Messages

1

18.1 Legacy Series / Re: Let's Encrypt wildcard acme.sh 2.7.8

« on: April 06, 2018, 07:38:56 am »

I'm aware of the requirements, but that isn't the issue. The issue so far as I can tell appears to be the registration request on the V2 servers from the GUI. I can't get the GUI to give me a more indepth log file for Let's Encrypt / ACME, so I'm unclear how to proceed troubleshooting this.

As can be seen:

Code: [Select]

[Thu Apr 5 22:28:34 MST 2018] Please check log file for more details: /var/log/acme.sh.log
[Thu Apr 5 22:28:34 MST 2018] _on_issue_err
[Thu Apr 5 22:28:34 MST 2018] Register account Error: {"type":"urn:ietf:params:acme:error:malformed","detail":"Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"","status": 415}
[Thu Apr 5 22:28:34 MST 2018] code='415'
[Thu Apr 5 22:28:34 MST 2018] _ret='0'
[Thu Apr 5 22:28:33 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Apr 5 22:28:33 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Apr 5 22:28:33 MST 2018] POST
[Thu Apr 5 22:28:33 MST 2018] _ret='0'
[Thu Apr 5 22:28:33 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Apr 5 22:28:33 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Apr 5 22:28:33 MST 2018] HEAD
[Thu Apr 5 22:28:33 MST 2018] payload='{"contact": ["mailto: redacted@email"], "termsOfServiceAgreed": true}'
[Thu Apr 5 22:28:33 MST 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Apr 5 22:28:33 MST 2018] Registering account
[Thu Apr 5 22:28:32 MST 2018] RSA key
[Thu Apr 5 22:28:32 MST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 5 22:28:32 MST 2018] Using config home:/var/etc/acme-client/home
[Thu Apr 5 22:28:32 MST 2018] config file is empty, can not read CA_KEY_HASH
[Thu Apr 5 22:28:32 MST 2018] _currentRoot='dns_cf'
[Thu Apr 5 22:28:32 MST 2018] Check for domain='*.redacted.domain'
[Thu Apr 5 22:28:32 MST 2018] _currentRoot='dns_cf'
[Thu Apr 5 22:28:32 MST 2018] Check for domain='redacted.domain'
[Thu Apr 5 22:28:32 MST 2018] Le_LocalAddress
[Thu Apr 5 22:28:32 MST 2018] _on_before_issue
[Thu Apr 5 22:28:31 MST 2018] ACME_VERSION='2'
[Thu Apr 5 22:28:31 MST 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Apr 5 22:28:31 MST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Apr 5 22:28:31 MST 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Apr 5 22:28:31 MST 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Apr 5 22:28:31 MST 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Apr 5 22:28:31 MST 2018] ACME_NEW_AUTHZ
[Thu Apr 5 22:28:31 MST 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu Apr 5 22:28:31 MST 2018] ret='0'
[Thu Apr 5 22:28:30 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Apr 5 22:28:30 MST 2018] timeout=
[Thu Apr 5 22:28:30 MST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 5 22:28:30 MST 2018] GET
[Thu Apr 5 22:28:30 MST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 5 22:28:30 MST 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 5 22:28:30 MST 2018] DOMAIN_PATH='/var/etc/acme-client/home/redacted.domain'
[Thu Apr 5 22:22:36 MST 2018] Cert for *.redacted.domain /var/etc/acme-client/home/*.redacted.domain/*.redacted.domain.cer is not found, skip.
[Thu Apr 5 22:22:36 MST 2018] DOMAIN_PATH='/var/etc/acme-client/home/*.redacted.domain'
[Thu Apr 5 00:00:05 MST 2018] Please check log file for more details: /var/log/acme.sh.log
[Thu Apr 5 00:00:05 MST 2018] _on_issue_err

The log file is showing the issue at the registering account step on the V2 server. Personal details redacted to protect the guilty.

I also seem to have some sort of PHP crash issue that may or may not be related to the ACME script that I submitted via the crash reporter.

2

18.1 Legacy Series / Re: Let's Encrypt wildcard acme.sh 2.7.8

« on: March 30, 2018, 04:42:22 am »

Well I'm not. Broken for me on 18.1.5 and 1.13, errors out for 415.

Code: [Select]

[Thu Mar 29 19:25:56 MST 2018] Please check log file for more details: /var/log/acme.sh.log
[Thu Mar 29 19:25:56 MST 2018] _on_issue_err
[Thu Mar 29 19:25:56 MST 2018] Register account Error: {"type":"urn:ietf:params:acme:error:malformed","detail":"Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"","status": 415}
[Thu Mar 29 19:25:56 MST 2018] code='415'
[Thu Mar 29 19:25:56 MST 2018] _ret='0'
[Thu Mar 29 19:25:55 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Mar 29 19:25:55 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Mar 29 19:25:55 MST 2018] POST
[Thu Mar 29 19:25:55 MST 2018] _ret='0'
[Thu Mar 29 19:25:55 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Mar 29 19:25:55 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'

Only happens when attempting to register the wildcard. The certificate for the OPNSense webapp was done using just the subdomain and works fine.

Code: [Select]

[Thu Feb 1 17:50:24 MST 2018] Installing full chain to:/var/etc/acme-client/certs/5a73b3f4bea6a8.46110666/fullchain.pem
[Thu Feb 1 17:50:24 MST 2018] Installing key to:/var/etc/acme-client/keys/5a73b3f4bea6a8.46110666/private.key
[Thu Feb 1 17:50:24 MST 2018] Installing CA to:/var/etc/acme-client/certs/5a73b3f4bea6a8.46110666/chain.pem
[Thu Feb 1 17:50:24 MST 2018] Installing cert to:/var/etc/acme-client/certs/5a73b3f4bea6a8.46110666/cert.pem
[Thu Feb 1 17:50:24 MST 2018] _on_issue_success

It is at least contacting the v2 endpoint for the wildcard so that's good. But something isn't right still.