OPNsense Forum

English Forums => General Discussion => Topic started by: nikkon on June 16, 2018, 06:28:17 pm

Title: Issues getting cert with acme
Post by: nikkon on June 16, 2018, 06:28:17 pm

Hi all,

I'm trying to get a new cert for web-https and i'm pretty sure i miss somethig. if you guys see what i miss please let me know.
acme log looks like this:

root@OptimusPrime:~ # tail -f /var/log/acme.sh.log
[Sat Jun 16 19:22:52 EEST 2018] _ret='0'
[Sat Jun 16 19:22:52 EEST 2018] code='400'
[Sat Jun 16 19:22:52 EEST 2018] The new-authz request is ok.
[Sat Jun 16 19:22:52 EEST 2018] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: DNS name does not have enough labels","status": 400}
[Sat Jun 16 19:22:52 EEST 2018] pid
[Sat Jun 16 19:22:52 EEST 2018] No need to restore nginx, skip.
[Sat Jun 16 19:22:52 EEST 2018] _clearupdns
[Sat Jun 16 19:22:52 EEST 2018] skip dns.
[Sat Jun 16 19:22:52 EEST 2018] _on_issue_err
[Sat Jun 16 19:22:52 EEST 2018] Please check log file for more details: /var/log/acme.sh.log
[Sat Jun 16 19:27:05 EEST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:05 EEST 2018] DOMAIN_PATH='/var/etc/acme-client/home/FirewallCertACME_ecc'
[Sat Jun 16 19:27:05 EEST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:05 EEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:05 EEST 2018] GET
[Sat Jun 16 19:27:05 EEST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:05 EEST 2018] timeout=
[Sat Jun 16 19:27:05 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Jun 16 19:27:06 EEST 2018] ret='0'
[Sat Jun 16 19:27:06 EEST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Sat Jun 16 19:27:06 EEST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Sat Jun 16 19:27:06 EEST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_NONCE
[Sat Jun 16 19:27:06 EEST 2018] ACME_VERSION
[Sat Jun 16 19:27:06 EEST 2018] Le_NextRenewTime
[Sat Jun 16 19:27:06 EEST 2018] _on_before_issue
[Sat Jun 16 19:27:06 EEST 2018] _chk_main_domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _chk_alt_domains='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Le_LocalAddress
[Sat Jun 16 19:27:06 EEST 2018] d='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] Check for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] d='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Check for domain='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] d
[Sat Jun 16 19:27:06 EEST 2018] _saved_account_key_hash is not changed, skip register account.
[Sat Jun 16 19:27:06 EEST 2018] Read key length:ec-256
[Sat Jun 16 19:27:06 EEST 2018] _createcsr
[Sat Jun 16 19:27:06 EEST 2018] Multi domain='DNS:FirewallCertACME,DNS:nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Getting domain auth token for each domain
[Sat Jun 16 19:27:06 EEST 2018] d='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] Getting webroot for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _w='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] Getting new-authz for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:06 EEST 2018] Try new-authz for the 0 time.
[Sat Jun 16 19:27:06 EEST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:06 EEST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "FirewallCertACME"}}'
[Sat Jun 16 19:27:06 EEST 2018] RSA key
[Sat Jun 16 19:27:08 EEST 2018] GET
[Sat Jun 16 19:27:08 EEST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Sat Jun 16 19:27:08 EEST 2018] timeout=
[Sat Jun 16 19:27:08 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Jun 16 19:27:08 EEST 2018] ret='0'
[Sat Jun 16 19:27:08 EEST 2018] POST
[Sat Jun 16 19:27:08 EEST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Sat Jun 16 19:27:08 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header  -g '
[Sat Jun 16 19:27:10 EEST 2018] _ret='0'
[Sat Jun 16 19:27:10 EEST 2018] code='400'
[Sat Jun 16 19:27:10 EEST 2018] The new-authz request is ok.
[Sat Jun 16 19:27:10 EEST 2018] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: DNS name does not have enough labels","status": 400}
[Sat Jun 16 19:27:10 EEST 2018] pid
[Sat Jun 16 19:27:10 EEST 2018] No need to restore nginx, skip.
[Sat Jun 16 19:27:10 EEST 2018] _clearupdns
[Sat Jun 16 19:27:10 EEST 2018] skip dns.
[Sat Jun 16 19:27:10 EEST 2018] _on_issue_err
[Sat Jun 16 19:27:10 EEST 2018] Please check log file for more details: /var/log/acme.sh.log


Thanks in advance

Title: Re: Issues getting cert with acme
Post by: DonSYS on June 23, 2018, 02:01:47 am

Hi nikkon,

The error "Error creating new authz :: DNS name does not have enough labels", is mostly indicating an invalid domain name, are you sure your domain name is correct and registered to you?