https://bugs.contribs.org/show_bug.cgi?id=10300
Stefan Schulz <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected]
--- Comment #6 from Stefan Schulz <[email protected]> ---
Here is what I tried so far:
I opened my firewall. @stefano: BTW it's not only port 80, for curl the https
port also needs to be opened. And, another point - I have to allow in my LAN
*any* to *any* which I do not really understand... Usually my firewall is
configured with the last rule to deny everything what is not allowed. (Default
deny LAN to any rule).
First of all I followed the advice from janet and changed the primary doamin to
a registered domain. In my case from *.local to *.de. The *.de domain is a
registered domain. Altering the cname I am able to reach over dyndns my server.
Secondly I re-installed the contrib after clearing all pre-installed fragments
(of this contrib - smeserver-letsencrypt) and reboot with signal-event
post.....
Then I altered the domain.txt to the *one* registered domain, I'd like to have
a cert for email. There are a few more, but I don't want certs for them.
"ftp.xxx.de mail.xxx.de www.xxx.de xxx.de"
Running dehydrated -c results in:
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
Processing ftp.xxx.de with alternative names: mail.xxx.de www.xxx.de xxx.de
+ Signing domains...
+ Creating new directory /etc/dehydrated/certs/ftp.xxx.de ...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for ftp.xxx.de...
+ Requesting challenge for mail.xxx.de...
+ Requesting challenge for www.xxx.de...
+ Requesting challenge for xxx.de...
+ Responding to challenge for ftp.xxx.de...
+ Responding to challenge for mail.xxx.de...
+ Responding to challenge for www.xxx.de...
+ Challenge is valid!
+ Responding to challenge for xxx.de...
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from
http://xxx.de/.well-known/acme-challenge/BRZHc8cpXjpj7_gjYaiJmDnKJ_-QOPxv_sNic0SMXEw:
\"\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not
Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot
Found\u003c/h1\u003e\n\u003cp\"",
"status": 403
},
"uri":
"https://acme-staging.api.letsencrypt.org/acme/challenge/-xYqKSs8_ndFiuQdpCaAR6OP3MfcZ_xD_pnKwL-rUj4/38745745";,
"token": "BRZHc8cpXjpj7_gjYaiJmDnKJ_-QOPxv_sNic0SMXEw",
"keyAuthorization":
"BRZHc8cpXjpj7_gjYaiJmDnKJ_-QOPxv_sNic0SMXEw.ajQV71Epgz6e1zvfNQd7npQs17GuYvYWjQmuqNxcBCc",
"validationRecord": [
{
"url":
"http://xxx.de/.well-known/acme-challenge/BRZHc8cpXjpj7_gjYaiJmDnKJ_-QOPxv_sNic0SMXEw";,
"hostname": "xxx.de",
"port": "80",
"addressesResolved": [
"UUU.169.145.68",
"UUUU:238:20a:202:1068::"
],
"addressUsed": "UUUU:238:20a:202:1068::",
"addressesTried": []
}
]
})
Per default the firewall is blocking IP6.
Don't know why there's an invalid response?
In /etc/dehydrated the directory "accounts" and "certs" have been created. In
"certs" is the directory "ftp.xxx.de", and in this dir are the files
cert-1494796583.csr cert-1494796583.pem privkey-1494796583.pem.
That's it. No luck so far.
Server is a production server - no virtual box.
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
