I was about to say that, while we figure this out, you should be able to go back to self-signed certs anyway. Then I've reread your message and realized that you seem to have that at the beginning anyway, so that would be a bug too. Do you confirm that you had some existing cert and key specified in your high-level config file, and that you were already getting the "acme: identifier authorization failed" message?
On 12 December 2016 at 23:02, Adrian Tritschler <[email protected] > wrote: > > My config file already has (and has had for months): > > "baseURL": "https://millpond.dyndns.org:3179";, > "listen": ":3179", > > Which produces log messages: > > 2016/12/13 08:54:32 TLS enabled, with Let's Encrypt > 2016/12/13 08:54:32 Starting to listen on https://localhost:3179 > : > 2016/12/13 08:54:32 Available on https://millpond.dyndns.org:3179/ui/ > > Then the following error when I try and connect > 2016/12/13 08:54:45 http: TLS handshake error from xxx.xxx.xxx.xxx:62004: > acme: identifier authorization failed > > I've just tried with both > "baseURL": "https://millpond.dyndns.org:3179";, > "listen": ":3179", > > and > "baseURL": "https://millpond.dyndns.org:3179/";, > "listen": ":3179", > > With the same errors > > Adrian > > On Tuesday, 13 December 2016 01:53:50 UTC+11, mpl wrote: >> >> yeah, I should document that part better, sorry about that. >> >> camlistored should be able to figure out the fqdn that it will use for >> Let's Encrypt from either the "listen" config field, or the "baseURL" one. >> So, could you please try with: >> "baseURL": "https://millpond.dyndns.org:3179/"; >> in your config file? >> >> >> >> On 12 December 2016 at 05:02, Adrian Tritschler <[email protected]> >> wrote: >> >>> I've been running a current build of camlistore on my home linux PC, and >>> accessing it remotely via a hostname configured in dynDns, this has been >>> working for some months using a self-signed certificated. >>> >>> Sometime in the last few days I've restarted the PC due to kernel >>> updates etc, and now I'm having ssl problems. >>> >>> With the references to my old self-signed cert. it won't run any more, I >>> get various errors depending on which browser I use: >>> >>> 2016/12/12 14:54:28 http: TLS handshake error from 130.194.109.243:51940: >>> acme: identifier authorization failed >>> >>> Removing the "httpCert" and "httpKey" entries in my config file and >>> restarting camlistored I get: >>> >>> 2016/12/12 14:41:45 Starting camlistored version 2016-12-09-bace8b0; Go >>> go1.7.3 (linux/amd64) >>> 2016/12/12 14:41:45 TLS enabled, with Let's Encrypt >>> 2016/12/12 14:41:45 Starting to listen on https://localhost:3179 >>> : >>> 2016/12/12 14:41:45 ui: serving Closure from embedded resources >>> 2016/12/12 14:41:45 Available on https://millpond.dyndns.org:3179/ui/ >>> >>> But attempting to connect from an external web client I get errors in >>> the browser and on the camlistore console, once again: >>> >>> 2016/12/12 14:45:40 http: TLS handshake error from >>> XXX.XXX.XXX.XXX:51761: acme: identifier authorization failed >>> >>> I suspect that somewhere I've missed a step where I tell the config. >>> that the fqdn is millpond.dyndns.org, but I can't work out where. >>> >>> Adrian >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Camlistore" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Camlistore" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Camlistore" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
