Matthieu,
Yes, I seem to be getting those errors when trying to use a self-signed
certificate.
I've just regenerated the self-signed cert because the previous one had
expired (possibly adding to my confusion).
The config file holds:
"baseURL": "https://millpond.dyndns.org:3179/",
"listen": ":3179",
"https": true,
"httpCert": "/home/ajft/.config/camlistore/cert.crt",
"httpKey": "/home/ajft/.config/camlistore/cert.key",
The console log shows:
2016/12/13 09:37:52 Starting camlistored version 2016-12-09-bace8b0; Go
go1.7.3 (linux/amd64)
2016/12/13 09:37:52 TLS enabled, with Let's Encrypt
2016/12/13 09:37:52 Starting to listen on https://localhost:3179
:
2016/12/13 09:37:52 Available on https://millpond.dyndns.org:3179/ui/
Then attempting to connect from a browser gets me the "acme: identifier
authorization failed"
Confirmed. Just ran the binary from camlistore-0.9 with the self-signed
cert config and it works correctly
Adrian
On Tuesday, 13 December 2016 09:09:58 UTC+11, mpl wrote:
>
> I was about to say that, while we figure this out, you should be able to
> go back to self-signed certs anyway. Then I've reread your message and
> realized that you seem to have that at the beginning anyway, so that would
> be a bug too.
> Do you confirm that you had some existing cert and key specified in your
> high-level config file, and that you were already getting the "acme:
> identifier authorization failed" message?
>
>
> On 12 December 2016 at 23:02, Adrian Tritschler <[email protected]
> <javascript:>> wrote:
>
>>
>> My config file already has (and has had for months):
>>
>> "baseURL": "https://millpond.dyndns.org:3179",
>> "listen": ":3179",
>>
>> Which produces log messages:
>>
>> 2016/12/13 08:54:32 TLS enabled, with Let's Encrypt
>> 2016/12/13 08:54:32 Starting to listen on https://localhost:3179
>> :
>> 2016/12/13 08:54:32 Available on https://millpond.dyndns.org:3179/ui/
>>
>> Then the following error when I try and connect
>> 2016/12/13 08:54:45 http: TLS handshake error from xxx.xxx.xxx.xxx:62004:
>> acme: identifier authorization failed
>>
>> I've just tried with both
>> "baseURL": "https://millpond.dyndns.org:3179",
>> "listen": ":3179",
>>
>> and
>> "baseURL": "https://millpond.dyndns.org:3179/",
>> "listen": ":3179",
>>
>> With the same errors
>>
>> Adrian
>>
>> On Tuesday, 13 December 2016 01:53:50 UTC+11, mpl wrote:
>>>
>>> yeah, I should document that part better, sorry about that.
>>>
>>> camlistored should be able to figure out the fqdn that it will use for
>>> Let's Encrypt from either the "listen" config field, or the "baseURL" one.
>>> So, could you please try with:
>>> "baseURL": "https://millpond.dyndns.org:3179/"
>>> in your config file?
>>>
>>>
>>>
>>> On 12 December 2016 at 05:02, Adrian Tritschler <[email protected]>
>>> wrote:
>>>
>>>> I've been running a current build of camlistore on my home linux PC,
>>>> and accessing it remotely via a hostname configured in dynDns, this has
>>>> been working for some months using a self-signed certificated.
>>>>
>>>> Sometime in the last few days I've restarted the PC due to kernel
>>>> updates etc, and now I'm having ssl problems.
>>>>
>>>> With the references to my old self-signed cert. it won't run any more,
>>>> I get various errors depending on which browser I use:
>>>>
>>>> 2016/12/12 14:54:28 http: TLS handshake error from
>>>> 130.194.109.243:51940: acme: identifier authorization failed
>>>>
>>>> Removing the "httpCert" and "httpKey" entries in my config file and
>>>> restarting camlistored I get:
>>>>
>>>> 2016/12/12 14:41:45 Starting camlistored version 2016-12-09-bace8b0; Go
>>>> go1.7.3 (linux/amd64)
>>>> 2016/12/12 14:41:45 TLS enabled, with Let's Encrypt
>>>> 2016/12/12 14:41:45 Starting to listen on https://localhost:3179
>>>> :
>>>> 2016/12/12 14:41:45 ui: serving Closure from embedded resources
>>>> 2016/12/12 14:41:45 Available on https://millpond.dyndns.org:3179/ui/
>>>>
>>>> But attempting to connect from an external web client I get errors in
>>>> the browser and on the camlistore console, once again:
>>>>
>>>> 2016/12/12 14:45:40 http: TLS handshake error from
>>>> XXX.XXX.XXX.XXX:51761: acme: identifier authorization failed
>>>>
>>>> I suspect that somewhere I've missed a step where I tell the config.
>>>> that the fqdn is millpond.dyndns.org, but I can't work out where.
>>>>
>>>> Adrian
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Camlistore" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Camlistore" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Camlistore" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.