And I've just retried what I was asking below, i.e. with: "httpsCert": "/home/mpl/keys/cert.pem", "httpsKey": "/home/mpl/keys/key.pem",
in my high-level config, these are the cert and key that are used (and they can very well be self-signed), and in that case, you shouldn't see the 2016/12/12 23:50:27 TLS enabled, with Let's Encrypt log line on startup. If you do, that's a bug. On 12 December 2016 at 23:09, Mathieu Lonjaret <[email protected]> wrote: > I was about to say that, while we figure this out, you should be able to > go back to self-signed certs anyway. Then I've reread your message and > realized that you seem to have that at the beginning anyway, so that would > be a bug too. > Do you confirm that you had some existing cert and key specified in your > high-level config file, and that you were already getting the "acme: > identifier authorization failed" message? > > > On 12 December 2016 at 23:02, Adrian Tritschler < > [email protected]> wrote: > >> >> My config file already has (and has had for months): >> >> "baseURL": "https://millpond.dyndns.org:3179";, >> "listen": ":3179", >> >> Which produces log messages: >> >> 2016/12/13 08:54:32 TLS enabled, with Let's Encrypt >> 2016/12/13 08:54:32 Starting to listen on https://localhost:3179 >> : >> 2016/12/13 08:54:32 Available on https://millpond.dyndns.org:3179/ui/ >> >> Then the following error when I try and connect >> 2016/12/13 08:54:45 http: TLS handshake error from xxx.xxx.xxx.xxx:62004: >> acme: identifier authorization failed >> >> I've just tried with both >> "baseURL": "https://millpond.dyndns.org:3179";, >> "listen": ":3179", >> >> and >> "baseURL": "https://millpond.dyndns.org:3179/";, >> "listen": ":3179", >> >> With the same errors >> >> Adrian >> >> On Tuesday, 13 December 2016 01:53:50 UTC+11, mpl wrote: >>> >>> yeah, I should document that part better, sorry about that. >>> >>> camlistored should be able to figure out the fqdn that it will use for >>> Let's Encrypt from either the "listen" config field, or the "baseURL" one. >>> So, could you please try with: >>> "baseURL": "https://millpond.dyndns.org:3179/"; >>> in your config file? >>> >>> >>> >>> On 12 December 2016 at 05:02, Adrian Tritschler <[email protected]> >>> wrote: >>> >>>> I've been running a current build of camlistore on my home linux PC, >>>> and accessing it remotely via a hostname configured in dynDns, this has >>>> been working for some months using a self-signed certificated. >>>> >>>> Sometime in the last few days I've restarted the PC due to kernel >>>> updates etc, and now I'm having ssl problems. >>>> >>>> With the references to my old self-signed cert. it won't run any more, >>>> I get various errors depending on which browser I use: >>>> >>>> 2016/12/12 14:54:28 http: TLS handshake error from >>>> 130.194.109.243:51940: acme: identifier authorization failed >>>> >>>> Removing the "httpCert" and "httpKey" entries in my config file and >>>> restarting camlistored I get: >>>> >>>> 2016/12/12 14:41:45 Starting camlistored version 2016-12-09-bace8b0; Go >>>> go1.7.3 (linux/amd64) >>>> 2016/12/12 14:41:45 TLS enabled, with Let's Encrypt >>>> 2016/12/12 14:41:45 Starting to listen on https://localhost:3179 >>>> : >>>> 2016/12/12 14:41:45 ui: serving Closure from embedded resources >>>> 2016/12/12 14:41:45 Available on https://millpond.dyndns.org:3179/ui/ >>>> >>>> But attempting to connect from an external web client I get errors in >>>> the browser and on the camlistore console, once again: >>>> >>>> 2016/12/12 14:45:40 http: TLS handshake error from >>>> XXX.XXX.XXX.XXX:51761: acme: identifier authorization failed >>>> >>>> I suspect that somewhere I've missed a step where I tell the config. >>>> that the fqdn is millpond.dyndns.org, but I can't work out where. >>>> >>>> Adrian >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Camlistore" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Camlistore" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Camlistore" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
