Comments (11)
I have the SOHO firewall config configured. The "WAN_IN" "WAN_LOCAL". is there a way to do the firewall part manually ?
from ubnt-letsencrypt.
Post full log and commands run.
from ubnt-letsencrypt.
I customised the acme script to add my email. I customised yours to add debug flag. This is the output
admin@ubnt:~$ sudo /config/scripts/renew.acme.sh -d host -i eth2
[Thu Aug 10 03:32:13 AEST 2017] Stopping gui service.
[Thu Aug 10 03:32:14 AEST 2017] Starting temporary acme challenge service.
[Thu Aug 10 03:32:15 AEST 2017] Lets find script dir.
[Thu Aug 10 03:32:15 AEST 2017] _SCRIPT_='/config/.acme.sh/acme.sh'
[Thu Aug 10 03:32:15 AEST 2017] _script='/config/.acme.sh/acme.sh'
[Thu Aug 10 03:32:15 AEST 2017] _script_home='/config/.acme.sh'
[Thu Aug 10 03:32:15 AEST 2017] Using config home:/config/.acme.sh
https://github.com/Neilpang/acme.sh
v2.7.3
[Thu Aug 10 03:32:15 AEST 2017] Using config home:/config/.acme.sh
[Thu Aug 10 03:32:15 AEST 2017] DOMAIN_PATH='/config/.acme.sh/host'
[Thu Aug 10 03:32:15 AEST 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Thu Aug 10 03:32:15 AEST 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Aug 10 03:32:15 AEST 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Thu Aug 10 03:32:15 AEST 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Aug 10 03:32:15 AEST 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Aug 10 03:32:15 AEST 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Thu Aug 10 03:32:15 AEST 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Thu Aug 10 03:32:15 AEST 2017] Le_NextRenewTime
[Thu Aug 10 03:32:16 AEST 2017] _on_before_issue
[Thu Aug 10 03:32:16 AEST 2017] Le_LocalAddress='publicip,'
[Thu Aug 10 03:32:16 AEST 2017] Check for domain='host'
[Thu Aug 10 03:32:16 AEST 2017] _currentRoot='/config/.acme.sh/webroot'
[Thu Aug 10 03:32:16 AEST 2017] _saved_account_key_hash is not changed, skip register account.
[Thu Aug 10 03:32:16 AEST 2017] Read key length:
[Thu Aug 10 03:32:16 AEST 2017] _createcsr
[Thu Aug 10 03:32:16 AEST 2017] Single domain='host'
[Thu Aug 10 03:32:17 AEST 2017] Getting domain auth token for each domain
[Thu Aug 10 03:32:17 AEST 2017] Getting webroot for domain='host'
[Thu Aug 10 03:32:17 AEST 2017] _w='/config/.acme.sh/webroot'
[Thu Aug 10 03:32:17 AEST 2017] _currentRoot='/config/.acme.sh/webroot'
[Thu Aug 10 03:32:17 AEST 2017] Getting new-authz for domain='host'
[Thu Aug 10 03:32:17 AEST 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Aug 10 03:32:17 AEST 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Thu Aug 10 03:32:17 AEST 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Aug 10 03:32:17 AEST 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Aug 10 03:32:17 AEST 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Thu Aug 10 03:32:17 AEST 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Thu Aug 10 03:32:17 AEST 2017] Try new-authz for the 0 time.
[Thu Aug 10 03:32:17 AEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Aug 10 03:32:17 AEST 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "host"}}'
[Thu Aug 10 03:32:17 AEST 2017] RSA key
[Thu Aug 10 03:32:18 AEST 2017] GET
[Thu Aug 10 03:32:18 AEST 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Aug 10 03:32:18 AEST 2017] timeout
[Thu Aug 10 03:32:18 AEST 2017] _CURL='curl -L --silent --dump-header /config/.acme.sh/http.header '
[Thu Aug 10 03:32:18 AEST 2017] ret='0'
[Thu Aug 10 03:32:19 AEST 2017] POST
[Thu Aug 10 03:32:19 AEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Aug 10 03:32:19 AEST 2017] _CURL='curl -L --silent --dump-header /config/.acme.sh/http.header '
[Thu Aug 10 03:32:21 AEST 2017] _ret='0'
[Thu Aug 10 03:32:21 AEST 2017] code='201'
[Thu Aug 10 03:32:21 AEST 2017] The new-authz request is ok.
[Thu Aug 10 03:32:21 AEST 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100","token":"token"'
[Thu Aug 10 03:32:22 AEST 2017] token='token'
[Thu Aug 10 03:32:22 AEST 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100'
[Thu Aug 10 03:32:22 AEST 2017] keyauthorization='key'
[Thu Aug 10 03:32:22 AEST 2017] dvlist='host#hash#https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100#http-01#/config/.acme.sh/webroot'
[Thu Aug 10 03:32:22 AEST 2017] vlist='host#hash#https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100#http-01#/config/.acme.sh/webroot,'
[Thu Aug 10 03:32:22 AEST 2017] ok, let's start to verify
[Thu Aug 10 03:32:22 AEST 2017] Verifying:host
[Thu Aug 10 03:32:22 AEST 2017] d='host'
[Thu Aug 10 03:32:22 AEST 2017] keyauthorization='key'
[Thu Aug 10 03:32:22 AEST 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/hashs/1717262100'
[Thu Aug 10 03:32:22 AEST 2017] _currentRoot='/config/.acme.sh/webroot'
[Thu Aug 10 03:32:22 AEST 2017] wellknown_path='/config/.acme.sh/webroot/.well-known/acme-challenge'
[Thu Aug 10 03:32:22 AEST 2017] writing token:token to /config/.acme.sh/webroot/.well-known/acme-challenge/tmUmKCiZHlcdxi40WH3hczbjKlWRdnAfiCl6zTtpBl4
[Thu Aug 10 03:32:22 AEST 2017] Changing owner/group of .well-known to root:root
[Thu Aug 10 03:32:22 AEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100'
[Thu Aug 10 03:32:22 AEST 2017] payload='{"resource": "challenge", "keyAuthorization": "token"}'
[Thu Aug 10 03:32:23 AEST 2017] POST
[Thu Aug 10 03:32:23 AEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100'
[Thu Aug 10 03:32:23 AEST 2017] _CURL='curl -L --silent --dump-header /config/.acme.sh/http.header '
[Thu Aug 10 03:32:24 AEST 2017] _ret='0'
[Thu Aug 10 03:32:25 AEST 2017] code='202'
[Thu Aug 10 03:32:25 AEST 2017] sleep 2 secs to verify
[Thu Aug 10 03:32:27 AEST 2017] checking
[Thu Aug 10 03:32:27 AEST 2017] GET
[Thu Aug 10 03:32:27 AEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100'
[Thu Aug 10 03:32:27 AEST 2017] timeout
[Thu Aug 10 03:32:27 AEST 2017] _CURL='curl -L --silent --dump-header /config/.acme.sh/http.header '
[Thu Aug 10 03:32:28 AEST 2017] ret='0'
[Thu Aug 10 03:32:28 AEST 2017] Pending
[Thu Aug 10 03:32:28 AEST 2017] sleep 2 secs to verify
[Thu Aug 10 03:32:30 AEST 2017] checking
[Thu Aug 10 03:32:30 AEST 2017] GET
[Thu Aug 10 03:32:30 AEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100'
[Thu Aug 10 03:32:30 AEST 2017] timeout
[Thu Aug 10 03:32:30 AEST 2017] _CURL='curl -L --silent --dump-header /config/.acme.sh/http.header '
[Thu Aug 10 03:32:30 AEST 2017] ret='0'
[Thu Aug 10 03:32:31 AEST 2017] host:Verify error:Fetching http://host/.well-known/acme-challenge/hash: Timeout
[Thu Aug 10 03:32:31 AEST 2017] Debug: get token url.
[Thu Aug 10 03:32:31 AEST 2017] GET
[Thu Aug 10 03:32:31 AEST 2017] url='http://host/.well-known/acme-challenge/hash'
[Thu Aug 10 03:32:31 AEST 2017] timeout='1'
[Thu Aug 10 03:32:31 AEST 2017] _CURL='curl -L --silent --dump-header /config/.acme.sh/http.header --connect-timeout 1'
[Thu Aug 10 03:32:31 AEST 2017] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Thu Aug 10 03:32:31 AEST 2017] ret='7'
[Thu Aug 10 03:32:31 AEST 2017] Debugging, skip removing: /config/.acme.sh/webroot/.well-known/acme-challenge/hash
[Thu Aug 10 03:32:31 AEST 2017] pid
[Thu Aug 10 03:32:31 AEST 2017] No need to restore nginx, skip.
[Thu Aug 10 03:32:31 AEST 2017] _clearupdns
[Thu Aug 10 03:32:31 AEST 2017] skip dns.
[Thu Aug 10 03:32:31 AEST 2017] _on_issue_err
[Thu Aug 10 03:32:31 AEST 2017] Please add '--debug' or '--log' to check more details.
[Thu Aug 10 03:32:31 AEST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Thu Aug 10 03:32:31 AEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100'
[Thu Aug 10 03:32:31 AEST 2017] payload='{"resource": "challenge", "keyAuthorization": "token"}'
[Thu Aug 10 03:32:32 AEST 2017] POST
[Thu Aug 10 03:32:32 AEST 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hash/1717262100'
[Thu Aug 10 03:32:32 AEST 2017] _CURL='curl -L --silent --dump-header /config/.acme.sh/http.header '
[Thu Aug 10 03:32:33 AEST 2017] _ret='0'
[Thu Aug 10 03:32:34 AEST 2017] code='400'
[Thu Aug 10 03:32:34 AEST 2017] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1e 11 Feb 2013
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
nc:
nc: invalid option -- 'h'
BusyBox v1.19.0 (2017-08-03 01:19:05 PDT) multi-call binary.
Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]
Open a pipe to IP:PORT or FILE
-e PROG Run PROG after connect
-l Listen mode, for inbound connects
(use -l twice with -e for persistent server)
-p PORT Local port
-w SEC Timeout for connect
-i SEC Delay interval for lines sent
from ubnt-letsencrypt.
Did you sanitize your actual host to -d host?
from ubnt-letsencrypt.
sorry yes I did. I can email full log. There is private keys and stuff in there I think.
from ubnt-letsencrypt.
???
from ubnt-letsencrypt.
Need full logs and router config to look further.
from ubnt-letsencrypt.
Oh sorry you never asked for that. that is not something that should go on here I think. especially when it might be exposing my personal lets encrypt account details. I can email them when I have another try. I just upgraded to the Gen 2 Erl3
from ubnt-letsencrypt.
just let me know how to do that sorry about that.
from ubnt-letsencrypt.
(nearly 4 years later, sorry)
Did you ever figure out the Firewall issue?
from ubnt-letsencrypt.
There was never enough information on this issue to determine anything. The firewall and web challenge has significantly changed since this issue was filed, I would expect everything to work fine.
from ubnt-letsencrypt.
Related Issues (20)
- acme.sh no longer likes to be run with sudo HOT 4
- PID file not reliable HOT 2
- add firewall setup HOT 1
- Kills GUI HOT 4
- Timeout when running renew.acme.sh HOT 1
- Not an issue
- Not working for me. Any known issues with Dyn DNS? HOT 1
- Verify error:Invalid response from http:// HOT 6
- ZeroSSL requires registration HOT 5
- Verify error:Invalid response from http:// HOT 1
- No longer able to connect to https on LAN interface HOT 2
- SSL certificate problem: unable to get local issuer certificate (potentially just on older firmware) HOT 4
- set system static-host-mapping not needed? HOT 1
- README.md comment
- Router firmware update breaks cert setup HOT 4
- `_ecc` suffix in the certificate leads to failure of reload command HOT 5
- Less issue vs a question... HOT 1
- Additional steps needed for router's FQDN to work locally
- wildcard certificate HOT 1
- Failed to create the file /config/ssl/cacert.pem: No such file or directory HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ubnt-letsencrypt.