Sorry, I wasn't clear in my earlier subject line.  This is related to the
Lets Encrypt installation.

I tried to pull some more relevant items from the log below.  I don't
actually see all of the elements of my FQDN (ipa-a.kkgpitt.org) only
references to the host (ipa-a) in the log, but am not sure what a good log
should include.

Thanks for any assistance,
Joe


On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn <jjflyn...@gmail.com> wrote:

> Volunteers,
>
> I moved over to a Fedora VM which was way more difficult than it should
> be.  All kinds of problems with Guest Additions and I ended up having to
> run server mode with no GUI.  Now I run an Ubuntu VM from which I ssh into
> my Fedora VM.  Anyway...
>
> The install made it a further step than before.  I get a quick blue screen
> pop up at the end then an error saying:
> [image: Inline image 1]
>
> An unexpected error occurred:
>> The request message was malformed :: DNS name does not have enough labels
>> Please see the logfiles in /var/log/letsencrypt for more details.
>>
>
> When I run the cert checker util I get this
> https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org
>
> Full log below.
>
> Any suggestions?  Is it not pulling my proper hostname?
>
> Thanks,
> Joe
>
>
>
>
>
> [jjflynn22@ipa-a ~]$ cat /etc/hosts
> 192.168.1.211 ipa-a.kkgpitt.org ipa-a
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
>
>
>
>
> [jjflynn22@ipa-a ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log
> [sudo] password for jjflynn22:
> 2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level set at 20
> 2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to
> /var/log/letsencrypt/letsencrypt.log
> 2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3
> 2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments: ['--standalone',
> '--csr', '/root/ipa-le/httpd-csr.der', '--email', 'xx...@gmail.com',
> '--agree-tos']
> 2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered plugins:
> PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,
> PluginEntryPoint#manual,PluginEntryPoint#standalone)
> 2016-12-06 20:57:43,995:DEBUG:certbot.plugins.selection:Requested
> authenticator standalone and installer None
> 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Single candidate
> plugin: * standalone
> Description: Spin up a temporary webserver
> Interfaces: IAuthenticator, IPlugin
> Entry point: standalone = certbot.plugins.standalone:Authenticator
> Initialized: <certbot.plugins.standalone.Authenticator object at
> 0x7fc3dc6fccd0>
> Prep: True
> 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Selected
> authenticator <certbot.plugins.standalone.Authenticator object at
> 0x7fc3dc6fccd0> and installer None
> 2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account: <Account(
> 7446b15565eb5a2fc5850f3ad97dc6dc)>
> 2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to
> https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
> 2016-12-06 20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting
> new HTTPS connection (1): acme-v01.api.letsencrypt.org
> 2016-12-06 20:57:44,500:DEBUG:requests.packages.urllib3.connectionpool:"GET
> /directory HTTP/1.1" 200 280
> 2016-12-06 20:57:44,506:DEBUG:root:Received <Response [200]>. Headers:
> {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016 20:57:46 GMT',
> 'Boulder-Request-Id': 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
> 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
> 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
> 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
> 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json',
> 'Replay-Nonce': 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}. Content:
> '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n
> "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n
> "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n
> "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
> 2016-12-06 20:57:44,506:DEBUG:acme.client:Received response <Response
> [200]> (headers: {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016
> 20:57:46 GMT', 'Boulder-Request-Id': 
> 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
> 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
> 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
> 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
> 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json',
> 'Replay-Nonce': 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}): '{\n
> "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n
> "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n
> "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n
> "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
> 2016-12-06 20:57:44,506:DEBUG:certbot.client:CSR:
> CSR(file='/root/ipa-le/httpd-csr.der', data='0\x82\x02x0\x82\x01`\
> x02\x01\x000\x101\x0e0\x0c\x06\x03U\x04\x03\x13\x05ipa-a
> 0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\
> x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xdau1L\
> xa6T\xc8\x93\xc0P\x93\xb3\xd2\xcb \xe2PU\xf0\x94=\x1c\n\x1e\xe5\
> xfe\xed<\xfa\xb1d-\x92\xebeD\xb1\x0eq9\xf1\xfa\xb5p\xdc\
> x12qN\x96\x0b\x1f\x13\xab\xae
>
> .......
>
> 99\xc0\xb0\x07N\xdd5\x9e1\xb8\xdc\x8c\xc1N\xc1\x04\xa1\xd0\
> xfc\xc2$f\x84e\xd4\xf7i\x1a\x1c~,\x80\xea/~j\xea\xa2\xf3\
> xe9\x96\xfe5j\xa4\xb4X\x12L\xd5\xe5\xb0\x99|\xb8\xd1\xed\
> xa3\xf2\xd5\xf0\x94\xc3"\xe8\x9dT\x17\xcf\x12$oVE\x83\xd1\
> x96\xac\xa1\xf9F\xd2mO\xe9$\xa7\x00_\xaa\xc6\xa3j\xa1\
> xbaX8\xa43K\x18os\xe1\xf4L(\xf9\xac\'\xc5\x9a\xdc\xf5s\
> xc6`\x97\xe6\xea\xf8\xcc\xfa\xe1U_\xff\x86\xf0\x82\xab\xaf\
> xb9\x92q\x06\x0f\xa5}]\x9c\xb1\x84b\x85<\xed\x92,g\x0e\xeaoAi|\xc5\n\x92',
> form='der'), domains: [u'ipa-a']
> 2016-12-06 20:57:44,507:DEBUG:root:Requesting fresh nonce
> 2016-12-06 20:57:44,507:DEBUG:root:Sending HEAD request to
> https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
> 2016-12-06 20:57:44,608:DEBUG:requests.packages.urllib3.connectionpool:"HEAD
> /acme/new-authz HTTP/1.1" 405 0
> 2016-12-06 20:57:44,609:DEBUG:root:Received <Response [405]>. Headers:
> {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id': '
> c2cMPhHqlO5kTv8xJ5dfIs4NCD2KMqn8X-IxPzutDAI', 'Expires': 'Tue, 06 Dec
> 2016 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow':
> 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06
> Dec 2016 20:57:46 GMT', 'Content-Type': 'application/problem+json',
> 'Replay-Nonce': '3fq9edUYLFJwQKDU-oaLVpQdUglFemQpGNbwZ-AtmfI'}. Content:
> ''
> 2016-12-06 20:57:44,609:DEBUG:acme.client:Storing nonce:
> '\xdd\xfa\xbdy\xd5\x18,Rp@\xa0\xd4\xfa\x86\x8bV\x94\x1dR\
> tEzd)\x18\xd6\xf0g\xe0-\x99\xf2'
> 2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted empty fields:
> combinations=None, challenges=None, expires=None, status=None
> 2016-12-06 20:57:44,610:DEBUG:acme.client:Serialized JSON: {"identifier":
> {"type": "dns", "value": "ipa-a"}, "resource": "new-authz"}
> 2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted empty fields:
> kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None,
> x5tS256=None, x5u=None, alg=None, x5t=None
> 2016-12-06 20:57:44,612:DEBUG:acme.jose.json_util:Omitted empty fields:
> kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None,
> x5u=None, x5t=None, nonce=None
> 2016-12-06 20:57:44,612:DEBUG:root:Sending POST request to
> https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs:
> {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA",
> "n": "vmM8XoN-WDCdPcaMNxu9zlLEJBBN-W_pIkG-Afw5uawBBXWHbWyzUeb06LypMM94Lc
> Ti0drWTf00Fdv5SiVKMAwwAoqH-Xzv5LHBwYmqNFGr-W6cphQjNTP21IP87NKxG87OdvvOMjE
> --oMuJJMYWbyAAcOZNhIobWp969EMGu9Oi5JeQI1bLqIHS317xWDPD_
> EMTmhnVxZGBuS5gs_ObYejnJmGyu4_Bn1yLIDlBuphYsHg0pWoAgjZQAr3NI
> 4N7oVrB-LiW21-k9I-LH3dijxVLBe_7jfKsIsVTJyzMzl-
> g2iAeogYHfRngkhnQVXfhSleeZbfHwKXPs5FdmnHBw"}}, "protected": "
> eyJub25jZSI6ICIzZnE5ZWRVWUxGSndRS0RVLW9hTFZwUWRVZ2xGZW1RcEdOYndaLUF0bWZJIn0",
> "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJpcGEt
> YSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0", "signature": "
> sDGSJkUMIFVRr7YGU33exEVslJFZlZoTuyv74F_XtloybjzZFg81r8ONbCUXtU6Q1COsA
> 1M9df_vpL1b8Pz2bhfgEkG7taiaHDEyK-PGx5cn9U4vgSp3uZMNfVGFK-
> 0gSYxLIsI0AgEIV8rTVKVw5kHVhn8Ob7gCuBgz1QkGr8WefqAcJ6vxycvbPB
> Xh3GlpHylKDNTEsH5kbdKtfg5bKJu8RDLFBhAZCFub61EwkeT7HfvhsWkaXJQhoolWiFn_
> 3PjAZCEZzPL5igCOW0V65OEp6O3wdnC4FwS0BwxE0CxB2QA2mXMdvX4SILRf
> 5mhzhTOmdTL0gLYXffI1XErbvg"}'}
> 2016-12-06 20:57:44,728:DEBUG:requests.packages.urllib3.connectionpool:"POST
> /acme/new-authz HTTP/1.1" 400 109
> 2016-12-06 20:57:44,730:DEBUG:root:Received <Response [400]>. Headers:
> {'Content-Length': '109', 'Boulder-Request-Id': 'z34CxBq8_
> BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires': 'Tue, 06 Dec 2016
> 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'close', 'Cache-Control':
> 'max-age=0, no-cache, no-store', 'Pragma': 'no-cache', 'Boulder-Requester':
> '6994631', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT', 'Content-Type':
> 'application/problem+json', 'Replay-Nonce': '
> YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}. Content: '{\n  "type":
> "urn:acme:error:malformed",\n  "detail": "DNS name does not have enough
> labels",\n  "status": 400\n}'
> 2016-12-06 20:57:44,730:DEBUG:acme.client:Storing nonce:
> "b\x84\x8d\xa4\xb4\xf5D\x94\x8d\xe6\xd5\x15\x11k\xa3\xaf\
> x18\xd9\xe0\xbchS\xe8\xca\x9d\xcb'\xd5\xa3}\x1cR"
> 2016-12-06 20:57:44,730:DEBUG:acme.client:Received response <Response
> [400]> (headers: {'Content-Length': '109', 'Boulder-Request-Id': 'z34CxBq8_
> BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires': 'Tue, 06 Dec 2016
> 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'close', 'Cache-Control':
> 'max-age=0, no-cache, no-store', 'Pragma': 'no-cache', 'Boulder-Requester':
> '6994631', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT', 'Content-Type':
> 'application/problem+json', 'Replay-Nonce': '
> YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}): '{\n  "type":
> "urn:acme:error:malformed",\n  "detail": "DNS name does not have enough
> labels",\n  "status": 400\n}'
> 2016-12-06 20:57:44,735:DEBUG:certbot.main:Exiting abnormally:
> Traceback (most recent call last):
>   File "/usr/bin/letsencrypt", line 9, in <module>
>     load_entry_point('certbot==0.9.3', 'console_scripts', 'certbot')()
>   File "/usr/lib/python2.7/site-packages/certbot/main.py", line 776, in
> main
>     return config.func(config, plugins)
>   File "/usr/lib/python2.7/site-packages/certbot/main.py", line 566, in
> obtain_cert
>     _csr_obtain_cert(config, le_client)
>   File "/usr/lib/python2.7/site-packages/certbot/main.py", line 535, in
> _csr_obtain_cert
>     certr, chain = le_client.obtain_certificate_from_csr(config.domains,
> csr, typ)
>   File "/usr/lib/python2.7/site-packages/certbot/client.py", line 229, in
> obtain_certificate_from_csr
>     authzr = self.auth_handler.get_authorizations(domains)
>   File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line
> 68, in get_authorizations
>     domain, self.account.regr.new_authzr_uri)
>   File "/usr/lib/python2.7/site-packages/acme/client.py", line 210, in
> request_domain_challenges
>     typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
>   File "/usr/lib/python2.7/site-packages/acme/client.py", line 190, in
> request_challenges
>     new_authz)
>   File "/usr/lib/python2.7/site-packages/acme/client.py", line 649, in
> post
>     return self._check_response(response, content_type=content_type)
>   File "/usr/lib/python2.7/site-packages/acme/client.py", line 565, in
> _check_response
>     raise messages.Error.from_json(jobj)
> Error: urn:acme:error:malformed :: The request message was malformed ::
> DNS name does not have enough labels
>
>
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to