#99 Issue with recommended greenlock-challenge-s3

Open
opened 2 months ago by popcorn · 2 comments
popcorn commented 2 months ago

Hi there,

I'm using Greenlock behind a load balancer with multiple servers.

When I only had 1 server, it was easy, I just used le-challenge-fs and serve the challenges from the disk at path /.well-known/acme-challenge/...

However, having multiple servers behind a load balancer would break the regular "disk" challenge because load balancer may point the challenger to another server that doesn't have the challenge saved to disk.

That's why I looked into using greenlock-challenge-s3 so every server will be able to serve a challenge by getting it from S3.

My issue

Dry run fails with:

Error loading/registering certificate for 'something.my_domain.com':
Error: Failed HTTP-01 Pre-Flight / Dry Run.
curl 'http://something.my_domain.com/.well-known/acme-challenge/test-6daf5099789114312f94791234c0194b-0'
Expected: 'test-6daf5099789114312f94791234c0194b-0.GyH4O7cedYoNxxEEgrreDBc87YLLDfNuls4iK6bDzHQ'
Got: '{ "error": { "message": "Error: These aren't the tokens you're looking for. Move along." } }'
See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4
at /var/app/current/node_modules/acme-v2/index.js:49:10
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async Promise.all (index 0) {
code: 'E_FAIL_DRY_CHALLENGE'
}

Challenge gets written to S3, I've checked manually, so it's not about the permissions. I have set both read and write permissions.

Does anyone have any idea what else I could check?

I'm using greenlock-express v2.7.18

Hi there, I'm using Greenlock behind a load balancer with multiple servers. When I only had 1 server, it was easy, I just used le-challenge-fs and serve the challenges from the disk at path `/.well-known/acme-challenge/...` However, having multiple servers behind a load balancer would break the regular "disk" challenge because load balancer may point the challenger to another server that doesn't have the challenge saved to disk. That's why I looked into using `greenlock-challenge-s3` so every server will be able to serve a challenge by getting it from S3. #### My issue Dry run fails with: ``` Error loading/registering certificate for 'something.my_domain.com': Error: Failed HTTP-01 Pre-Flight / Dry Run. curl 'http://something.my_domain.com/.well-known/acme-challenge/test-6daf5099789114312f94791234c0194b-0' Expected: 'test-6daf5099789114312f94791234c0194b-0.GyH4O7cedYoNxxEEgrreDBc87YLLDfNuls4iK6bDzHQ' Got: '{ "error": { "message": "Error: These aren't the tokens you're looking for. Move along." } }' See https://git.coolaj86.com/coolaj86/acme-v2.js/issues/4 at /var/app/current/node_modules/acme-v2/index.js:49:10 at processTicksAndRejections (internal/process/task_queues.js:97:5) at async Promise.all (index 0) { code: 'E_FAIL_DRY_CHALLENGE' } ``` Challenge gets written to S3, I've checked manually, so it's not about the permissions. I have set both read and write permissions. Does anyone have any idea what else I could check? I'm using greenlock-express v2.7.18
popcorn started working 2 months ago
popcorn stopped working 2 months ago
11s
popcorn commented 2 months ago
Poster

As far as I can see, greenlock-challenge-s3 does implement the .get method


const path = require("path");

module.exports.get = (opts, options, s3) => {
    let challengeKey = path.join(options.directory, opts.challenge.token);
    console.log("get", challengeKey);

    return s3.getObject({ Key: challengeKey, Bucket: options.bucketName }).promise().then(function (data) {
        console.log("Successfully retrieved challenge." + data.Body.toString());
        return {
            keyAuthorization: data.Body.toString()
        }
    }).catch(function (err) {
        console.error(err.message);
        return null;
    });
};
As far as I can see, `greenlock-challenge-s3` does implement the[ `.get` method](https://github.com/cderche/greenlock-challenge-s3/blob/master/lib/get.js) ```js const path = require("path"); module.exports.get = (opts, options, s3) => { let challengeKey = path.join(options.directory, opts.challenge.token); console.log("get", challengeKey); return s3.getObject({ Key: challengeKey, Bucket: options.bucketName }).promise().then(function (data) { console.log("Successfully retrieved challenge." + data.Body.toString()); return { keyAuthorization: data.Body.toString() } }).catch(function (err) { console.error(err.message); return null; }); }; ```
Poster
Owner

I think on Twitter you told me that you found a solution. Would you mind posting that here?

I think on Twitter you told me that you found a solution. Would you mind posting that here?
Sign in to join this conversation.
No Label
No Milestone
No Assignees
2 Participants
Notifications
Total Time Spent: 11s
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.