OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of armouredking »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - armouredking

Pages: [1]
1
18.1 Legacy Series / Re: Let's Encrypt wildcard acme.sh 2.7.8
« on: April 06, 2018, 07:38:56 am »
I'm aware of the requirements, but that isn't the issue. The issue so far as I can tell appears to be the registration request on the V2 servers from the GUI. I can't get the GUI to give me a more indepth log file for Let's Encrypt / ACME, so I'm unclear how to proceed troubleshooting this.

As can be seen:

Code: [Select]
[Thu Apr 5 22:28:34 MST 2018] Please check log file for more details: /var/log/acme.sh.log
[Thu Apr 5 22:28:34 MST 2018] _on_issue_err
[Thu Apr 5 22:28:34 MST 2018] Register account Error: {"type":"urn:ietf:params:acme:error:malformed","detail":"Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"","status": 415}
[Thu Apr 5 22:28:34 MST 2018] code='415'
[Thu Apr 5 22:28:34 MST 2018] _ret='0'
[Thu Apr 5 22:28:33 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Apr 5 22:28:33 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Apr 5 22:28:33 MST 2018] POST
[Thu Apr 5 22:28:33 MST 2018] _ret='0'
[Thu Apr 5 22:28:33 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Apr 5 22:28:33 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Apr 5 22:28:33 MST 2018] HEAD
[Thu Apr 5 22:28:33 MST 2018] payload='{"contact": ["mailto: redacted@email"], "termsOfServiceAgreed": true}'
[Thu Apr 5 22:28:33 MST 2018] url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Apr 5 22:28:33 MST 2018] Registering account
[Thu Apr 5 22:28:32 MST 2018] RSA key
[Thu Apr 5 22:28:32 MST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 5 22:28:32 MST 2018] Using config home:/var/etc/acme-client/home
[Thu Apr 5 22:28:32 MST 2018] config file is empty, can not read CA_KEY_HASH
[Thu Apr 5 22:28:32 MST 2018] _currentRoot='dns_cf'
[Thu Apr 5 22:28:32 MST 2018] Check for domain='*.redacted.domain'
[Thu Apr 5 22:28:32 MST 2018] _currentRoot='dns_cf'
[Thu Apr 5 22:28:32 MST 2018] Check for domain='redacted.domain'
[Thu Apr 5 22:28:32 MST 2018] Le_LocalAddress
[Thu Apr 5 22:28:32 MST 2018] _on_before_issue
[Thu Apr 5 22:28:31 MST 2018] ACME_VERSION='2'
[Thu Apr 5 22:28:31 MST 2018] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Thu Apr 5 22:28:31 MST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Apr 5 22:28:31 MST 2018] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Thu Apr 5 22:28:31 MST 2018] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Apr 5 22:28:31 MST 2018] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Thu Apr 5 22:28:31 MST 2018] ACME_NEW_AUTHZ
[Thu Apr 5 22:28:31 MST 2018] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Thu Apr 5 22:28:31 MST 2018] ret='0'
[Thu Apr 5 22:28:30 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Apr 5 22:28:30 MST 2018] timeout=
[Thu Apr 5 22:28:30 MST 2018] url='https://acme-v02.api.letsencrypt.org/directory'
[Thu Apr 5 22:28:30 MST 2018] GET
[Thu Apr 5 22:28:30 MST 2018] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 5 22:28:30 MST 2018] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 5 22:28:30 MST 2018] DOMAIN_PATH='/var/etc/acme-client/home/redacted.domain'
[Thu Apr 5 22:22:36 MST 2018] Cert for *.redacted.domain /var/etc/acme-client/home/*.redacted.domain/*.redacted.domain.cer is not found, skip.
[Thu Apr 5 22:22:36 MST 2018] DOMAIN_PATH='/var/etc/acme-client/home/*.redacted.domain'
[Thu Apr 5 00:00:05 MST 2018] Please check log file for more details: /var/log/acme.sh.log
[Thu Apr 5 00:00:05 MST 2018] _on_issue_err

The log file is showing the issue at the registering account step on the V2 server. Personal details redacted to protect the guilty.

I also seem to have some sort of PHP crash issue that may or may not be related to the ACME script that I submitted via the crash reporter.

2
18.1 Legacy Series / Re: Let's Encrypt wildcard acme.sh 2.7.8
« on: March 30, 2018, 04:42:22 am »
Well I'm not. Broken for me on 18.1.5 and 1.13, errors out for 415.

Code: [Select]
[Thu Mar 29 19:25:56 MST 2018] Please check log file for more details: /var/log/acme.sh.log
[Thu Mar 29 19:25:56 MST 2018] _on_issue_err
[Thu Mar 29 19:25:56 MST 2018] Register account Error: {"type":"urn:ietf:params:acme:error:malformed","detail":"Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"","status": 415}
[Thu Mar 29 19:25:56 MST 2018] code='415'
[Thu Mar 29 19:25:56 MST 2018] _ret='0'
[Thu Mar 29 19:25:55 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Mar 29 19:25:55 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Thu Mar 29 19:25:55 MST 2018] POST
[Thu Mar 29 19:25:55 MST 2018] _ret='0'
[Thu Mar 29 19:25:55 MST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header '
[Thu Mar 29 19:25:55 MST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'

Only happens when attempting to register the wildcard. The certificate for the OPNSense webapp was done using just the subdomain and works fine.

Code: [Select]
[Thu Feb 1 17:50:24 MST 2018] Installing full chain to:/var/etc/acme-client/certs/5a73b3f4bea6a8.46110666/fullchain.pem
[Thu Feb 1 17:50:24 MST 2018] Installing key to:/var/etc/acme-client/keys/5a73b3f4bea6a8.46110666/private.key
[Thu Feb 1 17:50:24 MST 2018] Installing CA to:/var/etc/acme-client/certs/5a73b3f4bea6a8.46110666/chain.pem
[Thu Feb 1 17:50:24 MST 2018] Installing cert to:/var/etc/acme-client/certs/5a73b3f4bea6a8.46110666/cert.pem
[Thu Feb 1 17:50:24 MST 2018] _on_issue_success

It is at least contacting the v2 endpoint for the wildcard so that's good. But something isn't right still.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2