https://bugs.contribs.org/show_bug.cgi?id=10300
--- Comment #36 from Dan Brown <[email protected]> ---
Back home for a day or two, so I had a chance to chance to rebuild my VM (I'd
inadvertently deleted my pre-issuance snapshot). A couple of interesting
findings this morning:
1. I'm not able to get a cert at all--I can get through the config file
without too much hassle, but dehydrated itself dies silently shortly
thereafter:
[root@dehydrated-test ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
[root@dehydrated-test ~]#
2. Pointing the test VM to my pfSense box as a DNS server, without doing
anything else (and without having run dehydrated -c previously) produces the
above result. IOW, the pfSense box is able to resolve all the hostnames sought
in the config file.
Well, so I thought. The first run of dehydrated -c after making that change,
it worked as I showed above. The second (and third) run, it did:
[root@dehydrated-test ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
[root@dehydrated-test ~]#
letsencrypt.status.io shows everything's operational, but something's behaving
strangely. I rolled back and commented out the three curl lines from the
config file; here was the result of that:
[root@dehydrated-test ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
ERROR: Problem connecting to server (get for
https://acme-staging.api.letsencrypt.org/directory; curl returned with 6)
[root@dehydrated-test ~]# cat /etc/dehydrated/config
PARAM_ACCEPT_TERMS="yes"
#!/bin/bash
WELLKNOWN="/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge"
CA="https://acme-staging.api.letsencrypt.org/directory";
BASEDIR="/etc/dehydrated"
HOOK="/usr/bin/hook-script.sh"
#fix for curl error (get for
https://acme-staging.api.letsencrypt.org/directory; curl returned with 6) like
# /usr/bin/curl https://acme-v01.api.letsencrypt.org/directory -s 2>&1 >
/dev/null
# /usr/bin/curl http://cert.int-x3.letsencrypt.org/ -s 2>&1 > /dev/null
# /usr/bin/curl https://acme-staging.api.letsencrypt.org/directory -s 2>&1 >
/dev/null
[root@dehydrated-test ~]# host acme-staging.api.letsencrypt.org
acme-staging.api.letsencrypt.org is an alias for
api.letsencrypt.org.edgekey.net.
api.letsencrypt.org.edgekey.net is an alias for e981.dscb.akamaiedge.net.
e981.dscb.akamaiedge.net has address 23.41.11.13
e981.dscb.akamaiedge.net has IPv6 address 2001:559:15:198::3d5
e981.dscb.akamaiedge.net has IPv6 address 2001:559:15:188::3d5
[root@dehydrated-test ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
[root@dehydrated-test ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
[root@dehydrated-test ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
[root@dehydrated-test ~]#
On the last two attempts at running dehydrated -c, the shell prompt returned
very quickly. I'm getting confused here.
I doubt it has anything to do with this problem, but the ACCEPT_TERMS line
probably should come after the shebang.
--
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
