A typo isn't an error?
On Mon, Dec 12, 2016 at 2:56 PM, Mathieu Lonjaret < [email protected]> wrote: > you have a typo in the config, s/httpCert/httpsCert/ :-) > > > On 12 December 2016 at 23:54, Adrian Tritschler < > [email protected]> wrote: > >> Matthieu, >> >> Yes, I seem to be getting those errors when trying to use a self-signed >> certificate. >> >> I've just regenerated the self-signed cert because the previous one had >> expired (possibly adding to my confusion). >> >> The config file holds: >> >> "baseURL": "https://millpond.dyndns.org:3179/", >> "listen": ":3179", >> "https": true, >> "httpCert": "/home/ajft/.config/camlistore/cert.crt", >> "httpKey": "/home/ajft/.config/camlistore/cert.key", >> >> The console log shows: >> >> 2016/12/13 09:37:52 Starting camlistored version 2016-12-09-bace8b0; Go >> go1.7.3 (linux/amd64) >> 2016/12/13 09:37:52 TLS enabled, with Let's Encrypt >> 2016/12/13 09:37:52 Starting to listen on https://localhost:3179 >> : >> 2016/12/13 09:37:52 Available on https://millpond.dyndns.org:3179/ui/ >> >> Then attempting to connect from a browser gets me the "acme: identifier >> authorization failed" >> >> Confirmed. Just ran the binary from camlistore-0.9 with the self-signed >> cert config and it works correctly >> >> Adrian >> >> On Tuesday, 13 December 2016 09:09:58 UTC+11, mpl wrote: >>> >>> I was about to say that, while we figure this out, you should be able to >>> go back to self-signed certs anyway. Then I've reread your message and >>> realized that you seem to have that at the beginning anyway, so that would >>> be a bug too. >>> Do you confirm that you had some existing cert and key specified in your >>> high-level config file, and that you were already getting the "acme: >>> identifier authorization failed" message? >>> >>> >>> On 12 December 2016 at 23:02, Adrian Tritschler <[email protected]> >>> wrote: >>> >>>> >>>> My config file already has (and has had for months): >>>> >>>> "baseURL": "https://millpond.dyndns.org:3179", >>>> "listen": ":3179", >>>> >>>> Which produces log messages: >>>> >>>> 2016/12/13 08:54:32 TLS enabled, with Let's Encrypt >>>> 2016/12/13 08:54:32 Starting to listen on https://localhost:3179 >>>> : >>>> 2016/12/13 08:54:32 Available on https://millpond.dyndns.org:3179/ui/ >>>> >>>> Then the following error when I try and connect >>>> 2016/12/13 08:54:45 http: TLS handshake error from >>>> xxx.xxx.xxx.xxx:62004: acme: identifier authorization failed >>>> >>>> I've just tried with both >>>> "baseURL": "https://millpond.dyndns.org:3179", >>>> "listen": ":3179", >>>> >>>> and >>>> "baseURL": "https://millpond.dyndns.org:3179/", >>>> "listen": ":3179", >>>> >>>> With the same errors >>>> >>>> Adrian >>>> >>>> On Tuesday, 13 December 2016 01:53:50 UTC+11, mpl wrote: >>>>> >>>>> yeah, I should document that part better, sorry about that. >>>>> >>>>> camlistored should be able to figure out the fqdn that it will use for >>>>> Let's Encrypt from either the "listen" config field, or the "baseURL" one. >>>>> So, could you please try with: >>>>> "baseURL": "https://millpond.dyndns.org:3179/" >>>>> in your config file? >>>>> >>>>> >>>>> >>>>> On 12 December 2016 at 05:02, Adrian Tritschler <[email protected] >>>>> > wrote: >>>>> >>>>>> I've been running a current build of camlistore on my home linux PC, >>>>>> and accessing it remotely via a hostname configured in dynDns, this has >>>>>> been working for some months using a self-signed certificated. >>>>>> >>>>>> Sometime in the last few days I've restarted the PC due to kernel >>>>>> updates etc, and now I'm having ssl problems. >>>>>> >>>>>> With the references to my old self-signed cert. it won't run any >>>>>> more, I get various errors depending on which browser I use: >>>>>> >>>>>> 2016/12/12 14:54:28 http: TLS handshake error from >>>>>> 130.194.109.243:51940: acme: identifier authorization failed >>>>>> >>>>>> Removing the "httpCert" and "httpKey" entries in my config file and >>>>>> restarting camlistored I get: >>>>>> >>>>>> 2016/12/12 14:41:45 Starting camlistored version 2016-12-09-bace8b0; >>>>>> Go go1.7.3 (linux/amd64) >>>>>> 2016/12/12 14:41:45 TLS enabled, with Let's Encrypt >>>>>> 2016/12/12 14:41:45 Starting to listen on https://localhost:3179 >>>>>> : >>>>>> 2016/12/12 14:41:45 ui: serving Closure from embedded resources >>>>>> 2016/12/12 14:41:45 Available on https://millpond.dyndns.org:3179/ui/ >>>>>> >>>>>> But attempting to connect from an external web client I get errors in >>>>>> the browser and on the camlistore console, once again: >>>>>> >>>>>> 2016/12/12 14:45:40 http: TLS handshake error from >>>>>> XXX.XXX.XXX.XXX:51761: acme: identifier authorization failed >>>>>> >>>>>> I suspect that somewhere I've missed a step where I tell the config. >>>>>> that the fqdn is millpond.dyndns.org, but I can't work out where. >>>>>> >>>>>> Adrian >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Camlistore" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Camlistore" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Camlistore" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Camlistore" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Camlistore" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
