exit_hook not called if invalid_challenge hook has been called before #402

New Issue

Closed

opened 2025-12-29 01:24:27 +01:00 by adam · 0 comments

adam commented 2025-12-29 01:24:27 +01:00

Owner

Copy Link

Originally created by @j-ed on GitHub (Jan 31, 2019).

Used version: 0.6.2 snapshot 2019-01-24

I'm currently using the startup_hook and exit_hook to start and stop the alpn responder. This works fine as long as e.g. the invalid_challenge hook is called. If this happens the exit_hook is not called anymore and therefore the responder process isn't stopped.

Based on the hook description This hook is called at the end of the cron command and can be used to do some final (cleanup or other) tasks. it would expect that it is called at the end of the script, independently from any other hook.

...
 + Generating ALPN certificate and key for xyz-domain...
 + 2 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for xyz-domain authorization...
-> Executing hook script 'invalid_challenge' ...
 + Cleaning challenge tokens...
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "tls-alpn-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge",
    "status": 403
  },
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/5tqXJp-JJV3uLUOuzYwNJ2WULUkr445566/233653317",
  "token": "-UNY2ol99KT4LCq72LmeewwGG23defytSPxWRrzLMqA",
  "validationRecord": [
    {
      "hostname": "xyz-domain",
      "port": "443",
      "addressesResolved": [
        "11.22.33.44"
      ],
      "addressUsed": "11.22.33.44"
    }
  ]
})

Originally created by @j-ed on GitHub (Jan 31, 2019). Used version: 0.6.2 snapshot 2019-01-24 I'm currently using the **startup_hook** and **exit_hook** to start and stop the alpn responder. This works fine as long as e.g. the **invalid_challenge** hook is called. If this happens the **exit_hook** is not called anymore and therefore the responder process isn't stopped. Based on the hook description `This hook is called at the end of the cron command and can be used to do some final (cleanup or other) tasks.` it would expect that it is called at the end of the script, independently from any other hook. ``` ... + Generating ALPN certificate and key for xyz-domain... + 2 pending challenge(s) + Deploying challenge tokens... + Responding to challenge for xyz-domain authorization... -> Executing hook script 'invalid_challenge' ... + Cleaning challenge tokens... + Challenge validation has failed :( ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "tls-alpn-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge", "status": 403 }, "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/5tqXJp-JJV3uLUOuzYwNJ2WULUkr445566/233653317", "token": "-UNY2ol99KT4LCq72LmeewwGG23defytSPxWRrzLMqA", "validationRecord": [ { "hostname": "xyz-domain", "port": "443", "addressesResolved": [ "11.22.33.44" ], "addressUsed": "11.22.33.44" } ] }) ```

adam closed this issue 2025-12-29 01:24:27 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

sudo-env

testing

rfc8738

jsonsh

v0.7.2

v0.7.1

v0.7.0

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.1

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels

Complicated

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

suggestions wanted

testing

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#402