I too have the recollection that it used to be...
On 13 December 2016 at 00:09, Brad Fitzpatrick <[email protected]> wrote: > A typo isn't an error? > > > On Mon, Dec 12, 2016 at 2:56 PM, Mathieu Lonjaret < > [email protected]> wrote: > >> you have a typo in the config, s/httpCert/httpsCert/ :-) >> >> >> On 12 December 2016 at 23:54, Adrian Tritschler < >> [email protected]> wrote: >> >>> Matthieu, >>> >>> Yes, I seem to be getting those errors when trying to use a self-signed >>> certificate. >>> >>> I've just regenerated the self-signed cert because the previous one had >>> expired (possibly adding to my confusion). >>> >>> The config file holds: >>> >>> "baseURL": "https://millpond.dyndns.org:3179/";, >>> "listen": ":3179", >>> "https": true, >>> "httpCert": "/home/ajft/.config/camlistore/cert.crt", >>> "httpKey": "/home/ajft/.config/camlistore/cert.key", >>> >>> The console log shows: >>> >>> 2016/12/13 09:37:52 Starting camlistored version 2016-12-09-bace8b0; Go >>> go1.7.3 (linux/amd64) >>> 2016/12/13 09:37:52 TLS enabled, with Let's Encrypt >>> 2016/12/13 09:37:52 Starting to listen on https://localhost:3179 >>> : >>> 2016/12/13 09:37:52 Available on https://millpond.dyndns.org:3179/ui/ >>> >>> Then attempting to connect from a browser gets me the "acme: identifier >>> authorization failed" >>> >>> Confirmed. Just ran the binary from camlistore-0.9 with the self-signed >>> cert config and it works correctly >>> >>> Adrian >>> >>> On Tuesday, 13 December 2016 09:09:58 UTC+11, mpl wrote: >>>> >>>> I was about to say that, while we figure this out, you should be able >>>> to go back to self-signed certs anyway. Then I've reread your message and >>>> realized that you seem to have that at the beginning anyway, so that would >>>> be a bug too. >>>> Do you confirm that you had some existing cert and key specified in >>>> your high-level config file, and that you were already getting the "acme: >>>> identifier authorization failed" message? >>>> >>>> >>>> On 12 December 2016 at 23:02, Adrian Tritschler <[email protected]> >>>> wrote: >>>> >>>>> >>>>> My config file already has (and has had for months): >>>>> >>>>> "baseURL": "https://millpond.dyndns.org:3179";, >>>>> "listen": ":3179", >>>>> >>>>> Which produces log messages: >>>>> >>>>> 2016/12/13 08:54:32 TLS enabled, with Let's Encrypt >>>>> 2016/12/13 08:54:32 Starting to listen on https://localhost:3179 >>>>> : >>>>> 2016/12/13 08:54:32 Available on https://millpond.dyndns.org:3179/ui/ >>>>> >>>>> Then the following error when I try and connect >>>>> 2016/12/13 08:54:45 http: TLS handshake error from >>>>> xxx.xxx.xxx.xxx:62004: acme: identifier authorization failed >>>>> >>>>> I've just tried with both >>>>> "baseURL": "https://millpond.dyndns.org:3179";, >>>>> "listen": ":3179", >>>>> >>>>> and >>>>> "baseURL": "https://millpond.dyndns.org:3179/";, >>>>> "listen": ":3179", >>>>> >>>>> With the same errors >>>>> >>>>> Adrian >>>>> >>>>> On Tuesday, 13 December 2016 01:53:50 UTC+11, mpl wrote: >>>>>> >>>>>> yeah, I should document that part better, sorry about that. >>>>>> >>>>>> camlistored should be able to figure out the fqdn that it will use >>>>>> for Let's Encrypt from either the "listen" config field, or the "baseURL" >>>>>> one. So, could you please try with: >>>>>> "baseURL": "https://millpond.dyndns.org:3179/"; >>>>>> in your config file? >>>>>> >>>>>> >>>>>> >>>>>> On 12 December 2016 at 05:02, Adrian Tritschler < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> I've been running a current build of camlistore on my home linux PC, >>>>>>> and accessing it remotely via a hostname configured in dynDns, this has >>>>>>> been working for some months using a self-signed certificated. >>>>>>> >>>>>>> Sometime in the last few days I've restarted the PC due to kernel >>>>>>> updates etc, and now I'm having ssl problems. >>>>>>> >>>>>>> With the references to my old self-signed cert. it won't run any >>>>>>> more, I get various errors depending on which browser I use: >>>>>>> >>>>>>> 2016/12/12 14:54:28 http: TLS handshake error from >>>>>>> 130.194.109.243:51940: acme: identifier authorization failed >>>>>>> >>>>>>> Removing the "httpCert" and "httpKey" entries in my config file and >>>>>>> restarting camlistored I get: >>>>>>> >>>>>>> 2016/12/12 14:41:45 Starting camlistored version 2016-12-09-bace8b0; >>>>>>> Go go1.7.3 (linux/amd64) >>>>>>> 2016/12/12 14:41:45 TLS enabled, with Let's Encrypt >>>>>>> 2016/12/12 14:41:45 Starting to listen on https://localhost:3179 >>>>>>> : >>>>>>> 2016/12/12 14:41:45 ui: serving Closure from embedded resources >>>>>>> 2016/12/12 14:41:45 Available on https://millpond.dyndns.org:31 >>>>>>> 79/ui/ >>>>>>> >>>>>>> But attempting to connect from an external web client I get errors >>>>>>> in the browser and on the camlistore console, once again: >>>>>>> >>>>>>> 2016/12/12 14:45:40 http: TLS handshake error from >>>>>>> XXX.XXX.XXX.XXX:51761: acme: identifier authorization failed >>>>>>> >>>>>>> I suspect that somewhere I've missed a step where I tell the config. >>>>>>> that the fqdn is millpond.dyndns.org, but I can't work out where. >>>>>>> >>>>>>> Adrian >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Camlistore" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Camlistore" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Camlistore" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Camlistore" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Camlistore" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Camlistore" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
