Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Issues getting cert with acme
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issues getting cert with acme (Read 3116 times)
nikkon
Full Member
Posts: 124
Karma: 3
Issues getting cert with acme
«
on:
June 16, 2018, 06:28:17 pm »
Hi all,
I'm trying to get a new cert for web-https and i'm pretty sure i miss somethig. if you guys see what i miss please let me know.
acme log looks like this:
root@OptimusPrime:~ # tail -f /var/log/acme.sh.log
[Sat Jun 16 19:22:52 EEST 2018] _ret='0'
[Sat Jun 16 19:22:52 EEST 2018] code='400'
[Sat Jun 16 19:22:52 EEST 2018] The new-authz request is ok.
[Sat Jun 16 19:22:52 EEST 2018] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: DNS name does not have enough labels","status": 400}
[Sat Jun 16 19:22:52 EEST 2018] pid
[Sat Jun 16 19:22:52 EEST 2018] No need to restore nginx, skip.
[Sat Jun 16 19:22:52 EEST 2018] _clearupdns
[Sat Jun 16 19:22:52 EEST 2018] skip dns.
[Sat Jun 16 19:22:52 EEST 2018] _on_issue_err
[Sat Jun 16 19:22:52 EEST 2018] Please check log file for more details: /var/log/acme.sh.log
[Sat Jun 16 19:27:05 EEST 2018] ACME_DIRECTORY='
https://acme-v01.api.letsencrypt.org/directory
'
[Sat Jun 16 19:27:05 EEST 2018] DOMAIN_PATH='/var/etc/acme-client/home/FirewallCertACME_ecc'
[Sat Jun 16 19:27:05 EEST 2018] Using ACME_DIRECTORY:
https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:05 EEST 2018] _init api for server:
https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:05 EEST 2018] GET
[Sat Jun 16 19:27:05 EEST 2018] url='
https://acme-v01.api.letsencrypt.org/directory
'
[Sat Jun 16 19:27:05 EEST 2018] timeout=
[Sat Jun 16 19:27:05 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:06 EEST 2018] ret='0'
[Sat Jun 16 19:27:06 EEST 2018] ACME_KEY_CHANGE='
https://acme-v01.api.letsencrypt.org/acme/key-change
'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_AUTHZ='
https://acme-v01.api.letsencrypt.org/acme/new-authz
'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_ORDER='
https://acme-v01.api.letsencrypt.org/acme/new-cert
'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_ACCOUNT='
https://acme-v01.api.letsencrypt.org/acme/new-reg
'
[Sat Jun 16 19:27:06 EEST 2018] ACME_REVOKE_CERT='
https://acme-v01.api.letsencrypt.org/acme/revoke-cert
'
[Sat Jun 16 19:27:06 EEST 2018] ACME_AGREEMENT='
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
'
[Sat Jun 16 19:27:06 EEST 2018] ACME_NEW_NONCE
[Sat Jun 16 19:27:06 EEST 2018] ACME_VERSION
[Sat Jun 16 19:27:06 EEST 2018] Le_NextRenewTime
[Sat Jun 16 19:27:06 EEST 2018] _on_before_issue
[Sat Jun 16 19:27:06 EEST 2018] _chk_main_domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _chk_alt_domains='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Le_LocalAddress
[Sat Jun 16 19:27:06 EEST 2018] d='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] Check for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] d='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Check for domain='nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] d
[Sat Jun 16 19:27:06 EEST 2018] _saved_account_key_hash is not changed, skip register account.
[Sat Jun 16 19:27:06 EEST 2018] Read key length:ec-256
[Sat Jun 16 19:27:06 EEST 2018] _createcsr
[Sat Jun 16 19:27:06 EEST 2018] Multi domain='DNS:FirewallCertACME,DNS:nikkon.go.ro'
[Sat Jun 16 19:27:06 EEST 2018] Getting domain auth token for each domain
[Sat Jun 16 19:27:06 EEST 2018] d='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] Getting webroot for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _w='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] _currentRoot='/var/etc/acme-client/challenges'
[Sat Jun 16 19:27:06 EEST 2018] Getting new-authz for domain='FirewallCertACME'
[Sat Jun 16 19:27:06 EEST 2018] _init api for server:
https://acme-v01.api.letsencrypt.org/directory
[Sat Jun 16 19:27:06 EEST 2018] Try new-authz for the 0 time.
[Sat Jun 16 19:27:06 EEST 2018] url='
https://acme-v01.api.letsencrypt.org/acme/new-authz
'
[Sat Jun 16 19:27:06 EEST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "FirewallCertACME"}}'
[Sat Jun 16 19:27:06 EEST 2018] RSA key
[Sat Jun 16 19:27:08 EEST 2018] GET
[Sat Jun 16 19:27:08 EEST 2018] url='
https://acme-v01.api.letsencrypt.org/directory
'
[Sat Jun 16 19:27:08 EEST 2018] timeout=
[Sat Jun 16 19:27:08 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:08 EEST 2018] ret='0'
[Sat Jun 16 19:27:08 EEST 2018] POST
[Sat Jun 16 19:27:08 EEST 2018] _post_url='
https://acme-v01.api.letsencrypt.org/acme/new-authz
'
[Sat Jun 16 19:27:08 EEST 2018] _CURL='curl -L --silent --dump-header /var/etc/acme-client/home/http.header -g '
[Sat Jun 16 19:27:10 EEST 2018] _ret='0'
[Sat Jun 16 19:27:10 EEST 2018] code='400'
[Sat Jun 16 19:27:10 EEST 2018] The new-authz request is ok.
[Sat Jun 16 19:27:10 EEST 2018] new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: DNS name does not have enough labels","status": 400}
[Sat Jun 16 19:27:10 EEST 2018] pid
[Sat Jun 16 19:27:10 EEST 2018] No need to restore nginx, skip.
[Sat Jun 16 19:27:10 EEST 2018] _clearupdns
[Sat Jun 16 19:27:10 EEST 2018] skip dns.
[Sat Jun 16 19:27:10 EEST 2018] _on_issue_err
[Sat Jun 16 19:27:10 EEST 2018] Please check log file for more details: /var/log/acme.sh.log
Thanks in advance
«
Last Edit: June 16, 2018, 08:51:32 pm by nikkon
»
Logged
DEC750 Deciso
DonSYS
Newbie
Posts: 11
Karma: 0
Re: Issues getting cert with acme
«
Reply #1 on:
June 23, 2018, 02:01:47 am »
Hi nikkon,
The error "Error creating new authz :: DNS name does not have enough labels", is mostly indicating an invalid domain name, are you sure your domain name is correct and registered to you?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Issues getting cert with acme