Sorry, I wasn't clear in my earlier subject line. This is related to the Lets Encrypt installation.
I tried to pull some more relevant items from the log below. I don't actually see all of the elements of my FQDN (ipa-a.kkgpitt.org) only references to the host (ipa-a) in the log, but am not sure what a good log should include. Thanks for any assistance, Joe On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn <[email protected]> wrote: > Volunteers, > > I moved over to a Fedora VM which was way more difficult than it should > be. All kinds of problems with Guest Additions and I ended up having to > run server mode with no GUI. Now I run an Ubuntu VM from which I ssh into > my Fedora VM. Anyway... > > The install made it a further step than before. I get a quick blue screen > pop up at the end then an error saying: > [image: Inline image 1] > > An unexpected error occurred: >> The request message was malformed :: DNS name does not have enough labels >> Please see the logfiles in /var/log/letsencrypt for more details. >> > > When I run the cert checker util I get this > https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org > > Full log below. > > Any suggestions? Is it not pulling my proper hostname? > > Thanks, > Joe > > > > > > [jjflynn22@ipa-a ~]$ cat /etc/hosts > 192.168.1.211 ipa-a.kkgpitt.org ipa-a > 127.0.0.1 localhost localhost.localdomain localhost4 > localhost4.localdomain4 > ::1 localhost localhost.localdomain localhost6 > localhost6.localdomain6 > > > > > [jjflynn22@ipa-a ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log > [sudo] password for jjflynn22: > 2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level set at 20 > 2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to > /var/log/letsencrypt/letsencrypt.log > 2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3 > 2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments: ['--standalone', > '--csr', '/root/ipa-le/httpd-csr.der', '--email', '[email protected]', > '--agree-tos'] > 2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered plugins: > PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null, > PluginEntryPoint#manual,PluginEntryPoint#standalone) > 2016-12-06 20:57:43,995:DEBUG:certbot.plugins.selection:Requested > authenticator standalone and installer None > 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Single candidate > plugin: * standalone > Description: Spin up a temporary webserver > Interfaces: IAuthenticator, IPlugin > Entry point: standalone = certbot.plugins.standalone:Authenticator > Initialized: <certbot.plugins.standalone.Authenticator object at > 0x7fc3dc6fccd0> > Prep: True > 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Selected > authenticator <certbot.plugins.standalone.Authenticator object at > 0x7fc3dc6fccd0> and installer None > 2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account: <Account( > 7446b15565eb5a2fc5850f3ad97dc6dc)> > 2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to > https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {} > 2016-12-06 20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting > new HTTPS connection (1): acme-v01.api.letsencrypt.org > 2016-12-06 20:57:44,500:DEBUG:requests.packages.urllib3.connectionpool:"GET > /directory HTTP/1.1" 200 280 > 2016-12-06 20:57:44,506:DEBUG:root:Received <Response [200]>. Headers: > {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016 20:57:46 GMT', > 'Boulder-Request-Id': 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0', > 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', > 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': > 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT', > 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', > 'Replay-Nonce': 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}. Content: > '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n > "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n > "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n > "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}' > 2016-12-06 20:57:44,506:DEBUG:acme.client:Received response <Response > [200]> (headers: {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016 > 20:57:46 GMT', 'Boulder-Request-Id': > 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0', > 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', > 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': > 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT', > 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', > 'Replay-Nonce': 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}): '{\n > "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n > "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n > "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n > "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}' > 2016-12-06 20:57:44,506:DEBUG:certbot.client:CSR: > CSR(file='/root/ipa-le/httpd-csr.der', data='0\x82\x02x0\x82\x01`\ > x02\x01\x000\x101\x0e0\x0c\x06\x03U\x04\x03\x13\x05ipa-a > 0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\ > x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xdau1L\ > xa6T\xc8\x93\xc0P\x93\xb3\xd2\xcb \xe2PU\xf0\x94=\x1c\n\x1e\xe5\ > xfe\xed<\xfa\xb1d-\x92\xebeD\xb1\x0eq9\xf1\xfa\xb5p\xdc\ > x12qN\x96\x0b\x1f\x13\xab\xae > > ....... > > 99\xc0\xb0\x07N\xdd5\x9e1\xb8\xdc\x8c\xc1N\xc1\x04\xa1\xd0\ > xfc\xc2$f\x84e\xd4\xf7i\x1a\x1c~,\x80\xea/~j\xea\xa2\xf3\ > xe9\x96\xfe5j\xa4\xb4X\x12L\xd5\xe5\xb0\x99|\xb8\xd1\xed\ > xa3\xf2\xd5\xf0\x94\xc3"\xe8\x9dT\x17\xcf\x12$oVE\x83\xd1\ > x96\xac\xa1\xf9F\xd2mO\xe9$\xa7\x00_\xaa\xc6\xa3j\xa1\ > xbaX8\xa43K\x18os\xe1\xf4L(\xf9\xac\'\xc5\x9a\xdc\xf5s\ > xc6`\x97\xe6\xea\xf8\xcc\xfa\xe1U_\xff\x86\xf0\x82\xab\xaf\ > xb9\x92q\x06\x0f\xa5}]\x9c\xb1\x84b\x85<\xed\x92,g\x0e\xeaoAi|\xc5\n\x92', > form='der'), domains: [u'ipa-a'] > 2016-12-06 20:57:44,507:DEBUG:root:Requesting fresh nonce > 2016-12-06 20:57:44,507:DEBUG:root:Sending HEAD request to > https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {} > 2016-12-06 20:57:44,608:DEBUG:requests.packages.urllib3.connectionpool:"HEAD > /acme/new-authz HTTP/1.1" 405 0 > 2016-12-06 20:57:44,609:DEBUG:root:Received <Response [405]>. Headers: > {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id': ' > c2cMPhHqlO5kTv8xJ5dfIs4NCD2KMqn8X-IxPzutDAI', 'Expires': 'Tue, 06 Dec > 2016 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': > 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 > Dec 2016 20:57:46 GMT', 'Content-Type': 'application/problem+json', > 'Replay-Nonce': '3fq9edUYLFJwQKDU-oaLVpQdUglFemQpGNbwZ-AtmfI'}. Content: > '' > 2016-12-06 20:57:44,609:DEBUG:acme.client:Storing nonce: > '\xdd\xfa\xbdy\xd5\x18,Rp@\xa0\xd4\xfa\x86\x8bV\x94\x1dR\ > tEzd)\x18\xd6\xf0g\xe0-\x99\xf2' > 2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted empty fields: > combinations=None, challenges=None, expires=None, status=None > 2016-12-06 20:57:44,610:DEBUG:acme.client:Serialized JSON: {"identifier": > {"type": "dns", "value": "ipa-a"}, "resource": "new-authz"} > 2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted empty fields: > kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None, > x5tS256=None, x5u=None, alg=None, x5t=None > 2016-12-06 20:57:44,612:DEBUG:acme.jose.json_util:Omitted empty fields: > kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, > x5u=None, x5t=None, nonce=None > 2016-12-06 20:57:44,612:DEBUG:root:Sending POST request to > https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: > {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", > "n": "vmM8XoN-WDCdPcaMNxu9zlLEJBBN-W_pIkG-Afw5uawBBXWHbWyzUeb06LypMM94Lc > Ti0drWTf00Fdv5SiVKMAwwAoqH-Xzv5LHBwYmqNFGr-W6cphQjNTP21IP87NKxG87OdvvOMjE > --oMuJJMYWbyAAcOZNhIobWp969EMGu9Oi5JeQI1bLqIHS317xWDPD_ > EMTmhnVxZGBuS5gs_ObYejnJmGyu4_Bn1yLIDlBuphYsHg0pWoAgjZQAr3NI > 4N7oVrB-LiW21-k9I-LH3dijxVLBe_7jfKsIsVTJyzMzl- > g2iAeogYHfRngkhnQVXfhSleeZbfHwKXPs5FdmnHBw"}}, "protected": " > eyJub25jZSI6ICIzZnE5ZWRVWUxGSndRS0RVLW9hTFZwUWRVZ2xGZW1RcEdOYndaLUF0bWZJIn0", > "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJpcGEt > YSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0", "signature": " > sDGSJkUMIFVRr7YGU33exEVslJFZlZoTuyv74F_XtloybjzZFg81r8ONbCUXtU6Q1COsA > 1M9df_vpL1b8Pz2bhfgEkG7taiaHDEyK-PGx5cn9U4vgSp3uZMNfVGFK- > 0gSYxLIsI0AgEIV8rTVKVw5kHVhn8Ob7gCuBgz1QkGr8WefqAcJ6vxycvbPB > Xh3GlpHylKDNTEsH5kbdKtfg5bKJu8RDLFBhAZCFub61EwkeT7HfvhsWkaXJQhoolWiFn_ > 3PjAZCEZzPL5igCOW0V65OEp6O3wdnC4FwS0BwxE0CxB2QA2mXMdvX4SILRf > 5mhzhTOmdTL0gLYXffI1XErbvg"}'} > 2016-12-06 20:57:44,728:DEBUG:requests.packages.urllib3.connectionpool:"POST > /acme/new-authz HTTP/1.1" 400 109 > 2016-12-06 20:57:44,730:DEBUG:root:Received <Response [400]>. Headers: > {'Content-Length': '109', 'Boulder-Request-Id': 'z34CxBq8_ > BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires': 'Tue, 06 Dec 2016 > 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'close', 'Cache-Control': > 'max-age=0, no-cache, no-store', 'Pragma': 'no-cache', 'Boulder-Requester': > '6994631', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT', 'Content-Type': > 'application/problem+json', 'Replay-Nonce': ' > YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}. Content: '{\n "type": > "urn:acme:error:malformed",\n "detail": "DNS name does not have enough > labels",\n "status": 400\n}' > 2016-12-06 20:57:44,730:DEBUG:acme.client:Storing nonce: > "b\x84\x8d\xa4\xb4\xf5D\x94\x8d\xe6\xd5\x15\x11k\xa3\xaf\ > x18\xd9\xe0\xbchS\xe8\xca\x9d\xcb'\xd5\xa3}\x1cR" > 2016-12-06 20:57:44,730:DEBUG:acme.client:Received response <Response > [400]> (headers: {'Content-Length': '109', 'Boulder-Request-Id': 'z34CxBq8_ > BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires': 'Tue, 06 Dec 2016 > 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'close', 'Cache-Control': > 'max-age=0, no-cache, no-store', 'Pragma': 'no-cache', 'Boulder-Requester': > '6994631', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT', 'Content-Type': > 'application/problem+json', 'Replay-Nonce': ' > YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}): '{\n "type": > "urn:acme:error:malformed",\n "detail": "DNS name does not have enough > labels",\n "status": 400\n}' > 2016-12-06 20:57:44,735:DEBUG:certbot.main:Exiting abnormally: > Traceback (most recent call last): > File "/usr/bin/letsencrypt", line 9, in <module> > load_entry_point('certbot==0.9.3', 'console_scripts', 'certbot')() > File "/usr/lib/python2.7/site-packages/certbot/main.py", line 776, in > main > return config.func(config, plugins) > File "/usr/lib/python2.7/site-packages/certbot/main.py", line 566, in > obtain_cert > _csr_obtain_cert(config, le_client) > File "/usr/lib/python2.7/site-packages/certbot/main.py", line 535, in > _csr_obtain_cert > certr, chain = le_client.obtain_certificate_from_csr(config.domains, > csr, typ) > File "/usr/lib/python2.7/site-packages/certbot/client.py", line 229, in > obtain_certificate_from_csr > authzr = self.auth_handler.get_authorizations(domains) > File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line > 68, in get_authorizations > domain, self.account.regr.new_authzr_uri) > File "/usr/lib/python2.7/site-packages/acme/client.py", line 210, in > request_domain_challenges > typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri) > File "/usr/lib/python2.7/site-packages/acme/client.py", line 190, in > request_challenges > new_authz) > File "/usr/lib/python2.7/site-packages/acme/client.py", line 649, in > post > return self._check_response(response, content_type=content_type) > File "/usr/lib/python2.7/site-packages/acme/client.py", line 565, in > _check_response > raise messages.Error.from_json(jobj) > Error: urn:acme:error:malformed :: The request message was malformed :: > DNS name does not have enough labels > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
