Re: [Letsencrypt-devel] 2FA on salsa?
On 02/09/2018 05:41 PM, Mattia Rizzolo wrote: > On Fri, Feb 09, 2018 at 04:41:54PM +0100, IOhannes m zmölnig (Debian/GNU) > wrote: >> it seems somebody enabled two-factor-authentication for this team on salsa. > > Indeed it's enabled. > I didn't do it, so that was Harlan. > > Harlan: what was your reasoning about it? > >> now, i don't own a smartphone & i don't own a yubikey. >> afaik, this means that i cannot use 2FA. > > That's not completely true. You could manage your login codes manually > with oathtool(1) or similar. Sure, that's annoying to do :P > until i set this up (if ever), can someone with the powers please remove me from the team? it's really annoying to not be able to do anything. thanks you. fgmards IOhannes signature.asc Description: OpenPGP digital signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] 2FA on salsa?
hi, it seems somebody enabled two-factor-authentication for this team on salsa. at least, when i log in, i now get an error: > The group settings for Debian Lets Encrypt Team require you to enable Two-Factor Authentication for your account. and i cannot proceed unless i setup 2FA. now, i don't own a smartphone & i don't own a yubikey. afaik, this means that i cannot use 2FA. if the letsencrypt team insists on 2FA, please remove me from the team as it prevents me from using the salsa webinterface. in this case i'll probably have to migrate my "dehydrated-hook-ddns-tsig" to the 'debian' namespace. otoh, i'd prefer if there had been some discussion about enabling 2FA before the fact. fgmdsar IOhannes signature.asc Description: OpenPGP digital signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] joining the letsencrypt team
hi all, as you might have noticed, i recently filed an ITP about dehydrated-dnspython-hook (#864408), and i think maintaining the package under the umbrella of this team so makes sense. unfortunately, i haven't found anything about how to *join* the team and whether there are any policies or whatnot to know beforehand. what do you think? fdmsar IOhannes signature.asc Description: OpenPGP digital signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#854431: dehydrated: please chown/chmod *.pem to root:ssl-cert
Package: dehydrated Version: 0.3.1-3 Followup-For: Bug #854431 +1 for this feature from my side. I was actually going to suggest to use a separate group (e.g. 'letsencrypt-cert') but re-using the 'ssl-cert' group sounds good for me as well. ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#848224: Bug#848224: dehydrated-apache2: does not handle .well-known directory hidden by mod_rewrite
On 12/15/2016 06:03 PM, Mattia Rizzolo wrote: >> Unfortunately it had no effect on my system: accessing >> /.well-known/acme-challenge/ via my webserver would just give me a 404 page. >> >> Now, my webserver has the following characteristics >> - multiple VirtualHosts >> - use of mod_rewrite to do complex routing (in virtually all VirtualHosts). > > umh. > where do you configure the virtualhosts? If you have them on > /etc/apache2/sites-enabled those should not conflict and the conf this > package ships would be honored (I think?!). the vhosts are configured via /etc/apache2/sites-enabled, and i don't think there is a conflict per se. but i think that the mod_rewrite somehow cancels the conf from dehydrated-apache2. i probably should add, that mod_rewrite is rewriting the entire page (apache2 is the front-end to a plone CMS; for vhost support on the CMS side, i need complex proxying/rewriting capabilities such as offerend by mod_rewrite) > > In my systems I have a lot of virtulhosts too (although I don't have > that many rewrite rules) and everything works. > >> RewriteRule ^/\.well-known/acme-challenge/ - [L] >> >> Of course I would prefer a solution that would fix this in a central place >> (/etc/apache2/conf-available/dehydrated.conf). >> However, my feeble (and short-lived) attempts did not have any effect. > > Have you tried adding that line to > /etc/apache2/conf-enabled/dehydrated.conf? > that was precisely my unsatisfying and "feeble attempt" to fix it. fgmrs IOhannes signature.asc Description: OpenPGP digital signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#810216: letsencrypt: fails to run as unprivileged user
Package: letsencrypt Version: 0.1.1-3 Severity: normal Dear Maintainer, letsencrypt gives me a hard time when being run as unprivileged user. i understand that quite a number of operations require supercow powers, but the error messages are rather cryptic (being generic python exceptions): $ letsencrypt An unexpected error occurred: OSError: [Errno 13] Permission denied: '/etc/letsencrypt' Please see the logfile 'letsencrypt.log' for more details. $ cat letsencrypt.log Traceback (most recent call last): File "/usr/bin/letsencrypt", line 9, in load_entry_point('letsencrypt==0.1.1', 'console_scripts', 'letsencrypt')() File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1359, in main "--strict-permissions" in cli_args) File "/usr/lib/python2.7/dist-packages/letsencrypt/le_util.py", line 103, in make_or_verify_dir os.makedirs(directory, mode) File "/usr/lib/python2.7/os.py", line 157, in makedirs mkdir(name, mode) OSError: [Errno 13] Permission denied: '/etc/letsencrypt' $ sudo letsencrypt No installers seem to be present and working on your system; fix that or try running letsencrypt with the "certonly" command $ letsencrypt Traceback (most recent call last): File "/usr/bin/letsencrypt", line 9, in load_entry_point('letsencrypt==0.1.1', 'console_scripts', 'letsencrypt')() File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1364, in main setup_logging(args, _cli_log_handler, logfile='letsencrypt.log') File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1277, in setup_logging args, logfile=logfile, fmt=fmt) File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1248, in setup_log_file_handler log_file_path, maxBytes=2 ** 20, backupCount=10) File "/usr/lib/python2.7/logging/handlers.py", line 117, in __init__ BaseRotatingHandler.__init__(self, filename, mode, encoding, delay) File "/usr/lib/python2.7/logging/handlers.py", line 64, in __init__ logging.FileHandler.__init__(self, filename, mode, encoding, delay) File "/usr/lib/python2.7/logging/__init__.py", line 905, in __init__ StreamHandler.__init__(self, self._open()) File "/usr/lib/python2.7/logging/__init__.py", line 935, in _open stream = open(self.baseFilename, self.mode) IOError: [Errno 13] Permission denied: '/var/log/letsencrypt/letsencrypt.log' $ if the letsencrypt binary is only meant to be run as superuser, please move it from /usr/bin/ to /usr/sbin/ and/or add additional checks whether the user has the required privileges and provide them with a meaningful error message. otoh, i guess that some functionality of letsencrypt does not require root priviliges at all, at least it should not require such privilges (e.g. i don't see why `letsencrypt plugins` must be run as root). *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** -- System Information: Debian Release: stretch/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=de_AT.utf8, LC_CTYPE=de_AT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages letsencrypt depends on: ii dialog 1.2-20150920-1 ii python-letsencrypt 0.1.1-3 pn python:any letsencrypt recommends no packages. Versions of packages letsencrypt suggests: pn python-letsencrypt-apache ii python-letsencrypt-doc 0.1.1-3 -- no debconf information ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel