-start[4061]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 276.461227] acme-nginx-http.example.test-start[4061]: + lego --accept-tos --path . -d nginx-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-http-alias.example.test run
webserver # [ 276.464523] acme-nginx-different-key.example.test-start[4060]: + lego --accept-tos --path . -d nginx-different-key.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-different-key-alias.example.test run
webserver # [ 276.469704] nginx[4059]: 2024/11/28 20:57:19 [notice] 4059#4059: using the "epoll" event method
webserver # [ 276.471608] nginx[4059]: 2024/11/28 20:57:19 [notice] 4059#4059: nginx/1.26.2
webserver # [ 276.474089] nginx[4059]: 2024/11/28 20:57:19 [notice] 4059#4059: built by gcc 13.3.0 (GCC)
webserver # [ 276.475282] nginx[4059]: 2024/11/28 20:57:19 [notice] 4059#4059: OS: Linux 6.6.63
webserver # [ 276.477173] nginx[4059]: 2024/11/28 20:57:19 [notice] 4059#4059: getrlimit(RLIMIT_NOFILE): 1024:524288
webserver # [ 276.478532] nginx[4059]: 2024/11/28 20:57:19 [notice] 4059#4059: start worker processes
webserver # [ 276.479747] nginx[4059]: 2024/11/28 20:57:19 [notice] 4059#4059: start worker process 4072
acme # [ 276.994678] pebble[681]: Pebble 2024/11/28 20:57:19 GET /dir -> calling handler()
webserver # [ 276.629336] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:19 [INFO] [nginx-http.example.test, nginx-http-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 277.000983] pebble[681]: Pebble 2024/11/28 20:57:19 HEAD /nonce-plz -> calling handler()
acme # [ 277.003470] pebble[681]: Pebble 2024/11/28 20:57:19 POST /order-plz -> calling handler()
acme # [ 277.005083] pebble[681]: Pebble 2024/11/28 20:57:19 There are now 17 authorizations in the db
acme # [ 277.006832] pebble[681]: Pebble 2024/11/28 20:57:19 There are now 18 authorizations in the db
acme # [ 277.008344] pebble[681]: Pebble 2024/11/28 20:57:19 Added order "1vSQxSHWNrav-BxCS6U1ygH01yNR2X6IaGhdp89SHwA" to the db
acme # [ 277.010480] pebble[681]: Pebble 2024/11/28 20:57:19 There are now 18 orders in the db
acme # [ 277.012182] pebble[681]: Pebble 2024/11/28 20:57:19 GET /dir -> calling handler()
webserver # [ 276.646358] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:19 [INFO] [nginx-different-key.example.test, nginx-different-key-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 277.017759] pebble[681]: Pebble 2024/11/28 20:57:19 HEAD /nonce-plz -> calling handler()
acme # [ 277.019735] pebble[681]: Pebble 2024/11/28 20:57:19 POST /order-plz -> calling handler()
acme # [ 277.021985] pebble[681]: Pebble 2024/11/28 20:57:19 There are now 19 authorizations in the db
acme # [ 277.023903] pebble[681]: Pebble 2024/11/28 20:57:19 There are now 20 authorizations in the db
acme # [ 277.025440] pebble[681]: Pebble 2024/11/28 20:57:19 Added order "D0PvI8ez7q1ggYu7hsXG0ALw5c4-E-UdiYyci4Br99E" to the db
acme # [ 277.027305] pebble[681]: Pebble 2024/11/28 20:57:19 There are now 19 orders in the db
acme # [ 277.060981] pebble[681]: Pebble 2024/11/28 20:57:19 POST /authZ/ -> calling handler()
acme # [ 277.079231] pebble[681]: Pebble 2024/11/28 20:57:19 POST /authZ/ -> calling handler()
acme # [ 277.117591] pebble[681]: Pebble 2024/11/28 20:57:19 POST /authZ/ -> calling handler()
webserver # [ 276.750302] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:19 [INFO] [nginx-http-alias.example.test] AuthURL: https://acme.test/authZ/IXQzx5NDaFNZyOk1kxE7gr9cJdwn_YGxoaLlhtNaaEs
acme # [ 277.119471] pebble[681]: Pebble 2024/11/28 20:57:19 POST /chalZ/ -> calling handler()
webserver # [ 276.752878] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:19 [INFO] [nginx-http.example.test] AuthURL: https://acme.test/authZ/DqIlkUWdhytHRF86bpFRKnnANoUbPCU25k-MVnbhyN8
webserver # [ 276.755428] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:19 [INFO] [nginx-http.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 277.122072] pebble[681]: Pebble 2024/11/28 20:57:19 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-http.example.test"}, Challenge:(*core.Challenge)(0xc0002510e0), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
webserver # [ 276.757515] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:19 [INFO] [nginx-http.example.test] acme: use http-01 solver
acme # [ 277.126613] pebble[681]: Pebble 2024/11/28 20:57:19 Starting 3 validations.
webserver # [ 276.759348] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:19 [INFO] [nginx-http-alias.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 277.128313] pebble[681]: Pebble 2024/11/28 20:57:19 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/S-w6rwJaTYtqmiViwocSSymKUpUkvD_Ks0cyppUthIU
webserver # [ 276.761852] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:19 [INFO] [nginx-http-alias.example.test] acme: use http-01 solver
webserver # [ 276.763762] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:19 [INFO] [nginx-http.example.test] acme: Trying to solve HTTP-01
acme # [ 277.131476] pebble[681]: Pebble 2024/11/28 20:57:19 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/S-w6rwJaTYtqmiViwocSSymKUpUkvD_Ks0cyppUthIU
acme # [ 277.135507] pebble[681]: Pebble 2024/11/28 20:57:19 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/S-w6rwJaTYtqmiViwocSSymKUpUkvD_Ks0cyppUthIU
acme # [ 277.139203] pebble[681]: Pebble 2024/11/28 20:57:19 POST /authZ/ -> calling handler()
acme # [ 277.142207] pebble[681]: Pebble 2024/11/28 20:57:19 POST /authZ/ -> calling handler()
webserver # [ 276.777189] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:19 [INFO] [nginx-different-key.example.test] AuthURL: https://acme.test/authZ/YCKHj97CmgJW1CWSFTgcXrC37xupEBZZHgsjgx2Yrho
acme # [ 277.146495] pebble[681]: Pebble 2024/11/28 20:57:19 POST /chalZ/ -> calling handler()
webserver # [ 276.780340] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:19 [INFO] [nginx-different-key-alias.example.test] AuthURL: https://acme.test/authZ/lbgnbuH46ZOl5XqAUBZLopqeEazRWvRH0a4DYJ6nrZs
webserver # [ 276.783232] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:19 [INFO] [nginx-different-key-alias.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 277.149589] pebble[681]: Pebble 2024/11/28 20:57:19 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-different-key-alias.example.test"}, Challenge:(*core.Challenge)(0xc000251360), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
webserver # [ 276.785983] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:19 [INFO] [nginx-different-key-alias.example.test] acme: use http-01 solver
acme # [ 277.155132] pebble[681]: Pebble 2024/11/28 20:57:19 Starting 3 validations.
webserver # [ 276.788585] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:19 [INFO] [nginx-different-key.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 277.156595] pebble[681]: Pebble 2024/11/28 20:57:19 Attempting to validate w/ HTTP: http://nginx-different-key-alias.example.test:80/.well-known/acme-challenge/XEU499jABqN4e7WUsEMJdSVbreC_tzbQCI4XXIxBP8s
webserver # [ 276.790949] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:19 [INFO] [nginx-different-key.example.test] acme: use http-01 solver
webserver # [ 276.793045] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:19 [INFO] [nginx-different-key-alias.example.test] acme: Trying to solve HTTP-01
acme # [ 277.159925] pebble[681]: Pebble 2024/11/28 20:57:19 Attempting to validate w/ HTTP: http://nginx-different-key-alias.example.test:80/.well-known/acme-challenge/XEU499jABqN4e7WUsEMJdSVbreC_tzbQCI4XXIxBP8s
acme # [ 277.163785] pebble[681]: Pebble 2024/11/28 20:57:19 Attempting to validate w/ HTTP: http://nginx-different-key-alias.example.test:80/.well-known/acme-challenge/XEU499jABqN4e7WUsEMJdSVbreC_tzbQCI4XXIxBP8s
acme # [ 277.169293] pebble[681]: Pebble 2024/11/28 20:57:19 POST /authZ/ -> calling handler()
acme # [ 277.175326] pebble[681]: Pebble 2024/11/28 20:57:19 authz IXQzx5NDaFNZyOk1kxE7gr9cJdwn_YGxoaLlhtNaaEs set VALID by completed challenge 4dJYNWob7ZlxhOWzrTsIjJ5vPihKeN8kcmvho2fGWRk
acme # [ 277.178765] pebble[681]: Pebble 2024/11/28 20:57:19 authz YCKHj97CmgJW1CWSFTgcXrC37xupEBZZHgsjgx2Yrho set VALID by completed challenge NL8sQEJuw2dTX5wUPl6TV_BB9NNeNvKBOL2Re9xmg9g
acme # [ 282.070346] pebble[681]: Pebble 2024/11/28 20:57:24 POST /authZ/ -> calling handler()
webserver # [ 281.703215] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:24 [INFO] [nginx-different-key-alias.example.test] The server validated our request
acme # [ 282.072057] pebble[681]: Pebble 2024/11/28 20:57:24 POST /chalZ/ -> calling handler()
webserver # [ 281.705272] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:24 [INFO] [nginx-different-key.example.test] acme: Trying to solve HTTP-01
acme # [ 282.073747] pebble[681]: Pebble 2024/11/28 20:57:24 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-different-key.example.test"}, Challenge:(*core.Challenge)(0xc0002515e0), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 282.077762] pebble[681]: Pebble 2024/11/28 20:57:24 Starting 3 validations.
acme # [ 282.078793] pebble[681]: Pebble 2024/11/28 20:57:24 Attempting to validate w/ HTTP: http://nginx-different-key.example.test:80/.well-known/acme-challenge/i2VO3WvacHKCn15VPGK71pEWx830loGo0ynQioJWvC8
acme # [ 282.082058] pebble[681]: Pebble 2024/11/28 20:57:24 POST /authZ/ -> calling handler()
acme # [ 282.084415] pebble[681]: Pebble 2024/11/28 20:57:24 Attempting to validate w/ HTTP: http://nginx-different-key.example.test:80/.well-known/acme-challenge/i2VO3WvacHKCn15VPGK71pEWx830loGo0ynQioJWvC8
webserver # [ 281.716428] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:24 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/authZ/lbgnbuH46ZOl5XqAUBZLopqeEazRWvRH0a4DYJ6nrZs :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: xph3jjt1kobIOo5u5o5L5w
acme # [ 282.087750] pebble[681]: Pebble 2024/11/28 20:57:24 Attempting to validate w/ HTTP: http://nginx-different-key.example.test:80/.well-known/acme-challenge/i2VO3WvacHKCn15VPGK71pEWx830loGo0ynQioJWvC8
acme # [ 282.094106] pebble[681]: Pebble 2024/11/28 20:57:24 authz lbgnbuH46ZOl5XqAUBZLopqeEazRWvRH0a4DYJ6nrZs set VALID by completed challenge bHPed1cfxF0v2_FgUrBJ-t80VFkLQn50Hj3233F4a1I
acme # [ 282.201886] pebble[681]: Pebble 2024/11/28 20:57:24 POST /authZ/ -> calling handler()
acme # [ 282.203736] pebble[681]: Pebble 2024/11/28 20:57:24 POST /finalize-order/ -> calling handler()
webserver # [ 281.835144] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:24 [INFO] [nginx-different-key.example.test] The server validated our request
acme # [ 282.205799] pebble[681]: Pebble 2024/11/28 20:57:24 Order D0PvI8ez7q1ggYu7hsXG0ALw5c4-E-UdiYyci4Br99E is fully authorized. Processing finalization
webserver # [ 281.837615] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:24 [INFO] [nginx-different-key.example.test, nginx-different-key-alias.example.test] acme: Validations succeeded; requesting certificates
webserver # [ 281.841253] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:24 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 282.210404] pebble[681]: Pebble 2024/11/28 20:57:24 Issued certificate serial 34da476fc429fc69 for order D0PvI8ez7q1ggYu7hsXG0ALw5c4-E-UdiYyci4Br99E
acme # [ 282.213055] pebble[681]: Pebble 2024/11/28 20:57:24 POST /my-order/ -> calling handler()
acme # [ 282.215627] pebble[681]: Pebble 2024/11/28 20:57:24 POST /certZ/ -> calling handler()
webserver # [ 281.848377] acme-nginx-different-key.example.test-start[4071]: 2024/11/28 20:57:24 [INFO] [nginx-different-key.example.test] Server responded with a certificate.
webserver # [ 281.856430] acme-nginx-different-key.example.test-start[4060]: + mv domainhash.txt certificates/
webserver # [ 281.864421] acme-nginx-different-key.example.test-start[4060]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-different-key.example.test.crt certificates/nginx-different-key.example.test.issuer.crt certificates/nginx-different-key.example.test.json certificates/nginx-different-key.example.test.key
webserver # [ 281.877828] acme-nginx-different-key.example.test-start[4060]: + cmp -s certificates/nginx-different-key.example.test.crt out/fullchain.pem
webserver # [ 281.883503] acme-nginx-different-key.example.test-start[4060]: + touch out/renewed
webserver # [ 281.890926] acme-nginx-different-key.example.test-start[4060]: + echo Installing new certificate
webserver # [ 281.892819] acme-nginx-different-key.example.test-start[4060]: Installing new certificate
webserver # [ 281.894057] acme-nginx-different-key.example.test-start[4060]: + cp -vp certificates/nginx-different-key.example.test.crt out/fullchain.pem
webserver # [ 281.900926] acme-nginx-different-key.example.test-start[4084]: 'certificates/nginx-different-key.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 281.903068] acme-nginx-different-key.example.test-start[4060]: + cp -vp certificates/nginx-different-key.example.test.key out/key.pem
webserver # [ 281.909498] acme-nginx-different-key.example.test-start[4085]: 'certificates/nginx-different-key.example.test.key' -> 'out/key.pem'
webserver # [ 281.911893] acme-nginx-different-key.example.test-start[4060]: + cp -vp certificates/nginx-different-key.example.test.issuer.crt out/chain.pem
webserver # [ 281.918162] acme-nginx-different-key.example.test-start[4086]: 'certificates/nginx-different-key.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 281.920888] acme-nginx-different-key.example.test-start[4060]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 281.927520] acme-nginx-different-key.example.test-start[4060]: + cat out/key.pem out/fullchain.pem
webserver # [ 281.934271] acme-nginx-different-key.example.test-start[4060]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 281.941335] acme-nginx-different-key.example.test-start[4060]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 281.942690] acme-nginx-different-key.example.test-start[4060]: Releasing lock /run/acme/2.lock
webserver # [ 281.990213] systemd[1]: acme-nginx-different-key.example.test.service: Deactivated successfully.
webserver # [ 281.995070] systemd[1]: Finished Renew ACME certificate for nginx-different-key.example.test.
webserver # [ 281.997492] systemd[1]: acme-nginx-different-key.example.test.service: Consumed 177ms CPU time, 20.5M memory peak, 8K written to disk, 15.3K incoming IP traffic, 10.2K outgoing IP traffic.
acme # [ 282.605876] pebble[681]: Pebble 2024/11/28 20:57:25 POST /authZ/ -> calling handler()
webserver # [ 282.238674] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:24 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/authZ/IXQzx5NDaFNZyOk1kxE7gr9cJdwn_YGxoaLlhtNaaEs :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: xaK0amfaI2Bpw_4kTxe2hw
acme # [ 282.812319] pebble[681]: Pebble 2024/11/28 20:57:25 POST /authZ/ -> calling handler()
webserver # [ 282.447651] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:25 [INFO] [nginx-http.example.test] The server validated our request
acme # [ 282.816476] pebble[681]: Pebble 2024/11/28 20:57:25 POST /chalZ/ -> calling handler()
webserver # [ 282.449642] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:25 [INFO] [nginx-http-alias.example.test] acme: Trying to solve HTTP-01
acme # [ 282.818089] pebble[681]: Pebble 2024/11/28 20:57:25 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-http-alias.example.test"}, Challenge:(*core.Challenge)(0xc000250e60), Account:(*core.Account)(0xc0001ef320), AccountURL:"https://acme.test/my-account/38a4a9fee381bec6", Wildcard:false}
acme # [ 282.823038] pebble[681]: Pebble 2024/11/28 20:57:25 Starting 3 validations.
acme # [ 282.824320] pebble[681]: Pebble 2024/11/28 20:57:25 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/S6aa5HtruB1L14ccpp8N18Bi6-2EpAxHv3dTWISod8k
acme # [ 282.828806] pebble[681]: Pebble 2024/11/28 20:57:25 POST /authZ/ -> calling handler()
acme # [ 282.830313] pebble[681]: Pebble 2024/11/28 20:57:25 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/S6aa5HtruB1L14ccpp8N18Bi6-2EpAxHv3dTWISod8k
acme # [ 282.833922] pebble[681]: Pebble 2024/11/28 20:57:25 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/S6aa5HtruB1L14ccpp8N18Bi6-2EpAxHv3dTWISod8k
acme # [ 282.842416] pebble[681]: Pebble 2024/11/28 20:57:25 authz DqIlkUWdhytHRF86bpFRKnnANoUbPCU25k-MVnbhyN8 set VALID by completed challenge XCxJh6MnBh2UVFMoibClst7DjfpK09kZSo8SgsjJaqs
acme # [ 289.649913] pebble[681]: Pebble 2024/11/28 20:57:32 POST /authZ/ -> calling handler()
webserver # [ 289.282716] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:31 [INFO] [nginx-http-alias.example.test] The server validated our request
acme # [ 289.652377] pebble[681]: Pebble 2024/11/28 20:57:32 POST /finalize-order/ -> calling handler()
webserver # [ 289.284547] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:31 [INFO] [nginx-http.example.test, nginx-http-alias.example.test] acme: Validations succeeded; requesting certificates
webserver # [ 289.287817] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:31 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 289.655189] pebble[681]: Pebble 2024/11/28 20:57:32 Order 1vSQxSHWNrav-BxCS6U1ygH01yNR2X6IaGhdp89SHwA is fully authorized. Processing finalization
acme # [ 289.658947] pebble[681]: Pebble 2024/11/28 20:57:32 POST /my-order/ -> calling handler()
acme # [ 289.662909] pebble[681]: Pebble 2024/11/28 20:57:32 Issued certificate serial 7cf38b627be3be69 for order 1vSQxSHWNrav-BxCS6U1ygH01yNR2X6IaGhdp89SHwA
acme # [ 290.162861] pebble[681]: Pebble 2024/11/28 20:57:32 POST /my-order/ -> calling handler()
acme # [ 290.165669] pebble[681]: Pebble 2024/11/28 20:57:32 POST /certZ/ -> calling handler()
webserver # [ 289.800746] acme-nginx-http.example.test-start[4070]: 2024/11/28 20:57:32 [INFO] [nginx-http.example.test] Server responded with a certificate.
webserver # [ 289.809333] acme-nginx-http.example.test-start[4061]: + mv domainhash.txt certificates/
webserver # [ 289.816432] acme-nginx-http.example.test-start[4061]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-http.example.test.crt certificates/nginx-http.example.test.issuer.crt certificates/nginx-http.example.test.json certificates/nginx-http.example.test.key
webserver # [ 289.826855] acme-nginx-http.example.test-start[4061]: + cmp -s certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 289.831795] acme-nginx-http.example.test-start[4061]: + touch out/renewed
webserver # [ 289.838649] acme-nginx-http.example.test-start[4061]: + echo Installing new certificate
webserver # [ 289.840057] acme-nginx-http.example.test-start[4061]: Installing new certificate
webserver # [ 289.841275] acme-nginx-http.example.test-start[4061]: + cp -vp certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 289.847757] acme-nginx-http.example.test-start[4100]: 'certificates/nginx-http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 289.850717] acme-nginx-http.example.test-start[4061]: + cp -vp certificates/nginx-http.example.test.key out/key.pem
webserver # [ 289.856549] acme-nginx-http.example.test-start[4101]: 'certificates/nginx-http.example.test.key' -> 'out/key.pem'
webserver # [ 289.859036] acme-nginx-http.example.test-start[4061]: + cp -vp certificates/nginx-http.example.test.issuer.crt out/chain.pem
webserver # [ 289.865473] acme-nginx-http.example.test-start[4102]: 'certificates/nginx-http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 289.867637] acme-nginx-http.example.test-start[4061]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 289.874689] acme-nginx-http.example.test-start[4061]: + cat out/key.pem out/fullchain.pem
webserver # [ 289.881684] acme-nginx-http.example.test-start[4061]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 289.889744] acme-nginx-http.example.test-start[4061]: + echo 'Releasing lock /run/acme/4.lock'
webserver # [ 289.891046] acme-nginx-http.example.test-start[4061]: Releasing lock /run/acme/4.lock
webserver # [ 289.938393] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 289.943091] systemd[1]: Finished Renew ACME certificate for nginx-http.example.test.
webserver # [ 289.944299] systemd[1]: acme-nginx-http.example.test.service: Consumed 170ms CPU time, 20.5M memory peak, 12K written to disk, 17.4K incoming IP traffic, 11.5K outgoing IP traffic.
webserver # [ 289.955491] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 290.027348] systemd[1]: Reloading Nginx Web Server...
webserver # [ 290.105716] nginx[4115]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 290.107552] nginx[4115]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 290.163270] nginx[4059]: 2024/11/28 20:57:32 [notice] 4059#4059: signal 1 (SIGHUP) received from 4117, reconfiguring
webserver # [ 290.165515] nginx[4059]: 2024/11/28 20:57:32 [notice] 4059#4059: reconfiguring
webserver # [ 290.170066] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 290.176876] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 290.183719] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 290.184817] systemd[1]: Reached target acme-finished-nginx-different-key.example.test.target.
webserver # [ 290.186128] systemd[1]: Reached target acme-finished-nginx-dns.example.test.target.
webserver # [ 290.187530] systemd[1]: Reached target acme-finished-nginx-http.example.test.target.
webserver # [ 290.202944] nginx[4059]: 2024/11/28 20:57:32 [notice] 4059#4059: using the "epoll" event method
webserver # [ 290.204302] nginx[4059]: 2024/11/28 20:57:32 [notice] 4059#4059: start worker processes
webserver # [ 290.205497] nginx[4059]: 2024/11/28 20:57:32 [notice] 4059#4059: start worker process 4120
webserver # [ 290.303455] nginx[4072]: 2024/11/28 20:57:32 [notice] 4072#4072: gracefully shutting down
webserver # [ 290.305971] nginx[4072]: 2024/11/28 20:57:32 [notice] 4072#4072: exiting
webserver # [ 290.307149] nginx[4072]: 2024/11/28 20:57:32 [notice] 4072#4072: exit
webserver # [ 290.311604] nginx[4059]: 2024/11/28 20:57:32 [notice] 4059#4059: signal 17 (SIGCHLD) received from 4072
webserver # [ 290.313053] nginx[4059]: 2024/11/28 20:57:32 [notice] 4059#4059: worker process 4072 exited with code 0
webserver # [ 290.314404] nginx[4059]: 2024/11/28 20:57:32 [notice] 4059#4059: signal 29 (SIGIO) received
webserver # the following new units were started: acme-account-d590213ed52603e9128d.target, acme-finished-nginx-different-key.example.test.target, acme-finished-nginx-dns.example.test.target, acme-finished-nginx-http.example.test.target, acme-nginx-different-key.example.test.timer, acme-nginx-dns.example.test.timer, acme-nginx-http.example.test.timer, nginx.service
webserver # [ 290.449830] nixos[3804]: finished switching to system configuration /nix/store/i8vd95jlwxlwyp2rpya6i08bl5ssv80p-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/nginx/bin/switch-to-configuration test, in 88.96 seconds)
webserver # [ 290.513519] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 290.515905] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 290.522331] systemd[1]: Starting Renew ACME certificate for nginx-http.example.test...
webserver # [ 290.584277] acme-nginx-http.example.test-start[4126]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 290.588026] acme-nginx-http.example.test-start[4126]: Acquired lock /run/acme/4.lock
webserver # [ 290.589633] acme-nginx-http.example.test-start[4126]: + set -euo pipefail
webserver # [ 290.591269] acme-nginx-http.example.test-start[4128]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 290.598297] acme-nginx-http.example.test-start[4128]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 290.606826] acme-nginx-http.example.test-start[4126]: + echo 197b6592b1395f3f8747
webserver # [ 290.608171] acme-nginx-http.example.test-start[4126]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 290.612663] acme-nginx-http.example.test-start[4126]: + '[' -e certificates/nginx-http.example.test.key ']'
webserver # [ 290.614202] acme-nginx-http.example.test-start[4126]: + '[' -e certificates/nginx-http.example.test.crt ']'
webserver # [ 290.616273] acme-nginx-http.example.test-start[4131]: ++ find accounts -name [email protected]
webserver # [ 290.624198] acme-nginx-http.example.test-start[4126]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 290.625977] acme-nginx-http.example.test-start[4126]: + lego --accept-tos --path . -d nginx-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-http-alias.example.test renew --no-random-sleep --days 30
acme # [ 291.081422] pebble[681]: Pebble 2024/11/28 20:57:33 GET /dir -> calling handler()
webserver # [ 290.714915] acme-nginx-http.example.test-start[4132]: 2024/11/28 20:57:33 [nginx-http.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 290.722618] acme-nginx-http.example.test-start[4126]: + mv domainhash.txt certificates/
webserver # [ 290.729957] acme-nginx-http.example.test-start[4126]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-http.example.test.crt certificates/nginx-http.example.test.issuer.crt certificates/nginx-http.example.test.json certificates/nginx-http.example.test.key
webserver # [ 290.741227] acme-nginx-http.example.test-start[4126]: + cmp -s certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 290.746482] acme-nginx-http.example.test-start[4126]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 290.754141] acme-nginx-http.example.test-start[4126]: + echo 'Releasing lock /run/acme/4.lock'
webserver # [ 290.755463] acme-nginx-http.example.test-start[4126]: Releasing lock /run/acme/4.lock
webserver # [ 290.797787] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 290.803059] systemd[1]: Finished Renew ACME certificate for nginx-http.example.test.
webserver # [ 290.805453] systemd[1]: acme-nginx-http.example.test.service: Consumed 151ms CPU time, 20.1M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 290.815439] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 290.884500] systemd[1]: Reloading Nginx Web Server...
webserver # [ 290.962672] nginx[4149]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 290.964460] nginx[4149]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 291.020827] nginx[4059]: 2024/11/28 20:57:33 [notice] 4059#4059: signal 1 (SIGHUP) received from 4151, reconfiguring
webserver # [ 291.022743] nginx[4059]: 2024/11/28 20:57:33 [notice] 4059#4059: reconfiguring
webserver # [ 291.026448] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 291.033769] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 291.042139] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-nginx-http.example.test.target
webserver # [ 291.066976] nginx[4059]: 2024/11/28 20:57:33 [notice] 4059#4059: using the "epoll" event method
webserver # [ 291.068347] nginx[4059]: 2024/11/28 20:57:33 [notice] 4059#4059: start worker processes
webserver # [ 291.069488] nginx[4059]: 2024/11/28 20:57:33 [notice] 4059#4059: start worker process 4157
(finished: waiting for unit acme-finished-nginx-http.example.test.target, in 0.06 seconds)
webserver # [ 291.153090] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 291.155221] systemd[1]: Generate self-signed certificate for nginx-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-dns.example.test/key.pem).
webserver # [ 291.164157] systemd[1]: Starting Renew ACME certificate for nginx-dns.example.test...
webserver # [ 291.170470] nginx[4120]: 2024/11/28 20:57:33 [notice] 4120#4120: gracefully shutting down
webserver # [ 291.172434] nginx[4120]: 2024/11/28 20:57:33 [notice] 4120#4120: exiting
webserver # [ 291.175192] nginx[4120]: 2024/11/28 20:57:33 [notice] 4120#4120: exit
webserver # [ 291.179542] nginx[4059]: 2024/11/28 20:57:33 [notice] 4059#4059: signal 17 (SIGCHLD) received from 4120
webserver # [ 291.181787] nginx[4059]: 2024/11/28 20:57:33 [notice] 4059#4059: worker process 4120 exited with code 0
webserver # [ 291.183458] nginx[4059]: 2024/11/28 20:57:33 [notice] 4059#4059: signal 29 (SIGIO) received
webserver # [ 291.235713] acme-nginx-dns.example.test-start[4164]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 291.239246] acme-nginx-dns.example.test-start[4164]: Acquired lock /run/acme/3.lock
webserver # [ 291.240484] acme-nginx-dns.example.test-start[4164]: + set -euo pipefail
webserver # [ 291.241595] acme-nginx-dns.example.test-start[4164]: + echo 59d0420c322ea19728a7
webserver # [ 291.243112] acme-nginx-dns.example.test-start[4164]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 291.247670] acme-nginx-dns.example.test-start[4164]: + '[' -e certificates/nginx-dns.example.test.key ']'
webserver # [ 291.249210] acme-nginx-dns.example.test-start[4164]: + '[' -e certificates/nginx-dns.example.test.crt ']'
webserver # [ 291.251238] acme-nginx-dns.example.test-start[4167]: ++ find accounts -name [email protected]
webserver # [ 291.259491] acme-nginx-dns.example.test-start[4164]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 291.261175] acme-nginx-dns.example.test-start[4164]: + lego --accept-tos --path . -d nginx-dns.example.test --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir -d nginx-dns-alias.example.test renew --no-random-sleep --days 30
acme # [ 291.709888] pebble[681]: Pebble 2024/11/28 20:57:34 GET /dir -> calling handler()
webserver # [ 291.343274] acme-nginx-dns.example.test-start[4168]: 2024/11/28 20:57:33 [nginx-dns.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 291.350492] acme-nginx-dns.example.test-start[4164]: + mv domainhash.txt certificates/
webserver # [ 291.357580] acme-nginx-dns.example.test-start[4164]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-dns.example.test.crt certificates/nginx-dns.example.test.issuer.crt certificates/nginx-dns.example.test.json certificates/nginx-dns.example.test.key
webserver # [ 291.367642] acme-nginx-dns.example.test-start[4164]: + cmp -s certificates/nginx-dns.example.test.crt out/fullchain.pem
webserver # [ 291.372197] acme-nginx-dns.example.test-start[4164]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 291.378975] acme-nginx-dns.example.test-start[4164]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 291.380220] acme-nginx-dns.example.test-start[4164]: Releasing lock /run/acme/3.lock
webserver # [ 291.419596] systemd[1]: acme-nginx-dns.example.test.service: Deactivated successfully.
webserver # [ 291.422400] systemd[1]: Finished Renew ACME certificate for nginx-dns.example.test.
webserver # [ 291.423561] systemd[1]: acme-nginx-dns.example.test.service: Consumed 142ms CPU time, 19.8M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 291.433259] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 291.495410] systemd[1]: Reloading Nginx Web Server...
webserver # [ 291.571402] nginx[4184]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 291.573170] nginx[4184]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 291.627653] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: signal 1 (SIGHUP) received from 4186, reconfiguring
webserver # [ 291.629531] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: reconfiguring
webserver # [ 291.631974] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 291.639783] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 291.643564] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-nginx-dns.example.test.target
webserver # [ 291.671158] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: using the "epoll" event method
webserver # [ 291.672495] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: start worker processes
webserver # [ 291.674600] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: start worker process 4193
(finished: waiting for unit acme-finished-nginx-dns.example.test.target, in 0.06 seconds)
webserver # [ 291.750290] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 291.755557] systemd[1]: Generate self-signed certificate for nginx-different-key.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-different-key.example.test/key.pem).
webserver # [ 291.762340] systemd[1]: Starting Renew ACME certificate for nginx-different-key.example.test...
webserver # [ 291.776261] nginx[4157]: 2024/11/28 20:57:34 [notice] 4157#4157: gracefully shutting down
webserver # [ 291.777491] nginx[4157]: 2024/11/28 20:57:34 [notice] 4157#4157: exiting
webserver # [ 291.778640] nginx[4157]: 2024/11/28 20:57:34 [notice] 4157#4157: exit
webserver # [ 291.782163] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: signal 17 (SIGCHLD) received from 4157
webserver # [ 291.783604] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: worker process 4157 exited with code 0
webserver # [ 291.784906] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: signal 29 (SIGIO) received
webserver # [ 291.833576] acme-nginx-different-key.example.test-start[4199]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 291.837067] acme-nginx-different-key.example.test-start[4199]: Acquired lock /run/acme/2.lock
webserver # [ 291.838311] acme-nginx-different-key.example.test-start[4199]: + set -euo pipefail
webserver # [ 291.840107] acme-nginx-different-key.example.test-start[4201]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 291.846967] acme-nginx-different-key.example.test-start[4201]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 291.855853] acme-nginx-different-key.example.test-start[4199]: + echo 4e6cd57b5b6e5fd2c9cb
webserver # [ 291.857125] acme-nginx-different-key.example.test-start[4199]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 291.861971] acme-nginx-different-key.example.test-start[4199]: + '[' -e certificates/nginx-different-key.example.test.key ']'
webserver # [ 291.863598] acme-nginx-different-key.example.test-start[4199]: + '[' -e certificates/nginx-different-key.example.test.crt ']'
webserver # [ 291.865739] acme-nginx-different-key.example.test-start[4204]: ++ find accounts -name [email protected]
webserver # [ 291.874061] acme-nginx-different-key.example.test-start[4199]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 291.875907] acme-nginx-different-key.example.test-start[4199]: + lego --accept-tos --path . -d nginx-different-key.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-different-key-alias.example.test renew --no-random-sleep --days 30
acme # [ 292.332828] pebble[681]: Pebble 2024/11/28 20:57:34 GET /dir -> calling handler()
webserver # [ 291.966319] acme-nginx-different-key.example.test-start[4205]: 2024/11/28 20:57:34 [nginx-different-key.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 291.972541] acme-nginx-different-key.example.test-start[4199]: + mv domainhash.txt certificates/
webserver # [ 291.980367] acme-nginx-different-key.example.test-start[4199]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-different-key.example.test.crt certificates/nginx-different-key.example.test.issuer.crt certificates/nginx-different-key.example.test.json certificates/nginx-different-key.example.test.key
webserver # [ 291.993144] acme-nginx-different-key.example.test-start[4199]: + cmp -s certificates/nginx-different-key.example.test.crt out/fullchain.pem
webserver # [ 291.998816] acme-nginx-different-key.example.test-start[4199]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 292.005851] acme-nginx-different-key.example.test-start[4199]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 292.007500] acme-nginx-different-key.example.test-start[4199]: Releasing lock /run/acme/2.lock
webserver # [ 292.054742] systemd[1]: acme-nginx-different-key.example.test.service: Deactivated successfully.
webserver # [ 292.057126] systemd[1]: Finished Renew ACME certificate for nginx-different-key.example.test.
webserver # [ 292.059447] systemd[1]: acme-nginx-different-key.example.test.service: Consumed 155ms CPU time, 19.8M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 292.070124] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 292.140289] systemd[1]: Reloading Nginx Web Server...
webserver # [ 292.220842] nginx[4222]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 292.222673] nginx[4222]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 292.280259] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: signal 1 (SIGHUP) received from 4224, reconfiguring
webserver # [ 292.282082] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: reconfiguring
webserver # [ 292.285399] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 292.292599] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 292.297668] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-nginx-different-key.example.test.target
webserver # [ 292.324902] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: using the "epoll" event method
webserver # [ 292.326245] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: start worker processes
webserver # [ 292.327461] nginx[4059]: 2024/11/28 20:57:34 [notice] 4059#4059: start worker process 4230
(finished: waiting for unit acme-finished-nginx-different-key.example.test.target, in 0.07 seconds)
webserver: waiting for unit nginx.service
webserver # [ 292.424825] nginx[4193]: 2024/11/28 20:57:35 [notice] 4193#4193: gracefully shutting down
webserver # [ 292.427364] nginx[4193]: 2024/11/28 20:57:35 [notice] 4193#4193: exiting
webserver # [ 292.428538] nginx[4193]: 2024/11/28 20:57:35 [notice] 4193#4193: exit
(finished: waiting for unit nginx.service, in 0.06 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/cert.pem
webserver # [ 292.432383] nginx[4059]: 2024/11/28 20:57:35 [notice] 4059#4059: signal 17 (SIGCHLD) received from 4193
webserver # [ 292.434484] nginx[4059]: 2024/11/28 20:57:35 [notice] 4059#4059: worker process 4193 exited with code 0
webserver # [ 292.436121] nginx[4059]: 2024/11/28 20:57:35 [notice] 4059#4059: signal 29 (SIGIO) received
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/cert.pem, in 0.05 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/fullchain.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-dns.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-dns.example.test/cert.pem, in 0.05 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-dns.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-dns.example.test/fullchain.pem, in 0.05 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-different-key.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-different-key.example.test/cert.pem, in 0.05 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-different-key.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-different-key.example.test/fullchain.pem, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-http.example.test -connect nginx-http.example.test:443 < /dev/null 2>&1
webserver # [ 292.738246] nginx[4230]: 2024/11/28 20:57:35 [info] 4230#4230: *13 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-http.example.test -connect nginx-http.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-http-alias.example.test -connect nginx-http-alias.example.test:443 < /dev/null 2>&1
webserver # [ 292.775556] nginx[4230]: 2024/11/28 20:57:35 [info] 4230#4230: *14 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-http-alias.example.test -connect nginx-http-alias.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-dns.example.test -connect nginx-dns.example.test:443 < /dev/null 2>&1
webserver # [ 292.807610] nginx[4230]: 2024/11/28 20:57:35 [info] 4230#4230: *15 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-dns.example.test -connect nginx-dns.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-dns-alias.example.test -connect nginx-dns-alias.example.test:443 < /dev/null 2>&1
webserver # [ 292.838662] nginx[4230]: 2024/11/28 20:57:35 [info] 4230#4230: *16 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-dns-alias.example.test -connect nginx-dns-alias.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-wildcard.example.test -connect nginx-wildcard.example.test:443 < /dev/null 2>&1
webserver # [ 292.869904] nginx[4230]: 2024/11/28 20:57:35 [info] 4230#4230: *17 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-wildcard.example.test -connect nginx-wildcard.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-wildcard-alias.example.test -connect nginx-wildcard-alias.example.test:443 < /dev/null 2>&1
webserver # [ 292.902360] nginx[4230]: 2024/11/28 20:57:35 [info] 4230#4230: *18 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-wildcard-alias.example.test -connect nginx-wildcard-alias.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-different-key.example.test -connect nginx-different-key.example.test:443 < /dev/null 2>&1
webserver # [ 292.935129] nginx[4230]: 2024/11/28 20:57:35 [info] 4230#4230: *19 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-different-key.example.test -connect nginx-different-key.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-different-key-alias.example.test -connect nginx-different-key-alias.example.test:443 < /dev/null 2>&1
webserver # [ 292.966542] nginx[4230]: 2024/11/28 20:57:35 [info] 4230#4230: *20 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-different-key-alias.example.test -connect nginx-different-key-alias.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
(finished: subtest: Works with nginx, in 91.50 seconds)
subtest: Can reload nginx when timer triggers renewal
webserver: must succeed: systemctl clean acme-nginx-http.example.test.service --what=state
webserver # [ 293.020116] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
(finished: must succeed: systemctl clean acme-nginx-http.example.test.service --what=state, in 0.06 seconds)
webserver: must succeed: systemctl start acme-selfsigned-nginx-http.example.test.service
webserver # [ 293.061370] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 293.067941] systemd[1]: Starting Generate self-signed certificate for nginx-http.example.test...
webserver # [ 293.130782] acme-selfsigned-nginx-http.example.test-start[4262]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 293.134911] acme-selfsigned-nginx-http.example.test-start[4262]: Acquired lock /run/acme/4.lock
webserver # [ 293.184246] acme-selfsigned-nginx-http.example.test-start[4262]: Releasing lock /run/acme/4.lock
webserver # [ 293.187788] systemd[1]: acme-selfsigned-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 293.190676] systemd[1]: Finished Generate self-signed certificate for nginx-http.example.test.
(finished: must succeed: systemctl start acme-selfsigned-nginx-http.example.test.service, in 0.18 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/cert.pem, in 0.05 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/fullchain.pem, in 0.06 seconds)
webserver: must succeed: systemctl start nginx-config-reload.service
webserver # [ 293.353379] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 293.429733] systemd[1]: Reloading Nginx Web Server...
webserver # [ 293.526857] nginx[4289]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 293.529085] nginx[4289]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 293.593688] nginx[4059]: 2024/11/28 20:57:36 [notice] 4059#4059: signal 1 (SIGHUP) received from 4291, reconfiguring
webserver # [ 293.595862] nginx[4059]: 2024/11/28 20:57:36 [notice] 4059#4059: reconfiguring
webserver # [ 293.602129] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 293.607580] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 293.616715] systemd[1]: Finished nginx-config-reload.service.
(finished: must succeed: systemctl start nginx-config-reload.service, in 0.31 seconds)
webserver: must succeed: systemctl start test-renew-nginx.target
webserver # [ 293.645142] nginx[4059]: 2024/11/28 20:57:36 [notice] 4059#4059: using the "epoll" event method
webserver # [ 293.647326] nginx[4059]: 2024/11/28 20:57:36 [notice] 4059#4059: start worker processes
webserver # [ 293.649560] nginx[4059]: 2024/11/28 20:57:36 [notice] 4059#4059: start worker process 4297
webserver # [ 293.671883] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 293.675171] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 293.685235] systemd[1]: Starting Renew ACME certificate for nginx-http.example.test...
webserver # [ 293.749295] acme-nginx-http.example.test-start[4299]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 293.751506] nginx[4230]: 2024/11/28 20:57:36 [notice] 4230#4230: gracefully shutting down
webserver # [ 293.753187] nginx[4230]: 2024/11/28 20:57:36 [notice] 4230#4230: exiting
webserver # [ 293.754409] nginx[4230]: 2024/11/28 20:57:36 [notice] 4230#4230: exit
webserver # [ 293.757890] acme-nginx-http.example.test-start[4299]: Acquired lock /run/acme/4.lock
webserver # [ 293.759102] acme-nginx-http.example.test-start[4299]: + set -euo pipefail
webserver # [ 293.760685] acme-nginx-http.example.test-start[4301]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 293.763127] nginx[4059]: 2024/11/28 20:57:36 [notice] 4059#4059: signal 17 (SIGCHLD) received from 4230
webserver # [ 293.765202] nginx[4059]: 2024/11/28 20:57:36 [notice] 4059#4059: worker process 4230 exited with code 0
webserver # [ 293.766948] nginx[4059]: 2024/11/28 20:57:36 [notice] 4059#4059: signal 29 (SIGIO) received
webserver # [ 293.772791] acme-nginx-http.example.test-start[4301]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 293.781489] acme-nginx-http.example.test-start[4299]: + echo 197b6592b1395f3f8747
webserver # [ 293.783203] acme-nginx-http.example.test-start[4299]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 293.787923] acme-nginx-http.example.test-start[4299]: + lego --accept-tos --path . -d nginx-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-http-alias.example.test run
webserver # [ 293.841304] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 No key found for account [email protected]. Generating a P256 key.
webserver # [ 293.843734] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 Saved key to accounts/acme.test/[email protected]/keys/[email protected]
acme # [ 294.251549] pebble[681]: Pebble 2024/11/28 20:57:36 GET /dir -> calling handler()
webserver # [ 293.884369] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] acme: Registering account for [email protected]
acme # [ 294.253594] pebble[681]: Pebble 2024/11/28 20:57:36 HEAD /nonce-plz -> calling handler()
acme # [ 294.255201] pebble[681]: Pebble 2024/11/28 20:57:36 POST /sign-me-up -> calling handler()
acme # [ 294.256499] pebble[681]: Pebble 2024/11/28 20:57:36 There are now 5 accounts in memory
webserver # [ 293.890397] acme-nginx-http.example.test-start[4304]: !!!! HEADS UP !!!!
webserver # [ 293.891454] acme-nginx-http.example.test-start[4304]: Your account credentials have been saved in your Let's Encrypt
webserver # [ 293.892956] acme-nginx-http.example.test-start[4304]: configuration directory at "accounts".
webserver # [ 293.894214] acme-nginx-http.example.test-start[4304]: You should make a secure backup of this folder now. This
webserver # [ 293.895678] acme-nginx-http.example.test-start[4304]: configuration directory will also contain certificates and
webserver # [ 293.897139] acme-nginx-http.example.test-start[4304]: private keys obtained from Let's Encrypt so making regular
acme # [ 294.267196] pebble[681]: Pebble 2024/11/28 20:57:36 POST /order-plz -> calling handler()
webserver # [ 293.899333] acme-nginx-http.example.test-start[4304]: backups of this folder is ideal.
acme # [ 294.269045] pebble[681]: Pebble 2024/11/28 20:57:36 There are now 21 authorizations in the db
webserver # [ 293.900550] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] [nginx-http.example.test, nginx-http-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 294.270263] pebble[681]: Pebble 2024/11/28 20:57:36 There are now 22 authorizations in the db
acme # [ 294.271468] pebble[681]: Pebble 2024/11/28 20:57:36 Added order "bl6MyM4ySoFmLrYgmr5Xr81W5fSlF5JsuBALTUxWfeY" to the db
acme # [ 294.272960] pebble[681]: Pebble 2024/11/28 20:57:36 There are now 20 orders in the db
acme # [ 294.328080] pebble[681]: Pebble 2024/11/28 20:57:36 POST /authZ/ -> calling handler()
acme # [ 294.384580] pebble[681]: Pebble 2024/11/28 20:57:37 POST /authZ/ -> calling handler()
acme # [ 294.386085] pebble[681]: Pebble 2024/11/28 20:57:37 POST /chalZ/ -> calling handler()
webserver # [ 294.017479] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] [nginx-http-alias.example.test] AuthURL: https://acme.test/authZ/spPXyqHCmiFovBBi76mB-X2y6rt5CT1eAKNCVRxQE0o
webserver # [ 294.019874] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] [nginx-http.example.test] AuthURL: https://acme.test/authZ/IClMweGzhKkIu3Wu1P0wgFt_ohwLG1eQBCYxewaL6OY
webserver # [ 294.022172] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] [nginx-http-alias.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 294.388255] pebble[681]: Pebble 2024/11/28 20:57:37 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-http-alias.example.test"}, Challenge:(*core.Challenge)(0xc00009b0e0), Account:(*core.Account)(0xc0001285a0), AccountURL:"https://acme.test/my-account/3dcb4cc8d0a7426e", Wildcard:false}
webserver # [ 294.024141] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] [nginx-http-alias.example.test] acme: use http-01 solver
acme # [ 294.392699] pebble[681]: Pebble 2024/11/28 20:57:37 Starting 3 validations.
webserver # [ 294.025877] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] [nginx-http.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 294.394271] pebble[681]: Pebble 2024/11/28 20:57:37 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/JP0Y_Wnz-gAm7mY4g8lbQsIiGiDDg_tFeRrOtk7F9L4
webserver # [ 294.027769] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] [nginx-http.example.test] acme: use http-01 solver
webserver # [ 294.029443] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:36 [INFO] [nginx-http-alias.example.test] acme: Trying to solve HTTP-01
acme # [ 294.397289] pebble[681]: Pebble 2024/11/28 20:57:37 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/JP0Y_Wnz-gAm7mY4g8lbQsIiGiDDg_tFeRrOtk7F9L4
acme # [ 294.400979] pebble[681]: Pebble 2024/11/28 20:57:37 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/JP0Y_Wnz-gAm7mY4g8lbQsIiGiDDg_tFeRrOtk7F9L4
acme # [ 294.404638] pebble[681]: Pebble 2024/11/28 20:57:37 POST /authZ/ -> calling handler()
acme # [ 294.408923] pebble[681]: Pebble 2024/11/28 20:57:37 authz spPXyqHCmiFovBBi76mB-X2y6rt5CT1eAKNCVRxQE0o set VALID by completed challenge nP6FetGDojbFCMiMeyRj6ZitcGfFPiDN_VuohSJHlpw
acme # [ 300.095509] pebble[681]: Pebble 2024/11/28 20:57:42 POST /authZ/ -> calling handler()
webserver # [ 299.728116] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:42 [INFO] [nginx-http-alias.example.test] The server validated our request
acme # [ 300.097539] pebble[681]: Pebble 2024/11/28 20:57:42 POST /chalZ/ -> calling handler()
webserver # [ 299.729965] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:42 [INFO] [nginx-http.example.test] acme: Trying to solve HTTP-01
acme # [ 300.099744] pebble[681]: Pebble 2024/11/28 20:57:42 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-http.example.test"}, Challenge:(*core.Challenge)(0xc00009bea0), Account:(*core.Account)(0xc0001285a0), AccountURL:"https://acme.test/my-account/3dcb4cc8d0a7426e", Wildcard:false}
acme # [ 300.104597] pebble[681]: Pebble 2024/11/28 20:57:42 Starting 3 validations.
acme # [ 300.106320] pebble[681]: Pebble 2024/11/28 20:57:42 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/oZiQLYU2QLSo80KO2Szpv_XNkJvoHYR7ixo3eQQ3Z-M
acme # [ 300.109849] pebble[681]: Pebble 2024/11/28 20:57:42 POST /authZ/ -> calling handler()
acme # [ 300.111989] pebble[681]: Pebble 2024/11/28 20:57:42 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/oZiQLYU2QLSo80KO2Szpv_XNkJvoHYR7ixo3eQQ3Z-M
acme # [ 300.115510] pebble[681]: Pebble 2024/11/28 20:57:42 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/oZiQLYU2QLSo80KO2Szpv_XNkJvoHYR7ixo3eQQ3Z-M
acme # [ 300.123930] pebble[681]: Pebble 2024/11/28 20:57:42 authz IClMweGzhKkIu3Wu1P0wgFt_ohwLG1eQBCYxewaL6OY set VALID by completed challenge UxSGilUXN6mWiBoXc4u6nS5BaS8P480dkYpPKEspob0
acme # [ 306.221156] pebble[681]: Pebble 2024/11/28 20:57:48 POST /authZ/ -> calling handler()
webserver # [ 305.854156] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:48 [INFO] [nginx-http.example.test] The server validated our request
acme # [ 306.223724] pebble[681]: Pebble 2024/11/28 20:57:48 POST /finalize-order/ -> calling handler()
webserver # [ 305.856992] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:48 [INFO] [nginx-http.example.test, nginx-http-alias.example.test] acme: Validations succeeded; requesting certificates
acme # [ 306.225379] pebble[681]: Pebble 2024/11/28 20:57:48 Order bl6MyM4ySoFmLrYgmr5Xr81W5fSlF5JsuBALTUxWfeY is fully authorized. Processing finalization
webserver # [ 305.860058] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:48 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 306.229898] pebble[681]: Pebble 2024/11/28 20:57:48 Issued certificate serial 30e586c8364c90cd for order bl6MyM4ySoFmLrYgmr5Xr81W5fSlF5JsuBALTUxWfeY
acme # [ 306.232270] pebble[681]: Pebble 2024/11/28 20:57:48 POST /my-order/ -> calling handler()
acme # [ 306.235159] pebble[681]: Pebble 2024/11/28 20:57:48 POST /certZ/ -> calling handler()
webserver # [ 305.867525] acme-nginx-http.example.test-start[4304]: 2024/11/28 20:57:48 [INFO] [nginx-http.example.test] Server responded with a certificate.
webserver # [ 305.875395] acme-nginx-http.example.test-start[4299]: + mv domainhash.txt certificates/
webserver # [ 305.882813] acme-nginx-http.example.test-start[4299]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-http.example.test.crt certificates/nginx-http.example.test.issuer.crt certificates/nginx-http.example.test.json certificates/nginx-http.example.test.key
webserver # [ 305.895235] acme-nginx-http.example.test-start[4299]: + cmp -s certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 305.900389] acme-nginx-http.example.test-start[4299]: + touch out/renewed
webserver # [ 305.906664] acme-nginx-http.example.test-start[4299]: + echo Installing new certificate
webserver # [ 305.908124] acme-nginx-http.example.test-start[4299]: Installing new certificate
webserver # [ 305.909638] acme-nginx-http.example.test-start[4299]: + cp -vp certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 305.916228] acme-nginx-http.example.test-start[4313]: 'certificates/nginx-http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 305.919120] acme-nginx-http.example.test-start[4299]: + cp -vp certificates/nginx-http.example.test.key out/key.pem
webserver # [ 305.925087] acme-nginx-http.example.test-start[4314]: 'certificates/nginx-http.example.test.key' -> 'out/key.pem'
webserver # [ 305.927730] acme-nginx-http.example.test-start[4299]: + cp -vp certificates/nginx-http.example.test.issuer.crt out/chain.pem
webserver # [ 305.933494] acme-nginx-http.example.test-start[4315]: 'certificates/nginx-http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 305.935848] acme-nginx-http.example.test-start[4299]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 305.942203] acme-nginx-http.example.test-start[4299]: + cat out/key.pem out/fullchain.pem
webserver # [ 305.949106] acme-nginx-http.example.test-start[4299]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 305.956165] acme-nginx-http.example.test-start[4299]: + echo 'Releasing lock /run/acme/4.lock'
webserver # [ 305.958077] acme-nginx-http.example.test-start[4299]: Releasing lock /run/acme/4.lock
webserver # [ 306.008094] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 306.014380] systemd[1]: Finished Renew ACME certificate for nginx-http.example.test.
webserver # [ 306.015978] systemd[1]: acme-nginx-http.example.test.service: Consumed 177ms CPU time, 20.2M memory peak, 20K written to disk, 16.8K incoming IP traffic, 10.7K outgoing IP traffic.
webserver # [ 306.026106] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 306.096503] systemd[1]: Reloading Nginx Web Server...
webserver # [ 306.175393] nginx[4328]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 306.177432] nginx[4328]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 306.242602] nginx[4059]: 2024/11/28 20:57:48 [notice] 4059#4059: signal 1 (SIGHUP) received from 4330, reconfiguring
webserver # [ 306.244776] nginx[4059]: 2024/11/28 20:57:48 [notice] 4059#4059: reconfiguring
webserver # [ 306.248701] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 306.256601] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 306.260985] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 306.267618] systemd[1]: Reached target test-renew-nginx.target.
(finished: must succeed: systemctl start test-renew-nginx.target, in 12.65 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/cert.pem
webserver # [ 306.288761] nginx[4059]: 2024/11/28 20:57:48 [notice] 4059#4059: using the "epoll" event method
webserver # [ 306.291233] nginx[4059]: 2024/11/28 20:57:48 [notice] 4059#4059: start worker processes
webserver # [ 306.293387] nginx[4059]: 2024/11/28 20:57:48 [notice] 4059#4059: start worker process 4336
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/cert.pem, in 0.06 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/nginx-http.example.test/fullchain.pem, in 0.05 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-http.example.test -connect nginx-http.example.test:443 < /dev/null 2>&1
webserver # [ 306.396391] nginx[4297]: 2024/11/28 20:57:49 [notice] 4297#4297: gracefully shutting down
webserver # [ 306.398759] nginx[4297]: 2024/11/28 20:57:49 [notice] 4297#4297: exiting
webserver # [ 306.399826] nginx[4297]: 2024/11/28 20:57:49 [notice] 4297#4297: exit
webserver # [ 306.403655] nginx[4059]: 2024/11/28 20:57:49 [notice] 4059#4059: signal 17 (SIGCHLD) received from 4297
webserver # [ 306.405075] nginx[4059]: 2024/11/28 20:57:49 [notice] 4059#4059: worker process 4297 exited with code 0
webserver # [ 306.406543] nginx[4059]: 2024/11/28 20:57:49 [notice] 4059#4059: signal 29 (SIGIO) received
webserver # [ 306.411352] nginx[4336]: 2024/11/28 20:57:49 [info] 4336#4336: *27 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-http.example.test -connect nginx-http.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
(finished: subtest: Can reload nginx when timer triggers renewal, in 13.44 seconds)
subtest: Can remove an alias from a domain + cert is updated
webserver: must succeed: /tmp/specialisation/nginx_remove_alias/bin/switch-to-configuration test
webserver # [ 306.987765] nixos[4348]: switching to system configuration /nix/store/jz2h1kfvjhfrxah2z9rsnl58051bavjf-nixos-system-webserver-test
webserver # [ 306.990646] systemd[1]: Stopped target Local File Systems.
webserver # [ 306.993046] systemd[1]: Stopped target Remote File Systems.
webserver # activating the configuration...
webserver # [ 307.418129] systemd[1]: Reload requested from client PID 4348 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 307.419869] systemd[1]: Reloading...
webserver # [ 307.654850] systemd-ssh-generator[4406]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 307.991084] systemd[1]: Reloading finished in 568 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 308.009728] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 308.010727] systemd[1]: Stopping Reactivate sysinit units...
webserver # restarting the following units: nginx.service
webserver # [ 308.013094] systemd[1]: Reached target Reactivate sysinit units.
webserver # [ 308.015834] nginx[4059]: 2024/11/28 20:57:50 [notice] 4059#4059: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 308.018400] nginx[4336]: 2024/11/28 20:57:50 [notice] 4336#4336: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 308.020169] nginx[4336]: 2024/11/28 20:57:50 [notice] 4336#4336: exiting
webserver # [ 308.021303] nginx[4336]: 2024/11/28 20:57:50 [notice] 4336#4336: exit
webserver # [ 308.022540] systemd[1]: Stopping Nginx Web Server...
webserver # [ 308.028058] nginx[4059]: 2024/11/28 20:57:50 [notice] 4059#4059: signal 17 (SIGCHLD) received from 4336
webserver # [ 308.029446] nginx[4059]: 2024/11/28 20:57:50 [notice] 4059#4059: worker process 4336 exited with code 0
webserver # [ 308.030794] nginx[4059]: 2024/11/28 20:57:50 [notice] 4059#4059: exit
webserver # [ 308.034958] systemd[1]: nginx.service: Deactivated successfully.
webserver # [ 308.038071] systemd[1]: Stopped Nginx Web Server.
webserver # [ 308.047246] systemd[1]: Starting Nginx Web Server...
webserver # [ 308.142855] nginx-pre-start[4415]: nginx: the configuration file /nix/store/jw7wvyzazw327miy50h75c38vk6r1bhx-nginx.conf syntax is ok
webserver # [ 308.145091] nginx-pre-start[4415]: nginx: configuration file /nix/store/jw7wvyzazw327miy50h75c38vk6r1bhx-nginx.conf test is successful
webserver # [ 308.154654] systemd[1]: Started Nginx Web Server.
webserver # [ 308.162066] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 308.164268] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 308.172156] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 308.180360] systemd[1]: Reached target Remote File Systems.
webserver # [ 308.183976] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 308.188215] systemd[1]: Generate self-signed certificate for nginx-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-dns.example.test/key.pem).
webserver # [ 308.203376] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 308.205816] systemd[1]: Generate self-signed certificate for nginx-different-key.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-different-key.example.test/key.pem).
webserver # [ 308.218442] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 308.220586] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 308.222943] systemd[1]: Generate self-signed certificate for nginx-different-key.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-different-key.example.test/key.pem).
webserver # [ 308.225866] systemd[1]: Generate self-signed certificate for nginx-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-dns.example.test/key.pem).
webserver # [ 308.229222] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 308.237623] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 308.240171] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 308.246596] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 308.250291] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 308.265540] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 308.271211] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 308.272219] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 308.274028] systemd[1]: Reached target Local File Systems.
webserver # [ 308.274934] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 308.276482] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 308.283534] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 308.286591] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 308.312081] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 308.331882] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 308.361070] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 308.363551] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 308.364557] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 308.426548] acme-example.test-start[4418]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 308.432634] acme-example.test-start[4418]: Acquired lock /run/acme/1.lock
webserver # [ 308.433909] acme-example.test-start[4418]: + set -euo pipefail
webserver # [ 308.436162] acme-example.test-start[4418]: + echo f296e6482529fca9f20a
webserver # [ 308.437164] acme-example.test-start[4418]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 308.442383] acme-example.test-start[4418]: + '[' -e certificates/_.example.test.key ']'
webserver # [ 308.443599] acme-example.test-start[4418]: + '[' -e certificates/_.example.test.crt ']'
webserver # [ 308.444963] acme-example.test-start[4432]: ++ find accounts -name [email protected]
webserver # [ 308.458961] acme-example.test-start[4418]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 308.460755] acme-example.test-start[4418]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir renew --no-random-sleep --days 30
webserver # [ 308.472328] nginx[4417]: 2024/11/28 20:57:51 [notice] 4417#4417: using the "epoll" event method
webserver # [ 308.473844] nginx[4417]: 2024/11/28 20:57:51 [notice] 4417#4417: nginx/1.26.2
webserver # [ 308.475755] nginx[4417]: 2024/11/28 20:57:51 [notice] 4417#4417: built by gcc 13.3.0 (GCC)
webserver # [ 308.478155] nginx[4417]: 2024/11/28 20:57:51 [notice] 4417#4417: OS: Linux 6.6.63
webserver # [ 308.479441] nginx[4417]: 2024/11/28 20:57:51 [notice] 4417#4417: getrlimit(RLIMIT_NOFILE): 1024:524288
webserver # [ 308.480827] nginx[4417]: 2024/11/28 20:57:51 [notice] 4417#4417: start worker processes
webserver # [ 308.482414] nginx[4417]: 2024/11/28 20:57:51 [notice] 4417#4417: start worker process 4436
acme # [ 308.983270] pebble[681]: Pebble 2024/11/28 20:57:51 GET /dir -> calling handler()
webserver # [ 308.616366] acme-example.test-start[4435]: 2024/11/28 20:57:51 [*.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 308.624831] acme-example.test-start[4418]: + mv domainhash.txt certificates/
webserver # [ 308.632622] acme-example.test-start[4418]: + chown acme:acme certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 308.644398] acme-example.test-start[4418]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 308.649704] acme-example.test-start[4418]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 308.657852] acme-example.test-start[4418]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 308.659329] acme-example.test-start[4418]: Releasing lock /run/acme/1.lock
webserver # [ 308.708153] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 308.711096] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 308.712319] systemd[1]: acme-example.test.service: Consumed 169ms CPU time, 20.4M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
webserver # [ 308.840586] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 308.843566] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 308.851248] systemd[1]: Starting Renew ACME certificate for nginx-different-key.example.test...
webserver # [ 308.856613] systemd[1]: Starting Renew ACME certificate for nginx-dns.example.test...
webserver # [ 308.858471] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 308.862156] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 308.867797] systemd[1]: Starting Renew ACME certificate for nginx-http.example.test...
webserver # [ 309.003589] acme-nginx-different-key.example.test-start[4508]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 309.007287] acme-nginx-dns.example.test-start[4509]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 309.009388] acme-nginx-http.example.test-start[4510]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 309.012323] acme-nginx-different-key.example.test-start[4508]: Acquired lock /run/acme/2.lock
webserver # [ 309.013717] acme-nginx-different-key.example.test-start[4508]: + set -euo pipefail
webserver # [ 309.015828] acme-nginx-different-key.example.test-start[4514]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 309.018529] acme-nginx-http.example.test-start[4510]: Acquired lock /run/acme/4.lock
webserver # [ 309.020210] acme-nginx-http.example.test-start[4510]: + set -euo pipefail
webserver # [ 309.022156] acme-nginx-dns.example.test-start[4509]: Acquired lock /run/acme/3.lock
webserver # [ 309.023562] acme-nginx-dns.example.test-start[4509]: + set -euo pipefail
webserver # [ 309.025133] acme-nginx-dns.example.test-start[4509]: + echo 59d0420c322ea19728a7
webserver # [ 309.026824] acme-nginx-dns.example.test-start[4509]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 309.029155] acme-nginx-http.example.test-start[4515]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 309.033722] acme-nginx-dns.example.test-start[4509]: + '[' -e certificates/nginx-dns.example.test.key ']'
webserver # [ 309.035540] acme-nginx-dns.example.test-start[4509]: + '[' -e certificates/nginx-dns.example.test.crt ']'
webserver # [ 309.038120] acme-nginx-dns.example.test-start[4519]: ++ find accounts -name [email protected]
webserver # [ 309.039593] acme-nginx-different-key.example.test-start[4514]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 309.041889] acme-nginx-http.example.test-start[4515]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 309.053396] acme-nginx-dns.example.test-start[4509]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 309.055351] acme-nginx-dns.example.test-start[4509]: + lego --accept-tos --path . -d nginx-dns.example.test --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir -d nginx-dns-alias.example.test renew --no-random-sleep --days 30
webserver # [ 309.060090] acme-nginx-http.example.test-start[4510]: + echo aba4d0213fd23644df4a
webserver # [ 309.061287] acme-nginx-http.example.test-start[4510]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 309.063197] acme-nginx-different-key.example.test-start[4508]: + echo 4e6cd57b5b6e5fd2c9cb
webserver # [ 309.064577] acme-nginx-different-key.example.test-start[4508]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 309.071402] acme-nginx-different-key.example.test-start[4508]: + '[' -e certificates/nginx-different-key.example.test.key ']'
webserver # [ 309.072981] acme-nginx-different-key.example.test-start[4508]: + '[' -e certificates/nginx-different-key.example.test.crt ']'
webserver # [ 309.075383] acme-nginx-different-key.example.test-start[4523]: ++ find accounts -name [email protected]
webserver # [ 309.077547] acme-nginx-http.example.test-start[4510]: + lego --accept-tos --path . -d nginx-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
webserver # [ 309.092338] acme-nginx-different-key.example.test-start[4508]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 309.094696] acme-nginx-different-key.example.test-start[4508]: + lego --accept-tos --path . -d nginx-different-key.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-different-key-alias.example.test renew --no-random-sleep --days 30
acme # [ 309.679112] pebble[681]: Pebble 2024/11/28 20:57:52 GET /dir -> calling handler()
acme # [ 309.681925] pebble[681]: Pebble 2024/11/28 20:57:52 HEAD /nonce-plz -> calling handler()
webserver # [ 309.315388] acme-nginx-http.example.test-start[4524]: 2024/11/28 20:57:51 [INFO] [nginx-http.example.test] acme: Obtaining bundled SAN certificate
acme # [ 309.685944] pebble[681]: Pebble 2024/11/28 20:57:52 GET /dir -> calling handler()
acme # [ 309.688066] pebble[681]: Pebble 2024/11/28 20:57:52 POST /order-plz -> calling handler()
webserver # [ 309.321332] acme-nginx-dns.example.test-start[4520]: 2024/11/28 20:57:51 [nginx-dns.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
acme # [ 309.690329] pebble[681]: Pebble 2024/11/28 20:57:52 Added order "XBRU3P34os51cCG0M93af1GM2tM1l93d34241hAMUS8" to the db
acme # [ 309.692316] pebble[681]: Pebble 2024/11/28 20:57:52 There are now 21 orders in the db
acme # [ 309.697185] pebble[681]: Pebble 2024/11/28 20:57:52 GET /dir -> calling handler()
webserver # [ 309.331614] acme-nginx-different-key.example.test-start[4530]: 2024/11/28 20:57:51 [nginx-different-key.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 309.334927] acme-nginx-dns.example.test-start[4509]: + mv domainhash.txt certificates/
webserver # [ 309.340244] acme-nginx-different-key.example.test-start[4508]: + mv domainhash.txt certificates/
webserver # [ 309.346033] acme-nginx-dns.example.test-start[4509]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-dns.example.test.crt certificates/nginx-dns.example.test.issuer.crt certificates/nginx-dns.example.test.json certificates/nginx-dns.example.test.key
webserver # [ 309.352680] acme-nginx-different-key.example.test-start[4508]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-different-key.example.test.crt certificates/nginx-different-key.example.test.issuer.crt certificates/nginx-different-key.example.test.json certificates/nginx-different-key.example.test.key
webserver # [ 309.363692] acme-nginx-dns.example.test-start[4509]: + cmp -s certificates/nginx-dns.example.test.crt out/fullchain.pem
webserver # [ 309.369151] acme-nginx-different-key.example.test-start[4508]: + cmp -s certificates/nginx-different-key.example.test.crt out/fullchain.pem
webserver # [ 309.372146] acme-nginx-dns.example.test-start[4509]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 309.377345] acme-nginx-different-key.example.test-start[4508]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
acme # [ 309.751658] pebble[681]: Pebble 2024/11/28 20:57:52 POST /authZ/ -> calling handler()
webserver # [ 309.384284] acme-nginx-http.example.test-start[4524]: 2024/11/28 20:57:52 [INFO] [nginx-http.example.test] AuthURL: https://acme.test/authZ/IClMweGzhKkIu3Wu1P0wgFt_ohwLG1eQBCYxewaL6OY
acme # [ 309.756035] pebble[681]: Pebble 2024/11/28 20:57:52 POST /finalize-order/ -> calling handler()
webserver # [ 309.387898] acme-nginx-http.example.test-start[4524]: 2024/11/28 20:57:52 [INFO] [nginx-http.example.test] acme: authorization already valid; skipping challenge
webserver # [ 309.389846] acme-nginx-http.example.test-start[4524]: 2024/11/28 20:57:52 [INFO] [nginx-http.example.test] acme: Validations succeeded; requesting certificates
acme # [ 309.759068] pebble[681]: Pebble 2024/11/28 20:57:52 Order XBRU3P34os51cCG0M93af1GM2tM1l93d34241hAMUS8 is fully authorized. Processing finalization
webserver # [ 309.393436] acme-nginx-dns.example.test-start[4509]: + echo 'Releasing lock /run/acme/3.lock'
acme # [ 309.762551] pebble[681]: Pebble 2024/11/28 20:57:52 Issued certificate serial 71303e68b0011733 for order XBRU3P34os51cCG0M93af1GM2tM1l93d34241hAMUS8
webserver # [ 309.395392] acme-nginx-dns.example.test-start[4509]: Releasing lock /run/acme/3.lock
webserver # [ 309.398762] acme-nginx-http.example.test-start[4524]: 2024/11/28 20:57:52 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 309.769364] pebble[681]: Pebble 2024/11/28 20:57:52 POST /my-order/ -> calling handler()
webserver # [ 309.403811] acme-nginx-different-key.example.test-start[4508]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 309.405242] acme-nginx-different-key.example.test-start[4508]: Releasing lock /run/acme/2.lock
acme # [ 309.776211] pebble[681]: Pebble 2024/11/28 20:57:52 POST /certZ/ -> calling handler()
webserver # [ 309.411377] acme-nginx-http.example.test-start[4524]: 2024/11/28 20:57:52 [INFO] [nginx-http.example.test] Server responded with a certificate.
webserver # [ 309.427585] acme-nginx-http.example.test-start[4510]: + mv domainhash.txt certificates/
webserver # [ 309.440820] acme-nginx-http.example.test-start[4510]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-http.example.test.crt certificates/nginx-http.example.test.issuer.crt certificates/nginx-http.example.test.json certificates/nginx-http.example.test.key
webserver # [ 309.457083] acme-nginx-http.example.test-start[4510]: + cmp -s certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 309.467591] acme-nginx-http.example.test-start[4510]: + touch out/renewed
webserver # [ 309.479990] acme-nginx-http.example.test-start[4510]: + echo Installing new certificate
webserver # [ 309.482453] acme-nginx-http.example.test-start[4510]: Installing new certificate
webserver # [ 309.483857] acme-nginx-http.example.test-start[4510]: + cp -vp certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 309.491932] acme-nginx-http.example.test-start[4554]: 'certificates/nginx-http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 309.494597] acme-nginx-http.example.test-start[4510]: + cp -vp certificates/nginx-http.example.test.key out/key.pem
webserver # [ 309.504510] systemd[1]: acme-nginx-dns.example.test.service: Deactivated successfully.
webserver # [ 309.507422] acme-nginx-http.example.test-start[4555]: 'certificates/nginx-http.example.test.key' -> 'out/key.pem'
webserver # [ 309.509776] systemd[1]: Finished Renew ACME certificate for nginx-dns.example.test.
webserver # [ 309.512145] systemd[1]: acme-nginx-dns.example.test.service: Consumed 154ms CPU time, 20.2M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
webserver # [ 309.514258] acme-nginx-http.example.test-start[4510]: + cp -vp certificates/nginx-http.example.test.issuer.crt out/chain.pem
webserver # [ 309.522842] systemd[1]: acme-nginx-different-key.example.test.service: Deactivated successfully.
webserver # [ 309.524983] acme-nginx-http.example.test-start[4557]: 'certificates/nginx-http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 309.528697] systemd[1]: Finished Renew ACME certificate for nginx-different-key.example.test.
webserver # [ 309.530719] systemd[1]: acme-nginx-different-key.example.test.service: Consumed 153ms CPU time, 19.9M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
webserver # [ 309.533515] acme-nginx-http.example.test-start[4510]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 309.543951] acme-nginx-http.example.test-start[4510]: + cat out/key.pem out/fullchain.pem
webserver # [ 309.551409] acme-nginx-http.example.test-start[4510]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 309.559131] acme-nginx-http.example.test-start[4510]: + echo 'Releasing lock /run/acme/4.lock'
webserver # [ 309.560692] acme-nginx-http.example.test-start[4510]: Releasing lock /run/acme/4.lock
webserver # [ 309.610225] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 309.615060] systemd[1]: Finished Renew ACME certificate for nginx-http.example.test.
webserver # [ 309.616305] systemd[1]: acme-nginx-http.example.test.service: Consumed 169ms CPU time, 20M memory peak, 8.1K incoming IP traffic, 4.9K outgoing IP traffic.
webserver # [ 309.626782] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 309.696513] systemd[1]: Reloading Nginx Web Server...
webserver # [ 309.776074] nginx[4575]: nginx: the configuration file /nix/store/jw7wvyzazw327miy50h75c38vk6r1bhx-nginx.conf syntax is ok
webserver # [ 309.777952] nginx[4575]: nginx: configuration file /nix/store/jw7wvyzazw327miy50h75c38vk6r1bhx-nginx.conf test is successful
webserver # [ 309.836758] nginx[4417]: 2024/11/28 20:57:52 [notice] 4417#4417: signal 1 (SIGHUP) received from 4577, reconfiguring
webserver # [ 309.838740] nginx[4417]: 2024/11/28 20:57:52 [notice] 4417#4417: reconfiguring
webserver # [ 309.842975] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 309.851258] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 309.852923] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 309.873213] nginx[4417]: 2024/11/28 20:57:52 [notice] 4417#4417: using the "epoll" event method
webserver # [ 309.874932] nginx[4417]: 2024/11/28 20:57:52 [notice] 4417#4417: start worker processes
webserver # [ 309.876547] nginx[4417]: 2024/11/28 20:57:52 [notice] 4417#4417: start worker process 4580
webserver # [ 309.979375] nginx[4436]: 2024/11/28 20:57:52 [notice] 4436#4436: gracefully shutting down
webserver # [ 309.980684] nginx[4436]: 2024/11/28 20:57:52 [notice] 4436#4436: exiting
webserver # [ 309.981719] nginx[4436]: 2024/11/28 20:57:52 [notice] 4436#4436: exit
webserver # [ 309.989653] nginx[4417]: 2024/11/28 20:57:52 [notice] 4417#4417: signal 17 (SIGCHLD) received from 4436
webserver # [ 309.991067] nginx[4417]: 2024/11/28 20:57:52 [notice] 4417#4417: worker process 4436 exited with code 0
webserver # [ 309.992542] nginx[4417]: 2024/11/28 20:57:52 [notice] 4417#4417: signal 29 (SIGIO) received
webserver # [ 310.111315] nixos[4348]: finished switching to system configuration /nix/store/jz2h1kfvjhfrxah2z9rsnl58051bavjf-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/nginx_remove_alias/bin/switch-to-configuration test, in 3.66 seconds)
webserver: waiting for unit nginx.service
(finished: waiting for unit nginx.service, in 0.06 seconds)
webserver # [ 310.215133] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 310.217746] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 310.224648] systemd[1]: Starting Renew ACME certificate for nginx-http.example.test...
webserver # [ 310.286240] acme-nginx-http.example.test-start[4590]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 310.289648] acme-nginx-http.example.test-start[4590]: Acquired lock /run/acme/4.lock
webserver # [ 310.290891] acme-nginx-http.example.test-start[4590]: + set -euo pipefail
webserver # [ 310.292548] acme-nginx-http.example.test-start[4592]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 310.299269] acme-nginx-http.example.test-start[4592]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 310.307568] acme-nginx-http.example.test-start[4590]: + echo aba4d0213fd23644df4a
webserver # [ 310.308765] acme-nginx-http.example.test-start[4590]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 310.313388] acme-nginx-http.example.test-start[4590]: + '[' -e certificates/nginx-http.example.test.key ']'
webserver # [ 310.314800] acme-nginx-http.example.test-start[4590]: + '[' -e certificates/nginx-http.example.test.crt ']'
webserver # [ 310.316739] acme-nginx-http.example.test-start[4595]: ++ find accounts -name [email protected]
webserver # [ 310.324844] acme-nginx-http.example.test-start[4590]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 310.326665] acme-nginx-http.example.test-start[4590]: + lego --accept-tos --path . -d nginx-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 310.781353] pebble[681]: Pebble 2024/11/28 20:57:53 GET /dir -> calling handler()
webserver # [ 310.414356] acme-nginx-http.example.test-start[4596]: 2024/11/28 20:57:53 [nginx-http.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 310.421701] acme-nginx-http.example.test-start[4590]: + mv domainhash.txt certificates/
webserver # [ 310.428686] acme-nginx-http.example.test-start[4590]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-http.example.test.crt certificates/nginx-http.example.test.issuer.crt certificates/nginx-http.example.test.json certificates/nginx-http.example.test.key
webserver # [ 310.438878] acme-nginx-http.example.test-start[4590]: + cmp -s certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 310.443715] acme-nginx-http.example.test-start[4590]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 310.450563] acme-nginx-http.example.test-start[4590]: + echo 'Releasing lock /run/acme/4.lock'
webserver # [ 310.452124] acme-nginx-http.example.test-start[4590]: Releasing lock /run/acme/4.lock
webserver # [ 310.491491] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 310.496674] systemd[1]: Finished Renew ACME certificate for nginx-http.example.test.
webserver # [ 310.498246] systemd[1]: acme-nginx-http.example.test.service: Consumed 149ms CPU time, 20.6M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 310.507948] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 310.569265] systemd[1]: Reloading Nginx Web Server...
webserver # [ 310.644502] nginx[4612]: nginx: the configuration file /nix/store/jw7wvyzazw327miy50h75c38vk6r1bhx-nginx.conf syntax is ok
webserver # [ 310.646351] nginx[4612]: nginx: configuration file /nix/store/jw7wvyzazw327miy50h75c38vk6r1bhx-nginx.conf test is successful
webserver # [ 310.700457] nginx[4417]: 2024/11/28 20:57:53 [notice] 4417#4417: signal 1 (SIGHUP) received from 4614, reconfiguring
webserver # [ 310.702414] nginx[4417]: 2024/11/28 20:57:53 [notice] 4417#4417: reconfiguring
webserver # [ 310.710202] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 310.713303] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 310.715382] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-nginx-http.example.test.target
webserver # [ 310.744461] nginx[4417]: 2024/11/28 20:57:53 [notice] 4417#4417: using the "epoll" event method
webserver # [ 310.746348] nginx[4417]: 2024/11/28 20:57:53 [notice] 4417#4417: start worker processes
webserver # [ 310.748348] nginx[4417]: 2024/11/28 20:57:53 [notice] 4417#4417: start worker process 4621
(finished: waiting for unit acme-finished-nginx-http.example.test.target, in 0.06 seconds)
webserver: waiting for unit nginx.service
(finished: waiting for unit nginx.service, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-http.example.test -connect nginx-http.example.test:443 < /dev/null 2>&1
webserver # [ 310.851247] nginx[4580]: 2024/11/28 20:57:53 [notice] 4580#4580: gracefully shutting down
webserver # [ 310.852635] nginx[4580]: 2024/11/28 20:57:53 [notice] 4580#4580: exiting
webserver # [ 310.853919] nginx[4580]: 2024/11/28 20:57:53 [notice] 4580#4580: exit
webserver # [ 310.856701] nginx[4417]: 2024/11/28 20:57:53 [notice] 4417#4417: signal 17 (SIGCHLD) received from 4580
webserver # [ 310.858226] nginx[4417]: 2024/11/28 20:57:53 [notice] 4417#4417: worker process 4580 exited with code 0
webserver # [ 310.859727] nginx[4417]: 2024/11/28 20:57:53 [notice] 4417#4417: signal 29 (SIGIO) received
webserver # [ 310.863638] nginx[4621]: 2024/11/28 20:57:53 [info] 4621#4621: *1 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername nginx-http.example.test -connect nginx-http.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
webserver # [ 310.918199] nginx[4621]: 2024/11/28 20:57:53 [info] 4621#4621: *2 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: subtest: Can remove an alias from a domain + cert is updated, in 4.53 seconds)
subtest: security.acme changes reflect on web server
webserver: must succeed: /tmp/specialisation/nginx/bin/switch-to-configuration test
webserver # [ 311.436709] nixos[4634]: switching to system configuration /nix/store/i8vd95jlwxlwyp2rpya6i08bl5ssv80p-nixos-system-webserver-test
webserver # [ 311.439691] systemd[1]: Stopped target Local File Systems.
webserver # [ 311.442247] systemd[1]: Stopped target Remote File Systems.
webserver # activating the configuration...
webserver # [ 311.808076] systemd[1]: Reload requested from client PID 4634 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 311.810045] systemd[1]: Reloading...
webserver # [ 312.054093] systemd-ssh-generator[4692]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 312.299577] systemd[1]: Reloading finished in 487 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 312.318928] systemd[1]: Stopped target Reactivate sysinit units.
webserver # restarting the following units: nginx.service
webserver # [ 312.321414] systemd[1]: Stopping Reactivate sysinit units...
webserver # [ 312.322328] systemd[1]: Reached target Reactivate sysinit units.
webserver # [ 312.324524] nginx[4417]: 2024/11/28 20:57:54 [notice] 4417#4417: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 312.327353] nginx[4621]: 2024/11/28 20:57:54 [notice] 4621#4621: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 312.329235] nginx[4621]: 2024/11/28 20:57:54 [notice] 4621#4621: exiting
webserver # [ 312.330679] nginx[4621]: 2024/11/28 20:57:54 [notice] 4621#4621: exit
webserver # [ 312.331709] systemd[1]: Stopping Nginx Web Server...
webserver # [ 312.336066] nginx[4417]: 2024/11/28 20:57:54 [notice] 4417#4417: signal 17 (SIGCHLD) received from 4621
webserver # [ 312.337438] nginx[4417]: 2024/11/28 20:57:54 [notice] 4417#4417: worker process 4621 exited with code 0
webserver # [ 312.338809] nginx[4417]: 2024/11/28 20:57:54 [notice] 4417#4417: exit
webserver # [ 312.343375] systemd[1]: nginx.service: Deactivated successfully.
webserver # [ 312.347077] systemd[1]: Stopped Nginx Web Server.
webserver # [ 312.356198] systemd[1]: Starting Nginx Web Server...
webserver # [ 312.446386] nginx-pre-start[4701]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 312.448714] nginx-pre-start[4701]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 312.456260] systemd[1]: Started Nginx Web Server.
webserver # [ 312.466146] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 312.469939] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 312.477075] systemd[1]: Starting Renew ACME certificate for nginx-http.example.test...
webserver # [ 312.487504] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 312.492476] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 312.493530] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 312.497096] systemd[1]: Reached target Local File Systems.
webserver # [ 312.498931] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 312.502586] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 312.505290] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 312.509277] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 312.518426] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 312.524945] systemd[1]: Reached target Remote File Systems.
webserver # [ 312.574173] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 312.581627] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 312.586471] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 312.590389] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 312.688462] acme-nginx-http.example.test-start[4704]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 312.693063] acme-nginx-http.example.test-start[4704]: Acquired lock /run/acme/4.lock
webserver # [ 312.694737] acme-nginx-http.example.test-start[4704]: + set -euo pipefail
webserver # [ 312.696282] acme-nginx-http.example.test-start[4720]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 312.706500] acme-nginx-http.example.test-start[4720]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 312.718095] acme-nginx-http.example.test-start[4704]: + echo 197b6592b1395f3f8747
webserver # [ 312.720151] acme-nginx-http.example.test-start[4704]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 312.724682] acme-nginx-http.example.test-start[4704]: + lego --accept-tos --path . -d nginx-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-http-alias.example.test run
webserver # [ 312.741579] nginx[4703]: 2024/11/28 20:57:55 [notice] 4703#4703: using the "epoll" event method
webserver # [ 312.744449] nginx[4703]: 2024/11/28 20:57:55 [notice] 4703#4703: nginx/1.26.2
webserver # [ 312.745539] nginx[4703]: 2024/11/28 20:57:55 [notice] 4703#4703: built by gcc 13.3.0 (GCC)
webserver # [ 312.746751] nginx[4703]: 2024/11/28 20:57:55 [notice] 4703#4703: OS: Linux 6.6.63
webserver # [ 312.747981] nginx[4703]: 2024/11/28 20:57:55 [notice] 4703#4703: getrlimit(RLIMIT_NOFILE): 1024:524288
webserver # [ 312.749946] nginx[4703]: 2024/11/28 20:57:55 [notice] 4703#4703: start worker processes
webserver # [ 312.752076] nginx[4703]: 2024/11/28 20:57:55 [notice] 4703#4703: start worker process 4728
acme # [ 313.240334] pebble[681]: Pebble 2024/11/28 20:57:55 GET /dir -> calling handler()
acme # [ 313.242356] pebble[681]: Pebble 2024/11/28 20:57:55 HEAD /nonce-plz -> calling handler()
webserver # [ 312.874297] acme-nginx-http.example.test-start[4726]: 2024/11/28 20:57:55 [INFO] [nginx-http.example.test, nginx-http-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 313.246746] pebble[681]: Pebble 2024/11/28 20:57:55 POST /order-plz -> calling handler()
acme # [ 313.247930] pebble[681]: Pebble 2024/11/28 20:57:55 Added order "yMT6Of6owcs4Be_Vm70-zmCpDAaaSXis8s8Wj5OCXn4" to the db
acme # [ 313.249434] pebble[681]: Pebble 2024/11/28 20:57:55 There are now 22 orders in the db
acme # [ 313.303532] pebble[681]: Pebble 2024/11/28 20:57:55 POST /authZ/ -> calling handler()
acme # [ 313.358827] pebble[681]: Pebble 2024/11/28 20:57:55 POST /authZ/ -> calling handler()
webserver # [ 312.993462] acme-nginx-http.example.test-start[4726]: 2024/11/28 20:57:55 [INFO] [nginx-http-alias.example.test] AuthURL: https://acme.test/authZ/IClMweGzhKkIu3Wu1P0wgFt_ohwLG1eQBCYxewaL6OY
acme # [ 313.365062] pebble[681]: Pebble 2024/11/28 20:57:55 POST /finalize-order/ -> calling handler()
webserver # [ 312.996258] acme-nginx-http.example.test-start[4726]: 2024/11/28 20:57:55 [INFO] [nginx-http.example.test] AuthURL: https://acme.test/authZ/spPXyqHCmiFovBBi76mB-X2y6rt5CT1eAKNCVRxQE0o
acme # [ 313.366338] pebble[681]: Pebble 2024/11/28 20:57:55 Order yMT6Of6owcs4Be_Vm70-zmCpDAaaSXis8s8Wj5OCXn4 is fully authorized. Processing finalization
webserver # [ 312.998819] acme-nginx-http.example.test-start[4726]: 2024/11/28 20:57:55 [INFO] [nginx-http.example.test] acme: authorization already valid; skipping challenge
webserver # [ 313.001336] acme-nginx-http.example.test-start[4726]: 2024/11/28 20:57:55 [INFO] [nginx-http-alias.example.test] acme: authorization already valid; skipping challenge
acme # [ 313.369959] pebble[681]: Pebble 2024/11/28 20:57:55 Issued certificate serial 3f39ee8946bf87cf for order yMT6Of6owcs4Be_Vm70-zmCpDAaaSXis8s8Wj5OCXn4
acme # [ 313.371975] pebble[681]: Pebble 2024/11/28 20:57:55 POST /my-order/ -> calling handler()
webserver # [ 313.003577] acme-nginx-http.example.test-start[4726]: 2024/11/28 20:57:55 [INFO] [nginx-http.example.test, nginx-http-alias.example.test] acme: Validations succeeded; requesting certificates
webserver # [ 313.006665] acme-nginx-http.example.test-start[4726]: 2024/11/28 20:57:55 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 313.376656] pebble[681]: Pebble 2024/11/28 20:57:56 POST /certZ/ -> calling handler()
webserver # [ 313.011194] acme-nginx-http.example.test-start[4726]: 2024/11/28 20:57:55 [INFO] [nginx-http.example.test] Server responded with a certificate.
webserver # [ 313.021252] acme-nginx-http.example.test-start[4704]: + mv domainhash.txt certificates/
webserver # [ 313.029103] acme-nginx-http.example.test-start[4704]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-http.example.test.crt certificates/nginx-http.example.test.issuer.crt certificates/nginx-http.example.test.json certificates/nginx-http.example.test.key
webserver # [ 313.041763] acme-nginx-http.example.test-start[4704]: + cmp -s certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 313.046846] acme-nginx-http.example.test-start[4704]: + touch out/renewed
webserver # [ 313.054111] acme-nginx-http.example.test-start[4704]: + echo Installing new certificate
webserver # [ 313.055514] acme-nginx-http.example.test-start[4704]: Installing new certificate
webserver # [ 313.056849] acme-nginx-http.example.test-start[4704]: + cp -vp certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 313.064261] acme-nginx-http.example.test-start[4788]: 'certificates/nginx-http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 313.066833] acme-nginx-http.example.test-start[4704]: + cp -vp certificates/nginx-http.example.test.key out/key.pem
webserver # [ 313.072905] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 313.076542] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 313.077643] acme-nginx-http.example.test-start[4790]: 'certificates/nginx-http.example.test.key' -> 'out/key.pem'
webserver # [ 313.082242] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 313.084607] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 313.087836] acme-nginx-http.example.test-start[4704]: + cp -vp certificates/nginx-http.example.test.issuer.crt out/chain.pem
webserver # [ 313.093397] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 313.094616] systemd[1]: Generate self-signed certificate for nginx-different-key.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-different-key.example.test/key.pem).
webserver # [ 313.098205] systemd[1]: Generate self-signed certificate for nginx-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-dns.example.test/key.pem).
webserver # [ 313.100955] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 313.106892] acme-nginx-http.example.test-start[4792]: 'certificates/nginx-http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 313.109737] acme-nginx-http.example.test-start[4704]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 313.117073] acme-nginx-http.example.test-start[4704]: + cat out/key.pem out/fullchain.pem
webserver # [ 313.125226] acme-nginx-http.example.test-start[4704]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 313.134541] acme-nginx-http.example.test-start[4704]: + echo 'Releasing lock /run/acme/4.lock'
webserver # [ 313.136091] acme-nginx-http.example.test-start[4704]: Releasing lock /run/acme/4.lock
webserver # [ 313.203611] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 313.206063] systemd[1]: Finished Renew ACME certificate for nginx-http.example.test.
webserver # [ 313.208331] systemd[1]: acme-nginx-http.example.test.service: Consumed 177ms CPU time, 20M memory peak, 9.4K incoming IP traffic, 5.8K outgoing IP traffic.
webserver # [ 313.212434] acme-example.test-start[4793]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 313.217707] acme-example.test-start[4793]: Acquired lock /run/acme/1.lock
webserver # [ 313.218788] acme-example.test-start[4793]: + set -euo pipefail
webserver # [ 313.219886] acme-example.test-start[4793]: + echo f296e6482529fca9f20a
webserver # [ 313.220981] acme-example.test-start[4793]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 313.224823] acme-example.test-start[4793]: + '[' -e certificates/_.example.test.key ']'
webserver # [ 313.226081] acme-example.test-start[4793]: + '[' -e certificates/_.example.test.crt ']'
webserver # [ 313.227796] acme-example.test-start[4805]: ++ find accounts -name [email protected]
webserver # [ 313.235257] acme-example.test-start[4793]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 313.236932] acme-example.test-start[4793]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 313.686785] pebble[681]: Pebble 2024/11/28 20:57:56 GET /dir -> calling handler()
webserver # [ 313.322278] acme-example.test-start[4806]: 2024/11/28 20:57:55 [*.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 313.328187] acme-example.test-start[4793]: + mv domainhash.txt certificates/
webserver # [ 313.334907] acme-example.test-start[4793]: + chown acme:acme certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 313.344600] acme-example.test-start[4793]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 313.349125] acme-example.test-start[4793]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 313.355752] acme-example.test-start[4793]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 313.356906] acme-example.test-start[4793]: Releasing lock /run/acme/1.lock
webserver # [ 313.395919] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 313.398126] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 313.399523] systemd[1]: acme-example.test.service: Consumed 146ms CPU time, 19.9M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 313.410597] systemd[1]: Starting Renew ACME certificate for nginx-different-key.example.test...
webserver # [ 313.415784] systemd[1]: Starting Renew ACME certificate for nginx-dns.example.test...
webserver # [ 313.513434] acme-nginx-dns.example.test-start[4820]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 313.515265] acme-nginx-different-key.example.test-start[4819]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 313.519919] acme-nginx-dns.example.test-start[4820]: Acquired lock /run/acme/3.lock
webserver # [ 313.521128] acme-nginx-dns.example.test-start[4820]: + set -euo pipefail
webserver # [ 313.522397] acme-nginx-dns.example.test-start[4820]: + echo 59d0420c322ea19728a7
webserver # [ 313.523673] acme-nginx-dns.example.test-start[4820]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 313.525304] acme-nginx-different-key.example.test-start[4819]: Acquired lock /run/acme/2.lock
webserver # [ 313.526837] acme-nginx-different-key.example.test-start[4819]: + set -euo pipefail
webserver # [ 313.528659] acme-nginx-different-key.example.test-start[4824]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 313.532727] acme-nginx-dns.example.test-start[4820]: + '[' -e certificates/nginx-dns.example.test.key ']'
webserver # [ 313.534157] acme-nginx-dns.example.test-start[4820]: + '[' -e certificates/nginx-dns.example.test.crt ']'
webserver # [ 313.536310] acme-nginx-dns.example.test-start[4826]: ++ find accounts -name [email protected]
webserver # [ 313.540152] acme-nginx-different-key.example.test-start[4824]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 313.547370] acme-nginx-dns.example.test-start[4820]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 313.549502] acme-nginx-dns.example.test-start[4820]: + lego --accept-tos --path . -d nginx-dns.example.test --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir -d nginx-dns-alias.example.test renew --no-random-sleep --days 30
webserver # [ 313.557887] acme-nginx-different-key.example.test-start[4819]: + echo 4e6cd57b5b6e5fd2c9cb
webserver # [ 313.559159] acme-nginx-different-key.example.test-start[4819]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 313.564716] acme-nginx-different-key.example.test-start[4819]: + '[' -e certificates/nginx-different-key.example.test.key ']'
webserver # [ 313.566862] acme-nginx-different-key.example.test-start[4819]: + '[' -e certificates/nginx-different-key.example.test.crt ']'
webserver # [ 313.568675] acme-nginx-different-key.example.test-start[4831]: ++ find accounts -name [email protected]
webserver # [ 313.580507] acme-nginx-different-key.example.test-start[4819]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 313.582501] acme-nginx-different-key.example.test-start[4819]: + lego --accept-tos --path . -d nginx-different-key.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-different-key-alias.example.test renew --no-random-sleep --days 30
acme # [ 314.090926] pebble[681]: Pebble 2024/11/28 20:57:56 GET /dir -> calling handler()
webserver # [ 313.726383] acme-nginx-dns.example.test-start[4827]: 2024/11/28 20:57:56 [nginx-dns.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 313.734986] acme-nginx-dns.example.test-start[4820]: + mv domainhash.txt certificates/
acme # [ 314.110068] pebble[681]: Pebble 2024/11/28 20:57:56 GET /dir -> calling handler()
webserver # [ 313.743511] acme-nginx-different-key.example.test-start[4833]: 2024/11/28 20:57:56 [nginx-different-key.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 313.746569] acme-nginx-dns.example.test-start[4820]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-dns.example.test.crt certificates/nginx-dns.example.test.issuer.crt certificates/nginx-dns.example.test.json certificates/nginx-dns.example.test.key
webserver # [ 313.756350] acme-nginx-different-key.example.test-start[4819]: + mv domainhash.txt certificates/
webserver # [ 313.761116] acme-nginx-dns.example.test-start[4820]: + cmp -s certificates/nginx-dns.example.test.crt out/fullchain.pem
webserver # [ 313.766259] acme-nginx-dns.example.test-start[4820]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 313.768327] acme-nginx-different-key.example.test-start[4819]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-different-key.example.test.crt certificates/nginx-different-key.example.test.issuer.crt certificates/nginx-different-key.example.test.json certificates/nginx-different-key.example.test.key
webserver # [ 313.777558] acme-nginx-dns.example.test-start[4820]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 313.779162] acme-nginx-dns.example.test-start[4820]: Releasing lock /run/acme/3.lock
webserver # [ 313.787920] acme-nginx-different-key.example.test-start[4819]: + cmp -s certificates/nginx-different-key.example.test.crt out/fullchain.pem
webserver # [ 313.793099] acme-nginx-different-key.example.test-start[4819]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 313.802945] acme-nginx-different-key.example.test-start[4819]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 313.804621] acme-nginx-different-key.example.test-start[4819]: Releasing lock /run/acme/2.lock
webserver # [ 313.845851] systemd[1]: acme-nginx-dns.example.test.service: Deactivated successfully.
webserver # [ 313.847702] systemd[1]: Finished Renew ACME certificate for nginx-dns.example.test.
webserver # [ 313.850605] systemd[1]: acme-nginx-dns.example.test.service: Consumed 148ms CPU time, 19.7M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
webserver # [ 313.864376] systemd[1]: acme-nginx-different-key.example.test.service: Deactivated successfully.
webserver # [ 313.867586] systemd[1]: Finished Renew ACME certificate for nginx-different-key.example.test.
webserver # [ 313.869445] systemd[1]: acme-nginx-different-key.example.test.service: Consumed 151ms CPU time, 20.3M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
webserver # [ 313.878060] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 313.941428] systemd[1]: Reloading Nginx Web Server...
webserver # [ 314.015759] nginx[4860]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 314.017567] nginx[4860]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 314.071357] nginx[4703]: 2024/11/28 20:57:56 [notice] 4703#4703: signal 1 (SIGHUP) received from 4862, reconfiguring
webserver # [ 314.073303] nginx[4703]: 2024/11/28 20:57:56 [notice] 4703#4703: reconfiguring
webserver # [ 314.077872] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 314.084606] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 314.090863] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 314.106283] nginx[4703]: 2024/11/28 20:57:56 [notice] 4703#4703: using the "epoll" event method
webserver # [ 314.107892] nginx[4703]: 2024/11/28 20:57:56 [notice] 4703#4703: start worker processes
webserver # [ 314.109488] nginx[4703]: 2024/11/28 20:57:56 [notice] 4703#4703: start worker process 4865
webserver # [ 314.209801] nginx[4728]: 2024/11/28 20:57:56 [notice] 4728#4728: gracefully shutting down
webserver # [ 314.212170] nginx[4728]: 2024/11/28 20:57:56 [notice] 4728#4728: exiting
webserver # [ 314.213270] nginx[4728]: 2024/11/28 20:57:56 [notice] 4728#4728: exit
webserver # [ 314.216502] nginx[4703]: 2024/11/28 20:57:56 [notice] 4703#4703: signal 17 (SIGCHLD) received from 4728
webserver # [ 314.217952] nginx[4703]: 2024/11/28 20:57:56 [notice] 4703#4703: worker process 4728 exited with code 0
webserver # [ 314.219410] nginx[4703]: 2024/11/28 20:57:56 [notice] 4703#4703: signal 29 (SIGIO) received
webserver # [ 314.348283] nixos[4634]: finished switching to system configuration /nix/store/i8vd95jlwxlwyp2rpya6i08bl5ssv80p-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/nginx/bin/switch-to-configuration test, in 3.37 seconds)
webserver: waiting for unit nginx.service
(finished: waiting for unit nginx.service, in 0.05 seconds)
webserver: must succeed: /tmp/specialisation/nginx_change_acme_conf/bin/switch-to-configuration test
webserver # [ 314.902521] nixos[4878]: switching to system configuration /nix/store/r3jah8ks2ffjir5gni96qswjfy4bwkw8-nixos-system-webserver-test
webserver # [ 314.905279] systemd[1]: Stopped target Remote File Systems.
webserver # [ 314.907373] systemd[1]: Stopped target Local File Systems.
webserver # activating the configuration...
webserver # [ 315.316077] systemd[1]: Reload requested from client PID 4878 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 315.317977] systemd[1]: Reloading...
webserver # [ 315.554415] systemd-ssh-generator[4936]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 315.844968] systemd[1]: Reloading finished in 525 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 315.863755] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 315.865137] systemd[1]: Stopping Reactivate sysinit units...
webserver # [ 315.866456] systemd[1]: Reached target Reactivate sysinit units.
webserver # [ 315.868883] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 315.873299] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 315.880072] systemd[1]: Starting Renew ACME certificate for nginx-http.example.test...
webserver # [ 315.910110] systemd[1]: Reached target Remote File Systems.
webserver # [ 315.914141] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 315.916615] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 315.923284] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 315.926902] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 315.930832] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 315.933527] systemd[1]: Generate self-signed certificate for nginx-different-key.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-different-key.example.test/key.pem).
webserver # [ 315.937265] systemd[1]: Generate self-signed certificate for nginx-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-dns.example.test/key.pem).
webserver # [ 315.939906] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 315.957889] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 315.959948] systemd[1]: Generate self-signed certificate for nginx-different-key.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-different-key.example.test/key.pem).
webserver # [ 315.967287] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 315.969307] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 315.979256] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 315.987215] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 315.989269] systemd[1]: Generate self-signed certificate for nginx-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-dns.example.test/key.pem).
webserver # [ 316.002607] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 316.008216] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 316.009195] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 316.012936] systemd[1]: Reached target Local File Systems.
webserver # [ 316.014326] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 316.018091] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 316.021688] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 316.024235] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 316.054699] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 316.091275] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 316.096522] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 316.097645] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 316.129569] acme-nginx-http.example.test-start[4941]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 316.134594] acme-nginx-http.example.test-start[4941]: Acquired lock /run/acme/4.lock
webserver # [ 316.136523] acme-nginx-http.example.test-start[4941]: + set -euo pipefail
webserver # [ 316.139137] acme-nginx-http.example.test-start[4952]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 316.149263] acme-nginx-http.example.test-start[4952]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 316.162964] acme-nginx-http.example.test-start[4941]: + echo 197b6592b1395f3f8747
webserver # [ 316.164409] acme-nginx-http.example.test-start[4941]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 316.170875] acme-example.test-start[4942]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 316.172836] acme-nginx-http.example.test-start[4941]: + lego --accept-tos --path . -d nginx-http.example.test --email [email protected] --key-type ec384 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-http-alias.example.test run
webserver # [ 316.178976] acme-example.test-start[4942]: Acquired lock /run/acme/1.lock
webserver # [ 316.180462] acme-example.test-start[4942]: + set -euo pipefail
webserver # [ 316.181937] acme-example.test-start[4942]: + echo f296e6482529fca9f20a
webserver # [ 316.184408] acme-example.test-start[4942]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 316.191803] acme-example.test-start[4942]: + '[' -e certificates/_.example.test.key ']'
webserver # [ 316.193103] acme-example.test-start[4942]: + '[' -e certificates/_.example.test.crt ']'
webserver # [ 316.194705] acme-example.test-start[4962]: ++ find accounts -name [email protected]
webserver # [ 316.210375] acme-example.test-start[4942]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 316.212228] acme-example.test-start[4942]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 316.801900] pebble[681]: Pebble 2024/11/28 20:57:59 GET /dir -> calling handler()
acme # [ 316.805387] pebble[681]: Pebble 2024/11/28 20:57:59 GET /dir -> calling handler()
webserver # [ 316.438056] acme-example.test-start[4967]: 2024/11/28 20:57:59 [*.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
acme # [ 316.809868] pebble[681]: Pebble 2024/11/28 20:57:59 HEAD /nonce-plz -> calling handler()
webserver # [ 316.443272] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] [nginx-http.example.test, nginx-http-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 316.818053] pebble[681]: Pebble 2024/11/28 20:57:59 POST /order-plz -> calling handler()
webserver # [ 316.450586] acme-example.test-start[4942]: + mv domainhash.txt certificates/
acme # [ 316.819449] pebble[681]: Pebble 2024/11/28 20:57:59 There are now 23 authorizations in the db
acme # [ 316.820817] pebble[681]: Pebble 2024/11/28 20:57:59 There are now 24 authorizations in the db
acme # [ 316.822172] pebble[681]: Pebble 2024/11/28 20:57:59 Added order "ewjDTW0LLCqw-mCKLxJ_xoXyO3YvgdgysFmNX7gFWm0" to the db
acme # [ 316.823828] pebble[681]: Pebble 2024/11/28 20:57:59 There are now 23 orders in the db
webserver # [ 316.459620] acme-example.test-start[4942]: + chown acme:acme certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 316.472750] acme-example.test-start[4942]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 316.477873] acme-example.test-start[4942]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 316.486326] acme-example.test-start[4942]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 316.487616] acme-example.test-start[4942]: Releasing lock /run/acme/1.lock
acme # [ 316.877166] pebble[681]: Pebble 2024/11/28 20:57:59 POST /authZ/ -> calling handler()
webserver # [ 316.547056] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 316.551689] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 316.554686] systemd[1]: acme-example.test.service: Consumed 164ms CPU time, 20.3M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
acme # [ 316.933979] pebble[681]: Pebble 2024/11/28 20:57:59 POST /authZ/ -> calling handler()
acme # [ 316.937939] pebble[681]: Pebble 2024/11/28 20:57:59 POST /chalZ/ -> calling handler()
webserver # [ 316.570038] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] [nginx-http.example.test] AuthURL: https://acme.test/authZ/9p9fl5l-VEEAt5XwAbDOx6nSkxbLwKiyz2cZMr0JJGk
webserver # [ 316.572533] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] [nginx-http-alias.example.test] AuthURL: https://acme.test/authZ/6Zj6FM7MSMXaWOhr_uCBSVHcluxM9odW_YKHjsZ7hyo
webserver # [ 316.574803] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] [nginx-http-alias.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 316.576679] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] [nginx-http-alias.example.test] acme: use http-01 solver
webserver # [ 316.578348] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] [nginx-http.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 316.580546] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] [nginx-http.example.test] acme: use http-01 solver
webserver # [ 316.582154] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] [nginx-http-alias.example.test] acme: Trying to solve HTTP-01
webserver # [ 316.584469] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:57:59 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/chalZ/63Or_Jpkri0Z2obj-peC_lWHrrlyEga0FvRfgs2pC1g :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: Pi3BtI1hcUw9tOT0-XDFoQ
webserver # [ 316.660537] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 316.663587] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 316.671079] systemd[1]: Starting Renew ACME certificate for nginx-different-key.example.test...
webserver # [ 316.676369] systemd[1]: Starting Renew ACME certificate for nginx-dns.example.test...
webserver # [ 316.678223] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 316.681070] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 316.777503] acme-nginx-different-key.example.test-start[5040]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 316.779720] acme-nginx-dns.example.test-start[5041]: Waiting to acquire lock /run/acme/3.lock
acme # [ 317.151068] pebble[681]: Pebble 2024/11/28 20:57:59 POST /chalZ/ -> calling handler()
webserver # [ 316.783721] acme-nginx-dns.example.test-start[5041]: Acquired lock /run/acme/3.lock
webserver # [ 316.785071] acme-nginx-dns.example.test-start[5041]: + set -euo pipefail
webserver # [ 316.786183] acme-nginx-dns.example.test-start[5041]: + echo 59d0420c322ea19728a7
webserver # [ 316.787592] acme-nginx-dns.example.test-start[5041]: + cmp -s domainhash.txt certificates/domainhash.txt
acme # [ 317.153313] pebble[681]: Pebble 2024/11/28 20:57:59 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-http-alias.example.test"}, Challenge:(*core.Challenge)(0xc000251ea0), Account:(*core.Account)(0xc0003c6120), AccountURL:"https://acme.test/my-account/464f812ae6348091", Wildcard:false}
acme # [ 317.157872] pebble[681]: Pebble 2024/11/28 20:57:59 Starting 3 validations.
webserver # [ 316.789529] acme-nginx-different-key.example.test-start[5040]: Acquired lock /run/acme/2.lock
webserver # [ 316.791173] acme-nginx-different-key.example.test-start[5040]: + set -euo pipefail
acme # [ 317.159259] pebble[681]: Pebble 2024/11/28 20:57:59 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/M_mbZpvxSm72ktiu6W8ACl_ibFFpKisqRHRFH38jGQ4
webserver # [ 316.793536] acme-nginx-different-key.example.test-start[5045]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
acme # [ 317.162966] pebble[681]: Pebble 2024/11/28 20:57:59 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/M_mbZpvxSm72ktiu6W8ACl_ibFFpKisqRHRFH38jGQ4
webserver # [ 316.797951] acme-nginx-dns.example.test-start[5041]: + '[' -e certificates/nginx-dns.example.test.key ']'
acme # [ 317.165982] pebble[681]: Pebble 2024/11/28 20:57:59 Attempting to validate w/ HTTP: http://nginx-http-alias.example.test:80/.well-known/acme-challenge/M_mbZpvxSm72ktiu6W8ACl_ibFFpKisqRHRFH38jGQ4
webserver # [ 316.799824] acme-nginx-dns.example.test-start[5041]: + '[' -e certificates/nginx-dns.example.test.crt ']'
webserver # [ 316.801362] acme-nginx-dns.example.test-start[5047]: ++ find accounts -name [email protected]
acme # [ 317.170168] pebble[681]: Pebble 2024/11/28 20:57:59 POST /authZ/ -> calling handler()
webserver # [ 316.807383] acme-nginx-different-key.example.test-start[5045]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
acme # [ 317.175467] pebble[681]: Pebble 2024/11/28 20:57:59 authz 9p9fl5l-VEEAt5XwAbDOx6nSkxbLwKiyz2cZMr0JJGk set VALID by completed challenge 63Or_Jpkri0Z2obj-peC_lWHrrlyEga0FvRfgs2pC1g
webserver # [ 316.814065] acme-nginx-dns.example.test-start[5041]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 316.816148] acme-nginx-dns.example.test-start[5041]: + lego --accept-tos --path . -d nginx-dns.example.test --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir -d nginx-dns-alias.example.test renew --no-random-sleep --days 30
webserver # [ 316.825164] acme-nginx-different-key.example.test-start[5040]: + echo 4e6cd57b5b6e5fd2c9cb
webserver # [ 316.826598] acme-nginx-different-key.example.test-start[5040]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 316.833073] acme-nginx-different-key.example.test-start[5040]: + '[' -e certificates/nginx-different-key.example.test.key ']'
webserver # [ 316.834669] acme-nginx-different-key.example.test-start[5040]: + '[' -e certificates/nginx-different-key.example.test.crt ']'
webserver # [ 316.836423] acme-nginx-different-key.example.test-start[5053]: ++ find accounts -name [email protected]
webserver # [ 316.849085] acme-nginx-different-key.example.test-start[5040]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 316.850934] acme-nginx-different-key.example.test-start[5040]: + lego --accept-tos --path . -d nginx-different-key.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-different-key-alias.example.test renew --no-random-sleep --days 30
acme # [ 317.354073] pebble[681]: Pebble 2024/11/28 20:57:59 GET /dir -> calling handler()
webserver # [ 316.989927] acme-nginx-dns.example.test-start[5048]: 2024/11/28 20:57:59 [nginx-dns.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 317.001444] acme-nginx-dns.example.test-start[5041]: + mv domainhash.txt certificates/
acme # [ 317.375038] pebble[681]: Pebble 2024/11/28 20:58:00 GET /dir -> calling handler()
webserver # [ 317.010354] acme-nginx-different-key.example.test-start[5054]: 2024/11/28 20:57:59 [nginx-different-key.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 317.014704] acme-nginx-dns.example.test-start[5041]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-dns.example.test.crt certificates/nginx-dns.example.test.issuer.crt certificates/nginx-dns.example.test.json certificates/nginx-dns.example.test.key
webserver # [ 317.022412] acme-nginx-different-key.example.test-start[5040]: + mv domainhash.txt certificates/
webserver # [ 317.028827] acme-nginx-dns.example.test-start[5041]: + cmp -s certificates/nginx-dns.example.test.crt out/fullchain.pem
webserver # [ 317.033677] acme-nginx-different-key.example.test-start[5040]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-different-key.example.test.crt certificates/nginx-different-key.example.test.issuer.crt certificates/nginx-different-key.example.test.json certificates/nginx-different-key.example.test.key
webserver # [ 317.038254] acme-nginx-dns.example.test-start[5041]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 317.046830] acme-nginx-dns.example.test-start[5041]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 317.048094] acme-nginx-dns.example.test-start[5041]: Releasing lock /run/acme/3.lock
webserver # [ 317.051494] acme-nginx-different-key.example.test-start[5040]: + cmp -s certificates/nginx-different-key.example.test.crt out/fullchain.pem
webserver # [ 317.057914] acme-nginx-different-key.example.test-start[5040]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 317.065345] acme-nginx-different-key.example.test-start[5040]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 317.066784] acme-nginx-different-key.example.test-start[5040]: Releasing lock /run/acme/2.lock
webserver # [ 317.112528] systemd[1]: acme-nginx-dns.example.test.service: Deactivated successfully.
webserver # [ 317.115636] systemd[1]: Finished Renew ACME certificate for nginx-dns.example.test.
webserver # [ 317.117760] systemd[1]: acme-nginx-dns.example.test.service: Consumed 151ms CPU time, 20.3M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
webserver # [ 317.130133] systemd[1]: acme-nginx-different-key.example.test.service: Deactivated successfully.
webserver # [ 317.132584] systemd[1]: Finished Renew ACME certificate for nginx-different-key.example.test.
webserver # [ 317.135204] systemd[1]: acme-nginx-different-key.example.test.service: Consumed 151ms CPU time, 20.3M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
acme # [ 322.120939] pebble[681]: Pebble 2024/11/28 20:58:04 POST /authZ/ -> calling handler()
acme # [ 322.122413] pebble[681]: Pebble 2024/11/28 20:58:04 POST /chalZ/ -> calling handler()
webserver # [ 321.754032] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:58:04 [INFO] [nginx-http-alias.example.test] The server validated our request
webserver # [ 321.755904] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:58:04 [INFO] [nginx-http.example.test] acme: Trying to solve HTTP-01
acme # [ 322.125436] pebble[681]: Pebble 2024/11/28 20:58:04 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"nginx-http.example.test"}, Challenge:(*core.Challenge)(0xc0000dab40), Account:(*core.Account)(0xc0003c6120), AccountURL:"https://acme.test/my-account/464f812ae6348091", Wildcard:false}
acme # [ 322.129244] pebble[681]: Pebble 2024/11/28 20:58:04 Starting 3 validations.
acme # [ 322.130402] pebble[681]: Pebble 2024/11/28 20:58:04 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/gFcdAlTEhCVJ93awZOI8r1U-LzD5Sgv0zlJ-_lHuCfk
acme # [ 322.133188] pebble[681]: Pebble 2024/11/28 20:58:04 POST /authZ/ -> calling handler()
acme # [ 322.136154] pebble[681]: Pebble 2024/11/28 20:58:04 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/gFcdAlTEhCVJ93awZOI8r1U-LzD5Sgv0zlJ-_lHuCfk
acme # [ 322.139267] pebble[681]: Pebble 2024/11/28 20:58:04 Attempting to validate w/ HTTP: http://nginx-http.example.test:80/.well-known/acme-challenge/gFcdAlTEhCVJ93awZOI8r1U-LzD5Sgv0zlJ-_lHuCfk
acme # [ 322.145424] pebble[681]: Pebble 2024/11/28 20:58:04 authz 6Zj6FM7MSMXaWOhr_uCBSVHcluxM9odW_YKHjsZ7hyo set VALID by completed challenge XwCsRzXFk4Zzmu9ljwHfn05_PWfcPYU6Nz-xl67wllI
acme # [ 328.605165] pebble[681]: Pebble 2024/11/28 20:58:11 POST /authZ/ -> calling handler()
webserver # [ 328.238384] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:58:10 [INFO] [nginx-http.example.test] The server validated our request
webserver # [ 328.240160] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:58:10 [INFO] [nginx-http.example.test, nginx-http-alias.example.test] acme: Validations succeeded; requesting certificates
acme # [ 328.612517] pebble[681]: Pebble 2024/11/28 20:58:11 POST /finalize-order/ -> calling handler()
acme # [ 328.616939] pebble[681]: Pebble 2024/11/28 20:58:11 Order ewjDTW0LLCqw-mCKLxJ_xoXyO3YvgdgysFmNX7gFWm0 is fully authorized. Processing finalization
webserver # [ 328.251555] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:58:10 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 328.621169] pebble[681]: Pebble 2024/11/28 20:58:11 Issued certificate serial 1545e56942a48ac8 for order ewjDTW0LLCqw-mCKLxJ_xoXyO3YvgdgysFmNX7gFWm0
acme # [ 328.623501] pebble[681]: Pebble 2024/11/28 20:58:11 POST /my-order/ -> calling handler()
acme # [ 328.628500] pebble[681]: Pebble 2024/11/28 20:58:11 POST /certZ/ -> calling handler()
webserver # [ 328.261133] acme-nginx-http.example.test-start[4959]: 2024/11/28 20:58:10 [INFO] [nginx-http.example.test] Server responded with a certificate.
webserver # [ 328.269447] acme-nginx-http.example.test-start[4941]: + mv domainhash.txt certificates/
webserver # [ 328.276452] acme-nginx-http.example.test-start[4941]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-http.example.test.crt certificates/nginx-http.example.test.issuer.crt certificates/nginx-http.example.test.json certificates/nginx-http.example.test.key
webserver # [ 328.286816] acme-nginx-http.example.test-start[4941]: + cmp -s certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 328.291383] acme-nginx-http.example.test-start[4941]: + touch out/renewed
webserver # [ 328.297612] acme-nginx-http.example.test-start[4941]: + echo Installing new certificate
webserver # [ 328.298958] acme-nginx-http.example.test-start[4941]: Installing new certificate
webserver # [ 328.300146] acme-nginx-http.example.test-start[4941]: + cp -vp certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 328.306847] acme-nginx-http.example.test-start[5081]: 'certificates/nginx-http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 328.308855] acme-nginx-http.example.test-start[4941]: + cp -vp certificates/nginx-http.example.test.key out/key.pem
webserver # [ 328.314477] acme-nginx-http.example.test-start[5082]: 'certificates/nginx-http.example.test.key' -> 'out/key.pem'
webserver # [ 328.316954] acme-nginx-http.example.test-start[4941]: + cp -vp certificates/nginx-http.example.test.issuer.crt out/chain.pem
webserver # [ 328.322590] acme-nginx-http.example.test-start[5083]: 'certificates/nginx-http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 328.325120] acme-nginx-http.example.test-start[4941]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 328.331206] acme-nginx-http.example.test-start[4941]: + cat out/key.pem out/fullchain.pem
webserver # [ 328.337653] acme-nginx-http.example.test-start[4941]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 328.344791] acme-nginx-http.example.test-start[4941]: + echo 'Releasing lock /run/acme/4.lock'
webserver # [ 328.346190] acme-nginx-http.example.test-start[4941]: Releasing lock /run/acme/4.lock
webserver # [ 328.400479] xdzs895vrh95js4cgaqn432wb87qhh11-acme-postrun[5091]: uid=0(root) gid=0(root) groups=0(root),60(nginx),994(acme)
webserver # [ 328.405137] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 328.410349] systemd[1]: Finished Renew ACME certificate for nginx-http.example.test.
webserver # [ 328.411592] systemd[1]: acme-nginx-http.example.test.service: Consumed 204ms CPU time, 20.5M memory peak, 12K written to disk, 16.7K incoming IP traffic, 11.4K outgoing IP traffic.
webserver # [ 328.421807] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 328.483429] systemd[1]: Reloading Nginx Web Server...
webserver # [ 328.558850] nginx[5098]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 328.560722] nginx[5098]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 328.615675] nginx[4703]: 2024/11/28 20:58:11 [notice] 4703#4703: signal 1 (SIGHUP) received from 5100, reconfiguring
webserver # [ 328.617766] nginx[4703]: 2024/11/28 20:58:11 [notice] 4703#4703: reconfiguring
webserver # [ 328.620357] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 328.628387] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 328.633064] systemd[1]: Finished nginx-config-reload.service.
webserver # [ 328.650077] nginx[4703]: 2024/11/28 20:58:11 [notice] 4703#4703: using the "epoll" event method
webserver # [ 328.651454] nginx[4703]: 2024/11/28 20:58:11 [notice] 4703#4703: start worker processes
webserver # [ 328.652848] nginx[4703]: 2024/11/28 20:58:11 [notice] 4703#4703: start worker process 5103
webserver # [ 328.755365] nginx[4865]: 2024/11/28 20:58:11 [notice] 4865#4865: gracefully shutting down
webserver # [ 328.756676] nginx[4865]: 2024/11/28 20:58:11 [notice] 4865#4865: exiting
webserver # [ 328.757701] nginx[4865]: 2024/11/28 20:58:11 [notice] 4865#4865: exit
webserver # [ 328.764665] nginx[4703]: 2024/11/28 20:58:11 [notice] 4703#4703: signal 17 (SIGCHLD) received from 4865
webserver # [ 328.766029] nginx[4703]: 2024/11/28 20:58:11 [notice] 4703#4703: worker process 4865 exited with code 0
webserver # [ 328.767445] nginx[4703]: 2024/11/28 20:58:11 [notice] 4703#4703: signal 29 (SIGIO) received
webserver # [ 328.890456] nixos[4878]: finished switching to system configuration /nix/store/r3jah8ks2ffjir5gni96qswjfy4bwkw8-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/nginx_change_acme_conf/bin/switch-to-configuration test, in 14.46 seconds)
webserver # [ 328.936992] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 328.942247] systemd[1]: Generate self-signed certificate for nginx-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/nginx-http.example.test/key.pem).
webserver # [ 328.948176] systemd[1]: Starting Renew ACME certificate for nginx-http.example.test...
webserver # [ 329.009146] acme-nginx-http.example.test-start[5109]: Waiting to acquire lock /run/acme/4.lock
webserver # [ 329.012570] acme-nginx-http.example.test-start[5109]: Acquired lock /run/acme/4.lock
webserver # [ 329.013821] acme-nginx-http.example.test-start[5109]: + set -euo pipefail
webserver # [ 329.015495] acme-nginx-http.example.test-start[5111]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 329.022319] acme-nginx-http.example.test-start[5111]: + chgrp nginx /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 329.030415] acme-nginx-http.example.test-start[5109]: + echo 197b6592b1395f3f8747
webserver # [ 329.031580] acme-nginx-http.example.test-start[5109]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 329.035917] acme-nginx-http.example.test-start[5109]: + '[' -e certificates/nginx-http.example.test.key ']'
webserver # [ 329.037554] acme-nginx-http.example.test-start[5109]: + '[' -e certificates/nginx-http.example.test.crt ']'
webserver # [ 329.039375] acme-nginx-http.example.test-start[5114]: ++ find accounts -name [email protected]
webserver # [ 329.047229] acme-nginx-http.example.test-start[5109]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 329.049060] acme-nginx-http.example.test-start[5109]: + lego --accept-tos --path . -d nginx-http.example.test --email [email protected] --key-type ec384 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d nginx-http-alias.example.test renew --no-random-sleep --days 30
acme # [ 329.501409] pebble[681]: Pebble 2024/11/28 20:58:12 GET /dir -> calling handler()
webserver # [ 329.136076] acme-nginx-http.example.test-start[5115]: 2024/11/28 20:58:11 [nginx-http.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 329.142317] acme-nginx-http.example.test-start[5109]: + mv domainhash.txt certificates/
webserver # [ 329.149285] acme-nginx-http.example.test-start[5109]: + chown acme:nginx certificates/domainhash.txt certificates/nginx-http.example.test.crt certificates/nginx-http.example.test.issuer.crt certificates/nginx-http.example.test.json certificates/nginx-http.example.test.key
webserver # [ 329.159586] acme-nginx-http.example.test-start[5109]: + cmp -s certificates/nginx-http.example.test.crt out/fullchain.pem
webserver # [ 329.164396] acme-nginx-http.example.test-start[5109]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 329.171350] acme-nginx-http.example.test-start[5109]: + echo 'Releasing lock /run/acme/4.lock'
webserver # [ 329.172621] acme-nginx-http.example.test-start[5109]: Releasing lock /run/acme/4.lock
webserver # [ 329.212503] systemd[1]: acme-nginx-http.example.test.service: Deactivated successfully.
webserver # [ 329.216501] systemd[1]: Finished Renew ACME certificate for nginx-http.example.test.
webserver # [ 329.218115] systemd[1]: acme-nginx-http.example.test.service: Consumed 146ms CPU time, 20.6M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 329.227690] systemd[1]: Starting nginx-config-reload.service...
webserver # [ 329.292531] systemd[1]: Reloading Nginx Web Server...
webserver # [ 329.365594] nginx[5131]: nginx: the configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf syntax is ok
webserver # [ 329.367381] nginx[5131]: nginx: configuration file /nix/store/rcn9iyh04jvw11drgd7743w2vf21qmy5-nginx.conf test is successful
webserver # [ 329.420114] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: signal 1 (SIGHUP) received from 5133, reconfiguring
webserver # [ 329.421962] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: reconfiguring
webserver # [ 329.425431] systemd[1]: Reloaded Nginx Web Server.
webserver # [ 329.433636] systemd[1]: nginx-config-reload.service: Deactivated successfully.
webserver # [ 329.436485] systemd[1]: Finished nginx-config-reload.service.
webserver: waiting for unit acme-finished-nginx-http.example.test.target
webserver # [ 329.465120] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: using the "epoll" event method
webserver # [ 329.466564] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: start worker processes
webserver # [ 329.468376] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: start worker process 5140
(finished: waiting for unit acme-finished-nginx-http.example.test.target, in 0.06 seconds)
webserver: waiting for unit nginx.service
(finished: waiting for unit nginx.service, in 0.05 seconds)
client: must succeed: openssl s_client -CAfile /tmp/ca.crt -servername nginx-http.example.test -connect nginx-http.example.test:443 < /dev/null | openssl x509 -noout -text | grep -i Public-Key
webserver # [ 329.568475] nginx[5103]: 2024/11/28 20:58:12 [notice] 5103#5103: gracefully shutting down
webserver # [ 329.571094] nginx[5103]: 2024/11/28 20:58:12 [notice] 5103#5103: exiting
webserver # [ 329.572264] nginx[5103]: 2024/11/28 20:58:12 [notice] 5103#5103: exit
webserver # [ 329.579624] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: signal 17 (SIGCHLD) received from 5103
webserver # [ 329.581049] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: worker process 5103 exited with code 0
webserver # [ 329.582590] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: signal 29 (SIGIO) received
client # Connecting to 192.168.1.4
client # depth=2 CN=Pebble Root CA 4fdfd5
client # verify return:1
client # depth=1 CN=Pebble Intermediate CA 67c76d
client # verify return:1
client # depth=0
client # verify return:1
client # DONE
webserver # [ 329.600576] nginx[5140]: 2024/11/28 20:58:12 [info] 5140#5140: *7 client closed connection while waiting for request, client: 192.168.1.2, server: 0.0.0.0:443
(finished: must succeed: openssl s_client -CAfile /tmp/ca.crt -servername nginx-http.example.test -connect nginx-http.example.test:443 < /dev/null | openssl x509 -noout -text | grep -i Public-Key, in 0.07 seconds)
Key type: Public-Key: (384 bit)
(finished: subtest: security.acme changes reflect on web server, in 18.67 seconds)
subtest: Works with httpd
webserver: must succeed: /tmp/specialisation/httpd/bin/switch-to-configuration test
webserver # stopping the following units: acme-finished-nginx-different-key.example.test.target, acme-finished-nginx-dns.example.test.target, acme-finished-nginx-http.example.test.target, acme-fixperms.service, acme-nginx-different-key.example.test.timer, acme-nginx-dns.example.test.timer, acme-nginx-http.example.test.timer, nginx.service, systemd-modules-load.service, systemd-tmpfiles-resetup.service, test-renew-nginx.target
webserver # [ 330.141302] nixos[5153]: switching to system configuration /nix/store/38780mj3n08g48smxxjc9sqs5mhvwicy-nixos-system-webserver-test
webserver # [ 330.145096] systemd[1]: acme-fixperms.service: Deactivated successfully.
webserver # [ 330.146152] systemd[1]: Stopped Fix owner and group of all ACME certificates.
webserver # [ 330.151552] systemd[1]: acme-nginx-different-key.example.test.timer: Deactivated successfully.
webserver # [ 330.153226] systemd[1]: Stopped Renew ACME Certificate for nginx-different-key.example.test.
webserver # [ 330.155946] systemd[1]: acme-nginx-http.example.test.timer: Deactivated successfully.
webserver # [ 330.157576] systemd[1]: Stopped Renew ACME Certificate for nginx-http.example.test.
webserver # [ 330.162092] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 330.163112] systemd[1]: systemd-tmpfiles-resetup.service: Deactivated successfully.
webserver # [ 330.164261] systemd[1]: Stopped Re-setup tmpfiles on a system that is already running..
webserver # [ 330.166470] systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dresetup.service.mount: Deactivated successfully.
webserver # [ 330.169925] systemd[1]: Stopped target acme-finished-nginx-http.example.test.target.
webserver # [ 330.172533] systemd[1]: Stopped target Local File Systems.
webserver # [ 330.175061] systemd[1]: Stopped target acme-finished-nginx-dns.example.test.target.
webserver # [ 330.177831] systemd[1]: acme-nginx-dns.example.test.timer: Deactivated successfully.
webserver # [ 330.179204] systemd[1]: Stopped Renew ACME Certificate for nginx-dns.example.test.
webserver # [ 330.182065] systemd[1]: systemd-modules-load.service: Deactivated successfully.
webserver # [ 330.183818] systemd[1]: Stopped Load Kernel Modules.
webserver # [ 330.187788] systemd[1]: Stopping Nginx Web Server...
webserver # [ 330.188681] nginx[5140]: 2024/11/28 20:58:12 [notice] 5140#5140: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 330.190100] nginx[5140]: 2024/11/28 20:58:12 [info] 5140#5140: epoll_wait() failed (4: Interrupted system call)
webserver # [ 330.191582] nginx[5140]: 2024/11/28 20:58:12 [notice] 5140#5140: exiting
webserver # [ 330.192583] nginx[5140]: 2024/11/28 20:58:12 [notice] 5140#5140: exit
webserver # [ 330.194420] systemd[1]: Stopped target test-renew-nginx.target.
webserver # [ 330.196339] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: signal 15 (SIGTERM) received from 1, exiting
webserver # [ 330.198571] systemd[1]: Stopped target Remote File Systems.
webserver # [ 330.201064] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: signal 17 (SIGCHLD) received from 5140
webserver # [ 330.202443] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: worker process 5140 exited with code 0
webserver # [ 330.204475] nginx[4703]: 2024/11/28 20:58:12 [notice] 4703#4703: exit
webserver # [ 330.206203] systemd[1]: Stopped target acme-finished-nginx-different-key.example.test.target.
webserver # [ 330.210665] systemd[1]: nginx.service: Deactivated successfully.
webserver # [ 330.214211] systemd[1]: Stopped Nginx Web Server.
webserver # activating the configuration...
webserver # [ 330.214991] systemd[1]: nginx.service: Consumed 450ms CPU time, 7.4M memory peak, 3.8K incoming IP traffic, 6.3K outgoing IP traffic.
webserver # removing group ‘nginx’
webserver # removing user ‘nginx’
webserver # [ 330.674632] systemd[1]: Reload requested from client PID 5153 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 330.676490] systemd[1]: Reloading...
webserver # [ 330.909968] systemd-ssh-generator[5215]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 331.202561] systemd[1]: Reloading finished in 524 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 331.232203] systemd[1]: Starting Re-setup tmpfiles on a system that is already running....
webserver # [ 331.351048] systemd[1]: Finished Re-setup tmpfiles on a system that is already running..
webserver # [ 331.352318] systemd[1]: Reached target Reactivate sysinit units.
webserver # reloading the following units: dbus.service
webserver # [ 331.358195] systemd[1]: Reloading D-Bus System Message Bus...
webserver # [ 331.393081] dbus-daemon[669]: Unknown username "systemd-timesync" in message bus configuration file
webserver # [ 331.408955] dbus-daemon[669]: [system] Reloaded configuration
webserver # [ 331.410838] dbus-send[5223]: method return time=1732827494.038032 sender=org.freedesktop.DBus -> destination=:1.23 serial=3 reply_serial=2
webserver # [ 331.423771] dbus-daemon[669]: Unknown username "systemd-timesync" in message bus configuration file
webserver # [ 331.437065] dbus-daemon[669]: [system] Reloaded configuration
webserver # [ 331.438089] systemd[1]: Reloaded D-Bus System Message Bus.
webserver # restarting the following units: acme-example.test.timer
webserver # starting the following units: acme-fixperms.service, systemd-modules-load.service, systemd-tmpfiles-resetup.service
webserver # [ 331.444569] systemd[1]: acme-example.test.timer: Deactivated successfully.
webserver # [ 331.445650] systemd[1]: Stopped Renew ACME Certificate for example.test.
webserver # [ 331.446935] systemd[1]: Stopping Renew ACME Certificate for example.test...
webserver # [ 331.447983] systemd[1]: Started Renew ACME Certificate for example.test.
webserver # [ 331.453958] systemd[1]: Starting Load Kernel Modules...
webserver # [ 331.463807] systemd[1]: Starting Fix owner and group of all ACME certificates...
webserver # [ 331.465629] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 331.475589] systemd[1]: Reached target Remote File Systems.
webserver # [ 331.476620] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 331.493118] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 331.494988] systemd[1]: Reached target Local File Systems.
webserver # [ 331.504791] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 331.511126] systemd[1]: Started Renew ACME Certificate for httpd-dns.example.test.
webserver # [ 331.512328] systemd[1]: Started Renew ACME Certificate for httpd-http.example.test.
webserver # [ 331.533071] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 331.536139] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 331.538073] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 331.540156] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 331.543433] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 331.548460] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 331.554265] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 331.567957] systemd[1]: Finished Load Kernel Modules.
webserver # [ 331.598822] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 331.604441] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 331.607428] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 331.632729] systemd[1]: Finished Fix owner and group of all ACME certificates.
webserver # [ 331.919857] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 331.922027] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 331.925191] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 331.931426] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 331.936323] systemd[1]: Starting Generate self-signed certificate for httpd-dns.example.test...
webserver # [ 331.943110] systemd[1]: Starting Generate self-signed certificate for httpd-http.example.test...
webserver # [ 332.071348] acme-example.test-start[5305]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 332.077074] acme-example.test-start[5305]: Acquired lock /run/acme/1.lock
webserver # [ 332.078098] acme-example.test-start[5305]: + set -euo pipefail
webserver # [ 332.078944] acme-example.test-start[5305]: + echo f296e6482529fca9f20a
webserver # [ 332.080621] acme-example.test-start[5305]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 332.082970] acme-selfsigned-httpd-dns.example.test-start[5306]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 332.086937] acme-selfsigned-httpd-http.example.test-start[5307]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 332.089806] acme-selfsigned-httpd-dns.example.test-start[5306]: Acquired lock /run/acme/2.lock
webserver # [ 332.091543] acme-example.test-start[5305]: + '[' -e certificates/_.example.test.key ']'
webserver # [ 332.092779] acme-example.test-start[5305]: + '[' -e certificates/_.example.test.crt ']'
webserver # [ 332.094643] acme-example.test-start[5312]: ++ find accounts -name [email protected]
webserver # [ 332.097092] acme-selfsigned-httpd-http.example.test-start[5307]: Acquired lock /run/acme/3.lock
webserver # [ 332.109668] acme-example.test-start[5305]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 332.111339] acme-example.test-start[5305]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir renew --no-random-sleep --days 30
webserver # [ 332.176928] acme-selfsigned-httpd-dns.example.test-start[5306]: Releasing lock /run/acme/2.lock
webserver # [ 332.182308] systemd[1]: acme-selfsigned-httpd-dns.example.test.service: Deactivated successfully.
webserver # [ 332.185630] systemd[1]: Finished Generate self-signed certificate for httpd-dns.example.test.
webserver # [ 332.189329] acme-selfsigned-httpd-http.example.test-start[5307]: Releasing lock /run/acme/3.lock
webserver # [ 332.194818] systemd[1]: acme-selfsigned-httpd-http.example.test.service: Deactivated successfully.
webserver # [ 332.202168] systemd[1]: Finished Generate self-signed certificate for httpd-http.example.test.
acme # [ 332.627200] pebble[681]: Pebble 2024/11/28 20:58:15 GET /dir -> calling handler()
webserver # [ 332.259768] acme-example.test-start[5321]: 2024/11/28 20:58:14 [*.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 332.266874] acme-example.test-start[5305]: + mv domainhash.txt certificates/
webserver # [ 332.273531] acme-example.test-start[5305]: + chown acme:acme certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 332.283399] acme-example.test-start[5305]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 332.287913] acme-example.test-start[5305]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 332.294602] acme-example.test-start[5305]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 332.295846] acme-example.test-start[5305]: Releasing lock /run/acme/1.lock
webserver # [ 332.334134] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 332.336247] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 332.338431] systemd[1]: acme-example.test.service: Consumed 151ms CPU time, 20.4M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 332.348461] systemd[1]: Starting Renew ACME certificate for httpd-dns.example.test...
webserver # [ 332.408709] acme-httpd-dns.example.test-start[5351]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 332.412331] acme-httpd-dns.example.test-start[5351]: Acquired lock /run/acme/2.lock
webserver # [ 332.413673] acme-httpd-dns.example.test-start[5351]: + set -euo pipefail
webserver # [ 332.415212] acme-httpd-dns.example.test-start[5351]: + echo 0a349e39464efbfff571
webserver # [ 332.416443] acme-httpd-dns.example.test-start[5351]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 332.421499] acme-httpd-dns.example.test-start[5351]: + lego --accept-tos --path . -d httpd-dns.example.test --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir -d httpd-dns-alias.example.test run
acme # [ 332.877080] pebble[681]: Pebble 2024/11/28 20:58:15 GET /dir -> calling handler()
acme # [ 332.878951] pebble[681]: Pebble 2024/11/28 20:58:15 HEAD /nonce-plz -> calling handler()
webserver # [ 332.510083] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns.example.test, httpd-dns-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 332.881901] pebble[681]: Pebble 2024/11/28 20:58:15 POST /order-plz -> calling handler()
acme # [ 332.883435] pebble[681]: Pebble 2024/11/28 20:58:15 There are now 25 authorizations in the db
acme # [ 332.884991] pebble[681]: Pebble 2024/11/28 20:58:15 There are now 26 authorizations in the db
acme # [ 332.886525] pebble[681]: Pebble 2024/11/28 20:58:15 Added order "N8_llt2gTHfLcd7MhqYJiT_c_aavRkIbm7jOPxL6Ymw" to the db
acme # [ 332.888414] pebble[681]: Pebble 2024/11/28 20:58:15 There are now 24 orders in the db
acme # [ 332.939708] pebble[681]: Pebble 2024/11/28 20:58:15 POST /authZ/ -> calling handler()
acme # [ 332.995105] pebble[681]: Pebble 2024/11/28 20:58:15 POST /authZ/ -> calling handler()
webserver # [ 332.629995] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns-alias.example.test] AuthURL: https://acme.test/authZ/jeKhlq0gaayf_vm6em49DusuOLBZ5ba_cFRLwZbY7UQ
webserver # [ 332.633078] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns.example.test] AuthURL: https://acme.test/authZ/-R8P8ixZDZqNXU7F87lpYgD1pPt6Xv7IO0wjweMaB2I
webserver # [ 332.635467] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns-alias.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 332.637503] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns-alias.example.test] acme: Could not find solver for: http-01
webserver # [ 332.639665] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns-alias.example.test] acme: Could not find solver for: dns-account-01
webserver # [ 332.641595] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns-alias.example.test] acme: use dns-01 solver
webserver # [ 332.643223] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 332.645050] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns.example.test] acme: Could not find solver for: http-01
webserver # [ 332.646829] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns.example.test] acme: Could not find solver for: dns-account-01
webserver # [ 332.648666] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns.example.test] acme: use dns-01 solver
webserver # [ 332.650224] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:15 [INFO] [httpd-dns-alias.example.test] acme: Preparing to solve DNS-01
webserver # [ 342.647350] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:25 [INFO] [_acme-challenge.httpd-dns-alias.example.test.] dns-hook.sh present _acme-challenge.httpd-dns-alias.example.test. dmGV0LftRVpdQXlU2p0QGEtb453p1DHNhq6Krqv3ni4
webserver # [ 342.667770] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:25 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 342.670389] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:25 Dload Upload Total Spent Left Speed
dnsserver # [ 342.790926] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:58:25 Added DNS-01 TXT challenge for Host "_acme-challenge.httpd-dns-alias.example.test." - Value "dmGV0LftRVpdQXlU2p0QGEtb453p1DHNhq6Krqv3ni4"
webserver # [ 342.673269] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:25 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 113 0 0 100 113 0 21137 --:--:-- --:--:-- --:--:-- 22600
webserver # [ 342.680342] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:25 [INFO] [httpd-dns-alias.example.test] acme: Trying to solve DNS-01
webserver # [ 352.683197] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:35 [INFO] [httpd-dns-alias.example.test] acme: Checking DNS record propagation. [nameservers=192.168.1.3:53,10.0.2.3:53]
webserver # [ 353.683763] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:36 [INFO] Wait for propagation [timeout: 1s, interval: 1s]
acme # [ 354.056481] pebble[681]: Pebble 2024/11/28 20:58:36 POST /chalZ/ -> calling handler()
acme # [ 354.057706] pebble[681]: Pebble 2024/11/28 20:58:36 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"httpd-dns-alias.example.test"}, Challenge:(*core.Challenge)(0xc0002f2280), Account:(*core.Account)(0xc0001285a0), AccountURL:"https://acme.test/my-account/3dcb4cc8d0a7426e", Wildcard:false}
acme # [ 354.061384] pebble[681]: Pebble 2024/11/28 20:58:36 Starting 3 validations.
acme # [ 354.062951] pebble[681]: Pebble 2024/11/28 20:58:36 POST /authZ/ -> calling handler()
acme # [ 354.064890] pebble[681]: Pebble 2024/11/28 20:58:36 authz jeKhlq0gaayf_vm6em49DusuOLBZ5ba_cFRLwZbY7UQ set VALID by completed challenge TqwgxVJCU1KSK3LAnYQwFxIXLX1_Cp2rGRjtVbeXY7g
acme # [ 360.027830] pebble[681]: Pebble 2024/11/28 20:58:42 POST /authZ/ -> calling handler()
webserver # [ 359.660243] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:42 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/authZ/jeKhlq0gaayf_vm6em49DusuOLBZ5ba_cFRLwZbY7UQ :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: i3KZ01lhgZDVtib1_0xkqw
webserver # [ 359.867555] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:42 [INFO] [httpd-dns-alias.example.test] The server validated our request
acme # [ 360.233445] pebble[681]: Pebble 2024/11/28 20:58:42 POST /authZ/ -> calling handler()
webserver # [ 359.869417] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:42 [INFO] [httpd-dns-alias.example.test] acme: Cleaning DNS-01 challenge
webserver # [ 369.874758] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:52 [INFO] [_acme-challenge.httpd-dns-alias.example.test.] dns-hook.sh cleanup _acme-challenge.httpd-dns-alias.example.test. dmGV0LftRVpdQXlU2p0QGEtb453p1DHNhq6Krqv3ni4
webserver # [ 369.893951] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:52 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 369.896467] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:52 Dload Upload Total Spent Left Speed
dnsserver # [ 370.017224] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:58:52 Removed DNS-01 TXT challenge for Host "_acme-challenge.httpd-dns-alias.example.test."
webserver # [ 369.899392] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:52 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 57 0 0 100 57 0 10614 --:--:-- --:--:-- --:--:-- 11400
webserver # [ 369.906354] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:52 [INFO] sequence: wait for 1s
webserver # [ 370.908250] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:58:53 [INFO] [httpd-dns.example.test] acme: Preparing to solve DNS-01
webserver # [ 380.918470] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:03 [INFO] [_acme-challenge.httpd-dns.example.test.] dns-hook.sh present _acme-challenge.httpd-dns.example.test. 0eIxvN4QZa6dL4rBYGQRZKKqls4303Rl96BWHKEBgwI
webserver # [ 380.936700] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:03 % Total % Received % Xferd Average Speed Time Time Time Current
webserver # [ 380.938955] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:03 Dload Upload Total Spent Left Speed
dnsserver # [ 381.059534] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:59:03 Added DNS-01 TXT challenge for Host "_acme-challenge.httpd-dns.example.test." - Value "0eIxvN4QZa6dL4rBYGQRZKKqls4303Rl96BWHKEBgwI"
webserver # [ 380.942227] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:03 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 107 0 0 100 107 0 20910 --:--:-- --:--:-- --:--:-- 21400
webserver # [ 380.948699] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:03 [INFO] [httpd-dns.example.test] acme: Trying to solve DNS-01
webserver # [ 390.951314] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:13 [INFO] [httpd-dns.example.test] acme: Checking DNS record propagation. [nameservers=192.168.1.3:53,10.0.2.3:53]
webserver # [ 391.952102] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:14 [INFO] Wait for propagation [timeout: 1s, interval: 1s]
acme # [ 392.324540] pebble[681]: Pebble 2024/11/28 20:59:14 POST /chalZ/ -> calling handler()
acme # [ 392.326366] pebble[681]: Pebble 2024/11/28 20:59:14 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"httpd-dns.example.test"}, Challenge:(*core.Challenge)(0xc0002f2500), Account:(*core.Account)(0xc0001285a0), AccountURL:"https://acme.test/my-account/3dcb4cc8d0a7426e", Wildcard:false}
acme # [ 392.332066] pebble[681]: Pebble 2024/11/28 20:59:14 Starting 3 validations.
acme # [ 392.334301] pebble[681]: Pebble 2024/11/28 20:59:14 POST /authZ/ -> calling handler()
acme # [ 392.337129] pebble[681]: Pebble 2024/11/28 20:59:14 authz -R8P8ixZDZqNXU7F87lpYgD1pPt6Xv7IO0wjweMaB2I set VALID by completed challenge Q8SXFNZNGK7-vo7sCNNYdmLYNX8IdU7S3ktKh6pXaVk
acme # [ 396.617956] pebble[681]: Pebble 2024/11/28 20:59:19 POST /authZ/ -> calling handler()
webserver # [ 396.250823] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:18 [INFO] [httpd-dns.example.test] The server validated our request
webserver # [ 396.253455] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:18 [INFO] [httpd-dns.example.test] acme: Cleaning DNS-01 challenge
webserver # [ 406.258690] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:28 [INFO] [_acme-challenge.httpd-dns.example.test.] dns-hook.sh cleanup _acme-challenge.httpd-dns.example.test. 0eIxvN4QZa6dL4rBYGQRZKKqls4303Rl96BWHKEBgwI
webserver # [ 406.276868] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:28 % Total % Received % Xferd Average Speed Time Time Time Current
dnsserver # [ 406.399723] pebble-challtestsrv[682]: pebble-challtestsrv - 2024/11/28 20:59:29 Removed DNS-01 TXT challenge for Host "_acme-challenge.httpd-dns.example.test."
webserver # [ 406.279357] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:28 Dload Upload Total Spent Left Speed
webserver # [ 406.282270] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:28 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0100 51 0 0 100 51 0 10315 --:--:-- --:--:-- --:--:-- 12750
webserver # [ 406.289292] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:28 [INFO] [httpd-dns.example.test, httpd-dns-alias.example.test] acme: Validations succeeded; requesting certificates
webserver # [ 406.293592] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:28 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 406.662378] pebble[681]: Pebble 2024/11/28 20:59:29 POST /finalize-order/ -> calling handler()
acme # [ 406.663756] pebble[681]: Pebble 2024/11/28 20:59:29 Order N8_llt2gTHfLcd7MhqYJiT_c_aavRkIbm7jOPxL6Ymw is fully authorized. Processing finalization
acme # [ 406.666761] pebble[681]: Pebble 2024/11/28 20:59:29 Issued certificate serial 48a460cfbb337b3d for order N8_llt2gTHfLcd7MhqYJiT_c_aavRkIbm7jOPxL6Ymw
acme # [ 406.668783] pebble[681]: Pebble 2024/11/28 20:59:29 POST /my-order/ -> calling handler()
acme # [ 406.671080] pebble[681]: Pebble 2024/11/28 20:59:29 POST /certZ/ -> calling handler()
webserver # [ 406.305419] acme-httpd-dns.example.test-start[5354]: 2024/11/28 20:59:28 [INFO] [httpd-dns.example.test] Server responded with a certificate.
webserver # [ 406.312250] acme-httpd-dns.example.test-start[5351]: + mv domainhash.txt certificates/
webserver # [ 406.319752] acme-httpd-dns.example.test-start[5351]: + chown acme:wwwrun certificates/domainhash.txt certificates/httpd-dns.example.test.crt certificates/httpd-dns.example.test.issuer.crt certificates/httpd-dns.example.test.json certificates/httpd-dns.example.test.key
webserver # [ 406.331226] acme-httpd-dns.example.test-start[5351]: + cmp -s certificates/httpd-dns.example.test.crt out/fullchain.pem
webserver # [ 406.336434] acme-httpd-dns.example.test-start[5351]: + touch out/renewed
webserver # [ 406.343548] acme-httpd-dns.example.test-start[5351]: + echo Installing new certificate
webserver # [ 406.344791] acme-httpd-dns.example.test-start[5351]: Installing new certificate
webserver # [ 406.346199] acme-httpd-dns.example.test-start[5351]: + cp -vp certificates/httpd-dns.example.test.crt out/fullchain.pem
webserver # [ 406.353266] acme-httpd-dns.example.test-start[5377]: 'certificates/httpd-dns.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 406.356081] acme-httpd-dns.example.test-start[5351]: + cp -vp certificates/httpd-dns.example.test.key out/key.pem
webserver # [ 406.362970] acme-httpd-dns.example.test-start[5378]: 'certificates/httpd-dns.example.test.key' -> 'out/key.pem'
webserver # [ 406.365328] acme-httpd-dns.example.test-start[5351]: + cp -vp certificates/httpd-dns.example.test.issuer.crt out/chain.pem
webserver # [ 406.371287] acme-httpd-dns.example.test-start[5379]: 'certificates/httpd-dns.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 406.373379] acme-httpd-dns.example.test-start[5351]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 406.379825] acme-httpd-dns.example.test-start[5351]: + cat out/key.pem out/fullchain.pem
webserver # [ 406.386342] acme-httpd-dns.example.test-start[5351]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 406.393416] acme-httpd-dns.example.test-start[5351]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 406.394687] acme-httpd-dns.example.test-start[5351]: Releasing lock /run/acme/2.lock
webserver # [ 406.441217] systemd[1]: acme-httpd-dns.example.test.service: Deactivated successfully.
webserver # [ 406.447371] systemd[1]: Finished Renew ACME certificate for httpd-dns.example.test.
webserver # [ 406.448736] systemd[1]: acme-httpd-dns.example.test.service: Consumed 224ms CPU time, 21.6M memory peak, 4K written to disk, 19.6K incoming IP traffic, 14.5K outgoing IP traffic.
webserver # [ 406.458746] systemd[1]: Starting Apache HTTPD...
webserver # [ 406.667270] systemd[1]: httpd.service: Can't open PID file /run/httpd/httpd.pid (yet?) after start: No such file or directory
webserver # [ 406.686199] systemd[1]: Started Apache HTTPD.
webserver # [ 406.691573] systemd[1]: Starting Renew ACME certificate for httpd-http.example.test...
webserver # [ 406.756660] acme-httpd-http.example.test-start[5458]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 406.760265] acme-httpd-http.example.test-start[5458]: Acquired lock /run/acme/3.lock
webserver # [ 406.761519] acme-httpd-http.example.test-start[5458]: + set -euo pipefail
webserver # [ 406.763299] acme-httpd-http.example.test-start[5561]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 406.770352] acme-httpd-http.example.test-start[5561]: + chgrp wwwrun /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 406.779073] acme-httpd-http.example.test-start[5458]: + echo c63f2de46052d3f916bc
webserver # [ 406.780251] acme-httpd-http.example.test-start[5458]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 406.785469] acme-httpd-http.example.test-start[5458]: + lego --accept-tos --path . -d httpd-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d httpd-http-alias.example.test run
acme # [ 407.233952] pebble[681]: Pebble 2024/11/28 20:59:29 GET /dir -> calling handler()
acme # [ 407.235545] pebble[681]: Pebble 2024/11/28 20:59:29 HEAD /nonce-plz -> calling handler()
webserver # [ 406.867440] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] [httpd-http.example.test, httpd-http-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 407.238537] pebble[681]: Pebble 2024/11/28 20:59:29 POST /order-plz -> calling handler()
acme # [ 407.239702] pebble[681]: Pebble 2024/11/28 20:59:29 There are now 27 authorizations in the db
acme # [ 407.240893] pebble[681]: Pebble 2024/11/28 20:59:29 There are now 28 authorizations in the db
acme # [ 407.242170] pebble[681]: Pebble 2024/11/28 20:59:29 Added order "KBUeZH50BGjXQcPUY7q6_Kj_TjqVKRhrguyQ5obbg1w" to the db
acme # [ 407.243621] pebble[681]: Pebble 2024/11/28 20:59:29 There are now 25 orders in the db
acme # [ 407.295401] pebble[681]: Pebble 2024/11/28 20:59:29 POST /authZ/ -> calling handler()
acme # [ 407.351505] pebble[681]: Pebble 2024/11/28 20:59:29 POST /authZ/ -> calling handler()
webserver # [ 406.985775] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/authZ/NlSekR8MV_wfG3Nl4zLpn4KH7wpjdnfLlVdibKi6z7I :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: 8ScuIZHaGuUeYmXBfyqGVw
acme # [ 407.468941] pebble[681]: Pebble 2024/11/28 20:59:30 POST /authZ/ -> calling handler()
acme # [ 407.470478] pebble[681]: Pebble 2024/11/28 20:59:30 POST /chalZ/ -> calling handler()
webserver # [ 407.102068] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] [httpd-http-alias.example.test] AuthURL: https://acme.test/authZ/XsGBD3rrtoUJ0mKLoTAZIuy6ETzCsZMQMXcFenZOpUU
webserver # [ 407.104801] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] [httpd-http.example.test] AuthURL: https://acme.test/authZ/NlSekR8MV_wfG3Nl4zLpn4KH7wpjdnfLlVdibKi6z7I
acme # [ 407.472397] pebble[681]: Pebble 2024/11/28 20:59:30 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"httpd-http-alias.example.test"}, Challenge:(*core.Challenge)(0xc0002f26e0), Account:(*core.Account)(0xc0001285a0), AccountURL:"https://acme.test/my-account/3dcb4cc8d0a7426e", Wildcard:false}
webserver # [ 407.107368] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] [httpd-http-alias.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 407.476330] pebble[681]: Pebble 2024/11/28 20:59:30 Starting 3 validations.
webserver # [ 407.109625] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] [httpd-http-alias.example.test] acme: use http-01 solver
acme # [ 407.477823] pebble[681]: Pebble 2024/11/28 20:59:30 Attempting to validate w/ HTTP: http://httpd-http-alias.example.test:80/.well-known/acme-challenge/sU7mIKYVY5Z1Q6hglF4Io9Q3JM7LzhoYNcOOF2Cklg8
webserver # [ 407.111640] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] [httpd-http.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 407.480167] pebble[681]: Pebble 2024/11/28 20:59:30 Attempting to validate w/ HTTP: http://httpd-http-alias.example.test:80/.well-known/acme-challenge/sU7mIKYVY5Z1Q6hglF4Io9Q3JM7LzhoYNcOOF2Cklg8
webserver # [ 407.114197] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] [httpd-http.example.test] acme: use http-01 solver
webserver # [ 407.115908] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:29 [INFO] [httpd-http-alias.example.test] acme: Trying to solve HTTP-01
acme # [ 407.483102] pebble[681]: Pebble 2024/11/28 20:59:30 Attempting to validate w/ HTTP: http://httpd-http-alias.example.test:80/.well-known/acme-challenge/sU7mIKYVY5Z1Q6hglF4Io9Q3JM7LzhoYNcOOF2Cklg8
acme # [ 407.486991] pebble[681]: Pebble 2024/11/28 20:59:30 POST /authZ/ -> calling handler()
acme # [ 407.494715] pebble[681]: Pebble 2024/11/28 20:59:30 authz XsGBD3rrtoUJ0mKLoTAZIuy6ETzCsZMQMXcFenZOpUU set VALID by completed challenge MO1op30z3_h9D8tLOzII8mQ1i5VfLHAfyMfS5hO_8Gs
acme # [ 413.571763] pebble[681]: Pebble 2024/11/28 20:59:36 POST /authZ/ -> calling handler()
webserver # [ 413.204593] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:35 [INFO] [httpd-http-alias.example.test] The server validated our request
acme # [ 413.573368] pebble[681]: Pebble 2024/11/28 20:59:36 POST /chalZ/ -> calling handler()
webserver # [ 413.206776] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:35 [INFO] [httpd-http.example.test] acme: Trying to solve HTTP-01
acme # [ 413.575198] pebble[681]: Pebble 2024/11/28 20:59:36 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"httpd-http.example.test"}, Challenge:(*core.Challenge)(0xc0002f2960), Account:(*core.Account)(0xc0001285a0), AccountURL:"https://acme.test/my-account/3dcb4cc8d0a7426e", Wildcard:false}
acme # [ 413.579186] pebble[681]: Pebble 2024/11/28 20:59:36 Starting 3 validations.
acme # [ 413.580337] pebble[681]: Pebble 2024/11/28 20:59:36 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/igaRr5geEV2S5Tg0exL-VKpoj2BF7wJRuv47hcW8tcA
acme # [ 413.583062] pebble[681]: Pebble 2024/11/28 20:59:36 POST /authZ/ -> calling handler()
acme # [ 413.584780] pebble[681]: Pebble 2024/11/28 20:59:36 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/igaRr5geEV2S5Tg0exL-VKpoj2BF7wJRuv47hcW8tcA
acme # [ 413.588083] pebble[681]: Pebble 2024/11/28 20:59:36 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/igaRr5geEV2S5Tg0exL-VKpoj2BF7wJRuv47hcW8tcA
acme # [ 413.594938] pebble[681]: Pebble 2024/11/28 20:59:36 authz NlSekR8MV_wfG3Nl4zLpn4KH7wpjdnfLlVdibKi6z7I set VALID by completed challenge P7oYVIx2quPhu7t68qunrufQEbGtMWV7luPMThBAwTQ
acme # [ 420.689608] pebble[681]: Pebble 2024/11/28 20:59:43 POST /authZ/ -> calling handler()
webserver # [ 420.322527] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:42 [INFO] [httpd-http.example.test] The server validated our request
acme # [ 420.691342] pebble[681]: Pebble 2024/11/28 20:59:43 POST /finalize-order/ -> calling handler()
webserver # [ 420.324323] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:42 [INFO] [httpd-http.example.test, httpd-http-alias.example.test] acme: Validations succeeded; requesting certificates
acme # [ 420.693057] pebble[681]: Pebble 2024/11/28 20:59:43 Order KBUeZH50BGjXQcPUY7q6_Kj_TjqVKRhrguyQ5obbg1w is fully authorized. Processing finalization
webserver # [ 420.327262] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:42 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 420.697655] pebble[681]: Pebble 2024/11/28 20:59:43 Issued certificate serial 52f526ab40130c81 for order KBUeZH50BGjXQcPUY7q6_Kj_TjqVKRhrguyQ5obbg1w
acme # [ 420.699510] pebble[681]: Pebble 2024/11/28 20:59:43 POST /my-order/ -> calling handler()
acme # [ 420.701503] pebble[681]: Pebble 2024/11/28 20:59:43 POST /certZ/ -> calling handler()
webserver # [ 420.335936] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:42 [INFO] retry due to: acme: error: 400 :: POST :: https://acme.test/certZ/52f526ab40130c81 :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: OGz1H1C3WLzUfwCdY4x6SA
acme # [ 420.884602] pebble[681]: Pebble 2024/11/28 20:59:43 POST /certZ/ -> calling handler()
webserver # [ 420.517411] acme-httpd-http.example.test-start[5564]: 2024/11/28 20:59:43 [INFO] [httpd-http.example.test] Server responded with a certificate.
webserver # [ 420.525333] acme-httpd-http.example.test-start[5458]: + mv domainhash.txt certificates/
webserver # [ 420.532265] acme-httpd-http.example.test-start[5458]: + chown acme:wwwrun certificates/domainhash.txt certificates/httpd-http.example.test.crt certificates/httpd-http.example.test.issuer.crt certificates/httpd-http.example.test.json certificates/httpd-http.example.test.key
webserver # [ 420.542444] acme-httpd-http.example.test-start[5458]: + cmp -s certificates/httpd-http.example.test.crt out/fullchain.pem
webserver # [ 420.547225] acme-httpd-http.example.test-start[5458]: + touch out/renewed
webserver # [ 420.553898] acme-httpd-http.example.test-start[5458]: + echo Installing new certificate
webserver # [ 420.555147] acme-httpd-http.example.test-start[5458]: Installing new certificate
webserver # [ 420.556258] acme-httpd-http.example.test-start[5458]: + cp -vp certificates/httpd-http.example.test.crt out/fullchain.pem
webserver # [ 420.563163] acme-httpd-http.example.test-start[5572]: 'certificates/httpd-http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 420.565137] acme-httpd-http.example.test-start[5458]: + cp -vp certificates/httpd-http.example.test.key out/key.pem
webserver # [ 420.571082] acme-httpd-http.example.test-start[5573]: 'certificates/httpd-http.example.test.key' -> 'out/key.pem'
webserver # [ 420.573819] acme-httpd-http.example.test-start[5458]: + cp -vp certificates/httpd-http.example.test.issuer.crt out/chain.pem
webserver # [ 420.579328] acme-httpd-http.example.test-start[5574]: 'certificates/httpd-http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 420.581530] acme-httpd-http.example.test-start[5458]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 420.587752] acme-httpd-http.example.test-start[5458]: + cat out/key.pem out/fullchain.pem
webserver # [ 420.594388] acme-httpd-http.example.test-start[5458]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 420.601337] acme-httpd-http.example.test-start[5458]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 420.603106] acme-httpd-http.example.test-start[5458]: Releasing lock /run/acme/3.lock
webserver # [ 420.648695] systemd[1]: acme-httpd-http.example.test.service: Deactivated successfully.
webserver # [ 420.650555] systemd[1]: Finished Renew ACME certificate for httpd-http.example.test.
webserver # [ 420.653186] systemd[1]: acme-httpd-http.example.test.service: Consumed 166ms CPU time, 20.2M memory peak, 12K written to disk, 17.1K incoming IP traffic, 11.3K outgoing IP traffic.
webserver # [ 420.662167] systemd[1]: Starting httpd-config-reload.service...
webserver # [ 420.747269] httpd[5586]: Syntax OK
webserver # [ 420.802135] systemd[1]: Reloading Apache HTTPD...
webserver # [ 420.890496] systemd[1]: Reloaded Apache HTTPD.
webserver # [ 420.899373] systemd[1]: httpd-config-reload.service: Deactivated successfully.
webserver # [ 420.901619] systemd[1]: Finished httpd-config-reload.service.
webserver # [ 420.903618] systemd[1]: Reached target acme-finished-httpd-dns.example.test.target.
webserver # [ 420.906096] systemd[1]: Reached target acme-finished-httpd-http.example.test.target.
webserver # the following new units were started: acme-finished-httpd-dns.example.test.target, acme-finished-httpd-http.example.test.target, acme-httpd-dns.example.test.timer, acme-httpd-http.example.test.timer, httpd.service
webserver # [ 421.166047] nixos[5153]: finished switching to system configuration /nix/store/38780mj3n08g48smxxjc9sqs5mhvwicy-nixos-system-webserver-test
(finished: must succeed: /tmp/specialisation/httpd/bin/switch-to-configuration test, in 91.52 seconds)
webserver # [ 421.224497] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 421.227793] systemd[1]: Generate self-signed certificate for httpd-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/httpd-http.example.test/key.pem).
webserver # [ 421.234246] systemd[1]: Starting Renew ACME certificate for httpd-http.example.test...
webserver # [ 421.296324] acme-httpd-http.example.test-start[5757]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 421.299671] acme-httpd-http.example.test-start[5757]: Acquired lock /run/acme/3.lock
webserver # [ 421.300869] acme-httpd-http.example.test-start[5757]: + set -euo pipefail
webserver # [ 421.302560] acme-httpd-http.example.test-start[5759]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 421.308993] acme-httpd-http.example.test-start[5759]: + chgrp wwwrun /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 421.317073] acme-httpd-http.example.test-start[5757]: + echo c63f2de46052d3f916bc
webserver # [ 421.318348] acme-httpd-http.example.test-start[5757]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 421.323229] acme-httpd-http.example.test-start[5757]: + '[' -e certificates/httpd-http.example.test.key ']'
webserver # [ 421.324700] acme-httpd-http.example.test-start[5757]: + '[' -e certificates/httpd-http.example.test.crt ']'
webserver # [ 421.326452] acme-httpd-http.example.test-start[5762]: ++ find accounts -name [email protected]
webserver # [ 421.334359] acme-httpd-http.example.test-start[5757]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 421.336107] acme-httpd-http.example.test-start[5757]: + lego --accept-tos --path . -d httpd-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d httpd-http-alias.example.test renew --no-random-sleep --days 30
acme # [ 421.789425] pebble[681]: Pebble 2024/11/28 20:59:44 GET /dir -> calling handler()
webserver # [ 421.423415] acme-httpd-http.example.test-start[5763]: 2024/11/28 20:59:44 [httpd-http.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 421.429743] acme-httpd-http.example.test-start[5757]: + mv domainhash.txt certificates/
webserver # [ 421.436555] acme-httpd-http.example.test-start[5757]: + chown acme:wwwrun certificates/domainhash.txt certificates/httpd-http.example.test.crt certificates/httpd-http.example.test.issuer.crt certificates/httpd-http.example.test.json certificates/httpd-http.example.test.key
webserver # [ 421.446956] acme-httpd-http.example.test-start[5757]: + cmp -s certificates/httpd-http.example.test.crt out/fullchain.pem
webserver # [ 421.451486] acme-httpd-http.example.test-start[5757]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 421.458118] acme-httpd-http.example.test-start[5757]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 421.459382] acme-httpd-http.example.test-start[5757]: Releasing lock /run/acme/3.lock
webserver # [ 421.499077] systemd[1]: acme-httpd-http.example.test.service: Deactivated successfully.
webserver # [ 421.504079] systemd[1]: Finished Renew ACME certificate for httpd-http.example.test.
webserver # [ 421.505299] systemd[1]: acme-httpd-http.example.test.service: Consumed 147ms CPU time, 20.6M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 421.515346] systemd[1]: Starting httpd-config-reload.service...
webserver # [ 421.604237] httpd[5778]: Syntax OK
webserver # [ 421.656511] systemd[1]: Reloading Apache HTTPD...
webserver # [ 421.732651] systemd[1]: Reloaded Apache HTTPD.
webserver # [ 421.738088] systemd[1]: httpd-config-reload.service: Deactivated successfully.
webserver # [ 421.743392] systemd[1]: Finished httpd-config-reload.service.
webserver: waiting for unit acme-finished-httpd-http.example.test.target
(finished: waiting for unit acme-finished-httpd-http.example.test.target, in 0.06 seconds)
webserver # [ 421.858792] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 421.863248] systemd[1]: Generate self-signed certificate for httpd-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/httpd-dns.example.test/key.pem).
webserver # [ 421.870218] systemd[1]: Starting Renew ACME certificate for httpd-dns.example.test...
webserver # [ 421.935273] acme-httpd-dns.example.test-start[5953]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 421.938896] acme-httpd-dns.example.test-start[5953]: Acquired lock /run/acme/2.lock
webserver # [ 421.940250] acme-httpd-dns.example.test-start[5953]: + set -euo pipefail
webserver # [ 421.941497] acme-httpd-dns.example.test-start[5953]: + echo 0a349e39464efbfff571
webserver # [ 421.942888] acme-httpd-dns.example.test-start[5953]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 421.947540] acme-httpd-dns.example.test-start[5953]: + '[' -e certificates/httpd-dns.example.test.key ']'
webserver # [ 421.949334] acme-httpd-dns.example.test-start[5953]: + '[' -e certificates/httpd-dns.example.test.crt ']'
webserver # [ 421.951391] acme-httpd-dns.example.test-start[5956]: ++ find accounts -name [email protected]
webserver # [ 421.958974] acme-httpd-dns.example.test-start[5953]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 421.960938] acme-httpd-dns.example.test-start[5953]: + lego --accept-tos --path . -d httpd-dns.example.test --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir -d httpd-dns-alias.example.test renew --no-random-sleep --days 30
acme # [ 422.417655] pebble[681]: Pebble 2024/11/28 20:59:45 GET /dir -> calling handler()
webserver # [ 422.050816] acme-httpd-dns.example.test-start[5957]: 2024/11/28 20:59:44 [httpd-dns.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 422.058226] acme-httpd-dns.example.test-start[5953]: + mv domainhash.txt certificates/
webserver # [ 422.064959] acme-httpd-dns.example.test-start[5953]: + chown acme:wwwrun certificates/domainhash.txt certificates/httpd-dns.example.test.crt certificates/httpd-dns.example.test.issuer.crt certificates/httpd-dns.example.test.json certificates/httpd-dns.example.test.key
webserver # [ 422.075345] acme-httpd-dns.example.test-start[5953]: + cmp -s certificates/httpd-dns.example.test.crt out/fullchain.pem
webserver # [ 422.079878] acme-httpd-dns.example.test-start[5953]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 422.086757] acme-httpd-dns.example.test-start[5953]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 422.088138] acme-httpd-dns.example.test-start[5953]: Releasing lock /run/acme/2.lock
webserver # [ 422.125784] systemd[1]: acme-httpd-dns.example.test.service: Deactivated successfully.
webserver # [ 422.130521] systemd[1]: Finished Renew ACME certificate for httpd-dns.example.test.
webserver # [ 422.133367] systemd[1]: acme-httpd-dns.example.test.service: Consumed 146ms CPU time, 20.5M memory peak, 2.2K incoming IP traffic, 842B outgoing IP traffic.
webserver # [ 422.142273] systemd[1]: Starting httpd-config-reload.service...
webserver # [ 422.229496] httpd[5973]: Syntax OK
webserver # [ 422.280935] systemd[1]: Reloading Apache HTTPD...
webserver # [ 422.359252] systemd[1]: Reloaded Apache HTTPD.
webserver # [ 422.364758] systemd[1]: httpd-config-reload.service: Deactivated successfully.
webserver # [ 422.367648] systemd[1]: Finished httpd-config-reload.service.
webserver: waiting for unit acme-finished-httpd-dns.example.test.target
(finished: waiting for unit acme-finished-httpd-dns.example.test.target, in 0.06 seconds)
webserver: waiting for unit httpd.service
(finished: waiting for unit httpd.service, in 0.06 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/cert.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/fullchain.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-dns.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-dns.example.test/cert.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-dns.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-dns.example.test/fullchain.pem, in 0.05 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-http.example.test -connect httpd-http.example.test:443 < /dev/null 2>&1
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-http.example.test -connect httpd-http.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-http-alias.example.test -connect httpd-http-alias.example.test:443 < /dev/null 2>&1
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-http-alias.example.test -connect httpd-http-alias.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-dns.example.test -connect httpd-dns.example.test:443 < /dev/null 2>&1
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-dns.example.test -connect httpd-dns.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-dns-alias.example.test -connect httpd-dns-alias.example.test:443 < /dev/null 2>&1
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-dns-alias.example.test -connect httpd-dns-alias.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-wildcard.example.test -connect httpd-wildcard.example.test:443 < /dev/null 2>&1
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-wildcard.example.test -connect httpd-wildcard.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-wildcard-alias.example.test -connect httpd-wildcard-alias.example.test:443 < /dev/null 2>&1
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-wildcard-alias.example.test -connect httpd-wildcard-alias.example.test:443 < /dev/null 2>&1, in 0.03 seconds)
(finished: subtest: Works with httpd, in 93.27 seconds)
subtest: Can reload httpd when timer triggers renewal
webserver: must succeed: systemctl clean acme-httpd-http.example.test.service --what=state
webserver # [ 422.935598] systemd[1]: acme-httpd-http.example.test.service: Deactivated successfully.
(finished: must succeed: systemctl clean acme-httpd-http.example.test.service --what=state, in 0.06 seconds)
webserver: must succeed: systemctl start acme-selfsigned-httpd-http.example.test.service
webserver # [ 422.969947] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 422.978972] systemd[1]: Starting Generate self-signed certificate for httpd-http.example.test...
webserver # [ 423.037542] acme-selfsigned-httpd-http.example.test-start[6167]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 423.040990] acme-selfsigned-httpd-http.example.test-start[6167]: Acquired lock /run/acme/3.lock
webserver # [ 423.078405] acme-selfsigned-httpd-http.example.test-start[6167]: Releasing lock /run/acme/3.lock
webserver # [ 423.081595] systemd[1]: acme-selfsigned-httpd-http.example.test.service: Deactivated successfully.
webserver # [ 423.085596] systemd[1]: Finished Generate self-signed certificate for httpd-http.example.test.
(finished: must succeed: systemctl start acme-selfsigned-httpd-http.example.test.service, in 0.15 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/cert.pem, in 0.04 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/fullchain.pem, in 0.05 seconds)
webserver: must succeed: systemctl start httpd-config-reload.service
webserver # [ 423.219259] systemd[1]: Starting httpd-config-reload.service...
webserver # [ 423.311520] httpd[6193]: Syntax OK
webserver # [ 423.364240] systemd[1]: Reloading Apache HTTPD...
webserver # [ 423.445713] systemd[1]: Reloaded Apache HTTPD.
webserver # [ 423.451475] systemd[1]: httpd-config-reload.service: Deactivated successfully.
webserver # [ 423.453231] systemd[1]: Finished httpd-config-reload.service.
(finished: must succeed: systemctl start httpd-config-reload.service, in 0.28 seconds)
webserver: must succeed: systemctl start test-renew-httpd.target
webserver # [ 423.494922] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 423.500557] systemd[1]: Generate self-signed certificate for httpd-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/httpd-http.example.test/key.pem).
webserver # [ 423.507288] systemd[1]: Starting Renew ACME certificate for httpd-http.example.test...
webserver # [ 423.587731] acme-httpd-http.example.test-start[6203]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 423.591246] acme-httpd-http.example.test-start[6203]: Acquired lock /run/acme/3.lock
webserver # [ 423.592675] acme-httpd-http.example.test-start[6203]: + set -euo pipefail
webserver # [ 423.594469] acme-httpd-http.example.test-start[6365]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 423.601198] acme-httpd-http.example.test-start[6365]: + chgrp wwwrun /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 423.609068] acme-httpd-http.example.test-start[6203]: + echo c63f2de46052d3f916bc
webserver # [ 423.610675] acme-httpd-http.example.test-start[6203]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 423.615030] acme-httpd-http.example.test-start[6203]: + lego --accept-tos --path . -d httpd-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir -d httpd-http-alias.example.test run
webserver # [ 423.660187] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 No key found for account [email protected]. Generating a P256 key.
webserver # [ 423.662387] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 Saved key to accounts/acme.test/[email protected]/keys/[email protected]
acme # [ 424.072361] pebble[681]: Pebble 2024/11/28 20:59:46 GET /dir -> calling handler()
webserver # [ 423.704432] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] acme: Registering account for [email protected]
acme # [ 424.074076] pebble[681]: Pebble 2024/11/28 20:59:46 HEAD /nonce-plz -> calling handler()
webserver # [ 423.708063] acme-httpd-http.example.test-start[6368]: !!!! HEADS UP !!!!
acme # [ 424.075824] pebble[681]: Pebble 2024/11/28 20:59:46 POST /sign-me-up -> calling handler()
acme # [ 424.076979] pebble[681]: Pebble 2024/11/28 20:59:46 There are now 6 accounts in memory
webserver # [ 423.709092] acme-httpd-http.example.test-start[6368]: Your account credentials have been saved in your Let's Encrypt
webserver # [ 423.710542] acme-httpd-http.example.test-start[6368]: configuration directory at "accounts".
webserver # [ 423.711733] acme-httpd-http.example.test-start[6368]: You should make a secure backup of this folder now. This
webserver # [ 423.713244] acme-httpd-http.example.test-start[6368]: configuration directory will also contain certificates and
acme # [ 424.083460] pebble[681]: Pebble 2024/11/28 20:59:46 POST /order-plz -> calling handler()
webserver # [ 423.715536] acme-httpd-http.example.test-start[6368]: private keys obtained from Let's Encrypt so making regular
acme # [ 424.085371] pebble[681]: Pebble 2024/11/28 20:59:46 There are now 29 authorizations in the db
webserver # [ 423.717305] acme-httpd-http.example.test-start[6368]: backups of this folder is ideal.
acme # [ 424.086584] pebble[681]: Pebble 2024/11/28 20:59:46 There are now 30 authorizations in the db
webserver # [ 423.718742] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] [httpd-http.example.test, httpd-http-alias.example.test] acme: Obtaining bundled SAN certificate
acme # [ 424.087821] pebble[681]: Pebble 2024/11/28 20:59:46 Added order "5ZT_8mmsXbtZp96XqkFcugc9M53ovuYjtl6BOBKK2hg" to the db
acme # [ 424.089290] pebble[681]: Pebble 2024/11/28 20:59:46 There are now 26 orders in the db
acme # [ 424.146530] pebble[681]: Pebble 2024/11/28 20:59:46 POST /authZ/ -> calling handler()
acme # [ 424.202580] pebble[681]: Pebble 2024/11/28 20:59:46 POST /authZ/ -> calling handler()
acme # [ 424.205827] pebble[681]: Pebble 2024/11/28 20:59:46 POST /chalZ/ -> calling handler()
webserver # [ 423.837291] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] [httpd-http.example.test] AuthURL: https://acme.test/authZ/EIys8rrA_sIUj6_USU0XRid1ECMfUrnBms1AXJuUTjs
webserver # [ 423.839606] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] [httpd-http-alias.example.test] AuthURL: https://acme.test/authZ/0BZblU7GsmsB4Y-aPv7fzSCJAeu5YJsAc6c_elW7ggs
acme # [ 424.207053] pebble[681]: Pebble 2024/11/28 20:59:46 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"httpd-http-alias.example.test"}, Challenge:(*core.Challenge)(0xc0002f2e60), Account:(*core.Account)(0xc0000851a0), AccountURL:"https://acme.test/my-account/478458592973281b", Wildcard:false}
webserver # [ 423.841820] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] [httpd-http-alias.example.test] acme: Could not find solver for: tls-alpn-01
acme # [ 424.210747] pebble[681]: Pebble 2024/11/28 20:59:46 Starting 3 validations.
webserver # [ 423.843720] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] [httpd-http-alias.example.test] acme: use http-01 solver
acme # [ 424.211742] pebble[681]: Pebble 2024/11/28 20:59:46 Attempting to validate w/ HTTP: http://httpd-http-alias.example.test:80/.well-known/acme-challenge/4gvVTMpU1fmi3kLvYYk3gj96geUP730C9YuIYguRETY
webserver # [ 423.845544] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] [httpd-http.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 423.847575] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] [httpd-http.example.test] acme: use http-01 solver
acme # [ 424.214426] pebble[681]: Pebble 2024/11/28 20:59:46 Attempting to validate w/ HTTP: http://httpd-http-alias.example.test:80/.well-known/acme-challenge/4gvVTMpU1fmi3kLvYYk3gj96geUP730C9YuIYguRETY
webserver # [ 423.849328] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:46 [INFO] [httpd-http-alias.example.test] acme: Trying to solve HTTP-01
acme # [ 424.217528] pebble[681]: Pebble 2024/11/28 20:59:46 Attempting to validate w/ HTTP: http://httpd-http-alias.example.test:80/.well-known/acme-challenge/4gvVTMpU1fmi3kLvYYk3gj96geUP730C9YuIYguRETY
acme # [ 424.221780] pebble[681]: Pebble 2024/11/28 20:59:46 POST /authZ/ -> calling handler()
acme # [ 424.227494] pebble[681]: Pebble 2024/11/28 20:59:46 authz EIys8rrA_sIUj6_USU0XRid1ECMfUrnBms1AXJuUTjs set VALID by completed challenge 1x0RhbHLFsRs34HAzgtwwxAY1x0jgENrmgZmejGCERA
acme # [ 429.283777] pebble[681]: Pebble 2024/11/28 20:59:51 POST /authZ/ -> calling handler()
webserver # [ 428.916612] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:51 [INFO] [httpd-http-alias.example.test] The server validated our request
acme # [ 429.285437] pebble[681]: Pebble 2024/11/28 20:59:51 POST /chalZ/ -> calling handler()
webserver # [ 428.918485] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:51 [INFO] [httpd-http.example.test] acme: Trying to solve HTTP-01
acme # [ 429.287059] pebble[681]: Pebble 2024/11/28 20:59:51 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"httpd-http.example.test"}, Challenge:(*core.Challenge)(0xc0002f30e0), Account:(*core.Account)(0xc0000851a0), AccountURL:"https://acme.test/my-account/478458592973281b", Wildcard:false}
acme # [ 429.290856] pebble[681]: Pebble 2024/11/28 20:59:51 Starting 3 validations.
acme # [ 429.292317] pebble[681]: Pebble 2024/11/28 20:59:51 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/LcCM6QXkjDJdEvNY1kNbAw2erTlqdbqyTy1oPpuYOJU
acme # [ 429.295175] pebble[681]: Pebble 2024/11/28 20:59:51 POST /authZ/ -> calling handler()
acme # [ 429.297158] pebble[681]: Pebble 2024/11/28 20:59:51 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/LcCM6QXkjDJdEvNY1kNbAw2erTlqdbqyTy1oPpuYOJU
acme # [ 429.300141] pebble[681]: Pebble 2024/11/28 20:59:51 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/LcCM6QXkjDJdEvNY1kNbAw2erTlqdbqyTy1oPpuYOJU
acme # [ 429.306673] pebble[681]: Pebble 2024/11/28 20:59:51 authz 0BZblU7GsmsB4Y-aPv7fzSCJAeu5YJsAc6c_elW7ggs set VALID by completed challenge NjYKmtgzTOHCqhpQ9xJ8W9wLUAkjjR3nFcmY7kVz2y4
acme # [ 433.604119] pebble[681]: Pebble 2024/11/28 20:59:56 POST /authZ/ -> calling handler()
webserver # [ 433.237043] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:55 [INFO] [httpd-http.example.test] The server validated our request
acme # [ 433.605779] pebble[681]: Pebble 2024/11/28 20:59:56 POST /finalize-order/ -> calling handler()
webserver # [ 433.238823] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:55 [INFO] [httpd-http.example.test, httpd-http-alias.example.test] acme: Validations succeeded; requesting certificates
acme # [ 433.607654] pebble[681]: Pebble 2024/11/28 20:59:56 Order 5ZT_8mmsXbtZp96XqkFcugc9M53ovuYjtl6BOBKK2hg is fully authorized. Processing finalization
webserver # [ 433.241716] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:55 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
acme # [ 433.612743] pebble[681]: Pebble 2024/11/28 20:59:56 Issued certificate serial 18fa07b42b9f9a81 for order 5ZT_8mmsXbtZp96XqkFcugc9M53ovuYjtl6BOBKK2hg
acme # [ 433.614974] pebble[681]: Pebble 2024/11/28 20:59:56 POST /my-order/ -> calling handler()
acme # [ 433.616626] pebble[681]: Pebble 2024/11/28 20:59:56 POST /certZ/ -> calling handler()
webserver # [ 433.251305] acme-httpd-http.example.test-start[6368]: 2024/11/28 20:59:55 [INFO] [httpd-http.example.test] Server responded with a certificate.
webserver # [ 433.258696] acme-httpd-http.example.test-start[6203]: + mv domainhash.txt certificates/
webserver # [ 433.266959] acme-httpd-http.example.test-start[6203]: + chown acme:wwwrun certificates/domainhash.txt certificates/httpd-http.example.test.crt certificates/httpd-http.example.test.issuer.crt certificates/httpd-http.example.test.json certificates/httpd-http.example.test.key
webserver # [ 433.278687] acme-httpd-http.example.test-start[6203]: + cmp -s certificates/httpd-http.example.test.crt out/fullchain.pem
webserver # [ 433.284220] acme-httpd-http.example.test-start[6203]: + touch out/renewed
webserver # [ 433.291609] acme-httpd-http.example.test-start[6203]: + echo Installing new certificate
webserver # [ 433.292997] acme-httpd-http.example.test-start[6203]: Installing new certificate
webserver # [ 433.294668] acme-httpd-http.example.test-start[6203]: + cp -vp certificates/httpd-http.example.test.crt out/fullchain.pem
webserver # [ 433.301252] acme-httpd-http.example.test-start[6377]: 'certificates/httpd-http.example.test.crt' -> 'out/fullchain.pem'
webserver # [ 433.304381] acme-httpd-http.example.test-start[6203]: + cp -vp certificates/httpd-http.example.test.key out/key.pem
webserver # [ 433.310438] acme-httpd-http.example.test-start[6378]: 'certificates/httpd-http.example.test.key' -> 'out/key.pem'
webserver # [ 433.313070] acme-httpd-http.example.test-start[6203]: + cp -vp certificates/httpd-http.example.test.issuer.crt out/chain.pem
webserver # [ 433.319573] acme-httpd-http.example.test-start[6379]: 'certificates/httpd-http.example.test.issuer.crt' -> 'out/chain.pem'
webserver # [ 433.322353] acme-httpd-http.example.test-start[6203]: + ln -sf fullchain.pem out/cert.pem
webserver # [ 433.329639] acme-httpd-http.example.test-start[6203]: + cat out/key.pem out/fullchain.pem
webserver # [ 433.336641] acme-httpd-http.example.test-start[6203]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem out/renewed
webserver # [ 433.344190] acme-httpd-http.example.test-start[6203]: + echo 'Releasing lock /run/acme/3.lock'
webserver # [ 433.345664] acme-httpd-http.example.test-start[6203]: Releasing lock /run/acme/3.lock
webserver # [ 433.390988] systemd[1]: acme-httpd-http.example.test.service: Deactivated successfully.
webserver # [ 433.394613] systemd[1]: Finished Renew ACME certificate for httpd-http.example.test.
webserver # [ 433.397303] systemd[1]: acme-httpd-http.example.test.service: Consumed 166ms CPU time, 19.9M memory peak, 16K written to disk, 16.8K incoming IP traffic, 10.7K outgoing IP traffic.
webserver # [ 433.405945] systemd[1]: Starting httpd-config-reload.service...
webserver # [ 433.573445] httpd[6391]: Syntax OK
webserver # [ 433.678151] systemd[1]: Reloading Apache HTTPD...
webserver # [ 433.910085] systemd[1]: Reloaded Apache HTTPD.
webserver # [ 433.924677] systemd[1]: httpd-config-reload.service: Deactivated successfully.
webserver # [ 433.936069] systemd[1]: Finished httpd-config-reload.service.
webserver # [ 433.938215] systemd[1]: Reached target test-renew-httpd.target.
(finished: must succeed: systemctl start test-renew-httpd.target, in 10.51 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/cert.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/cert.pem, in 0.13 seconds)
webserver: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/fullchain.pem
(finished: must succeed: openssl x509 -noout -issuer -in /var/lib/acme/httpd-http.example.test/fullchain.pem, in 0.09 seconds)
client: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-http.example.test -connect httpd-http.example.test:443 < /dev/null 2>&1
(finished: must succeed: openssl s_client -brief -verify 2 -CAfile /tmp/ca.crt -servername httpd-http.example.test -connect httpd-http.example.test:443 < /dev/null 2>&1, in 0.04 seconds)
(finished: subtest: Can reload httpd when timer triggers renewal, in 11.34 seconds)
subtest: Can remove an alias from a domain + cert is updated
webserver: must succeed: /tmp/specialisation/httpd_remove_alias/bin/switch-to-configuration test
webserver # [ 434.814924] nixos[6571]: switching to system configuration /nix/store/ffphwlz24nwbh1kpgrbchz7g3ylxwvy2-nixos-system-webserver-test
webserver # stopping the following units: httpd.service
webserver # [ 434.821946] systemd[1]: Stopped target Local File Systems.
webserver # [ 434.828532] systemd[1]: Stopped target Remote File Systems.
webserver # [ 434.836147] systemd[1]: Stopping Apache HTTPD...
webserver # [ 435.046589] systemd[1]: httpd.service: Deactivated successfully.
webserver # activating the configuration...
webserver # [ 435.051829] systemd[1]: Stopped Apache HTTPD.
webserver # [ 435.052600] systemd[1]: httpd.service: Consumed 459ms CPU time, 20.3M memory peak, 28K written to disk, 12.3K incoming IP traffic, 27.2K outgoing IP traffic.
webserver # [ 435.682727] systemd[1]: Reload requested from client PID 6571 ('.switch-to-conf') (unit backdoor.service)...
webserver # [ 435.684435] systemd[1]: Reloading...
webserver # [ 435.922707] systemd-ssh-generator[6630]: Disabling SSH generator logic, since sshd is not installed.
webserver # [ 436.551442] systemd[1]: Reloading finished in 864 ms.
webserver # restarting sysinit-reactivation.target
webserver # [ 436.587732] systemd[1]: Stopped target Reactivate sysinit units.
webserver # [ 436.588872] systemd[1]: Stopping Reactivate sysinit units...
webserver # [ 436.594045] systemd[1]: Reached target Reactivate sysinit units.
webserver # starting the following units: httpd.service
webserver # [ 436.604054] systemd[1]: Reached target Remote File Systems.
webserver # [ 436.608787] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 436.614635] systemd[1]: Generate self-signed certificate for httpd-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/httpd-http.example.test/key.pem).
webserver # [ 436.633282] systemd[1]: Starting Renew ACME certificate for httpd-http.example.test...
webserver # [ 436.671957] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 436.678123] systemd[1]: Generate self-signed certificate for httpd-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/httpd-dns.example.test/key.pem).
webserver # [ 436.697521] systemd[1]: Starting Renew ACME certificate for httpd-dns.example.test...
webserver # [ 436.731157] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 436.739263] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 436.756087] systemd[1]: Starting Renew ACME certificate for example.test...
webserver # [ 436.777949] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 436.793691] systemd[1]: Generate self-signed certificate for httpd-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/httpd-http.example.test/key.pem).
webserver # [ 436.833894] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 436.847812] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 436.854129] systemd[1]: Generate self-signed certificate for httpd-dns.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/httpd-dns.example.test/key.pem).
webserver # [ 436.860370] systemd[1]: Generate self-signed certificate for httpd-http.example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/httpd-http.example.test/key.pem).
webserver # [ 436.880872] systemd[1]: Generate self-signed certificate authority was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/.minica/key.pem).
webserver # [ 436.882896] systemd[1]: Generate self-signed certificate for example.test was skipped because of an unmet condition check (ConditionPathExists=!/var/lib/acme/example.test/key.pem).
webserver # [ 436.902258] systemd[1]: Starting Load Kernel Module efi_pstore...
webserver # [ 436.908468] systemd[1]: Starting Create SUID/SGID Wrappers...
webserver # [ 436.909420] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 436.911545] systemd[1]: Reached target Local File Systems.
webserver # [ 436.916829] systemd[1]: Update Boot Loader Random Seed was skipped because no trigger condition checks were met.
webserver # [ 436.918409] systemd[1]: Clear Stale Hibernate Storage Info was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/HibernateLocation-8cf2644b-4b0b-428f-9387-6d876050dc67).
webserver # [ 436.921401] systemd[1]: Early TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 436.924553] systemd[1]: TPM SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 436.933244] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/).
webserver # [ 436.947066] systemd[1]: Make TPM PCR Policy was skipped because of an unmet condition check (ConditionSecurity=measured-uki).
webserver # [ 437.001216] systemd[1]: modprobe@efi_pstore.service: Deactivated successfully.
webserver # [ 437.004128] systemd[1]: Finished Load Kernel Module efi_pstore.
webserver # [ 437.011784] systemd[1]: Platform Persistent Storage Archival was skipped because of an unmet condition check (ConditionDirectoryNotEmpty=/sys/fs/pstore).
webserver # [ 437.034828] acme-httpd-http.example.test-start[6635]: Waiting to acquire lock /run/acme/3.lock
webserver # [ 437.041518] acme-httpd-http.example.test-start[6635]: Acquired lock /run/acme/3.lock
webserver # [ 437.043215] acme-httpd-http.example.test-start[6635]: + set -euo pipefail
webserver # [ 437.044431] acme-httpd-http.example.test-start[6645]: + mkdir -p /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 437.059541] acme-httpd-http.example.test-start[6645]: + chgrp wwwrun /var/lib/acme/acme-challenge/.well-known/acme-challenge
webserver # [ 437.078458] acme-httpd-http.example.test-start[6635]: + echo 25a568200b41a707b1f8
webserver # [ 437.079846] acme-httpd-http.example.test-start[6635]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 437.089651] acme-httpd-http.example.test-start[6635]: + lego --accept-tos --path . -d httpd-http.example.test --email [email protected] --key-type ec256 --http --http.webroot /var/lib/acme/acme-challenge --server https://acme.test/dir run
webserver # [ 437.097350] acme-httpd-dns.example.test-start[6636]: Waiting to acquire lock /run/acme/2.lock
webserver # [ 437.105716] acme-httpd-dns.example.test-start[6636]: Acquired lock /run/acme/2.lock
webserver # [ 437.109558] acme-httpd-dns.example.test-start[6636]: + set -euo pipefail
webserver # [ 437.110796] acme-httpd-dns.example.test-start[6636]: + echo 0a349e39464efbfff571
webserver # [ 437.112209] acme-httpd-dns.example.test-start[6636]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 437.123102] acme-httpd-dns.example.test-start[6636]: + '[' -e certificates/httpd-dns.example.test.key ']'
webserver # [ 437.124955] acme-httpd-dns.example.test-start[6636]: + '[' -e certificates/httpd-dns.example.test.crt ']'
webserver # [ 437.128507] acme-httpd-dns.example.test-start[6659]: ++ find accounts -name [email protected]
webserver # [ 437.132164] acme-example.test-start[6637]: Waiting to acquire lock /run/acme/1.lock
webserver # [ 437.139188] acme-example.test-start[6637]: Acquired lock /run/acme/1.lock
webserver # [ 437.140524] acme-example.test-start[6637]: + set -euo pipefail
webserver # [ 437.142298] acme-example.test-start[6637]: + echo f296e6482529fca9f20a
webserver # [ 437.144494] acme-example.test-start[6637]: + cmp -s domainhash.txt certificates/domainhash.txt
webserver # [ 437.157161] acme-example.test-start[6637]: + '[' -e certificates/_.example.test.key ']'
webserver # [ 437.158757] acme-example.test-start[6637]: + '[' -e certificates/_.example.test.crt ']'
webserver # [ 437.161732] acme-example.test-start[6663]: ++ find accounts -name [email protected]
webserver # [ 437.165215] acme-httpd-dns.example.test-start[6636]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 437.167740] acme-httpd-dns.example.test-start[6636]: + lego --accept-tos --path . -d httpd-dns.example.test --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir -d httpd-dns-alias.example.test renew --no-random-sleep --days 30
webserver # [ 437.193376] acme-example.test-start[6637]: + '[' -n accounts/acme.test/[email protected]/keys/[email protected] ']'
webserver # [ 437.195397] acme-example.test-start[6637]: + lego --accept-tos --path . -d '*.example.test' --email [email protected] --key-type ec256 --dns exec --dns.propagation-disable-ans --server https://acme.test/dir renew --no-random-sleep --days 30
acme # [ 438.091420] pebble[681]: Pebble 2024/11/28 21:00:00 GET /dir -> calling handler()
webserver # [ 437.730691] acme-httpd-http.example.test-start[6651]: 2024/11/28 21:00:00 [INFO] [httpd-http.example.test] acme: Obtaining bundled SAN certificate
acme # [ 438.106700] pebble[681]: Pebble 2024/11/28 21:00:00 HEAD /nonce-plz -> calling handler()
acme # [ 438.116756] pebble[681]: Pebble 2024/11/28 21:00:00 POST /order-plz -> calling handler()
acme # [ 438.118715] pebble[681]: Pebble 2024/11/28 21:00:00 There are now 31 authorizations in the db
acme # [ 438.124455] pebble[681]: Pebble 2024/11/28 21:00:00 Added order "YG_0LBqk98sDLZhInmspm3fJv6lSmRVIJv47V4XIagg" to the db
acme # [ 438.126210] pebble[681]: Pebble 2024/11/28 21:00:00 There are now 27 orders in the db
acme # [ 438.129491] pebble[681]: Pebble 2024/11/28 21:00:00 GET /dir -> calling handler()
webserver # [ 437.777865] acme-httpd-dns.example.test-start[6665]: 2024/11/28 21:00:00 [httpd-dns.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
webserver # [ 437.802682] acme-httpd-dns.example.test-start[6636]: + mv domainhash.txt certificates/
acme # [ 438.167818] pebble[681]: Pebble 2024/11/28 21:00:00 GET /dir -> calling handler()
acme # [ 438.179404] pebble[681]: Pebble 2024/11/28 21:00:00 POST /authZ/ -> calling handler()
webserver # [ 437.808338] acme-example.test-start[6669]: 2024/11/28 21:00:00 [*.example.test] The certificate expires in 1825 days, the number of days defined to perform the renewal is 30: no renewal.
acme # [ 438.190909] pebble[681]: Pebble 2024/11/28 21:00:00 POST /chalZ/ -> calling handler()
webserver # [ 437.818081] acme-httpd-http.example.test-start[6651]: 2024/11/28 21:00:00 [INFO] [httpd-http.example.test] AuthURL: https://acme.test/authZ/Ix73m2nrHMddJk99dH3rJyBowOwupspqxYFIIdgMq6M
webserver # [ 437.827936] acme-httpd-http.example.test-start[6651]: 2024/11/28 21:00:00 [INFO] [httpd-http.example.test] acme: Could not find solver for: tls-alpn-01
webserver # [ 437.830546] acme-httpd-http.example.test-start[6651]: 2024/11/28 21:00:00 [INFO] [httpd-http.example.test] acme: use http-01 solver
webserver # [ 437.836402] acme-httpd-http.example.test-start[6651]: 2024/11/28 21:00:00 [INFO] [httpd-http.example.test] acme: Trying to solve HTTP-01
acme # [ 438.195364] pebble[681]: Pebble 2024/11/28 21:00:00 Pulled a task from the Tasks queue: &va.vaTask{Identifier:acme.Identifier{Type:"dns", Value:"httpd-http.example.test"}, Challenge:(*core.Challenge)(0xc0002f37c0), Account:(*core.Account)(0xc0000851a0), AccountURL:"https://acme.test/my-account/478458592973281b", Wildcard:false}
acme # [ 438.211666] pebble[681]: Pebble 2024/11/28 21:00:00 Starting 3 validations.
acme # [ 438.216520] pebble[681]: Pebble 2024/11/28 21:00:00 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/rB3GFg1qpVEeY06JPhl_JUc2lQmMNyOk2zl8c5XCloc
acme # [ 438.223526] pebble[681]: Pebble 2024/11/28 21:00:00 POST /authZ/ -> calling handler()
acme # [ 438.233331] pebble[681]: Pebble 2024/11/28 21:00:00 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/rB3GFg1qpVEeY06JPhl_JUc2lQmMNyOk2zl8c5XCloc
acme # [ 438.235838] pebble[681]: Pebble 2024/11/28 21:00:00 Attempting to validate w/ HTTP: http://httpd-http.example.test:80/.well-known/acme-challenge/rB3GFg1qpVEeY06JPhl_JUc2lQmMNyOk2zl8c5XCloc
webserver # [ 437.868080] acme-httpd-dns.example.test-start[6636]: + chown acme:wwwrun certificates/domainhash.txt certificates/httpd-dns.example.test.crt certificates/httpd-dns.example.test.issuer.crt certificates/httpd-dns.example.test.json certificates/httpd-dns.example.test.key
webserver # [ 437.880904] acme-example.test-start[6637]: + mv domainhash.txt certificates/
acme # [ 438.256780] pebble[681]: Pebble 2024/11/28 21:00:00 authz Ix73m2nrHMddJk99dH3rJyBowOwupspqxYFIIdgMq6M set INVALID by completed challenge oCorHDr9slcEQ9CKMPKW0EbzjqhVvBnQ-3nTCszW9jM
acme # [ 438.265269] pebble[681]: Pebble 2024/11/28 21:00:00 Error updating replacement order: urn:ietf:params:acme:error:serverInternal :: no serial provided
acme # [ 438.274581] pebble[681]: Pebble 2024/11/28 21:00:00 order YG_0LBqk98sDLZhInmspm3fJv6lSmRVIJv47V4XIagg set INVALID by invalid authz Ix73m2nrHMddJk99dH3rJyBowOwupspqxYFIIdgMq6M
webserver # [ 437.922321] acme-example.test-start[6637]: + chown acme:acme certificates/domainhash.txt certificates/_.example.test.crt certificates/_.example.test.issuer.crt certificates/_.example.test.json certificates/_.example.test.key
webserver # [ 437.936171] acme-httpd-dns.example.test-start[6636]: + cmp -s certificates/httpd-dns.example.test.crt out/fullchain.pem
webserver # [ 437.951788] acme-httpd-dns.example.test-start[6636]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 437.953663] acme-example.test-start[6637]: + cmp -s certificates/_.example.test.crt out/fullchain.pem
webserver # [ 437.969192] acme-example.test-start[6637]: + chmod 640 out/cert.pem out/chain.pem out/fullchain.pem out/full.pem out/key.pem
webserver # [ 437.978502] acme-httpd-dns.example.test-start[6636]: + echo 'Releasing lock /run/acme/2.lock'
webserver # [ 437.979785] acme-httpd-dns.example.test-start[6636]: Releasing lock /run/acme/2.lock
webserver # [ 438.014925] acme-example.test-start[6637]: + echo 'Releasing lock /run/acme/1.lock'
webserver # [ 438.016757] acme-example.test-start[6637]: Releasing lock /run/acme/1.lock
webserver # [ 438.188884] systemd[1]: acme-example.test.service: Deactivated successfully.
webserver # [ 438.195351] systemd[1]: Finished Renew ACME certificate for example.test.
webserver # [ 438.197242] systemd[1]: acme-example.test.service: Consumed 173ms CPU time, 20.3M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
webserver # [ 438.202886] systemd[1]: acme-httpd-dns.example.test.service: Deactivated successfully.
webserver # [ 438.208727] systemd[1]: Finished Renew ACME certificate for httpd-dns.example.test.
webserver # [ 438.211412] systemd[1]: acme-httpd-dns.example.test.service: Consumed 178ms CPU time, 20.7M memory peak, 2.2K incoming IP traffic, 894B outgoing IP traffic.
webserver # [ 438.311124] systemd[1]: suid-sgid-wrappers.service: Deactivated successfully.
webserver # [ 438.316077] systemd[1]: Finished Create SUID/SGID Wrappers.
webserver # [ 438.321607] systemd[1]: Starting Apache HTTPD...
webserver # [ 438.470171] systemd[1]: httpd.service: Can't open PID file /run/httpd/httpd.pid (yet?) after start: No such file or directory
webserver # [ 438.485667] systemd[1]: Started Apache HTTPD.
acme # [ 445.622276] pebble[681]: Pebble 2024/11/28 21:00:08 POST /authZ/ -> calling handler()
acme # [ 445.624154] pebble[681]: Pebble 2024/11/28 21:00:08 POST /authZ/ -> calling handler()
acme # [ 445.626059] pebble[681]: Pebble 2024/11/28 21:00:08 POST /authZ/ -> calling handler()
webserver # [ 445.258237] acme-httpd-http.example.test-start[6651]: 2024/11/28 21:00:07 [INFO] Deactivating auth: https://acme.test/authZ/Ix73m2nrHMddJk99dH3rJyBowOwupspqxYFIIdgMq6M
webserver # [ 445.260752] acme-httpd-http.example.test-start[6651]: 2024/11/28 21:00:07 Could not obtain certificates:
webserver # [ 445.263154] acme-httpd-http.example.test-start[6651]: error: one or more domains had a problem:
webserver # [ 445.264469] acme-httpd-http.example.test-start[6651]: [httpd-http.example.test] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Get "http://httpd-http.example.test:80/.well-known/acme-challenge/rB3GFg1qpVEeY06JPhl_JUc2lQmMNyOk2zl8c5XCloc": dial tcp 192.168.1.4:80: connect: connection refused
webserver # [ 445.271649] acme-httpd-http.example.test-start[6635]: + echo Failed to fetch certificates. This may mean your DNS records are set up incorrectly. Selfsigned certs are in place and dependant services will still start.
webserver # [ 445.274219] acme-httpd-http.example.test-start[6635]: Failed to fetch certificates. This may mean your DNS records are set up incorrectly. Selfsigned certs are in place and dependant services will still start.
webserver # [ 445.276970] acme-httpd-http.example.test-start[6635]: + exit 10
webserver # [ 445.279612] systemd[1]: acme-httpd-http.example.test.service: Main process exited, code=exited, status=10/n/a
webserver # [ 445.281705] systemd[1]: acme-httpd-http.example.test.service: Failed with result 'exit-code'.
webserver # [ 445.286592] systemd[1]: Failed to start Renew ACME certificate for httpd-http.example.test.
webserver # [ 445.289510] systemd[1]: Dependency failed for acme-finished-httpd-http.example.test.target.
webserver # [ 445.290950] systemd[1]: acme-finished-httpd-http.example.test.target: Job acme-finished-httpd-http.example.test.target/start failed with result 'dependency'.
webserver # [ 445.293189] systemd[1]: acme-httpd-http.example.test.service: Consumed 162ms CPU time, 19.5M memory peak, 8K written to disk, 9.8K incoming IP traffic, 6K outgoing IP traffic.
webserver # [ 445.302320] systemd[1]: Starting httpd-config-reload.service...
webserver # [ 445.387602] httpd[6926]: Syntax OK
webserver # [ 445.438134] systemd[1]: Reloading Apache HTTPD...
webserver # [ 445.523468] systemd[1]: Reloaded Apache HTTPD.
webserver # [ 445.530865] systemd[1]: httpd-config-reload.service: Deactivated successfully.
webserver # [ 445.532894] systemd[1]: Finished httpd-config-reload.service.
webserver # Failed to start acme-finished-httpd-http.example.test.target
webserver # warning: the following units failed: acme-httpd-http.example.test.service
webserver # [ 445.818261] nixos[6571]: switching to system configuration /nix/store/ffphwlz24nwbh1kpgrbchz7g3ylxwvy2-nixos-system-webserver-test failed (status 4)
webserver: output: setting up /etc...
× acme-httpd-http.example.test.service - Renew ACME certificate for httpd-http.example.test
Loaded: loaded (/etc/systemd/system/acme-httpd-http.example.test.service; enabled; preset: ignored)
Active: failed (Result: exit-code) since Thu 2024-11-28 21:00:07 UTC; 533ms ago
Invocation: 0e790decd5364829b669061921656b6e
TriggeredBy: ● acme-httpd-http.example.test.timer
Process: 6635 ExecStart=/nix/store/m4mkq55pl3mgg9hjk8kn9hkh804b6w68-unit-script-acme-httpd-http.example.test-start/bin/acme-httpd-http.example.test-start (code=exited, status=10)
Main PID: 6635 (code=exited, status=10)
IP: 9.8K in, 6K out
IO: 0B read, 8K written
Mem peak: 19.5M
CPU: 162ms
Nov 28 21:00:07 webserver acme-httpd-http.example.test-start[6651]: 2024/11/28 21:00:07 Could not obtain certificates:
Nov 28 21:00:07 webserver acme-httpd-http.example.test-start[6651]: error: one or more domains had a problem:
Nov 28 21:00:07 webserver acme-httpd-http.example.test-start[6651]: [httpd-http.example.test] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Get "http://httpd-http.example.test:80/.well-known/acme-challenge/rB3GFg1qpVEeY06JPhl_JUc2lQmMNyOk2zl8c5XCloc": dial tcp 192.168.1.4:80: connect: connection refused
Nov 28 21:00:07 webserver acme-httpd-http.example.test-start[6635]: + echo Failed to fetch certificates. This may mean your DNS records are set up incorrectly. Selfsigned certs are in place and dependant services will still start.
Nov 28 21:00:07 webserver acme-httpd-http.example.test-start[6635]: Failed to fetch certificates. This may mean your DNS records are set up incorrectly. Selfsigned certs are in place and dependant services will still start.
Nov 28 21:00:07 webserver acme-httpd-http.example.test-start[6635]: + exit 10
Nov 28 21:00:07 webserver systemd[1]: acme-httpd-http.example.test.service: Main process exited, code=exited, status=10/n/a
Nov 28 21:00:07 webserver systemd[1]: acme-httpd-http.example.test.service: Failed with result 'exit-code'.
Nov 28 21:00:07 webserver systemd[1]: Failed to start Renew ACME certificate for httpd-http.example.test.
Nov 28 21:00:07 webserver systemd[1]: acme-httpd-http.example.test.service: Consumed 162ms CPU time, 19.5M memory peak, 8K written to disk, 9.8K incoming IP traffic, 6K outgoing IP traffic.
Test "Can remove an alias from a domain + cert is updated" failed with error: "command `/tmp/specialisation/httpd_remove_alias/bin/switch-to-configuration test` failed (exit code 4)"
cleanup
kill machine (pid 9)
qemu-kvm: terminating on signal 15 from pid 6 (/nix/store/zv1kaq7f1q20x62kbjv6pfjygw5jmwl6-python3-3.12.7/bin/python3.12)
kill machine (pid 30)
qemu-kvm: terminating on signal 15 from pid 6 (/nix/store/zv1kaq7f1q20x62kbjv6pfjygw5jmwl6-python3-3.12.7/bin/python3.12)
kill machine (pid 51)
qemu-kvm: terminating on signal 15 from pid 6 (/nix/store/zv1kaq7f1q20x62kbjv6pfjygw5jmwl6-python3-3.12.7/bin/python3.12)
kill machine (pid 72)
qemu-kvm: terminating on signal 15 from pid 6 (/nix/store/zv1kaq7f1q20x62kbjv6pfjygw5jmwl6-python3-3.12.7/bin/python3.12)
kill vlan (pid 7)
(finished: cleanup, in 0.03 seconds)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment