Right. regardless of what we listen on for camlistored, I think the autocert Manager waits for the TLS-SNI challenge on port 443. Just for kicks, I've just tried specifying a hostname:port (with port != 443) in the HostPolicy: autocert.HostWhitelist() and I think autocert just ignored it, treating it as an invalid hostname.
Adrian, could it be that port 443 is not reachable from the outside on the machine where your Camlistore instance is running? On 12 December 2016 at 23:04, Brad Fitzpatrick <[email protected]> wrote: > Does LetsEncrypt support non-standard port numbers? I think it might have > to be 443. > > > On Mon, Dec 12, 2016 at 2:02 PM, Adrian Tritschler < > [email protected]> wrote: > >> >> My config file already has (and has had for months): >> >> "baseURL": "https://millpond.dyndns.org:3179";, >> "listen": ":3179", >> >> Which produces log messages: >> >> 2016/12/13 08:54:32 TLS enabled, with Let's Encrypt >> 2016/12/13 08:54:32 Starting to listen on https://localhost:3179 >> : >> 2016/12/13 08:54:32 Available on https://millpond.dyndns.org:3179/ui/ >> >> Then the following error when I try and connect >> 2016/12/13 08:54:45 http: TLS handshake error from xxx.xxx.xxx.xxx:62004: >> acme: identifier authorization failed >> >> I've just tried with both >> "baseURL": "https://millpond.dyndns.org:3179";, >> "listen": ":3179", >> >> and >> "baseURL": "https://millpond.dyndns.org:3179/";, >> "listen": ":3179", >> >> With the same errors >> >> Adrian >> >> On Tuesday, 13 December 2016 01:53:50 UTC+11, mpl wrote: >>> >>> yeah, I should document that part better, sorry about that. >>> >>> camlistored should be able to figure out the fqdn that it will use for >>> Let's Encrypt from either the "listen" config field, or the "baseURL" one. >>> So, could you please try with: >>> "baseURL": "https://millpond.dyndns.org:3179/"; >>> in your config file? >>> >>> >>> >>> On 12 December 2016 at 05:02, Adrian Tritschler <[email protected]> >>> wrote: >>> >>>> I've been running a current build of camlistore on my home linux PC, >>>> and accessing it remotely via a hostname configured in dynDns, this has >>>> been working for some months using a self-signed certificated. >>>> >>>> Sometime in the last few days I've restarted the PC due to kernel >>>> updates etc, and now I'm having ssl problems. >>>> >>>> With the references to my old self-signed cert. it won't run any more, >>>> I get various errors depending on which browser I use: >>>> >>>> 2016/12/12 14:54:28 http: TLS handshake error from >>>> 130.194.109.243:51940: acme: identifier authorization failed >>>> >>>> Removing the "httpCert" and "httpKey" entries in my config file and >>>> restarting camlistored I get: >>>> >>>> 2016/12/12 14:41:45 Starting camlistored version 2016-12-09-bace8b0; Go >>>> go1.7.3 (linux/amd64) >>>> 2016/12/12 14:41:45 TLS enabled, with Let's Encrypt >>>> 2016/12/12 14:41:45 Starting to listen on https://localhost:3179 >>>> : >>>> 2016/12/12 14:41:45 ui: serving Closure from embedded resources >>>> 2016/12/12 14:41:45 Available on https://millpond.dyndns.org:3179/ui/ >>>> >>>> But attempting to connect from an external web client I get errors in >>>> the browser and on the camlistore console, once again: >>>> >>>> 2016/12/12 14:45:40 http: TLS handshake error from >>>> XXX.XXX.XXX.XXX:51761: acme: identifier authorization failed >>>> >>>> I suspect that somewhere I've missed a step where I tell the config. >>>> that the fqdn is millpond.dyndns.org, but I can't work out where. >>>> >>>> Adrian >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Camlistore" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Camlistore" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Camlistore" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Camlistore" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
