starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

What am I doing wrong here? #252

New Issue
Closed
opened 2025-12-29 01:20:19 +01:00 by adam · 5 comments
adam commented 2025-12-29 01:20:19 +01:00
Owner
Copy Link

Originally created by @TyrfingMjolnir on GitHub (Sep 12, 2017).

What am I doing wrong here?

$ ./dehydrated -c
# INFO: Using main config file /usr/local/etc/dehydrated/config
Processing domain.tld with alternative names: www.domain.tld
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for domain.tld...
 + Requesting challenge for www.domain.tld...
 + Responding to challenge for domain.tld...
 + Responding to challenge for www.domain.tld...
 + Challenge is valid!
 + Requesting certificate...
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-cert (Status 403)

Details:
{
  "type": "urn:acme:error:unauthorized",
  "detail": "Error creating new cert :: authorizations for these names not found or expired: domain.tld",
  "status": 403
}

$ cat /usr/local/etc/dehydrated/domains.txt
domain.tld www.domain.tld
Originally created by @TyrfingMjolnir on GitHub (Sep 12, 2017). What am I doing wrong here? ``` $ ./dehydrated -c # INFO: Using main config file /usr/local/etc/dehydrated/config Processing domain.tld with alternative names: www.domain.tld + Signing domains... + Generating private key... + Generating signing request... + Requesting challenge for domain.tld... + Requesting challenge for www.domain.tld... + Responding to challenge for domain.tld... + Responding to challenge for www.domain.tld... + Challenge is valid! + Requesting certificate... + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-cert (Status 403) Details: { "type": "urn:acme:error:unauthorized", "detail": "Error creating new cert :: authorizations for these names not found or expired: domain.tld", "status": 403 } ``` ``` $ cat /usr/local/etc/dehydrated/domains.txt domain.tld www.domain.tld ```
adam closed this issue 2025-12-29 01:20:20 +01:00
adam commented 2025-12-29 01:20:21 +01:00
Author
Owner
Copy Link

@txr13 commented on GitHub (Sep 13, 2017):

To my eye, that looks like the challenge for domain.tld wasn't validated...

Can you please post the results of dehydrated --version for us?

@txr13 commented on GitHub (Sep 13, 2017): To my eye, that looks like the challenge for domain.tld wasn't validated... Can you please post the results of `dehydrated --version` for us?
adam commented 2025-12-29 01:20:22 +01:00
Author
Owner
Copy Link

@txr13 commented on GitHub (Sep 13, 2017):

@lukas2511 Looking through the code, I think we may have a bug?

In lines 606-610, we loop while reqstatus is still pending. In lines 621-625, we check if reqstatus is valid, and if not, we call the hook script... but we don't error out otherwise. Which means we move to validating the next SAN in the list.

Once we're done with all the challenges, we move on. In line 635, we check again that reqstatus is valid, but that's really only checking whether the last SAN validation succeeded.

@txr13 commented on GitHub (Sep 13, 2017): @lukas2511 Looking through the code, I think we may have a bug? In lines 606-610, we loop while `reqstatus` is still pending. In lines 621-625, we check if `reqstatus` is valid, and if not, we call the hook script... but we don't error out otherwise. Which means we move to validating the next SAN in the list. Once we're done with all the challenges, we move on. In line 635, we check again that `reqstatus` is valid, but that's really only checking whether the _last_ SAN validation succeeded.
adam commented 2025-12-29 01:20:22 +01:00
Author
Owner
Copy Link

@TyrfingMjolnir commented on GitHub (Sep 18, 2017):

When I do ls in a different terminal on the folder

ls -lAh /var/www/dehydrated/

I can see 1 file named some random garble, it's gone when the script exits.

# ./dehydrated --version
# INFO: Using main config file /usr/local/etc/dehydrated/config
Dehydrated by Lukas Schauer
https://dehydrated.de

Dehydrated version: 0.4.0
GIT-Revision: 0be0ab083f290afbc757b8388a80df458ddfd33c

cat: /etc/issue: No such file or directory
OS:
Used software:
 bash: 4.3.30(1)-release
 sed: sed (GNU sed) 4.4
 curl: curl 7.53.1
 awk: GNU Awk 4.1.4, API: 1.1 (GNU MPFR 3.1.5, GNU MP 6.1.2)
 grep: grep (GNU grep) 2.27
 mktemp: mktemp (GNU coreutils) 8.26
 diff: diff (GNU diffutils) 3.5
 openssl: OpenSSL 1.0.2k  26 Jan 2017

# uname -a
SunOS reverseproxy01 5.11 joyent_20170913T233706Z i86pc i386 i86pc Solaris

Here is the output from running dehydrate -c one more time.
( personal data neutralized below )

# ./dehydrated -c
# INFO: Using main config file /usr/local/etc/dehydrated/config
Processing domain.tld with alternative names: www.domain.tld
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for domain.tld...
 + Requesting challenge for www.domain.tld...
 + Already validated!
 + Responding to challenge for domain.tld...
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:acme:error:unauthorized",
    "detail": "Invalid response from http://domain.tld/.well-known/acme-challenge/JVXky9YFreXlBSRIMZRK3knkHLs3coK9r4zD5Onu4rM: \"\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody bgcolor=\"white\"\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003e\"",
    "status": 403
  },
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/tsFULjBElO_9dyVbLCWStHs9h_CFHK2mlCFgxvZ8bzQ/2011397287",
  "token": "JVXky9YFreXlBSRIMZRK3knkHLs3coK9r4zE5Onu4rM",
  "keyAuthorization": "JVXky9YFreXlBSRIMZRK3knkHLs3coK9r4zE5Onu4rM.KoEhCgFo0NqUJc0VuFA2Ruv6ROP37lOFGWIOg9-Qn4w",
  "validationRecord": [
    {
      "url": "http://domain.tld/.well-known/acme-challenge/JVXky9YFreXlBSRIMZRK3knkHLs3coK9r4zD5Onu4rM",
      "hostname": "domain.tld",
      "port": "80",
      "addressesResolved": [
        "123.45.67.89"
      ],
      "addressUsed": "123.45.67.89",
      "addressesTried": []
    }
  ]
})
@TyrfingMjolnir commented on GitHub (Sep 18, 2017): When I do ls in a different terminal on the folder ``` ls -lAh /var/www/dehydrated/ ``` I can see 1 file named some random garble, it's gone when the script exits. ``` # ./dehydrated --version # INFO: Using main config file /usr/local/etc/dehydrated/config Dehydrated by Lukas Schauer https://dehydrated.de Dehydrated version: 0.4.0 GIT-Revision: 0be0ab083f290afbc757b8388a80df458ddfd33c cat: /etc/issue: No such file or directory OS: Used software: bash: 4.3.30(1)-release sed: sed (GNU sed) 4.4 curl: curl 7.53.1 awk: GNU Awk 4.1.4, API: 1.1 (GNU MPFR 3.1.5, GNU MP 6.1.2) grep: grep (GNU grep) 2.27 mktemp: mktemp (GNU coreutils) 8.26 diff: diff (GNU diffutils) 3.5 openssl: OpenSSL 1.0.2k 26 Jan 2017 ``` ``` # uname -a SunOS reverseproxy01 5.11 joyent_20170913T233706Z i86pc i386 i86pc Solaris ``` Here is the output from running dehydrate -c one more time. ( personal data neutralized below ) ``` # ./dehydrated -c # INFO: Using main config file /usr/local/etc/dehydrated/config Processing domain.tld with alternative names: www.domain.tld + Signing domains... + Generating private key... + Generating signing request... + Requesting challenge for domain.tld... + Requesting challenge for www.domain.tld... + Already validated! + Responding to challenge for domain.tld... ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid response from http://domain.tld/.well-known/acme-challenge/JVXky9YFreXlBSRIMZRK3knkHLs3coK9r4zD5Onu4rM: \"\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody bgcolor=\"white\"\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003e\"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/tsFULjBElO_9dyVbLCWStHs9h_CFHK2mlCFgxvZ8bzQ/2011397287", "token": "JVXky9YFreXlBSRIMZRK3knkHLs3coK9r4zE5Onu4rM", "keyAuthorization": "JVXky9YFreXlBSRIMZRK3knkHLs3coK9r4zE5Onu4rM.KoEhCgFo0NqUJc0VuFA2Ruv6ROP37lOFGWIOg9-Qn4w", "validationRecord": [ { "url": "http://domain.tld/.well-known/acme-challenge/JVXky9YFreXlBSRIMZRK3knkHLs3coK9r4zD5Onu4rM", "hostname": "domain.tld", "port": "80", "addressesResolved": [ "123.45.67.89" ], "addressUsed": "123.45.67.89", "addressesTried": [] } ] }) ```
adam commented 2025-12-29 01:20:22 +01:00
Author
Owner
Copy Link

@TyrfingMjolnir commented on GitHub (Sep 18, 2017):

What I did wrong was to assign the location ".well-known/acme-challenge" to www.domain.tld opposed domain.tld.

@TyrfingMjolnir commented on GitHub (Sep 18, 2017): What I did wrong was to assign the location ".well-known/acme-challenge" to www.domain.tld opposed domain.tld.
adam commented 2025-12-29 01:20:22 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Sep 20, 2017):

@txr13 mh, you are right, that is a bug and i was able to reproduce it easily. i think a simple break should fix that, see f838d93 for my fix.
it would also be possible to move the cleanup routine up, in that case it may even be simplified since it wouldn't need the loop over the invalid challenge files but only delete the current one, but maybe i'm forgetting something...

@lukas2511 commented on GitHub (Sep 20, 2017): @txr13 mh, you are right, that is a bug and i was able to reproduce it easily. i think a simple break should fix that, see f838d93 for my fix. it would also be possible to move the cleanup routine up, in that case it may even be simplified since it wouldn't need the loop over the invalid challenge files but only delete the current one, but maybe i'm forgetting something...
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#252
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?