you have a typo in the config, s/httpCert/httpsCert/ :-)
On 12 December 2016 at 23:54, Adrian Tritschler <[email protected] > wrote: > Matthieu, > > Yes, I seem to be getting those errors when trying to use a self-signed > certificate. > > I've just regenerated the self-signed cert because the previous one had > expired (possibly adding to my confusion). > > The config file holds: > > "baseURL": "https://millpond.dyndns.org:3179/";, > "listen": ":3179", > "https": true, > "httpCert": "/home/ajft/.config/camlistore/cert.crt", > "httpKey": "/home/ajft/.config/camlistore/cert.key", > > The console log shows: > > 2016/12/13 09:37:52 Starting camlistored version 2016-12-09-bace8b0; Go > go1.7.3 (linux/amd64) > 2016/12/13 09:37:52 TLS enabled, with Let's Encrypt > 2016/12/13 09:37:52 Starting to listen on https://localhost:3179 > : > 2016/12/13 09:37:52 Available on https://millpond.dyndns.org:3179/ui/ > > Then attempting to connect from a browser gets me the "acme: identifier > authorization failed" > > Confirmed. Just ran the binary from camlistore-0.9 with the self-signed > cert config and it works correctly > > Adrian > > On Tuesday, 13 December 2016 09:09:58 UTC+11, mpl wrote: >> >> I was about to say that, while we figure this out, you should be able to >> go back to self-signed certs anyway. Then I've reread your message and >> realized that you seem to have that at the beginning anyway, so that would >> be a bug too. >> Do you confirm that you had some existing cert and key specified in your >> high-level config file, and that you were already getting the "acme: >> identifier authorization failed" message? >> >> >> On 12 December 2016 at 23:02, Adrian Tritschler <[email protected]> >> wrote: >> >>> >>> My config file already has (and has had for months): >>> >>> "baseURL": "https://millpond.dyndns.org:3179";, >>> "listen": ":3179", >>> >>> Which produces log messages: >>> >>> 2016/12/13 08:54:32 TLS enabled, with Let's Encrypt >>> 2016/12/13 08:54:32 Starting to listen on https://localhost:3179 >>> : >>> 2016/12/13 08:54:32 Available on https://millpond.dyndns.org:3179/ui/ >>> >>> Then the following error when I try and connect >>> 2016/12/13 08:54:45 http: TLS handshake error from >>> xxx.xxx.xxx.xxx:62004: acme: identifier authorization failed >>> >>> I've just tried with both >>> "baseURL": "https://millpond.dyndns.org:3179";, >>> "listen": ":3179", >>> >>> and >>> "baseURL": "https://millpond.dyndns.org:3179/";, >>> "listen": ":3179", >>> >>> With the same errors >>> >>> Adrian >>> >>> On Tuesday, 13 December 2016 01:53:50 UTC+11, mpl wrote: >>>> >>>> yeah, I should document that part better, sorry about that. >>>> >>>> camlistored should be able to figure out the fqdn that it will use for >>>> Let's Encrypt from either the "listen" config field, or the "baseURL" one. >>>> So, could you please try with: >>>> "baseURL": "https://millpond.dyndns.org:3179/"; >>>> in your config file? >>>> >>>> >>>> >>>> On 12 December 2016 at 05:02, Adrian Tritschler <[email protected]> >>>> wrote: >>>> >>>>> I've been running a current build of camlistore on my home linux PC, >>>>> and accessing it remotely via a hostname configured in dynDns, this has >>>>> been working for some months using a self-signed certificated. >>>>> >>>>> Sometime in the last few days I've restarted the PC due to kernel >>>>> updates etc, and now I'm having ssl problems. >>>>> >>>>> With the references to my old self-signed cert. it won't run any more, >>>>> I get various errors depending on which browser I use: >>>>> >>>>> 2016/12/12 14:54:28 http: TLS handshake error from >>>>> 130.194.109.243:51940: acme: identifier authorization failed >>>>> >>>>> Removing the "httpCert" and "httpKey" entries in my config file and >>>>> restarting camlistored I get: >>>>> >>>>> 2016/12/12 14:41:45 Starting camlistored version 2016-12-09-bace8b0; >>>>> Go go1.7.3 (linux/amd64) >>>>> 2016/12/12 14:41:45 TLS enabled, with Let's Encrypt >>>>> 2016/12/12 14:41:45 Starting to listen on https://localhost:3179 >>>>> : >>>>> 2016/12/12 14:41:45 ui: serving Closure from embedded resources >>>>> 2016/12/12 14:41:45 Available on https://millpond.dyndns.org:3179/ui/ >>>>> >>>>> But attempting to connect from an external web client I get errors in >>>>> the browser and on the camlistore console, once again: >>>>> >>>>> 2016/12/12 14:45:40 http: TLS handshake error from >>>>> XXX.XXX.XXX.XXX:51761: acme: identifier authorization failed >>>>> >>>>> I suspect that somewhere I've missed a step where I tell the config. >>>>> that the fqdn is millpond.dyndns.org, but I can't work out where. >>>>> >>>>> Adrian >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Camlistore" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Camlistore" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Camlistore" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Camlistore" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
