openmediavault-letsencrypt

ryecoaaron · Sep 13th 2017

Quote from BUFU1610

(although I think this is obsolete now, the output:

Code

$ apt-cache policy certbot
certbot:
  Installed: (none)
  Candidate: 0.10.2-1~bpo8+1
  Package pin: 0.10.2-1~bpo8+1
  Version table:
     0.10.2-1~bpo8+1 500
        100 http://httpredir.debian.org/debian/ jessie-backports/main amd64 Packages

You must not have the backports repo enabled. What is the output of: grep backports /etc/apt/sources.list.d/*

BUFU1610 · Sep 14th 2017

Quote from ryecoaaron

You must not have the backports repo enabled.

Exactly. I didn't know about the jessie-backports repo until yesterday.
I did add a .list and therefore are now able to install backport packages.

The thing is: If I want to install certbot, it tells me it depends on python-certbot. If I want to install that, it tells me it depends on python-acme, python-cryptography and python-openssl.....
Is this an endless thing? I read somewhere that it's not advised to install too many packages from the backports, but only those necessary... therefore I would like to keep the list rather short (also I have had experiences breaking my whole system by installing a new package.. so, minimal installation seems the safe route for me).

I tried with the command apt-get install certbot -t jessie-backports, is this limiting the install to this specific package? (Is apt-get normally supposed to download dependencies with the package it should install or not? If not, I have to get to the bottom of this myself, right?)

ryecoaaron · Sep 14th 2017

Quote from BUFU1610

Is this an endless thing? I read somewhere that it's not advised to install too many packages from the backports, but only those necessary... therefore I would like to keep the list rather short (also I have had experiences breaking my whole system by installing a new package.. so, minimal installation seems the safe route for me).

Nope, it isn't endless and this is why omv-extras pins the proper packages (see here). If you want letsencrypt, there is no way around it with jessie/OMV 3.x. Most of the time, installing python packages (not python itself) from backports is minimal risk. Make a backup before doing this though...

Quote from BUFU1610

I tried with the command apt-get install certbot -t jessie-backports, is this limiting the install to this specific package? (Is apt-get normally supposed to download dependencies with the package it should install or not? If not, I have to get to the bottom of this myself, right?)

Once the backports repo is enabled, do an apt clean from the web interface and you should be able to install the plugin from the web interface.

akruidenberg · Sep 14th 2017

Quote from LouBen3010

Hey there,
I just found out that my OMV does not generate the certificate for a second given domain.
In the plugin section I defined: "a.mydomain.com,b.mydomain.com" (without quotes) as domains.
After Pressing "Generate Certificates" I only receive a.mydomain.com in my "live" folder from LetsEncrypt.

Do you know this issue?

Best regards
Benedikt

Display More

I've got exactly he same issue. read above. Really wants a second certifite for my second domain. More people?

BUFU1610 · Sep 14th 2017

Quote from ryecoaaron

Once the backports repo is enabled, do an apt clean from the web interface and you should be able to install the plugin from the web interface.

I am not sure if it is... is adding the deb for the backports as a .list all I have to do to enable the repo?
because I added it to the omv-extra.list and the install from the plugin web interface still gives me the same error after the apt clean.

ryecoaaron · Sep 14th 2017

Quote from BUFU1610

is adding the deb for the backports as a .list all I have to do to enable the repo?

and then run apt-get update.

Quote from BUFU1610

because I added it to the omv-extra.list and the install from the plugin web interface still gives me the same error after the apt clean.

That file gets overwritten whenever you doing anything in omv-extras. Put it in its own file. I still don't understand why you don't have the backports file since OMV 3 started adding it.

BUFU1610 · Sep 14th 2017

Quote from ryecoaaron

Put it in its own file.

Did that, but then it didn't work so I thought I might have to put it somewhere else for testing.

But putting it back in its own .list file hasn't changed a lot, neither works in the GUI, nor in a terminal.

ryecoaaron · Sep 14th 2017

You must have a conflict with another package already being installed then. What is the output of:

Code

apt-get update
apt-get install python3-msgpack certbot python-acme python-certbot python-cffi python-cffi-backend \
 python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 \
 python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl \
 python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-requests \
 python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component \
 python-zope.event python-zope.interface

BUFU1610 · Sep 15th 2017

so, this is what I get:

Code

# apt-get update
Ign file:  InRelease
Ign file:  Release.gpg                                                           
Ign file:  Release                                                                                              
Ign http://ftp.de.debian.org jessie InRelease                                                                   
Get:1 http://ftp.debian.org jessie-backports InRelease [166 kB]                                                 
Hit http://packages.openmediavault.org erasmus InRelease                                                        
Ign file:  Translation-en_GB                                                                                    
Ign file:  Translation-en                                
Hit http://ftp.de.debian.org jessie Release.gpg                                   
Hit http://ftp.de.debian.org jessie Release                                       
Hit https://dev2day.de jessie InRelease                     
Get:2 https://dl.bintray.com jessie InRelease   
Hit http://packages.openmediavault.org erasmus/main arm64 Packages     
Hit http://packages.openmediavault.org erasmus/main armhf Packages                                          
Ign http://packages.openmediavault.org erasmus/main Translation-en_GB                                       
Ign http://packages.openmediavault.org erasmus/main Translation-en    
Get:3 http://ftp.debian.org jessie-backports/main arm64 Packages/DiffIndex [27.8 kB]        
Ign https://dl.bintray.com jessie InRelease                                                           
Hit https://dev2day.de jessie/main armhf Packages                     
Get:4 http://ftp.debian.org jessie-backports/main armhf Packages/DiffIndex [27.8 kB]
Get:5 https://dev2day.de jessie/main Translation-en_GB [323 B]
Get:6 http://ftp.debian.org jessie-backports/main Translation-en/DiffIndex [27.8 kB]             
Get:7 https://dl.bintray.com jessie Release.gpg [821 B]
Get:8 https://dev2day.de jessie/main Translation-en [320 B]
Get:9 https://dev2day.de jessie/main Translation-en_GB [323 B]
Hit http://ftp.de.debian.org jessie/main Sources                 
Get:10 https://dev2day.de jessie/main Translation-en [320 B]     
Hit https://dl.bintray.com jessie Release                                    
Hit http://ftp.de.debian.org jessie/non-free Sources                                                
Hit http://ftp.de.debian.org jessie/contrib Sources                                                 
Hit http://ftp.de.debian.org jessie/main arm64 Packages                      
Hit http://ftp.de.debian.org jessie/non-free arm64 Packages                  
Hit http://ftp.de.debian.org jessie/contrib arm64 Packages
Hit http://ftp.de.debian.org jessie/main armhf Packages
Hit http://ftp.de.debian.org jessie/non-free armhf Packages
Hit http://ftp.de.debian.org jessie/contrib armhf Packages
Get:11 https://dev2day.de jessie/main Translation-en_GB [323 B]
Hit https://dl.bintray.com jessie/main arm64 Packages                           
Hit http://ftp.de.debian.org jessie/contrib Translation-en                      
Hit http://ftp.de.debian.org jessie/main Translation-en                         
Hit http://ftp.de.debian.org jessie/non-free Translation-en                     
Hit https://dl.bintray.com jessie/main armhf Packages     
Get:12 https://dev2day.de jessie/main Translation-en [320 B]
Get:13 https://dev2day.de jessie/main Translation-en_GB [323 B]
Get:14 https://dl.bintray.com jessie/main Translation-en_GB
Get:15 https://dev2day.de jessie/main Translation-en [320 B]                          
Get:16 https://dl.bintray.com jessie/main Translation-en                              
Get:17 https://dev2day.de jessie/main Translation-en_GB [323 B]                    
Get:18 https://dl.bintray.com jessie/main Translation-en_GB                        
Ign https://dev2day.de jessie/main Translation-en_GB                                  
Get:19 https://dev2day.de jessie/main Translation-en [320 B]                          
Ign https://dev2day.de jessie/main Translation-en                                  
Get:20 https://dl.bintray.com jessie/main Translation-en                           
Get:21 https://dl.bintray.com jessie/main Translation-en_GB
Get:22 https://dl.bintray.com jessie/main Translation-en
Get:23 https://dl.bintray.com jessie/main Translation-en_GB
Get:24 https://dl.bintray.com jessie/main Translation-en
Get:25 https://dl.bintray.com jessie/main Translation-en_GB
Ign https://dl.bintray.com jessie/main Translation-en_GB
Get:26 https://dl.bintray.com jessie/main Translation-en
Ign https://dl.bintray.com jessie/main Translation-en
Fetched 250 kB in 24s (10.1 kB/s)                                                                                                                    
Reading package lists... Done
# apt-get install python3-msgpack certbot python-acme python-certbot python-cffi python-cffi-backend \
>  python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 \
>  python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl \
>  python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-requests \
>  python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component \
>  python-zope.event python-zope.interface
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:


The following packages have unmet dependencies:
 python-cffi : Depends: python-cffi-backend (< 1.9.1-2~bpo8+1+c) but it is not installable
               Depends: python-cffi-backend (>= 1.9.1-2~bpo8+1) but it is not installable
               Depends: python-pycparser but it is not going to be installed
 python-cffi-backend:armhf : Depends: python:armhf (< 2.8) but it is not going to be installed
                             Depends: python:armhf (>= 2.7~) but it is not going to be installed
                             Breaks: python-cryptography (< 0.8.2-4~) but 0.8.2-2~bpo8+1 is to be installed
 python-openssl : Depends: python-cryptography (>= 1.3) but 0.8.2-2~bpo8+1 is to be installed
E: Unable to correct problems, you have held broken packages.

Display More

Is there anything you see in here that can help me?

ryecoaaron · Sep 15th 2017

I guess I didn't realize this was an armhf system. That usually makes things a pain in the ass since they don't always have the same packages as i386/amd64 (especially in backports). What is the output of:

apt-cache policy python-cffi python-cffi-backend python python-cryptography python-openssl

If things don't look right in that output, you may have to wait until you can put omv 4.x on the system.

BUFU1610 · Sep 15th 2017

Quote from ryecoaaron

I guess I didn't realize this was an armhf system. That usually makes things a pain in the ass since they don't always have the same packages as i386/amd64 (especially in backports).

Sorry, I should have clarified the armhf thing. The output of the policy check is:

Code

# apt-cache policy python-cffi python-cffi-backend python python-cryptography python-openssl
python-cffi:
  Installed: (none)
  Candidate: 1.9.1-2~bpo8+1
  Package pin: 1.9.1-2~bpo8+1
  Version table:
     1.9.1-2~bpo8+1 500
        100 http://ftp.debian.org/debian/ jessie-backports/main arm64 Packages
     0.8.6-1 500
        500 http://ftp.de.debian.org/debian/ jessie/main arm64 Packages
python-cffi-backend:armhf:
  Installed: (none)
  Candidate: 1.9.1-2~bpo8+1
  Version table:
     1.9.1-2~bpo8+1 0
        100 http://ftp.debian.org/debian/ jessie-backports/main armhf Packages
python:
  Installed: 2.7.9-1
  Candidate: 2.7.9-1
  Version table:
 *** 2.7.9-1 0
        500 http://ftp.de.debian.org/debian/ jessie/main arm64 Packages
        100 /var/lib/dpkg/status
python-cryptography:
  Installed: (none)
  Candidate: 0.8.2-2~bpo8+1
  Package pin: 0.8.2-2~bpo8+1
  Version table:
     0.8.2-2~bpo8+1 500
        100 http://ftp.debian.org/debian/ jessie-backports/main arm64 Packages
     0.6.1-1+deb8u1 500
        500 http://ftp.de.debian.org/debian/ jessie/main arm64 Packages
python-openssl:
  Installed: (none)
  Candidate: 16.0.0-1~bpo8+1
  Package pin: 16.0.0-1~bpo8+1
  Version table:
     16.0.0-1~bpo8+1 500
        100 http://ftp.debian.org/debian/ jessie-backports/main arm64 Packages
     0.14-1 500
        500 http://ftp.de.debian.org/debian/ jessie/main arm64 Packages

Display More

I hope I don't have to wait for OMV 4.x ... is there another way to get SSL working on an armhf system?

BUFU1610 · Sep 15th 2017

So.... I googled around a bit and found out that apparently some dependencies are not available as needed in jessie-backports.

I found them in the stretch repo and installed them seperately from the rest:

Code

echo deb http://ftp.debian.org/debian stretch main > /etc/apt/sources.list.d/stretch.list
apt-get update
apt-get install -t stretch python-cffi-backend python-cryptography python-openssl

after that I used that command you gave me (without those 3 packages I installed from stretch already):

Quote from ryecoaaron

You must have a conflict with another package already being installed then. What is the output of:

Code

apt-get update
apt-get install python3-msgpack certbot python-acme python-certbot python-cffi python-cffi-backend \
 python-chardet python-configargparse python-configobj python-cryptography python-dialog python-enum34 \
 python-funcsigs python-idna python-ipaddress python-mock python-ndg-httpsclient python-openssl \
 python-parsedatetime python-pbr python-pkg-resources python-psutil python-pyasn1 python-requests \
 python-rfc3339 python-setuptools python-six python-tz python-urllib3 python-zope.component \
 python-zope.event python-zope.interface

and after all that went quite well, I tried installing the plugin from the webGUI and that worked as well (although it gave out about a hundred errors in the end, after telling me the following:)

Code

Processing triggers for openmediavault (3.0.88) ...
Updating locale files ...
Updating file permissions ...
Purging internal cache ...
Restarting engine daemon ...
Errors were encountered while processing:
 collectd-core

And now the plugin is there and it seems to work, but I have to get up early tomorrow and will probably test all the functionality tomorrow afternoon (and see if it broke anything else on the way...)

good night!

BUFU1610 · Sep 17th 2017

So, it seems to have worked. Everything works properly for the moment. =)

happyreacer · Sep 21st 2017

by the way, can enybody change the pluginconfiguration for a 4096 RSA key?
here are a link for the issue on github:
https://github.com/OpenMediaVa…ault-letsencrypt/issues/4

ryecoaaron · Sep 21st 2017

Quote from happyreacer

by the way, can enybody change the pluginconfiguration for a 4096 RSA key?

I commented on your issue.

riff-raff · Oct 12th 2017

My letsencrypt-cert checks for monthly renewal, but the job says no
renewal is needed, even 5 days before cert will expire. I receive Email
from letsencrypt saying I have to check my cert.

When I push a creation of a new cert manually, a new cert is created,
but it does not replace the old one, it will be placed as second cer which I have to asign manually to nginx.
(I use my cert with nginx for nextcloud)

How can I resolve this issue?

ryecoaaron · Oct 12th 2017

Quote from riff-raff

My letsencrypt-cert checks for monthly renewal, but the job says no
renewal is needed, even 5 days before cert will expire. I receive Email
from letsencrypt saying I have to check my cert.

To start, a lot has changed in this plugin and was tested (not by me since I don't use it). If the plugin is doing something wrong, someone needs to help me make changes.

Quote from riff-raff

When I push a creation of a new cert manually, a new cert is created,
but it does not replace the old one, it will be placed as second cer which I have to asign manually to nginx.

I think this is the proper way to do it. You shouldn't have to generate new certs very often, should you?

Quote from riff-raff

How can I resolve this issue?

Pull requests on github would be best.

David B · Oct 16th 2017

Quote from riff-raff

My letsencrypt-cert checks for monthly renewal, but the job says no
renewal is needed, even 5 days before cert will expire. I receive Email
from letsencrypt saying I have to check my cert.

When I push a creation of a new cert manually, a new cert is created,
but it does not replace the old one, it will be placed as second cer which I have to asign manually to nginx.
(I use my cert with nginx for nextcloud)

How can I resolve this issue?

Display More

Do you have your OMV web UI configured to force all connections via SSL? I had this same problem with the plugin, but temporarily disabling the "force SSL" setting worked around this.

Nazgulled · Oct 17th 2017

I'm having an issue with this plugin:

Code: letsencrypt.log

2017-10-17 11:11:47,766:DEBUG:certbot.main:certbot version: 0.19.0
2017-10-17 11:11:47,766:DEBUG:certbot.main:Arguments: ['--webroot', '-w', '/var/www/openmediavault/', '--text', '--keep-until-expiring', '--agree-tos', '--expand', '--email', 'master@ricardoamaral.net', '-d', 'atlasbox.amaral.home']
2017-10-17 11:11:47,766:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-10-17 11:11:47,798:DEBUG:certbot.log:Root logging level set at 20
2017-10-17 11:11:47,798:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-10-17 11:11:47,799:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-10-17 11:11:47,806:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x2af7350>
Prep: True
2017-10-17 11:11:47,807:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x2af7350> and installer None
2017-10-17 11:11:47,807:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2017-10-17 11:11:47,813:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u'mailto:master@ricardoamaral.net',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x30baed0>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/22845338', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 9757e0b49273b37eb1130015d5afafb4, Meta(creation_host=u'ATLASBOX.AMARAL.HOME', creation_dt=datetime.datetime(2017, 10, 17, 11, 5, 37, tzinfo=<UTC>)))>
2017-10-17 11:11:47,814:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-10-17 11:11:47,823:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-10-17 11:11:48,242:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 561
2017-10-17 11:11:48,245:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 561
Replay-Nonce: _ZPNBeAoYD0EF2apuugfMomLnStLl3zy9hSpbL_v9sw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 17 Oct 2017 11:11:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 17 Oct 2017 11:11:48 GMT
Connection: keep-alive


{
  "80-8280Rhe8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-10-17 11:11:48,246:INFO:certbot.main:Obtaining a new certificate
2017-10-17 11:11:48,247:DEBUG:acme.client:Requesting fresh nonce
2017-10-17 11:11:48,247:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-10-17 11:11:48,452:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
2017-10-17 11:11:48,454:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: tF3PBL3gB_8BGGo1F7KFmuGjd_NSH1thMjj8OVvM3Xs
Expires: Tue, 17 Oct 2017 11:11:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 17 Oct 2017 11:11:48 GMT
Connection: keep-alive




2017-10-17 11:11:48,455:DEBUG:acme.client:Storing nonce: tF3PBL3gB_8BGGo1F7KFmuGjd_NSH1thMjj8OVvM3Xs
2017-10-17 11:11:48,456:DEBUG:acme.client:JWS payload:
{
  "identifier": {
    "type": "dns", 
    "value": "atlasbox.amaral.home"
  }, 
  "resource": "new-authz"
}
2017-10-17 11:11:48,468:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
  "protected": "eyJub25jZSI6ICJ0RjNQQkwzZ0JfOEJHR28xRjdLRm11R2pkX05TSDF0aE1qajhPVnZNM1hzIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidDdPMlRadlBxREJKbmNHdnA0VXd1UnBRazNjel9nTnJoS1dUZG84OTJCZ3ZKM0JLbHdpbWJNdnFQOE5qakJYaUVLbjdVa2F6QzY1UFYyVnZGSGp1UHUtZWZmaEd1RER0Z1hhZG1ZYldDZzlXM3M4V2c0MXlGUHdHM0JQZTZSTVUwdkNOUlJTQkNjM2tzNmszM3g3Vm5LQWUwa0FwN1VyMGNqRTZBV25qd21HZERmTHZ5eExTellFVGdZc1EyNHB6ZGdSaEQwdkJrYVdiVnVnbjRqMVZueWlibXhkV09fVE1nSUVacHpsZkpaMnYzOUJqWnNGM2p1MjU1dnJMUUFhUXFiOE91eUlRQmc0SExRS09haG9sbV9maTdUR0tjQ1V5RDZKMk9sNmdjcjhTNHc0a2xrbldBWFdueG5CbE5HUHpCMVBMNTI5bzFraElyOERPbWE2YjhRIn19", 
  "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiYXRsYXNib3guYW1hcmFsLmhvbWUiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ", 
  "signature": "l8nM-XERjZwxN2JDcyusFgYwG4Vy59Fv4KLylmD61J5c8d_5CMrpwgMvRPKqx-ApTpBF7T9UdWQKEUgBc1ybi40yGwLqZUsPsomMr2IaM8qroOjaMUt8d1G_LVqqzXrX4NPkLrf0hgZ9ioj7EieF8EEV210f7qFQ7JH3bYg1IYGnEqGTXjPRyPD57v6KSOCz8y2HMvjzlLdsK6C9CdAsXao_iUj6uCHBrlqDzthNwb6HoN0FEUj1avspCkG1SyH3KX4RA0VJSFHrkMOzy9qXAZ8u0-FfJvQTvLVvqf3osRB1r1K0DN0a8Mq24Kf5cF30mQhB_9E6J6wGhJtgl9RxCw"
}
2017-10-17 11:11:48,708:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 400 137
2017-10-17 11:11:48,710:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Content-Type: application/problem+json
Content-Length: 137
Boulder-Requester: 22845338
Replay-Nonce: 8qG8BzX5fSIsYp5_yan6JkqO-Sfl9tMsIjEXh9wCQW8
Expires: Tue, 17 Oct 2017 11:11:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 17 Oct 2017 11:11:48 GMT
Connection: close


{
  "type": "urn:acme:error:malformed",
  "detail": "Error creating new authz :: Name does not end in a public suffix",
  "status": 400
}
2017-10-17 11:11:48,711:DEBUG:acme.client:Storing nonce: 8qG8BzX5fSIsYp5_yan6JkqO-Sfl9tMsIjEXh9wCQW8
2017-10-17 11:11:48,712:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main
    return config.func(config, plugins)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 786, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 85, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 66, in get_authorizations
    self.authzr[domain] = self.acme.request_domain_challenges(domain)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 212, in request_domain_challenges
    typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 191, in request_challenges
    response = self.net.post(self.directory.new_authz, new_authz)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 682, in post
    return self._post_once(*args, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 695, in _post_once
    return self._check_response(response, content_type=content_type)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/acme/client.py", line 582, in _check_response
    raise messages.Error.from_json(jobj)
Error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
2017-10-17 11:11:48,714:ERROR:certbot.log:An unexpected error occurred:
2017-10-17 11:11:48,714:ERROR:certbot.log:The request message was malformed :: Error creating new authz :: Name does not end in a public suffix

Display More

Is the "home" suffix somehow not recognized/allowed? Why? Or is this a different issue?

riff-raff · Oct 20th 2017

Quote

Do you have your OMV web UI configured to force all connections via SSL?

No I don't, since I do not use the cert for my Weblogin but for Nextcloud. So does not bring me any further. Same setting within nginx: No ForceSSL

Other suggestions?

Participate now!