Sorry, I wasn't clear in my earlier subject line. This is related to
the Lets Encrypt installation.
I tried to pull some more relevant items from the log below. I don't
actually see all of the elements of my FQDN (ipa-a.kkgpitt.org
<http://ipa-a.kkgpitt.org>) only references to the host (ipa-a) in the
log, but am not sure what a good log should include.
Thanks for any assistance,
Joe
On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn <jjflyn...@gmail.com
<mailto:jjflyn...@gmail.com>> wrote:
Volunteers,
I moved over to a Fedora VM which was way more difficult than it
should be. All kinds of problems with Guest Additions and I ended
up having to run server mode with no GUI. Now I run an Ubuntu VM
from which I ssh into my Fedora VM. Anyway...
The install made it a further step than before. I get a quick
blue screen pop up at the end then an error saying:
Inline image 1
An unexpected error occurred:
The request message was malformed :: DNS name does not have
enough labels
Please see the logfiles in /var/log/letsencrypt for more details.
When I run the cert checker util I get this
https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org
<https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org>
Full log below.
Any suggestions? Is it not pulling my proper hostname?
Thanks,
Joe
[jjflynn22@ipa-a ~]$ cat /etc/hosts
192.168.1.211ipa-a.kkgpitt.org <http://ipa-a.kkgpitt.org> ipa-a
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
[jjflynn22@ipa-a ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log
[sudo] password for jjflynn22:
2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level set
at 20
2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to
/var/log/letsencrypt/letsencrypt.log
2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3
2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments:
['--standalone', '--csr', '/root/ipa-le/httpd-csr.der', '--email',
'xx...@gmail.com <mailto:xx...@gmail.com>', '--agree-tos']
2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-12-06 20:57:43,995:DEBUG:certbot.plugins.selection:Requested
authenticator standalone and installer None
2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Single
candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at
0x7fc3dc6fccd0>
Prep: True
2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Selected
authenticator <certbot.plugins.standalone.Authenticator object at
0x7fc3dc6fccd0> and installer None
2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account:
<Account(7446b15565eb5a2fc5850f3ad97dc6dc)>
2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to
https://acme-v01.api.letsencrypt.org/directory
<https://acme-v01.api.letsencrypt.org/directory>. args: (), kwargs: {}
2016-12-06
20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting
new HTTPS connection (1): acme-v01.api.letsencrypt.org
<http://acme-v01.api.letsencrypt.org>
2016-12-06
20:57:44,500:DEBUG:requests.packages.urllib3.connectionpool:"GET
/directory HTTP/1.1" 200 280
2016-12-06 20:57:44,506:DEBUG:root:Received <Response [200]>.
Headers: {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016
20:57:46 GMT', 'Boulder-Request-Id':
'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016
20:57:46 GMT', 'X-Frame-Options': 'DENY', 'Content-Type':
'application/json', 'Replay-Nonce':
'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}. Content: '{\n
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz
<https://acme-v01.api.letsencrypt.org/acme/new-authz>",\n
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert
<https://acme-v01.api.letsencrypt.org/acme/new-cert>",\n
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg
<https://acme-v01.api.letsencrypt.org/acme/new-reg>",\n
"revoke-cert":
"https://acme-v01.api.letsencrypt.org/acme/revoke-cert
<https://acme-v01.api.letsencrypt.org/acme/revoke-cert>"\n}'
2016-12-06 20:57:44,506:DEBUG:acme.client:Received response
<Response [200]> (headers: {'Content-Length': '280', 'Expires':
'Tue, 06 Dec 2016 20:57:46 GMT', 'Boulder-Request-Id':
'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016
20:57:46 GMT', 'X-Frame-Options': 'DENY', 'Content-Type':
'application/json', 'Replay-Nonce':
'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}): '{\n
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz
<https://acme-v01.api.letsencrypt.org/acme/new-authz>",\n
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert
<https://acme-v01.api.letsencrypt.org/acme/new-cert>",\n
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg
<https://acme-v01.api.letsencrypt.org/acme/new-reg>",\n
"revoke-cert":
"https://acme-v01.api.letsencrypt.org/acme/revoke-cert
<https://acme-v01.api.letsencrypt.org/acme/revoke-cert>"\n}'
2016-12-06 20:57:44,506:DEBUG:certbot.client:CSR:
CSR(file='/root/ipa-le/httpd-csr.der',
data='0\x82\x02x0\x82\x01`\x02\x01\x000\x101\x0e0\x0c\x06\x03U\x04\x03\x13\x05ipa-a0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xdau1L\xa6T\xc8\x93\xc0P\x93\xb3\xd2\xcb
\xe2PU\xf0\x94=\x1c\n\x1e\xe5\xfe\xed<\xfa\xb1d-\x92\xebeD\xb1\x0eq9\xf1\xfa\xb5p\xdc\x12qN\x96\x0b\x1f\x13\xab\xae
.......
99\xc0\xb0\x07N\xdd5\x9e1\xb8\xdc\x8c\xc1N\xc1\x04\xa1\xd0\xfc\xc2$f\x84e\xd4\xf7i\x1a\x1c~,\x80\xea/~j\xea\xa2\xf3\xe9\x96\xfe5j\xa4\xb4X\x12L\xd5\xe5\xb0\x99|\xb8\xd1\xed\xa3\xf2\xd5\xf0\x94\xc3"\xe8\x9dT\x17\xcf\x12$oVE\x83\xd1\x96\xac\xa1\xf9F\xd2mO\xe9$\xa7\x00_\xaa\xc6\xa3j\xa1\xbaX8\xa43K\x18os\xe1\xf4L(\xf9\xac\'\xc5\x9a\xdc\xf5s\xc6`\x97\xe6\xea\xf8\xcc\xfa\xe1U_\xff\x86\xf0\x82\xab\xaf\xb9\x92q\x06\x0f\xa5}]\x9c\xb1\x84b\x85<\xed\x92,g\x0e\xeaoAi|\xc5\n\x92',
form='der'), domains: [u'ipa-a']
2016-12-06 20:57:44,507:DEBUG:root:Requesting fresh nonce
2016-12-06 20:57:44,507:DEBUG:root:Sending HEAD request to
https://acme-v01.api.letsencrypt.org/acme/new-authz
<https://acme-v01.api.letsencrypt.org/acme/new-authz>. args: (),
kwargs: {}
2016-12-06
20:57:44,608:DEBUG:requests.packages.urllib3.connectionpool:"HEAD
/acme/new-authz HTTP/1.1" 405 0
2016-12-06 20:57:44,609:DEBUG:root:Received <Response [405]>.
Headers: {'Content-Length': '91', 'Pragma': 'no-cache',
'Boulder-Request-Id':
'c2cMPhHqlO5kTv8xJ5dfIs4NCD2KMqn8X-IxPzutDAI', 'Expires': 'Tue, 06
Dec 2016 20:57:46 GMT', 'Server': 'nginx', 'Connection':
'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0,
no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
'Content-Type': 'application/problem+json', 'Replay-Nonce':
'3fq9edUYLFJwQKDU-oaLVpQdUglFemQpGNbwZ-AtmfI'}. Content: ''
2016-12-06 20:57:44,609:DEBUG:acme.client:Storing nonce:
'\xdd\xfa\xbdy\xd5\x18,Rp@\xa0\xd4\xfa\x86\x8bV\x94\x1dR\tEzd)\x18\xd6\xf0g\xe0-\x99\xf2'
2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted empty
fields: combinations=None, challenges=None, expires=None, status=None
2016-12-06 20:57:44,610:DEBUG:acme.client:Serialized JSON:
{"identifier": {"type": "dns", "value": "ipa-a"}, "resource":
"new-authz"}
2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted empty
fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None,
cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
2016-12-06 20:57:44,612:DEBUG:acme.jose.json_util:Omitted empty
fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None,
x5tS256=None, x5u=None, x5t=None, nonce=None
2016-12-06 20:57:44,612:DEBUG:root:Sending POST request to
https://acme-v01.api.letsencrypt.org/acme/new-authz
<https://acme-v01.api.letsencrypt.org/acme/new-authz>. args: (),
kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB",
"kty": "RSA", "n":
"vmM8XoN-WDCdPcaMNxu9zlLEJBBN-W_pIkG-Afw5uawBBXWHbWyzUeb06LypMM94LcTi0drWTf00Fdv5SiVKMAwwAoqH-Xzv5LHBwYmqNFGr-W6cphQjNTP21IP87NKxG87OdvvOMjE--oMuJJMYWbyAAcOZNhIobWp969EMGu9Oi5JeQI1bLqIHS317xWDPD_EMTmhnVxZGBuS5gs_ObYejnJmGyu4_Bn1yLIDlBuphYsHg0pWoAgjZQAr3NI4N7oVrB-LiW21-k9I-LH3dijxVLBe_7jfKsIsVTJyzMzl-g2iAeogYHfRngkhnQVXfhSleeZbfHwKXPs5FdmnHBw"}},
"protected":
"eyJub25jZSI6ICIzZnE5ZWRVWUxGSndRS0RVLW9hTFZwUWRVZ2xGZW1RcEdOYndaLUF0bWZJIn0",
"payload":
"eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJpcGEtYSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0",
"signature":
"sDGSJkUMIFVRr7YGU33exEVslJFZlZoTuyv74F_XtloybjzZFg81r8ONbCUXtU6Q1COsA1M9df_vpL1b8Pz2bhfgEkG7taiaHDEyK-PGx5cn9U4vgSp3uZMNfVGFK-0gSYxLIsI0AgEIV8rTVKVw5kHVhn8Ob7gCuBgz1QkGr8WefqAcJ6vxycvbPBXh3GlpHylKDNTEsH5kbdKtfg5bKJu8RDLFBhAZCFub61EwkeT7HfvhsWkaXJQhoolWiFn_3PjAZCEZzPL5igCOW0V65OEp6O3wdnC4FwS0BwxE0CxB2QA2mXMdvX4SILRf5mhzhTOmdTL0gLYXffI1XErbvg"}'}
2016-12-06
20:57:44,728:DEBUG:requests.packages.urllib3.connectionpool:"POST
/acme/new-authz HTTP/1.1" 400 109
2016-12-06 20:57:44,730:DEBUG:root:Received <Response [400]>.
Headers: {'Content-Length': '109', 'Boulder-Request-Id':
'z34CxBq8_BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires': 'Tue, 06
Dec 2016 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'close',
'Cache-Control': 'max-age=0, no-cache, no-store', 'Pragma':
'no-cache', 'Boulder-Requester': '6994631', 'Date': 'Tue, 06 Dec
2016 20:57:46 GMT', 'Content-Type': 'application/problem+json',
'Replay-Nonce': 'YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}.
Content: '{\n "type": "urn:acme:error:malformed",\n "detail":
"DNS name does not have enough labels",\n "status": 400\n}'
2016-12-06 20:57:44,730:DEBUG:acme.client:Storing nonce:
"b\x84\x8d\xa4\xb4\xf5D\x94\x8d\xe6\xd5\x15\x11k\xa3\xaf\x18\xd9\xe0\xbchS\xe8\xca\x9d\xcb'\xd5\xa3}\x1cR"
2016-12-06 20:57:44,730:DEBUG:acme.client:Received response
<Response [400]> (headers: {'Content-Length': '109',
'Boulder-Request-Id':
'z34CxBq8_BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires': 'Tue, 06
Dec 2016 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'close',
'Cache-Control': 'max-age=0, no-cache, no-store', 'Pragma':
'no-cache', 'Boulder-Requester': '6994631', 'Date': 'Tue, 06 Dec
2016 20:57:46 GMT', 'Content-Type': 'application/problem+json',
'Replay-Nonce': 'YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}):
'{\n "type": "urn:acme:error:malformed",\n "detail": "DNS name
does not have enough labels",\n "status": 400\n}'
2016-12-06 20:57:44,735:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/letsencrypt", line 9, in <module>
load_entry_point('certbot==0.9.3', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/certbot/main.py", line
776, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line
566, in obtain_cert
_csr_obtain_cert(config, le_client)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line
535, in _csr_obtain_cert
certr, chain =
le_client.obtain_certificate_from_csr(config.domains, csr, typ)
File "/usr/lib/python2.7/site-packages/certbot/client.py", line
229, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py",
line 68, in get_authorizations
domain, self.account.regr.new_authzr_uri)
File "/usr/lib/python2.7/site-packages/acme/client.py", line
210, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File "/usr/lib/python2.7/site-packages/acme/client.py", line
190, in request_challenges
new_authz)
File "/usr/lib/python2.7/site-packages/acme/client.py", line
649, in post
return self._check_response(response, content_type=content_type)
File "/usr/lib/python2.7/site-packages/acme/client.py", line
565, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:malformed :: The request message was
malformed :: DNS name does not have enough labels
