Quoting Jonas Smedegaard (2020-12-09 11:22:19) > Quoting Jonas Smedegaard (2020-12-08 13:25:28) > > Quoting Guilhem Moulin (2020-12-08 12:04:15) > > > Could you suggest a better error message here?
> jonas@auryn:~$ mylacme-jawa newOrder jawa.homebase.dk
> [[issuer]] Info: valid entry DNS:jawa.homebase.dk
> [[issuer]] Info: valid entry DNS:list.homebase.dk
> [[issuer]] Info: valid entry DNS:lists.homebase.dk
> [[issuer]] Info: valid entry DNS:mail.homebase.dk
> [[issuer]] Info: valid entry DNS:www.lists.homebase.dk
> [[issuer]] Info: pending entry DNS:www.jawa.homebase.dk
> [[issuer]] Error: Invalid order DNS:jawa.homebase.dk,
> DNS:www.jawa.homebase.dk, DNS:lists.homebase.dk, DNS:www.lists.homebase.dk,
> DNS:list.homebase.dk, DNS:mail.homebase.dk
> [mail.homebase.dk] Error: Couldn't issue X.509 certificate!
> [[internal]] Warning: accept: Invalid argument at
> /usr/libexec/lacme/webserver line 80.
> [[internal]] Warning: Connection to jawa.homebase.dk closed.
Please notice that above suggestion is more compact than my previous
one.
Here is the output of a similarly failing setup using dehydrated, for
comparison:
# dehydrated --cron
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/hook.sh
# INFO: Using additional config file /etc/dehydrated/conf.d/secp384r1.sh
Processing boot.homebase.dk with alternative names: www.boot.homebase.dk
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Dec 6 03:47:30 2020 GMT Certificate will expire
(Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for www.boot.homebase.dk
+ Handling authorization for boot.homebase.dk
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for www.boot.homebase.dk authorization...
+ Cleaning challenge tokens...
+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from
http://www.boot.homebase.dk/.well-known/acme-challenge/t6YYZkoSfdJMHc_W1JcylRdlMof-Pe8SoVf0JE8rBrs
[94.18.231.212]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML
2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e404 Not
Found\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eNot
Found\u003c/h1\u003e\\n\u003cp\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/9182834478/p297vw";,
"token": "t6YYZkoSfdJMHc_W1JcylRdlMof-Pe8SoVf0JE8rBrs",
"validationRecord": [
{
"url":
"http://www.boot.homebase.dk/.well-known/acme-challenge/t6YYZkoSfdJMHc_W1JcylRdlMof-Pe8SoVf0JE8rBrs";,
"hostname": "www.boot.homebase.dk",
"port": "80",
"addressesResolved": [
"94.18.231.212"
],
"addressUsed": "94.18.231.212"
}
]
})
I like how the default output is more verbose, and in case of error it
pukes even more details of the last part.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
