starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Dehydrated does not work with step-ca and http-01 challenge #474

New Issue
Closed
opened 2025-12-29 01:25:53 +01:00 by adam · 3 comments
adam commented 2025-12-29 01:25:53 +01:00
Owner
Copy Link

Originally created by @sebageek on GitHub (Apr 18, 2020).

I cannot obtain certificates with dehydrated from current master, as it seems to fail to communicate to the CA that it is interested in a http-01 challenge. I'm testing with dehydrated from dbb0ef1 and step-ca CA/0.14.3-rc.2.32bitbadger2. Originally I tried v0.6.5, which resulted in the same result as #689.

In my tests dehydrated gets a challenge that is placed in the acme-challenges/ directory, but the CA never asks my webserver for it. The error message from the CA suggests that it is only trying to do dns-01 validation, not http-01 validation.

Dehydrated config:

CONFIG_D=/etc/dehydrated/conf.d
BASEDIR=/home/seba/projects/src/boulder/dehydrated
WELLKNOWN="${BASEDIR}/acme-challenges"
DOMAINS_TXT="${BASEDIR}/domains.txt"
CA="https://10.100.1.8:9443/acme/acme/directory"
CURL_OPTS=-k
CHALLENGETYPE=http-01

Dehydrated output:

$ ./dehydrated --config config -c --domain foo.dn --challenge http-01
# INFO: Using main config file config
 + Creating chain cache directory /home/seba/projects/src/boulder/dehydrated/chains
Processing foo.dn
 + Creating new directory /home/seba/projects/src/boulder/dehydrated/certs/foo.dn ...
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for foo.dn
 + 1 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for foo.dn authorization...
 --- result: {"type":"dns-01","status":"pending","token":"PRVs6pkjYD9YX5WECCn3JGBjEWujBBQO","url":"https://10.100.1.8:9443/acme/acme/challenge/oajFLdNsAm3ZTdWaqQAozD9m4FaZnsVG","error":{"type":"urn:ietf:params:acme:error:dns","detail":"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host"}}
 --- result: {"type":"dns-01","status":"pending","token":"PRVs6pkjYD9YX5WECCn3JGBjEWujBBQO","url":"https://10.100.1.8:9443/acme/acme/challenge/oajFLdNsAm3ZTdWaqQAozD9m4FaZnsVG","error":{"type":"urn:ietf:params:acme:error:dns","detail":"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host"}}
 --- result: {"type":"dns-01","status":"pending","token":"PRVs6pkjYD9YX5WECCn3JGBjEWujBBQO","url":"https://10.100.1.8:9443/acme/acme/challenge/oajFLdNsAm3ZTdWaqQAozD9m4FaZnsVG","error":{"type":"urn:ietf:params:acme:error:dns","detail":"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host"}}
 --- result: {"type":"dns-01","status":"pending","token":"PRVs6pkjYD9YX5WECCn3JGBjEWujBBQO","url":"https://10.100.1.8:9443/acme/acme/challenge/oajFLdNsAm3ZTdWaqQAozD9m4FaZnsVG","error":{"type":"urn:ietf:params:acme:error:dns","detail":"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host"}}
^C

I added a echo " --- result: $result" in line 824 for getting the CAs error message.

For reference, this is the ca log for an issue attempt:

INFO[0042]                                               duration=239.573003ms duration-ns=239573003 fields.time="2020-04-18T14:54:38+02:00" method=HEAD name=ca nonce=dWhJQm1WdWFiZFlkWnFTRUNFR3NTc01BaU5xTDd6RjM path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh3j9s3efpmrvc2rg size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0043]                                               duration=1.474882989s duration-ns=1474882989 fields.time="2020-04-18T14:54:38+02:00" method=POST name=ca nonce=R2ZyaG15cTY5NEhKMkQ3YVBkMWxYN3pRYllyOHg4ZU8 path=/acme/acme/new-order protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh3j9s3efpmrvc2s0 response="{\"status\":\"pending\",\"expires\":\"2020-04-19T12:54:40Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"foo.dn\"}],\"notBefore\":\"0001-01-01T00:00:00Z\",\"notAfter\":\"0001-01-01T00:00:00Z\",\"authorizations\":[\"https://10.100.1.8:9443/acme/acme/authz/uVf7LwxPsO70wYpwoo0JNkuqzh8SYta7\"],\"finalize\":\"https://10.100.1.8:9443/acme/acme/order/LfqpRJz4ObxktkmOoYTcQlOt4O5JDBsA/finalize\"}" size=360 status=201 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0044]                                               duration=203.295783ms duration-ns=203295783 fields.time="2020-04-18T14:54:40+02:00" method=HEAD name=ca nonce=bXZxTFVvWTVRb2NoTmZtcDJFajJ3a2U1V0dnNU94NTE path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh439s3efpmrvc2sg size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0044]                                               duration=649.250838ms duration-ns=649250838 fields.time="2020-04-18T14:54:40+02:00" method=POST name=ca nonce=THlLNVFCUTNQMHQ3WUY3QTlvdnRDSGVZaWRiOEViZzI path=/acme/acme/order/LfqpRJz4ObxktkmOoYTcQlOt4O5JDBsA protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh439s3efpmrvc2t0 response="{\"status\":\"pending\",\"expires\":\"2020-04-19T12:54:40Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"foo.dn\"}],\"notBefore\":\"0001-01-01T00:00:00Z\",\"notAfter\":\"0001-01-01T00:00:00Z\",\"authorizations\":[\"https://10.100.1.8:9443/acme/acme/authz/uVf7LwxPsO70wYpwoo0JNkuqzh8SYta7\"],\"finalize\":\"https://10.100.1.8:9443/acme/acme/order/LfqpRJz4ObxktkmOoYTcQlOt4O5JDBsA/finalize\"}" size=360 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0045]                                               duration=173.79796ms duration-ns=173797960 fields.time="2020-04-18T14:54:41+02:00" method=HEAD name=ca nonce=RkFVZndoSEpWbHgybEJ5dEVWWFZDQUFzTEJTbHo0S1o path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh4b9s3efpmrvc2tg size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0045]                                               duration=379.683205ms duration-ns=379683205 fields.time="2020-04-18T14:54:41+02:00" method=POST name=ca nonce=cWZqZzNOU0o1TFBKeWI1QVBsZXJ4eURubGlZM0xDVWs path=/acme/acme/authz/uVf7LwxPsO70wYpwoo0JNkuqzh8SYta7 protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh4b9s3efpmrvc2u0 response="{\"identifier\":{\"type\":\"dns\",\"value\":\"foo.dn\"},\"status\":\"pending\",\"expires\":\"2020-04-19T12:54:39Z\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"UgrYTUeakV64VJBwGP4DE7aUS2m0eshP\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/aE1Om6O2t0WQshGX5xW80CxdLPYsOfN1\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"jqMeddLL4t9VK6AsJLizGy9Uru13hhqL\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/C9bEn7MHjYfPAkjAaBtFcgJPFnqkrkwF\"},{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\"}],\"wildcard\":false}" size=632 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0045]                                               duration=171.576273ms duration-ns=171576273 fields.time="2020-04-18T14:54:42+02:00" method=HEAD name=ca nonce=Vm5hTGZPRnl6MkZYSWFLV0JFa0x6eU05Y1loQjBFM28 path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh4j9s3efpmrvc2ug size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0046]                                               duration=538.131934ms duration-ns=538131934 fields.time="2020-04-18T14:54:42+02:00" method=POST name=ca nonce=SWVCckQ4SDJvdHZLR3h3c3ZEM2dqYkduc0pVeHhtaGI path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh4j9s3efpmrvc2v0 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\"}" size=165 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0047]                                               duration=240.341534ms duration-ns=240341534 fields.time="2020-04-18T14:54:44+02:00" method=HEAD name=ca nonce=cE9WSEVLMWVtU1JzR3F3VGtJelJYTURTd2NncEx4MG4 path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh539s3efpmrvc2vg size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0048]                                               duration=542.584309ms duration-ns=542584309 fields.time="2020-04-18T14:54:44+02:00" method=POST name=ca nonce=UEF1NFFTTmtGVXRveUY0RnJEaE43cEw2elR6WTM5Wmw path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh539s3efpmrvc300 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\",\"error\":{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host\"}}" size=335 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0049]                                               duration=255.933017ms duration-ns=255933017 fields.time="2020-04-18T14:54:46+02:00" method=HEAD name=ca nonce=TXkxM0Z1Ulk0VzlINnVBb3V2SkJaaTAxcjZiem11Ums path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh5j9s3efpmrvc30g size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0050]                                               duration=944.859176ms duration-ns=944859176 fields.time="2020-04-18T14:54:46+02:00" method=POST name=ca nonce=eFZmQkJ1TU12RnM4SDk1T1hYbGN1WGRRRjI3QnRQMHQ path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh5j9s3efpmrvc310 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\",\"error\":{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host\"}}" size=335 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0052]                                               duration=299.997049ms duration-ns=299997049 fields.time="2020-04-18T14:54:48+02:00" method=HEAD name=ca nonce=bzlKanh2RTRyUE40ZDFwVFc1U0dZd2dLT3NpazBjeDg path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh639s3efpmrvc31g size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0052]                                               duration=583.391589ms duration-ns=583391589 fields.time="2020-04-18T14:54:48+02:00" method=POST name=ca nonce=ZVRiTlhGM3FxR2h4NTFOT0JhemVFZFlZRHhZS0YwNnM path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh639s3efpmrvc320 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\",\"error\":{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host\"}}" size=335 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0054]                                               duration=323.55253ms duration-ns=323552530 fields.time="2020-04-18T14:54:50+02:00" method=HEAD name=ca nonce=UUNOTFZyenNhUjVxa2VSTVdsanlRMzZ5Zm5oa0xqdlo path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh6j9s3efpmrvc32g size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0054]                                               duration=676.313805ms duration-ns=676313805 fields.time="2020-04-18T14:54:50+02:00" method=POST name=ca nonce=OFhOZ3dRaWlBYnphMkxoRmI5dWhLUW9nRHZUaU9PZGI path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh6j9s3efpmrvc330 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\",\"error\":{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host\"}}" size=335 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=
INFO[0056]                                               duration=184.234133ms duration-ns=184234133 fields.time="2020-04-18T14:54:52+02:00" method=HEAD name=ca nonce=OG5SdXlDZ1g4NHNtempSZUJ4RXVnNmVLRnUwYzFPdXA path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh739s3efpmrvc33g size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id=

I installed the step-ca following this tutorial by installing https://github.com/smallstep/certificates and https://github.com/smallstep/cli/ from the releases and then issuing the following commands:

step ca init
step ca provisioner add acme --type ACME
step-ca $(step path)/config/ca.json

The step-ca works fine with another ACME client like acme.sh, tested with ./acme.sh --server https://10.100.1.8:9443/acme/acme/directory --issue -d foo.dn --webroot ../dehydrated/webroot/ --force.

Originally created by @sebageek on GitHub (Apr 18, 2020). I cannot obtain certificates with dehydrated from current master, as it seems to fail to communicate to the CA that it is interested in a http-01 challenge. I'm testing with dehydrated from dbb0ef1 and step-ca `CA/0.14.3-rc.2.32bitbadger2`. Originally I tried v0.6.5, which resulted in the same result as #689. In my tests dehydrated gets a challenge that is placed in the `acme-challenges/` directory, but the CA never asks my webserver for it. The error message from the CA suggests that it is only trying to do dns-01 validation, not http-01 validation. Dehydrated config: ``` CONFIG_D=/etc/dehydrated/conf.d BASEDIR=/home/seba/projects/src/boulder/dehydrated WELLKNOWN="${BASEDIR}/acme-challenges" DOMAINS_TXT="${BASEDIR}/domains.txt" CA="https://10.100.1.8:9443/acme/acme/directory" CURL_OPTS=-k CHALLENGETYPE=http-01 ``` Dehydrated output: ``` $ ./dehydrated --config config -c --domain foo.dn --challenge http-01 # INFO: Using main config file config + Creating chain cache directory /home/seba/projects/src/boulder/dehydrated/chains Processing foo.dn + Creating new directory /home/seba/projects/src/boulder/dehydrated/certs/foo.dn ... + Signing domains... + Generating private key... + Generating signing request... + Requesting new certificate order from CA... + Received 1 authorizations URLs from the CA + Handling authorization for foo.dn + 1 pending challenge(s) + Deploying challenge tokens... + Responding to challenge for foo.dn authorization... --- result: {"type":"dns-01","status":"pending","token":"PRVs6pkjYD9YX5WECCn3JGBjEWujBBQO","url":"https://10.100.1.8:9443/acme/acme/challenge/oajFLdNsAm3ZTdWaqQAozD9m4FaZnsVG","error":{"type":"urn:ietf:params:acme:error:dns","detail":"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host"}} --- result: {"type":"dns-01","status":"pending","token":"PRVs6pkjYD9YX5WECCn3JGBjEWujBBQO","url":"https://10.100.1.8:9443/acme/acme/challenge/oajFLdNsAm3ZTdWaqQAozD9m4FaZnsVG","error":{"type":"urn:ietf:params:acme:error:dns","detail":"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host"}} --- result: {"type":"dns-01","status":"pending","token":"PRVs6pkjYD9YX5WECCn3JGBjEWujBBQO","url":"https://10.100.1.8:9443/acme/acme/challenge/oajFLdNsAm3ZTdWaqQAozD9m4FaZnsVG","error":{"type":"urn:ietf:params:acme:error:dns","detail":"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host"}} --- result: {"type":"dns-01","status":"pending","token":"PRVs6pkjYD9YX5WECCn3JGBjEWujBBQO","url":"https://10.100.1.8:9443/acme/acme/challenge/oajFLdNsAm3ZTdWaqQAozD9m4FaZnsVG","error":{"type":"urn:ietf:params:acme:error:dns","detail":"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host"}} ^C ``` I added a `echo " --- result: $result"` in line 824 for getting the CAs error message. For reference, this is the ca log for an issue attempt: ```INFO[0041] duration=247.863904ms duration-ns=247863904 fields.time="2020-04-18T14:54:37+02:00" method=GET name=ca nonce=WUpkVTZ0OHBydE43bjhNeml3eHVGRDZ3bThxVkV3V0c path=/acme/acme/directory protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh3b9s3efpmrvc2r0 response="{\"newNonce\":\"https://10.100.1.8:9443/acme/acme/new-nonce\",\"newAccount\":\"https://10.100.1.8:9443/acme/acme/new-account\",\"newOrder\":\"https://10.100.1.8:9443/acme/acme/new-order\",\"revokeCert\":\"https://10.100.1.8:9443/acme/acme/revoke-cert\",\"keyChange\":\"https://10.100.1.8:9443/acme/acme/key-change\"}" size=297 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0042] duration=239.573003ms duration-ns=239573003 fields.time="2020-04-18T14:54:38+02:00" method=HEAD name=ca nonce=dWhJQm1WdWFiZFlkWnFTRUNFR3NTc01BaU5xTDd6RjM path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh3j9s3efpmrvc2rg size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0043] duration=1.474882989s duration-ns=1474882989 fields.time="2020-04-18T14:54:38+02:00" method=POST name=ca nonce=R2ZyaG15cTY5NEhKMkQ3YVBkMWxYN3pRYllyOHg4ZU8 path=/acme/acme/new-order protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh3j9s3efpmrvc2s0 response="{\"status\":\"pending\",\"expires\":\"2020-04-19T12:54:40Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"foo.dn\"}],\"notBefore\":\"0001-01-01T00:00:00Z\",\"notAfter\":\"0001-01-01T00:00:00Z\",\"authorizations\":[\"https://10.100.1.8:9443/acme/acme/authz/uVf7LwxPsO70wYpwoo0JNkuqzh8SYta7\"],\"finalize\":\"https://10.100.1.8:9443/acme/acme/order/LfqpRJz4ObxktkmOoYTcQlOt4O5JDBsA/finalize\"}" size=360 status=201 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0044] duration=203.295783ms duration-ns=203295783 fields.time="2020-04-18T14:54:40+02:00" method=HEAD name=ca nonce=bXZxTFVvWTVRb2NoTmZtcDJFajJ3a2U1V0dnNU94NTE path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh439s3efpmrvc2sg size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0044] duration=649.250838ms duration-ns=649250838 fields.time="2020-04-18T14:54:40+02:00" method=POST name=ca nonce=THlLNVFCUTNQMHQ3WUY3QTlvdnRDSGVZaWRiOEViZzI path=/acme/acme/order/LfqpRJz4ObxktkmOoYTcQlOt4O5JDBsA protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh439s3efpmrvc2t0 response="{\"status\":\"pending\",\"expires\":\"2020-04-19T12:54:40Z\",\"identifiers\":[{\"type\":\"dns\",\"value\":\"foo.dn\"}],\"notBefore\":\"0001-01-01T00:00:00Z\",\"notAfter\":\"0001-01-01T00:00:00Z\",\"authorizations\":[\"https://10.100.1.8:9443/acme/acme/authz/uVf7LwxPsO70wYpwoo0JNkuqzh8SYta7\"],\"finalize\":\"https://10.100.1.8:9443/acme/acme/order/LfqpRJz4ObxktkmOoYTcQlOt4O5JDBsA/finalize\"}" size=360 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0045] duration=173.79796ms duration-ns=173797960 fields.time="2020-04-18T14:54:41+02:00" method=HEAD name=ca nonce=RkFVZndoSEpWbHgybEJ5dEVWWFZDQUFzTEJTbHo0S1o path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh4b9s3efpmrvc2tg size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0045] duration=379.683205ms duration-ns=379683205 fields.time="2020-04-18T14:54:41+02:00" method=POST name=ca nonce=cWZqZzNOU0o1TFBKeWI1QVBsZXJ4eURubGlZM0xDVWs path=/acme/acme/authz/uVf7LwxPsO70wYpwoo0JNkuqzh8SYta7 protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh4b9s3efpmrvc2u0 response="{\"identifier\":{\"type\":\"dns\",\"value\":\"foo.dn\"},\"status\":\"pending\",\"expires\":\"2020-04-19T12:54:39Z\",\"challenges\":[{\"type\":\"http-01\",\"status\":\"pending\",\"token\":\"UgrYTUeakV64VJBwGP4DE7aUS2m0eshP\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/aE1Om6O2t0WQshGX5xW80CxdLPYsOfN1\"},{\"type\":\"tls-alpn-01\",\"status\":\"pending\",\"token\":\"jqMeddLL4t9VK6AsJLizGy9Uru13hhqL\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/C9bEn7MHjYfPAkjAaBtFcgJPFnqkrkwF\"},{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\"}],\"wildcard\":false}" size=632 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0045] duration=171.576273ms duration-ns=171576273 fields.time="2020-04-18T14:54:42+02:00" method=HEAD name=ca nonce=Vm5hTGZPRnl6MkZYSWFLV0JFa0x6eU05Y1loQjBFM28 path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh4j9s3efpmrvc2ug size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0046] duration=538.131934ms duration-ns=538131934 fields.time="2020-04-18T14:54:42+02:00" method=POST name=ca nonce=SWVCckQ4SDJvdHZLR3h3c3ZEM2dqYkduc0pVeHhtaGI path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh4j9s3efpmrvc2v0 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\"}" size=165 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0047] duration=240.341534ms duration-ns=240341534 fields.time="2020-04-18T14:54:44+02:00" method=HEAD name=ca nonce=cE9WSEVLMWVtU1JzR3F3VGtJelJYTURTd2NncEx4MG4 path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh539s3efpmrvc2vg size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0048] duration=542.584309ms duration-ns=542584309 fields.time="2020-04-18T14:54:44+02:00" method=POST name=ca nonce=UEF1NFFTTmtGVXRveUY0RnJEaE43cEw2elR6WTM5Wmw path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh539s3efpmrvc300 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\",\"error\":{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host\"}}" size=335 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0049] duration=255.933017ms duration-ns=255933017 fields.time="2020-04-18T14:54:46+02:00" method=HEAD name=ca nonce=TXkxM0Z1Ulk0VzlINnVBb3V2SkJaaTAxcjZiem11Ums path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh5j9s3efpmrvc30g size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0050] duration=944.859176ms duration-ns=944859176 fields.time="2020-04-18T14:54:46+02:00" method=POST name=ca nonce=eFZmQkJ1TU12RnM4SDk1T1hYbGN1WGRRRjI3QnRQMHQ path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh5j9s3efpmrvc310 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\",\"error\":{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host\"}}" size=335 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0052] duration=299.997049ms duration-ns=299997049 fields.time="2020-04-18T14:54:48+02:00" method=HEAD name=ca nonce=bzlKanh2RTRyUE40ZDFwVFc1U0dZd2dLT3NpazBjeDg path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh639s3efpmrvc31g size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0052] duration=583.391589ms duration-ns=583391589 fields.time="2020-04-18T14:54:48+02:00" method=POST name=ca nonce=ZVRiTlhGM3FxR2h4NTFOT0JhemVFZFlZRHhZS0YwNnM path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh639s3efpmrvc320 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\",\"error\":{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host\"}}" size=335 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0054] duration=323.55253ms duration-ns=323552530 fields.time="2020-04-18T14:54:50+02:00" method=HEAD name=ca nonce=UUNOTFZyenNhUjVxa2VSTVdsanlRMzZ5Zm5oa0xqdlo path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh6j9s3efpmrvc32g size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0054] duration=676.313805ms duration-ns=676313805 fields.time="2020-04-18T14:54:50+02:00" method=POST name=ca nonce=OFhOZ3dRaWlBYnphMkxoRmI5dWhLUW9nRHZUaU9PZGI path=/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh6j9s3efpmrvc330 response="{\"type\":\"dns-01\",\"status\":\"pending\",\"token\":\"3DNbjJiAJzZTiwDRYPuyx8WkQXgNSIbd\",\"url\":\"https://10.100.1.8:9443/acme/acme/challenge/gHYp0nxvppPwh5ur1NGhnXB7mNj45XBT\",\"error\":{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"error looking up TXT records for domain foo.dn: lookup _acme-challenge.foo.dn on 10.100.1.1:53: no such host\"}}" size=335 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= INFO[0056] duration=184.234133ms duration-ns=184234133 fields.time="2020-04-18T14:54:52+02:00" method=HEAD name=ca nonce=OG5SdXlDZ1g4NHNtempSZUJ4RXVnNmVLRnUwYzFPdXA path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=10.100.1.8 request-id=bqdfh739s3efpmrvc33g size=0 status=200 user-agent="dehydrated/0.6.5 curl/7.68.0" user-id= ``` I installed the step-ca following [this tutorial](https://smallstep.com/blog/private-acme-server/) by installing [https://github.com/smallstep/certificates](step-ca) and [https://github.com/smallstep/cli/](step-cli) from the releases and then issuing the following commands: ``` step ca init step ca provisioner add acme --type ACME step-ca $(step path)/config/ca.json ``` The step-ca works fine with another ACME client like acme.sh, tested with `./acme.sh --server https://10.100.1.8:9443/acme/acme/directory --issue -d foo.dn --webroot ../dehydrated/webroot/ --force`.
adam closed this issue 2025-12-29 01:25:53 +01:00
adam commented 2025-12-29 01:25:54 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Jul 4, 2020):

It's weird that it tries to use dns dns-01 challenge, obviously that can never complete if it should be http-01... wondering if that is related to the json parsing issues... If this is still relevant would you mind testing the dehydrated version from here (https://github.com/dehydrated-io/dehydrated/tree/jsonsh) and see if it works now?

@lukas2511 commented on GitHub (Jul 4, 2020): It's weird that it tries to use dns dns-01 challenge, obviously that can never complete if it should be http-01... wondering if that is related to the json parsing issues... If this is still relevant would you mind testing the dehydrated version from here (https://github.com/dehydrated-io/dehydrated/tree/jsonsh) and see if it works now?
adam commented 2025-12-29 01:25:55 +01:00
Author
Owner
Copy Link

@danimo commented on GitHub (Sep 17, 2020):

@darix has validated that this works with current master after the switch to json.sh. I think this can be closed.

@danimo commented on GitHub (Sep 17, 2020): @darix has validated that this works with current master after the switch to json.sh. I think this can be closed.
adam commented 2025-12-29 01:25:55 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Sep 17, 2020):

@danimo thx, closed.

@lukas2511 commented on GitHub (Sep 17, 2020): @danimo thx, closed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#474
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?