[Freeipa-users] Let's Encrypt Install: Made a bit of install progress, next error

Joseph Flynn jjflynn22 at gmail.com
Wed Dec 7 15:52:37 UTC 2016 

Damn, I thought I already fixed that but didn't.  Hold while I rerun...   I
bet that was it.

On Wed, Dec 7, 2016 at 10:50 AM, Martin Basti <mbasti at redhat.com> wrote:

> What does `hostname` command return?
>
> On 07.12.2016 16:37, Joseph Flynn wrote:
>
> Sorry, I wasn't clear in my earlier subject line.  This is related to the
> Lets Encrypt installation.
>
> I tried to pull some more relevant items from the log below.  I don't
> actually see all of the elements of my FQDN (ipa-a.kkgpitt.org) only
> references to the host (ipa-a) in the log, but am not sure what a good log
> should include.
>
> Thanks for any assistance,
> Joe
>
>
> On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn <jjflynn22 at gmail.com> wrote:
>
>> Volunteers,
>>
>> I moved over to a Fedora VM which was way more difficult than it should
>> be.  All kinds of problems with Guest Additions and I ended up having to
>> run server mode with no GUI.  Now I run an Ubuntu VM from which I ssh into
>> my Fedora VM.  Anyway...
>>
>> The install made it a further step than before.  I get a quick blue
>> screen pop up at the end then an error saying:
>> [image: Inline image 1]
>>
>> An unexpected error occurred:
>>> The request message was malformed :: DNS name does not have enough labels
>>> Please see the logfiles in /var/log/letsencrypt for more details.
>>>
>>
>> When I run the cert checker util I get this
>> https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org
>>
>> Full log below.
>>
>> Any suggestions?  Is it not pulling my proper hostname?
>>
>> Thanks,
>> Joe
>>
>>
>>
>>
>>
>> [jjflynn22 at ipa-a ~]$ cat /etc/hosts
>> 192.168.1.211 ipa-a.kkgpitt.org ipa-a
>> 127.0.0.1   localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>> ::1         localhost localhost.localdomain localhost6
>> localhost6.localdomain6
>>
>>
>>
>>
>> [jjflynn22 at ipa-a ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log
>> [sudo] password for jjflynn22:
>> 2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level set at 20
>> 2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to
>> /var/log/letsencrypt/letsencrypt.log
>> 2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3
>> 2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments: ['--standalone',
>> '--csr', '/root/ipa-le/httpd-csr.der', '--email', 'xxxxx at gmail.com',
>> '--agree-tos']
>> 2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered plugins:
>> PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#
>> null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
>> 2016-12-06 20:57:43,995:DEBUG:certbot.plugins.selection:Requested
>> authenticator standalone and installer None
>> 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Single candidate
>> plugin: * standalone
>> Description: Spin up a temporary webserver
>> Interfaces: IAuthenticator, IPlugin
>> Entry point: standalone = certbot.plugins.standalone:Authenticator
>> Initialized: <certbot.plugins.standalone.Authenticator object at
>> 0x7fc3dc6fccd0>
>> Prep: True
>> 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Selected
>> authenticator <certbot.plugins.standalone.Authenticator object at
>> 0x7fc3dc6fccd0> and installer None
>> 2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account:
>> <Account(7446b15565eb5a2fc5850f3ad97dc6dc)>
>> 2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to
>> https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
>> 2016-12-06 20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting
>> new HTTPS connection (1): acme-v01.api.letsencrypt.org
>> 2016-12-06 20:57:44,500:DEBUG:requests.packages.urllib3.connectionpool:"GET
>> /directory HTTP/1.1" 200 280
>> 2016-12-06 20:57:44,506:DEBUG:root:Received <Response [200]>. Headers:
>> {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'Boulder-Request-Id': 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
>> 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
>> 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
>> 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json',
>> 'Replay-Nonce': 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}. Content:
>> '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n
>> "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n
>> "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n
>> "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert
>> "\n}'
>> 2016-12-06 20:57:44,506:DEBUG:acme.client:Received response <Response
>> [200]> (headers: {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016
>> 20:57:46 GMT', 'Boulder-Request-Id': 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
>> 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
>> 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
>> 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json',
>> 'Replay-Nonce': 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}): '{\n
>> "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n
>> "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n
>> "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n
>> "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert
>> "\n}'
>> 2016-12-06 20:57:44,506:DEBUG:certbot.client:CSR:
>> CSR(file='/root/ipa-le/httpd-csr.der', data='0\x82\x02x0\x82\x01`\x02
>> \x01\x000\x101\x0e0\x0c\x06\x03U\x04\x03\x13\x05ipa-a0\
>> x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\
>> x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xdau1L\xa6T\xc8\x93\xc0P\x93\xb3\xd2\xcb
>> \xe2PU\xf0\x94=\x1c\n\x1e\xe5\xfe\xed<\xfa\xb1d-\x92\xebeD\x
>> b1\x0eq9\xf1\xfa\xb5p\xdc\x12qN\x96\x0b\x1f\x13\xab\xae
>>
>> .......
>>
>> 99\xc0\xb0\x07N\xdd5\x9e1\xb8\xdc\x8c\xc1N\xc1\x04\xa1\xd0\x
>> fc\xc2$f\x84e\xd4\xf7i\x1a\x1c~,\x80\xea/~j\xea\xa2\xf3\xe9\
>> x96\xfe5j\xa4\xb4X\x12L\xd5\xe5\xb0\x99|\xb8\xd1\xed\xa3\
>> xf2\xd5\xf0\x94\xc3"\xe8\x9dT\x17\xcf\x12$oVE\x83\xd1\x96\
>> xac\xa1\xf9F\xd2mO\xe9$\xa7\x00_\xaa\xc6\xa3j\xa1\xbaX8\
>> xa43K\x18os\xe1\xf4L(\xf9\xac\'\xc5\x9a\xdc\xf5s\xc6`\x97\
>> xe6\xea\xf8\xcc\xfa\xe1U_\xff\x86\xf0\x82\xab\xaf\xb9\x92q\
>> x06\x0f\xa5}]\x9c\xb1\x84b\x85<\xed\x92,g\x0e\xeaoAi|\xc5\n\x92',
>> form='der'), domains: [u'ipa-a']
>> 2016-12-06 20:57:44,507:DEBUG:root:Requesting fresh nonce
>> 2016-12-06 20:57:44,507:DEBUG:root:Sending HEAD request to
>> https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
>> 2016-12-06 20:57:44,608:DEBUG:requests.packages.urllib3.connectionpool:"HEAD
>> /acme/new-authz HTTP/1.1" 405 0
>> 2016-12-06 20:57:44,609:DEBUG:root:Received <Response [405]>. Headers:
>> {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id':
>> 'c2cMPhHqlO5kTv8xJ5dfIs4NCD2KMqn8X-IxPzutDAI', 'Expires': 'Tue, 06 Dec
>> 2016 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow':
>> 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06
>> Dec 2016 20:57:46 GMT', 'Content-Type': 'application/problem+json',
>> 'Replay-Nonce': '3fq9edUYLFJwQKDU-oaLVpQdUglFemQpGNbwZ-AtmfI'}. Content:
>> ''
>> 2016-12-06 20:57:44,609:DEBUG:acme.client:Storing nonce:
>> '\xdd\xfa\xbdy\xd5\x18,Rp@\xa0\xd4\xfa\x86\x8bV\x94\x1dR\tEz
>> d)\x18\xd6\xf0g\xe0-\x99\xf2'
>> 2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted empty fields:
>> combinations=None, challenges=None, expires=None, status=None
>> 2016-12-06 20:57:44,610:DEBUG:acme.client:Serialized JSON:
>> {"identifier": {"type": "dns", "value": "ipa-a"}, "resource":
>> "new-authz"}
>> 2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted empty fields:
>> kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None,
>> x5tS256=None, x5u=None, alg=None, x5t=None
>> 2016-12-06 20:57:44,612:DEBUG:acme.jose.json_util:Omitted empty fields:
>> kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None,
>> x5u=None, x5t=None, nonce=None
>> 2016-12-06 20:57:44,612:DEBUG:root:Sending POST request to
>> https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs:
>> {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA",
>> "n": "vmM8XoN-WDCdPcaMNxu9zlLEJBBN-W_pIkG-Afw5uawBBXWHbWyzUeb06Ly
>> pMM94LcTi0drWTf00Fdv5SiVKMAwwAoqH-Xzv5LHBwYmqNFGr-W6cphQjNTP
>> 21IP87NKxG87OdvvOMjE--oMuJJMYWbyAAcOZNhIobWp969EMGu9Oi5JeQI1
>> bLqIHS317xWDPD_EMTmhnVxZGBuS5gs_ObYejnJmGyu4_Bn1yLIDlBuphYsH
>> g0pWoAgjZQAr3NI4N7oVrB-LiW21-k9I-LH3dijxVLBe_7jfKsIsVTJyzMz
>> l-g2iAeogYHfRngkhnQVXfhSleeZbfHwKXPs5FdmnHBw"}}, "protected":
>> "eyJub25jZSI6ICIzZnE5ZWRVWUxGSndRS0RVLW9hTFZwUWRVZ2xGZW1RcEdOYndaLUF0bWZJIn0",
>> "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJpcGE
>> tYSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0", "signature":
>> "sDGSJkUMIFVRr7YGU33exEVslJFZlZoTuyv74F_XtloybjzZFg81r8ONbCU
>> XtU6Q1COsA1M9df_vpL1b8Pz2bhfgEkG7taiaHDEyK-PGx5cn9U4vgSp3uZM
>> NfVGFK-0gSYxLIsI0AgEIV8rTVKVw5kHVhn8Ob7gCuBgz1QkGr8WefqAcJ6v
>> xycvbPBXh3GlpHylKDNTEsH5kbdKtfg5bKJu8RDLFBhAZCFub61EwkeT7Hfv
>> hsWkaXJQhoolWiFn_3PjAZCEZzPL5igCOW0V65OEp6O3wdnC4FwS0BwxE0Cx
>> B2QA2mXMdvX4SILRf5mhzhTOmdTL0gLYXffI1XErbvg"}'}
>> 2016-12-06 20:57:44,728:DEBUG:requests.packages.urllib3.connectionpool:"POST
>> /acme/new-authz HTTP/1.1" 400 109
>> 2016-12-06 20:57:44,730:DEBUG:root:Received <Response [400]>. Headers:
>> {'Content-Length': '109', 'Boulder-Request-Id':
>> 'z34CxBq8_BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires': 'Tue, 06 Dec
>> 2016 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'close',
>> 'Cache-Control': 'max-age=0, no-cache, no-store', 'Pragma': 'no-cache',
>> 'Boulder-Requester': '6994631', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'Content-Type': 'application/problem+json', 'Replay-Nonce':
>> 'YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}. Content: '{\n  "type":
>> "urn:acme:error:malformed",\n  "detail": "DNS name does not have enough
>> labels",\n  "status": 400\n}'
>> 2016-12-06 20:57:44,730:DEBUG:acme.client:Storing nonce:
>> "b\x84\x8d\xa4\xb4\xf5D\x94\x8d\xe6\xd5\x15\x11k\xa3\xaf\x18
>> \xd9\xe0\xbchS\xe8\xca\x9d\xcb'\xd5\xa3}\x1cR"
>> 2016-12-06 20:57:44,730:DEBUG:acme.client:Received response <Response
>> [400]> (headers: {'Content-Length': '109', 'Boulder-Request-Id':
>> 'z34CxBq8_BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires': 'Tue, 06 Dec
>> 2016 20:57:46 GMT', 'Server': 'nginx', 'Connection': 'close',
>> 'Cache-Control': 'max-age=0, no-cache, no-store', 'Pragma': 'no-cache',
>> 'Boulder-Requester': '6994631', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'Content-Type': 'application/problem+json', 'Replay-Nonce':
>> 'YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}): '{\n  "type":
>> "urn:acme:error:malformed",\n  "detail": "DNS name does not have enough
>> labels",\n  "status": 400\n}'
>> 2016-12-06 20:57:44,735:DEBUG:certbot.main:Exiting abnormally:
>> Traceback (most recent call last):
>>   File "/usr/bin/letsencrypt", line 9, in <module>
>>     load_entry_point('certbot==0.9.3', 'console_scripts', 'certbot')()
>>   File "/usr/lib/python2.7/site-packages/certbot/main.py", line 776, in
>> main
>>     return config.func(config, plugins)
>>   File "/usr/lib/python2.7/site-packages/certbot/main.py", line 566, in
>> obtain_cert
>>     _csr_obtain_cert(config, le_client)
>>   File "/usr/lib/python2.7/site-packages/certbot/main.py", line 535, in
>> _csr_obtain_cert
>>     certr, chain = le_client.obtain_certificate_from_csr(config.domains,
>> csr, typ)
>>   File "/usr/lib/python2.7/site-packages/certbot/client.py", line 229,
>> in obtain_certificate_from_csr
>>     authzr = self.auth_handler.get_authorizations(domains)
>>   File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line
>> 68, in get_authorizations
>>     domain, self.account.regr.new_authzr_uri)
>>   File "/usr/lib/python2.7/site-packages/acme/client.py", line 210, in
>> request_domain_challenges
>>     typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
>>   File "/usr/lib/python2.7/site-packages/acme/client.py", line 190, in
>> request_challenges
>>     new_authz)
>>   File "/usr/lib/python2.7/site-packages/acme/client.py", line 649, in
>> post
>>     return self._check_response(response, content_type=content_type)
>>   File "/usr/lib/python2.7/site-packages/acme/client.py", line 565, in
>> _check_response
>>     raise messages.Error.from_json(jobj)
>> Error: urn:acme:error:malformed :: The request message was malformed ::
>> DNS name does not have enough labels
>>
>>
>>
>>
>>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161207/474d521c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 12140 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161207/474d521c/attachment.png>

More information about the Freeipa-users mailing list