https://bugs.contribs.org/show_bug.cgi?id=10300
Jean-Philippe Pialasse <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected]
--- Comment #20 from Jean-Philippe Pialasse <[email protected]> ---
(In reply to Stefan Schulz from comment #6)
> Here is what I tried so far:
>
> I opened my firewall. @stefano: BTW it's not only port 80, for curl the
> https port also needs to be opened. And, another point - I have to allow in
> my LAN *any* to *any* which I do not really understand... Usually my
> firewall is configured with the last rule to deny everything what is not
> allowed. (Default deny LAN to any rule).
>
> First of all I followed the advice from janet and changed the primary doamin
> to a registered domain. In my case from *.local to *.de. The *.de domain is
> a registered domain. Altering the cname I am able to reach over dyndns my
> server.
>
> Secondly I re-installed the contrib after clearing all pre-installed
> fragments (of this contrib - smeserver-letsencrypt) and reboot with
> signal-event post.....
>
> Then I altered the domain.txt to the *one* registered domain, I'd like to
> have a cert for email. There are a few more, but I don't want certs for
> them. "ftp.xxx.de mail.xxx.de www.xxx.de xxx.de"
did you had to comment out the curl lines in config file as Dan points in
comment #1 ?
>
> Running dehydrated -c results in:
>
> # INFO: Using main config file /etc/dehydrated/config
> + Generating account key...
> + Registering account key with ACME server...
> Processing ftp.xxx.de with alternative names: mail.xxx.de www.xxx.de xxx.de
> + Signing domains...
> + Creating new directory /etc/dehydrated/certs/ftp.xxx.de ...
> + Generating private key...
> + Generating signing request...
> + Requesting challenge for ftp.xxx.de...
> + Requesting challenge for mail.xxx.de...
> + Requesting challenge for www.xxx.de...
> + Requesting challenge for xxx.de...
> + Responding to challenge for ftp.xxx.de...
> + Responding to challenge for mail.xxx.de...
> + Responding to challenge for www.xxx.de...
> + Challenge is valid!
> + Responding to challenge for xxx.de...
> Per default the firewall is blocking IP6.
>
> Don't know why there's an invalid response?
it looks like the challenge for xxx.de fails as this one does not resolve to
you server requesting the ssl while the ftp, mail and www are.
you can either verify and fix your DNS to point your xxx.de domain to your
server ( what I would recommend), of exclude it ( at least to test if
everything else is working)
db domains setprop xxx.de letsencryptSSLcert disabled
signal-event console-save
then rerun
dehydrated -c -x
>
> In /etc/dehydrated the directory "accounts" and "certs" have been created.
> In "certs" is the directory "ftp.xxx.de", and in this dir are the files
> cert-1494796583.csr cert-1494796583.pem privkey-1494796583.pem.
half of the content is missing: fullchain.pem, privkey.pem... and some links,
normal as it fails in the middle of validation
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
