[Freeipa-users] Let's Encrypt Install: Made a bit of install progress, next error
Martin Basti
mbasti at redhat.com
Wed Dec 7 15:56:13 UTC 2016
Please make sure you use `hostnamectl set-hostname FQDN` to set all
hostnames on system (static, tentaive, current ....)
Martin
On 07.12.2016 16:52, Joseph Flynn wrote:
> Damn, I thought I already fixed that but didn't. Hold while I
> rerun... I bet that was it.
>
> On Wed, Dec 7, 2016 at 10:50 AM, Martin Basti <mbasti at redhat.com
> <mailto:mbasti at redhat.com>> wrote:
>
> What does `hostname` command return?
>
>
> On 07.12.2016 16:37, Joseph Flynn wrote:
>> Sorry, I wasn't clear in my earlier subject line. This is
>> related to the Lets Encrypt installation.
>>
>> I tried to pull some more relevant items from the log below. I
>> don't actually see all of the elements of my FQDN
>> (ipa-a.kkgpitt.org <http://ipa-a.kkgpitt.org>) only references to
>> the host (ipa-a) in the log, but am not sure what a good log
>> should include.
>>
>> Thanks for any assistance,
>> Joe
>>
>>
>> On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn <jjflynn22 at gmail.com
>> <mailto:jjflynn22 at gmail.com>> wrote:
>>
>> Volunteers,
>>
>> I moved over to a Fedora VM which was way more difficult than
>> it should be. All kinds of problems with Guest Additions and
>> I ended up having to run server mode with no GUI. Now I run
>> an Ubuntu VM from which I ssh into my Fedora VM. Anyway...
>>
>> The install made it a further step than before. I get a
>> quick blue screen pop up at the end then an error saying:
>> Inline image 1
>>
>> An unexpected error occurred:
>> The request message was malformed :: DNS name does not
>> have enough labels
>> Please see the logfiles in /var/log/letsencrypt for more
>> details.
>>
>>
>> When I run the cert checker util I get this
>> https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org
>> <https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org>
>>
>>
>> Full log below.
>>
>> Any suggestions? Is it not pulling my proper hostname?
>>
>> Thanks,
>> Joe
>>
>>
>>
>>
>>
>> [jjflynn22 at ipa-a ~]$ cat /etc/hosts
>> 192.168.1.211ipa-a.kkgpitt.org <http://ipa-a.kkgpitt.org> ipa-a
>> 127.0.0.1 localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>> ::1 localhost localhost.localdomain localhost6
>> localhost6.localdomain6
>>
>>
>>
>>
>> [jjflynn22 at ipa-a ~]$ sudo cat
>> /var/log/letsencrypt/letsencrypt.log
>> [sudo] password for jjflynn22:
>> 2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level
>> set at 20
>> 2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to
>> /var/log/letsencrypt/letsencrypt.log
>> 2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3
>> 2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments:
>> ['--standalone', '--csr', '/root/ipa-le/httpd-csr.der',
>> '--email', 'xxxxx at gmail.com <mailto:xxxxx at gmail.com>',
>> '--agree-tos']
>> 2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered
>> plugins:
>> PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
>> 2016-12-06
>> 20:57:43,995:DEBUG:certbot.plugins.selection:Requested
>> authenticator standalone and installer None
>> 2016-12-06
>> 20:57:44,019:DEBUG:certbot.plugins.selection:Single candidate
>> plugin: * standalone
>> Description: Spin up a temporary webserver
>> Interfaces: IAuthenticator, IPlugin
>> Entry point: standalone =
>> certbot.plugins.standalone:Authenticator
>> Initialized: <certbot.plugins.standalone.Au
>> <http://certbot.plugins.standalone.Au>thenticator object at
>> 0x7fc3dc6fccd0>
>> Prep: True
>> 2016-12-06
>> 20:57:44,019:DEBUG:certbot.plugins.selection:Selected
>> authenticator <certbot.plugins.standalone.Au
>> <http://certbot.plugins.standalone.Au>thenticator object at
>> 0x7fc3dc6fccd0> and installer None
>> 2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account:
>> <Account(7446b15565eb5a2fc5850f3ad97dc6dc)>
>> 2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to
>> https://acme-v01.api.letsencrypt.org/directory
>> <https://acme-v01.api.letsencrypt.org/directory>. args: (),
>> kwargs: {}
>> 2016-12-06
>> 20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting
>> new HTTPS connection (1): acme-v01.api.letsencrypt.org
>> <http://acme-v01.api.letsencrypt.org>
>> 2016-12-06 20:57:44,500:DEBUG:requests.pa
>> <http://requests.pa>ckages.urllib3.connectionpool:"GET
>> /directory HTTP/1.1" 200 280
>> 2016-12-06 20:57:44,506:DEBUG:root:Received <Response [200]>.
>> Headers: {'Content-Length': '280', 'Expires': 'Tue, 06 Dec
>> 2016 20:57:46 GMT', 'Boulder-Request-Id':
>> 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
>> 'Strict-Transport-Security': 'max-age=604800', 'Server':
>> 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache',
>> 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date':
>> 'Tue, 06 Dec 2016 20:57:46 GMT', 'X-Frame-Options': 'DENY',
>> 'Content-Type': 'application/json', 'Replay-Nonce':
>> 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}. Content:
>> '{\n "new-authz":
>> "https://acme-v01.api.letsencrypt.org/acme/new-authz
>> <https://acme-v01.api.letsencrypt.org/acme/new-authz>",\n
>> "new-cert":
>> "https://acme-v01.api.letsencrypt.org/acme/new-cert
>> <https://acme-v01.api.letsencrypt.org/acme/new-cert>",\n
>> "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg
>> <https://acme-v01.api.letsencrypt.org/acme/new-reg>",\n
>> "revoke-cert":
>> "https://acme-v01.api.letsencrypt.org/acme/revoke-cert
>> <https://acme-v01.api.letsencrypt.org/acme/revoke-cert>"\n}'
>> 2016-12-06 20:57:44,506:DEBUG:acme.client:Received response
>> <Response [200]> (headers: {'Content-Length': '280',
>> 'Expires': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'Boulder-Request-Id':
>> 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
>> 'Strict-Transport-Security': 'max-age=604800', 'Server':
>> 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache',
>> 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date':
>> 'Tue, 06 Dec 2016 20:57:46 GMT', 'X-Frame-Options': 'DENY',
>> 'Content-Type': 'application/json', 'Replay-Nonce':
>> 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}): '{\n
>> "new-authz":
>> "https://acme-v01.api.letsencrypt.org/acme/new-authz
>> <https://acme-v01.api.letsencrypt.org/acme/new-authz>",\n
>> "new-cert":
>> "https://acme-v01.api.letsencrypt.org/acme/new-cert
>> <https://acme-v01.api.letsencrypt.org/acme/new-cert>",\n
>> "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg
>> <https://acme-v01.api.letsencrypt.org/acme/new-reg>",\n
>> "revoke-cert":
>> "https://acme-v01.api.letsencrypt.org/acme/revoke-cert
>> <https://acme-v01.api.letsencrypt.org/acme/revoke-cert>"\n}'
>> 2016-12-06 20:57:44,506:DEBUG:certbot.client:CSR:
>> CSR(file='/root/ipa-le/httpd-csr.der',
>> data='0\x82\x02x0\x82\x01`\x02\x01\x000\x101\x0e0\x0c\x06\x03U\x04\x03\x13\x05ipa-a0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xdau1L\xa6T\xc8\x93\xc0P\x93\xb3\xd2\xcb
>> \xe2PU\xf0\x94=\x1c\n\x1e\xe5\xfe\xed<\xfa\xb1d-\x92\xebeD\xb1\x0eq9\xf1\xfa\xb5p\xdc\x12qN\x96\x0b\x1f\x13\xab\xae
>>
>> .......
>>
>> 99\xc0\xb0\x07N\xdd5\x9e1\xb8\xdc\x8c\xc1N\xc1\x04\xa1\xd0\xfc\xc2$f\x84e\xd4\xf7i\x1a\x1c~,\x80\xea/~j\xea\xa2\xf3\xe9\x96\xfe5j\xa4\xb4X\x12L\xd5\xe5\xb0\x99|\xb8\xd1\xed\xa3\xf2\xd5\xf0\x94\xc3"\xe8\x9dT\x17\xcf\x12$oVE\x83\xd1\x96\xac\xa1\xf9F\xd2mO\xe9$\xa7\x00_\xaa\xc6\xa3j\xa1\xbaX8\xa43K\x18os\xe1\xf4L(\xf9\xac\'\xc5\x9a\xdc\xf5s\xc6`\x97\xe6\xea\xf8\xcc\xfa\xe1U_\xff\x86\xf0\x82\xab\xaf\xb9\x92q\x06\x0f\xa5}]\x9c\xb1\x84b\x85<\xed\x92,g\x0e\xeaoAi|\xc5\n\x92',
>> form='der'), domains: [u'ipa-a']
>> 2016-12-06 20:57:44,507:DEBUG:root:Requesting fresh nonce
>> 2016-12-06 20:57:44,507:DEBUG:root:Sending HEAD request to
>> https://acme-v01.api.letsencrypt.org/acme/new-authz
>> <https://acme-v01.api.letsencrypt.org/acme/new-authz>. args:
>> (), kwargs: {}
>> 2016-12-06 20:57:44,608:DEBUG:requests.pa
>> <http://requests.pa>ckages.urllib3.connectionpool:"HEAD
>> /acme/new-authz HTTP/1.1" 405 0
>> 2016-12-06 20:57:44,609:DEBUG:root:Received <Response [405]>.
>> Headers: {'Content-Length': '91', 'Pragma': 'no-cache',
>> 'Boulder-Request-Id':
>> 'c2cMPhHqlO5kTv8xJ5dfIs4NCD2KMqn8X-IxPzutDAI', 'Expires':
>> 'Tue, 06 Dec 2016 20:57:46 GMT', 'Server': 'nginx',
>> 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control':
>> 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016
>> 20:57:46 GMT', 'Content-Type': 'application/problem+json',
>> 'Replay-Nonce':
>> '3fq9edUYLFJwQKDU-oaLVpQdUglFemQpGNbwZ-AtmfI'}. Content: ''
>> 2016-12-06 20:57:44,609:DEBUG:acme.client:Storing nonce:
>> '\xdd\xfa\xbdy\xd5\x18,Rp@\xa0\xd4\xfa\x86\x8bV\x94\x1dR\tEzd)\x18\xd6\xf0g\xe0-\x99\xf2'
>> 2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted
>> empty fields: combinations=None, challenges=None,
>> expires=None, status=None
>> 2016-12-06 20:57:44,610:DEBUG:acme.client:Serialized JSON:
>> {"identifier": {"type": "dns", "value": "ipa-a"}, "resource":
>> "new-authz"}
>> 2016-12-06 20:57:44,610:DEBUG:acme.jose.json_util:Omitted
>> empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None,
>> jku=None, cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
>> 2016-12-06 20:57:44,612:DEBUG:acme.jose.json_util:Omitted
>> empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None,
>> cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
>> 2016-12-06 20:57:44,612:DEBUG:root:Sending POST request to
>> https://acme-v01.api.letsencrypt.org/acme/new-authz
>> <https://acme-v01.api.letsencrypt.org/acme/new-authz>. args:
>> (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk":
>> {"e": "AQAB", "kty": "RSA", "n":
>> "vmM8XoN-WDCdPcaMNxu9zlLEJBBN-W_pIkG-Afw5uawBBXWHbWyzUeb06LypMM94LcTi0drWTf00Fdv5SiVKMAwwAoqH-Xzv5LHBwYmqNFGr-W6cphQjNTP21IP87NKxG87OdvvOMjE--oMuJJMYWbyAAcOZNhIobWp969EMGu9Oi5JeQI1bLqIHS317xWDPD_EMTmhnVxZGBuS5gs_ObYejnJmGyu4_Bn1yLIDlBuphYsHg0pWoAgjZQAr3NI4N7oVrB-LiW21-k9I-LH3dijxVLBe_7jfKsIsVTJyzMzl-g2iAeogYHfRngkhnQVXfhSleeZbfHwKXPs5FdmnHBw"}},
>> "protected":
>> "eyJub25jZSI6ICIzZnE5ZWRVWUxGSndRS0RVLW9hTFZwUWRVZ2xGZW1RcEdOYndaLUF0bWZJIn0",
>> "payload":
>> "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJpcGEtYSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0",
>> "signature":
>> "sDGSJkUMIFVRr7YGU33exEVslJFZlZoTuyv74F_XtloybjzZFg81r8ONbCUXtU6Q1COsA1M9df_vpL1b8Pz2bhfgEkG7taiaHDEyK-PGx5cn9U4vgSp3uZMNfVGFK-0gSYxLIsI0AgEIV8rTVKVw5kHVhn8Ob7gCuBgz1QkGr8WefqAcJ6vxycvbPBXh3GlpHylKDNTEsH5kbdKtfg5bKJu8RDLFBhAZCFub61EwkeT7HfvhsWkaXJQhoolWiFn_3PjAZCEZzPL5igCOW0V65OEp6O3wdnC4FwS0BwxE0CxB2QA2mXMdvX4SILRf5mhzhTOmdTL0gLYXffI1XErbvg"}'}
>> 2016-12-06 20:57:44,728:DEBUG:requests.pa
>> <http://requests.pa>ckages.urllib3.connectionpool:"POST
>> /acme/new-authz HTTP/1.1" 400 109
>> 2016-12-06 20:57:44,730:DEBUG:root:Received <Response [400]>.
>> Headers: {'Content-Length': '109', 'Boulder-Request-Id':
>> 'z34CxBq8_BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires':
>> 'Tue, 06 Dec 2016 20:57:46 GMT', 'Server': 'nginx',
>> 'Connection': 'close', 'Cache-Control': 'max-age=0, no-cache,
>> no-store', 'Pragma': 'no-cache', 'Boulder-Requester':
>> '6994631', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'Content-Type': 'application/problem+json', 'Replay-Nonce':
>> 'YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}. Content:
>> '{\n "type": "urn:acme:error:malformed",\n "detail": "DNS
>> name does not have enough labels",\n "status": 400\n}'
>> 2016-12-06 20:57:44,730:DEBUG:acme.client:Storing nonce:
>> "b\x84\x8d\xa4\xb4\xf5D\x94\x8d\xe6\xd5\x15\x11k\xa3\xaf\x18\xd9\xe0\xbchS\xe8\xca\x9d\xcb'\xd5\xa3}\x1cR"
>> 2016-12-06 20:57:44,730:DEBUG:acme.client:Received response
>> <Response [400]> (headers: {'Content-Length': '109',
>> 'Boulder-Request-Id':
>> 'z34CxBq8_BBQbE6zM00YjU8c08FeXh24WHyCG1xAYJE', 'Expires':
>> 'Tue, 06 Dec 2016 20:57:46 GMT', 'Server': 'nginx',
>> 'Connection': 'close', 'Cache-Control': 'max-age=0, no-cache,
>> no-store', 'Pragma': 'no-cache', 'Boulder-Requester':
>> '6994631', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'Content-Type': 'application/problem+json', 'Replay-Nonce':
>> 'YoSNpLT1RJSN5tUVEWujrxjZ4LxoU-jKncsn1aN9HFI'}): '{\n
>> "type": "urn:acme:error:malformed",\n "detail": "DNS name
>> does not have enough labels",\n "status": 400\n}'
>> 2016-12-06 20:57:44,735:DEBUG:certbot.main:Exiting abnormally:
>> Traceback (most recent call last):
>> File "/usr/bin/letsencrypt", line 9, in <module>
>> load_entry_point('certbot==0.9.3', 'console_scripts',
>> 'certbot')()
>> File "/usr/lib/python2.7/site-packages/certbot/main.py",
>> line 776, in main
>> return config.func(config, plugins)
>> File "/usr/lib/python2.7/site-packages/certbot/main.py",
>> line 566, in obtain_cert
>> _csr_obtain_cert(config, le_client)
>> File "/usr/lib/python2.7/site-packages/certbot/main.py",
>> line 535, in _csr_obtain_cert
>> certr, chain =
>> le_client.obtain_certificate_from_csr(config.domains, csr, typ)
>> File "/usr/lib/python2.7/site-packages/certbot/client.py",
>> line 229, in obtain_certificate_from_csr
>> authzr = self.auth_handler.get_authorizations(domains)
>> File
>> "/usr/lib/python2.7/site-packages/certbot/auth_handler.py",
>> line 68, in get_authorizations
>> domain, self.account.regr.new_authzr_uri)
>> File "/usr/lib/python2.7/site-packages/acme/client.py",
>> line 210, in request_domain_challenges
>> typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
>> File "/usr/lib/python2.7/site-packages/acme/client.py",
>> line 190, in request_challenges
>> new_authz)
>> File "/usr/lib/python2.7/site-packages/acme/client.py",
>> line 649, in post
>> return self._check_response(response,
>> content_type=content_type)
>> File "/usr/lib/python2.7/site-packages/acme/client.py",
>> line 565, in _check_response
>> raise messages.Error.from_json(jobj)
>> Error: urn:acme:error:malformed :: The request message was
>> malformed :: DNS name does not have enough labels
>>
>>
>>
>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161207/3585dbcf/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 12140 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161207/3585dbcf/attachment.png>
More information about the Freeipa-users
mailing list