oetiker / acmefetch Goto Github PK
View Code? Open in Web Editor NEWApp for generating and managing Let's Encrypt! Certificates based on the Net::ACME2 library.
Home Page: http://www.acmefetch.org/
License: GNU General Public License v3.0
acmefetch's Introduction
acmefetch's People
Contributors
Stargazers
Watchers
acmefetch's Issues
Configuring with ./configure --prefix=$HOME/opt/acmefetch does not install JSON::PP
I followed README, doing
./configure --prefix=$HOME/opt/acmefetch
make
make install
Then I run
$HOME/opt/acmefetch/bin/acmefetch --help
and got
Can't locate JSON/PP.pm in @INC (@INC contains: /home/user/opt/acmefetch/lib/x86_64-linux-thread-multi /home/user/opt/acmefetch/lib /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /home/user/opt/acmefetch/bin/acmefetch line 9.
acmefetch-0.7.5 - Config Errors with new version and API 2.0
After a fresh install of AcmeFetch 0.7.5 I get the following error with a new domain and can not find the reason.
# ./bin/acmefetch --cfg=etc/kimai.deimeke.ruhr.cfg
Config ERROR: root->CERTS: key 'chainOutput' not found in schema
Config ERROR: root->CERTS: key 'chainFormat' not found in schema
Config ERROR: root->CERTS->SITES->kimai.deimeke.ruhr: key 'challengeHandler' not found in schema
Can't continue with config errors
Here is the config file:
# cat etc/kimai.deimeke.ruhr.cfg
{
"GENERAL": {
"ACMEstaging": "acme-staging.api.letsencrypt.org",
"ACMEservice": "acme-v02.api.letsencrypt.org",
"accountKeyPath": "/etc/letsencrypt/ddeimeke.key"
},
"CERTS": [
{
"certOutput": "/etc/letsencrypt/kimai.deimeke.ruhr.crt",
"certFormat": "PEM",
"keyOutput": "/etc/letsencrypt/kimai.deimeke.ruhr.key",
"keyFormat": "PEM",
"chainOutput": "/etc/letsencrypt/chain.crt",
"chainFormat": "PEM",
"commonName": "kimai.deimeke.ruhr",
"SITES": {
"kimai.deimeke.ruhr": {
"challengeHandler": "LocalFile",
"challengeConfig": {
"www_root": "/srv/www/kimai.deimeke.ruhr/",
}
}
}
}
]
}
Fails with only one name
If you have only one name on the cert the script fails in makeCsr because there are no names for the SAN section. It is OK (or at least very common) to have the commonName in the SAN section as well. Changing:
$cert->{altNames} = join ',', map {"DNS:$_"} grep {$_ ne $cert->{commonName}} sort keys %{$cert->{SITES}};
to
$cert->{altNames} = join ',', map {"DNS:$_"} sort keys %{$cert->{SITES}};
takes care of it but you might want to do something more conditional based on the number of names.
use FindBin; gets wiped out
the building process eliminates the folliwing line: https://github.com/oetiker/AcmeFetch/blob/master/bin/acmefetch#L4
but FindBin is used later: https://github.com/oetiker/AcmeFetch/blob/master/bin/acmefetch#L31
add "use FindBin;"
acmefetch fails with error on OmniOS r151044
After updating to OmniOS r151044, a previously-working acmefetch run fails with the following:
Can't modify undef operator in scalar assignment at /opt/ooce/acmefetch/lib/Convert/ASN1/_decode.pm line 101, near ");"
BEGIN not safe after errors--compilation aborted at /opt/ooce/acmefetch/lib/Convert/ASN1/_decode.pm line 610.
Compilation failed in require at /opt/ooce/acmefetch/lib/Convert/ASN1.pm line 438.
BEGIN failed--compilation aborted at /opt/ooce/acmefetch/lib/Convert/ASN1.pm line 444.
Compilation failed in require at /usr/perl5/5.36/lib/parent.pm line 16.
BEGIN failed--compilation aborted at /opt/ooce/acmefetch/lib/Crypt/Perl/ASN1.pm line 8.
Compilation failed in require at /opt/ooce/acmefetch/lib/Crypt/Perl/RSA/Parse.pm line 34.
BEGIN failed--compilation aborted at /opt/ooce/acmefetch/lib/Crypt/Perl/RSA/Parse.pm line 34.
Compilation failed in require at /usr/perl5/5.36/lib/Module/Load.pm line 78.
Can't locate Crypt/Perl/RSA/Parse in @INC (@INC contains: /opt/ooce/acmefetch/lib/i86pc-solaris-thread-multi-64 /opt/ooce/acmefetch/lib /usr/perl5/site_perl/5.36/i86pc-solaris-thread-multi-64 /usr/perl5/site_perl/5.36 /usr/perl5/vendor_perl/5.36/i86pc-solaris-thread-multi-64 /usr/perl5/vendor_perl/5.36 /usr/perl5/5.36/lib/i86pc-solaris-thread-multi-64 /usr/perl5/5.36/lib) at /usr/perl5/5.36/lib/Module/Load.pm line 78.
Since r151044 updated to Perl 5.36.0, my assumption is that it's related to that, but in all honesty this is over my head. The AcmeFetch project seems mostly dormant—which is fine; nobody owes me a fix, and I can switch to some other Let's Encrypt client—but I thought I'd at least document what I ran into, for search engine purposes.
failure on OmniOS r1510402+ when openssl mediator is set to 3
OmniOS r151042 changed the default openssl mediator to 3. When running in a zone with it set to 3, acmefetch seems to error out with
Config ERROR: root->GENERAL: Execution of validator for 'opensslBin' returns with error: Openssl openssl not found
and a certificate is not created.
After setting the openssl mediator back to 1.1, acmefetch works without issue.
get chain file
to deploy successfully we also need the chain file .. its location is indicated in the answer to the sign request:
$VAR1 = {
'protocol' => 'HTTP/1.1',
'headers' => {
'replay-nonce' => 'NJ6UUfvmmWkrs1gKZw0r8n5k-eNGiDUMVqGPGBQULns',
'date' => 'Tue, 26 Jan 2016 16:52:47 GMT',
'server' => 'nginx',
'connection' => 'keep-alive',
'content-type' => 'application/pkix-cert',
'strict-transport-security' => 'max-age=604800',
'content-length' => '1256',
'location' => 'https://acme-staging.api.letsencrypt.org/acme/cert/fa155815a55af231c0e0049b92a58068c154',
'link' => '<https://acme-staging.api.letsencrypt.org/acme/issuer-cert>;rel="up"',
'x-frame-options' => 'DENY'
},
'status' => '201',
under headers->link
Certs elements not strictly necessary
The following fields:
countryName
organizationName
organizationalUnitName
stateOrProvinceName
localityName
Are not needed in a DV cert. The CSR can have them, but they are (should be) ignored by the CA and not included in the certificate. The best thing to do is probably leave them out of the process.
Ubuntu 22.04: Execution of validator for 'opensslBin' returns with error: Openssl openssl not found
Hi!
I updated one of my systems to Ubuntu 22.04, and I get the following error when trying to run acmefetch:
Config ERROR: root->GENERAL: Execution of validator for 'opensslBin' returns with error: Openssl openssl not found
Can't continue with config errors
Any ideas?
Dirk
Requirements missing
I am using the distribution tarball on CentOS 7 and there are some dependencies not installed via ./configure and make.
You need the headers for OpenSSL (package openssl-devel on CentOS).
And without Module::CoreList (package perl-Module-CoreList) nothing happens at all.
Making all in thirdparty
make[1]: Entering directory `/home/dirk/workspace/acmefetch-0.4.0/thirdparty'
GEN all-local
gmake[2]: Entering directory `/home/dirk/workspace/acmefetch-0.4.0/thirdparty'
gmake[2]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule.
GEN touch
! Couldn't find module or a distribution Test::Exception (0.4)
! Installing the dependencies failed: Module 'Test::Exception' is not installed
! Bailing out the installation for Crypt-Format-0.06.
! Couldn't find module or a distribution Test::NoWarnings (0.01)
! Installing the dependencies failed: Module 'Crypt::Format' is not installed, Module 'Test::NoWarnings' is not installed
! Bailing out the installation for Crypt-RSA-Parse-0.041.
! Couldn't find module or a distribution IPC::Cmd
! Installing the dependencies failed: Module 'IPC::Cmd' is not installed
! Bailing out the installation for HTTP-Tiny-0.056.
! Installing the dependencies failed: Installed version (0.033) of HTTP::Tiny is not in range '0.054', Module 'Crypt::RSA::Parse' is not installed, Module 'Crypt::Format' is not installed
! Bailing out the installation for Protocol-ACME-0.11.
Data::Processor is up to date. (0.4.2)
Pod::Usage is up to date. (1.68)
JSON is up to date. (2.90)
Crypt::OpenSSL::X509 is up to date. (1.806)
Net::SSLeay is up to date. (1.72)
IO::Socket::SSL is up to date. (2.024)
gmake[2]: *** [touch] Error 123
gmake[2]: Leaving directory `/home/dirk/workspace/acmefetch-0.4.0/thirdparty'
make[1]: *** [all-local] Error 2
make[1]: Leaving directory `/home/dirk/workspace/acmefetch-0.4.0/thirdparty'
make: *** [all-recursive] Error 1
create ".well-known/acme-challenge/" dir if it does not exist
acmefetch fails if the challenge directory does not exist.
acmefetch should check if the directory exists and create it if necessary
cleanup ".well-known/acme-challenge/" dir after certificate creation
The client should delete all the challenge files after a successful certificate creation. Then it matches my use case perfectly. :-)
acmefetch-0.6.2 also won't build on debian9
Sorry, but an make with 0.6.2 fails on an plain debian9 too.
root@debian9-test:~/soft/acmefetch-0.6.2# make
Making all in thirdparty
make[1]: Verzeichnis „/root/soft/acmefetch-0.6.2/thirdparty“ wird betreten
GEN touch
Successfully installed Class-Accessor-0.34
Successfully installed Convert-ASN1-0.27
Successfully installed Crypt-Format-0.07
Successfully installed Crypt-RSA-Parse-0.043
Successfully installed Mozilla-CA-20160104
! Installing Net::SSLeay failed. See /root/soft/acmefetch-0.6.2/thirdparty/work/1504184979.6979/build.log for details. Retry with --force to force install it.
! Installing the dependencies failed: Module 'Net::SSLeay' is not installed
! Bailing out the installation for IO-Socket-SSL-2.050.
Successfully installed Crypt-OpenSSL-Random-0.11
! Installing Crypt::OpenSSL::RSA failed. See /root/soft/acmefetch-0.6.2/thirdparty/work/1504184979.6979/build.log for details. Retry with --force to force install it.
Successfully installed Sub-Uplevel-0.2800
Successfully installed Test-Exception-0.43
Successfully installed JSON-2.94
Successfully installed Log-Any-1.049
Successfully installed Crypt-OpenSSL-Bignum-0.08
! Installing the dependencies failed: Module 'Net::SSLeay' is not installed, Module 'Crypt::OpenSSL::RSA' is not installed, Module 'IO::Socket::SSL' is not installed
! Bailing out the installation for Protocol-ACME-1.01.
Successfully installed Data-Processor-0.4.3
Successfully installed Pod-Usage-1.69 (upgraded from 1.68)
! Installing Crypt::OpenSSL::X509 failed. See /root/soft/acmefetch-0.6.2/thirdparty/work/1504184979.6979/build.log for details. Retry with --force to force install it.
13 distributions installed
Makefile:413: die Regel für Ziel „touch“ scheiterte
make[1]: *** [touch] Fehler 123
make[1]: Verzeichnis „/root/soft/acmefetch-0.6.2/thirdparty“ wird verlassen
Makefile:451: die Regel für Ziel „all-recursive“ scheiterte
make: *** [all-recursive] Fehler 1
touch PERL_MODULES and cpan update produce the same error - Net::SSLeay was not installed (and OpenSSL::RSA...).
unzip
unzip is needed as well to build AcmeFetch (currently building with a minimal installation and writing a blog article).
IO::Socket::SSL missing
IO::Socket::SSL should be installe, too
acmefetch-0.6.1 won't build on debian9
On Debian9 make failed.
basic debian-version with "apt install libssl-dev gcc unzip make"
./configure --prefix=/opt/acmefetch
/usr/bin/make install
Making install in thirdparty
make[1]: Entering directory '/root/soft/acmefetch-0.6.1/thirdparty'
GEN touch
Successfully installed Class-Accessor-0.34
Successfully installed Convert-ASN1-0.27
Successfully installed Crypt-Format-0.07
Successfully installed Crypt-RSA-Parse-0.043
! Configure failed for Net-SSLeay-1.80. See /root/soft/acmefetch-0.6.1/thirdparty/work/1503292155.47578/build.log for details.
Successfully installed Crypt-OpenSSL-Random-0.11
! Installing Crypt::OpenSSL::RSA failed. See /root/soft/acmefetch-0.6.1/thirdparty/work/1503292155.47578/build.log for details. Retry with --force to force install it.
Successfully installed Sub-Uplevel-0.2600
Successfully installed Test-Exception-0.43
Successfully installed Crypt-OpenSSL-Bignum-0.07
Successfully installed JSON-2.90
! Couldn't find module or a distribution Mozilla::CA
! Installing the dependencies failed: Module 'Mozilla::CA' is not installed
! Bailing out the installation for IO-Socket-SSL-2.044.
Successfully installed Log-Any-1.045
Successfully installed Protocol-ACME-1.01
Successfully installed Data-Processor-0.4.2
Successfully installed Pod-Usage-1.69 (upgraded from 1.68)
! Configure failed for Crypt-OpenSSL-X509-1.804. See /root/soft/acmefetch-0.6.1/thirdparty/work/1503292155.47578/build.log for details.
13 distributions installed
Makefile:413: recipe for target 'touch' failed
make[1]: *** [touch] Error 123
make[1]: Leaving directory '/root/soft/acmefetch-0.6.1/thirdparty'
Makefile:451: recipe for target 'install-recursive' failed
make: *** [install-recursive] Error 1
Make fails on compiling Net::SSLeay on Ubuntu 20.04.2
There are a lot of warnings in the logs, but this seems to be the "real" error.
/usr/bin/ld: cannot find -lz
Switch to Digest::SHA
Digest::SHA2 is deprecated apparently. It is a simple switch though not quite drop in.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.