starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Dehydrated gets confused by openssl req -verify output. #614

New Issue
Closed
opened 2025-12-29 01:27:50 +01:00 by adam · 4 comments
adam commented 2025-12-29 01:27:50 +01:00
Owner
Copy Link

Originally created by @wteiken on GitHub (Dec 3, 2023).

With the latest openssl update (at least from macports) openssl req -verify outputs the verification result to stdout (as opposed to stderr in the past). This gets merged into the altnames.

Created PR #923 as a fix.

Originally created by @wteiken on GitHub (Dec 3, 2023). With the latest openssl update (at least from macports) openssl req -verify outputs the verification result to stdout (as opposed to stderr in the past). This gets merged into the altnames. Created PR #923 as a fix.
adam closed this issue 2025-12-29 01:27:50 +01:00
adam commented 2025-12-29 01:27:50 +01:00
Author
Owner
Copy Link

@wteiken commented on GitHub (Dec 3, 2023):

Output on the console:

Warning: Will read cert request from stdin since no -in option is given
 + Requesting new certificate order from CA...
  + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)

Details:
HTTP/2 400 
server: nginx
date: Sun, 03 Dec 2023 19:40:39 GMT
content-type: application/problem+json
content-length: 1535
boulder-requester: 119415
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: [...]

{
  "type": "urn:ietf:params:acme:error:rejectedIdentifier",
  "detail": "Error creating new order :: Cannot issue for \"certificate\": Domain name needs at least one dot (and 4 more problems. Refer to sub-problems for more information.)",
  "status": 400,
  "subproblems": [
    {
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Error creating new order :: Domain name needs at least one dot",
      "status": 400,
      "identifier": {
        "type": "dns",
        "value": "certificate"
      }
    },
@wteiken commented on GitHub (Dec 3, 2023): Output on the console: ``` Warning: Will read cert request from stdin since no -in option is given + Requesting new certificate order from CA... + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400) Details: HTTP/2 400 server: nginx date: Sun, 03 Dec 2023 19:40:39 GMT content-type: application/problem+json content-length: 1535 boulder-requester: 119415 cache-control: public, max-age=0, no-cache link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" replay-nonce: [...] { "type": "urn:ietf:params:acme:error:rejectedIdentifier", "detail": "Error creating new order :: Cannot issue for \"certificate\": Domain name needs at least one dot (and 4 more problems. Refer to sub-problems for more information.)", "status": 400, "subproblems": [ { "type": "urn:ietf:params:acme:error:malformed", "detail": "Error creating new order :: Domain name needs at least one dot", "status": 400, "identifier": { "type": "dns", "value": "certificate" } }, ```
adam commented 2025-12-29 01:27:51 +01:00
Author
Owner
Copy Link

@wteiken commented on GitHub (Dec 3, 2023):

From a trace with bash -x:

+ local challenge_identifiers=
+ for altname in ${altnames}
+ [[ Certificate =~ ^ip: ]]
++ printf '{"type": "dns", "value": "%s"}, ' Certificate
+ challenge_identifiers+='{"type": "dns", "value": "Certificate"}, '
+ for altname in ${altnames}
+ [[ request =~ ^ip: ]]
++ printf '{"type": "dns", "value": "%s"}, ' request
+ challenge_identifiers+='{"type": "dns", "value": "request"}, '
+ for altname in ${altnames}
+ [[ self-signature =~ ^ip: ]]
++ printf '{"type": "dns", "value": "%s"}, ' self-signature
+ challenge_identifiers+='{"type": "dns", "value": "self-signature"}, '
+ for altname in ${altnames}
+ [[ verify =~ ^ip: ]]
++ printf '{"type": "dns", "value": "%s"}, ' verify
+ challenge_identifiers+='{"type": "dns", "value": "verify"}, '
+ for altname in ${altnames}
+ [[ OK =~ ^ip: ]]
++ printf '{"type": "dns", "value": "%s"}, ' OK
+ challenge_identifiers+='{"type": "dns", "value": "OK"}, '
+ for altname in ${altnames}
+ [[ nostromo.teiken.net =~ ^ip: ]]
++ printf '{"type": "dns", "value": "%s"}, ' my.host.name
+ challenge_identifiers+='{"type": "dns", "value": "my.host.name"}, '
@wteiken commented on GitHub (Dec 3, 2023): From a trace with bash -x: ``` + local challenge_identifiers= + for altname in ${altnames} + [[ Certificate =~ ^ip: ]] ++ printf '{"type": "dns", "value": "%s"}, ' Certificate + challenge_identifiers+='{"type": "dns", "value": "Certificate"}, ' + for altname in ${altnames} + [[ request =~ ^ip: ]] ++ printf '{"type": "dns", "value": "%s"}, ' request + challenge_identifiers+='{"type": "dns", "value": "request"}, ' + for altname in ${altnames} + [[ self-signature =~ ^ip: ]] ++ printf '{"type": "dns", "value": "%s"}, ' self-signature + challenge_identifiers+='{"type": "dns", "value": "self-signature"}, ' + for altname in ${altnames} + [[ verify =~ ^ip: ]] ++ printf '{"type": "dns", "value": "%s"}, ' verify + challenge_identifiers+='{"type": "dns", "value": "verify"}, ' + for altname in ${altnames} + [[ OK =~ ^ip: ]] ++ printf '{"type": "dns", "value": "%s"}, ' OK + challenge_identifiers+='{"type": "dns", "value": "OK"}, ' + for altname in ${altnames} + [[ nostromo.teiken.net =~ ^ip: ]] ++ printf '{"type": "dns", "value": "%s"}, ' my.host.name + challenge_identifiers+='{"type": "dns", "value": "my.host.name"}, ' ```
adam commented 2025-12-29 01:27:51 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Dec 5, 2023):

Thanks, I've merged your PR. I'm going to read up on openssl changelogs in the coming days to see if there might be any other hidden surprises about output changes (again)...

@lukas2511 commented on GitHub (Dec 5, 2023): Thanks, I've merged your PR. I'm going to read up on openssl changelogs in the coming days to see if there might be any other hidden surprises about output changes (again)...
adam commented 2025-12-29 01:27:51 +01:00
Author
Owner
Copy Link

@jcastle-gh commented on GitHub (Dec 20, 2024):

By the way, the warning was a bug in openssl that is fixed in openssl 3.4.0 (released October 22, 2024).
1d2cbd9b5a

@jcastle-gh commented on GitHub (Dec 20, 2024): By the way, the warning was a bug in openssl that is fixed in openssl 3.4.0 (released October 22, 2024). https://github.com/openssl/openssl/commit/1d2cbd9b5a126189d5e9bc78a3bdb9709427d02b
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#614
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?