coolaj86
/
greenlock.js-ARCHIVED
3
3
Fork 0
Código Incidencias 13 Pull Requests 1 Lanzamientos Actividad

dns challange #33

Nueva incidencia
Cerrada
abierta 2019-03-24 16:15:27 +00:00 por Ghost · 3 comentarios
Ghost comentado 2019-03-24 16:15:27 +00:00
Copiar enlace

Hi,

following profile:

# deps
"dependencies": {
    "cert-info": "^1.5.1",
    "greenlock": "^2.6.8",
    "le-challenge-dns": "^2.3.2",
    "le-store-certbot": "^2.2.1"
}

on a Mac Node 11.7.0.

// Storage Backend
var leStore = require('le-store-certbot').create({
    configDir: '~/acme/etc'                                 // or /etc/letsencrypt or wherever
  , debug: false
});


function leAgree(opts, agreeCb) {
    debug(`leAgree`,opts,agreeCb)
    // opts = { email, domains, tosUrl }
    agreeCb(null, opts.tosUrl);
}

var leChallengeDns = require('le-challenge-dns').create({
    debug: false,
});


greenlock = Greenlock.create({
    version: 'draft-12'                                     // 'draft-12' or 'v01'
                                                            // 'draft-12' is for Let's Encrypt v2 otherwise known as ACME draft 12
                                                            // 'v02' is an alias for 'draft-12'
                                                            // 'v01' is for the pre-spec Let's Encrypt v1
    //
    // staging API
    // ,server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
  
    //
    // production API
    ,server: 'https://acme-v02.api.letsencrypt.org/directory'
    // , configDir: require('os').homedir()+'/acme/etc'
  , store: leStore                                          // handles saving of config, accounts, and certificates
  ,challenges: {
    'dns-01': leChallengeDns
  }
  , challengeType: 'dns-01'                                // default to this challenge type
  , agreeToTerms: leAgree                                   // hook to allow user to view and accept LE TOS
  //, sni: require('le-sni-auto').create({})                // handles sni callback
  
                                                            // renewals happen at a random time within this window
  , renewWithin: 14 * 24 * 60 * 60 * 1000                   // certificate renewal may begin at this time
  , renewBy:     10 * 24 * 60 * 60 * 1000                   // certificate renewal should happen by this time
  
  , debug: false
  , log: function (debug) {
        // console.log.apply(console, args);
        console.log(chalk.bold(`le debug:`),debug)
    } // handles debug outputs
})

and


greenlock.check({ domains: [ domain ] }).then(function (results) {
            debug(`greenlock.check`,results)
            if (results) {
                console.log(`Certificate for ${domain} is still valid`)
                // we already have certificates
                return resolve(results)
            }
            console.log(`Obtaining new certificate for ${domain}`)
            // Register Certificate
            var registerOptions  = {
                domains: [domain]
                , email: 'info@mydomain.com'      
                , agreeTos: true              
                , rsaKeySize: 2048            // 2048 or higher
                , challengeType: 'dns-01'     // http-01, tls-sni-01, or dns-01
            }

            greenlock.register(registerOptions).
            then(
            function (certs) {
                console.log(certs);
                // privkey, cert, chain, expiresAt, issuedAt, subject, altnames
                console.log(chalk.green('successfull obtained new cert'));
                process.exit(0)
                return resolve(results)
            },function (err) {
                console.error(chalk.red(`error by obtaining certificate for ${domain}`),err)
                return reject(err)
            });
        })

I am trying to dns-challange a wildcar domain. I am then getting a prompt like:

We now present (for you copy-and-paste pleasure) your ACME Challenge
public Challenge and secret KeyAuthorization and Digest, in that order, respectively:
h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU
h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU.eX57yoPqeMyOITHQF7-7wu6BLvGH4spEoQjK-NwdH3Q
f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y

*.herein.world         TXT f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y TTL 60

        {
          "domain": "herein.world",
          "challenge": "h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU",
          "keyAuthorization": "h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU.eX57yoPqeMyOITHQF7-7wu6BLvGH4spEoQjK-NwdH3Q",
          "keyAuthDigest": "f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y"
        }

hit enter to continue...

even though it says *.herein.world TXT (i think this is a cosmetic bug). I am adding _acme-challenge.herein.world with given TXT value... If i hit enter it calls the error function and i get error by optaining certificate with given error. All Good!

BUT if i have added the TXT (for now manually, later automatic) and hit enter. It does NOT call the success function at all.

insse le-challange-dns i see Challenge.set = function (args, domain, challenge, keyAuthorization, cb) {. I have logged the cb parameter as:

function(err) {
          if(err) { reject(err); } else { resolve(); }
        }

so pressing a key after manual TXT challange calls the cb with null. it then calls resolve. What resolve does i dont know but this success function never gets called.

What might i do wrong please?

Hi, following profile: ``` # deps "dependencies": { "cert-info": "^1.5.1", "greenlock": "^2.6.8", "le-challenge-dns": "^2.3.2", "le-store-certbot": "^2.2.1" } ``` on a Mac Node 11.7.0. ``` // Storage Backend var leStore = require('le-store-certbot').create({ configDir: '~/acme/etc' // or /etc/letsencrypt or wherever , debug: false }); function leAgree(opts, agreeCb) { debug(`leAgree`,opts,agreeCb) // opts = { email, domains, tosUrl } agreeCb(null, opts.tosUrl); } var leChallengeDns = require('le-challenge-dns').create({ debug: false, }); greenlock = Greenlock.create({ version: 'draft-12' // 'draft-12' or 'v01' // 'draft-12' is for Let's Encrypt v2 otherwise known as ACME draft 12 // 'v02' is an alias for 'draft-12' // 'v01' is for the pre-spec Let's Encrypt v1 // // staging API // ,server: 'https://acme-staging-v02.api.letsencrypt.org/directory' // // production API ,server: 'https://acme-v02.api.letsencrypt.org/directory' // , configDir: require('os').homedir()+'/acme/etc' , store: leStore // handles saving of config, accounts, and certificates ,challenges: { 'dns-01': leChallengeDns } , challengeType: 'dns-01' // default to this challenge type , agreeToTerms: leAgree // hook to allow user to view and accept LE TOS //, sni: require('le-sni-auto').create({}) // handles sni callback // renewals happen at a random time within this window , renewWithin: 14 * 24 * 60 * 60 * 1000 // certificate renewal may begin at this time , renewBy: 10 * 24 * 60 * 60 * 1000 // certificate renewal should happen by this time , debug: false , log: function (debug) { // console.log.apply(console, args); console.log(chalk.bold(`le debug:`),debug) } // handles debug outputs }) ``` and ``` greenlock.check({ domains: [ domain ] }).then(function (results) { debug(`greenlock.check`,results) if (results) { console.log(`Certificate for ${domain} is still valid`) // we already have certificates return resolve(results) } console.log(`Obtaining new certificate for ${domain}`) // Register Certificate var registerOptions = { domains: [domain] , email: 'info@mydomain.com' , agreeTos: true , rsaKeySize: 2048 // 2048 or higher , challengeType: 'dns-01' // http-01, tls-sni-01, or dns-01 } greenlock.register(registerOptions). then( function (certs) { console.log(certs); // privkey, cert, chain, expiresAt, issuedAt, subject, altnames console.log(chalk.green('successfull obtained new cert')); process.exit(0) return resolve(results) },function (err) { console.error(chalk.red(`error by obtaining certificate for ${domain}`),err) return reject(err) }); }) ``` I am trying to dns-challange a wildcar domain. I am then getting a prompt like: ``` We now present (for you copy-and-paste pleasure) your ACME Challenge public Challenge and secret KeyAuthorization and Digest, in that order, respectively: h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU.eX57yoPqeMyOITHQF7-7wu6BLvGH4spEoQjK-NwdH3Q f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y *.herein.world TXT f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y TTL 60 { "domain": "herein.world", "challenge": "h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU", "keyAuthorization": "h-VS5OBuYKSe2XuQTRVMu6a8dkPi6RKPvbBvG09DtsU.eX57yoPqeMyOITHQF7-7wu6BLvGH4spEoQjK-NwdH3Q", "keyAuthDigest": "f8rb97hjE0pm2gog4TUEyNCwSU5TeseG7h0qxFrMq3Y" } hit enter to continue... ``` even though it says *.herein.world TXT (i think this is a cosmetic bug). I am adding _acme-challenge.herein.world with given TXT value... If i hit enter it calls the error function and i get `error by optaining certificate` with given error. All Good! BUT if i have added the TXT (for now manually, later automatic) and hit enter. It does NOT call the success function at all. insse le-challange-dns i see `Challenge.set = function (args, domain, challenge, keyAuthorization, cb) {`. I have logged the cb parameter as: ``` function(err) { if(err) { reject(err); } else { resolve(); } } ``` so pressing a key after manual TXT challange calls the cb with null. it then calls resolve. What resolve does i dont know but this success function never gets called. What might i do wrong please?
Ghost comentado 2019-03-25 17:07:08 +00:00
Autoría
Copiar enlace

I have tried greenlock-cli and it obviously works same with dns challange, it asks for new challange in loop without really resolving to the function. See attachment

I have tried greenlock-cli and it obviously works same with dns challange, it asks for new challange in loop without really resolving to the function. See attachment
Untitled.png
307 KiB
Untitled.png
coolaj86 comentado 2019-03-30 18:53:39 +00:00
Propietario
Copiar enlace

There's another bug related to this that's being worked on. We'll get that cleared up this week most likely.

There's another bug related to this that's being worked on. We'll get that cleared up this week most likely.
coolaj86 comentado 2019-04-03 06:00:35 +00:00
Propietario
Copiar enlace

Try with Greenlock v2.7+ and le-challenge-dns v3+

See

I'm closing this because I've tested and know that it's working now, but feel free to re-open if you still need some direction after trying out the example and looking at that latest dns plugin.

Try with Greenlock v2.7+ and le-challenge-dns v3+ See * https://git.coolaj86.com/coolaj86/greenlock-express.js/src/branch/master/examples/wildcard.js * https://git.coolaj86.com/coolaj86/le-challenge-dns.js I'm closing this because I've tested and know that it's working now, but feel free to re-open if you still need some direction after trying out the example and looking at that latest dns plugin.
coolaj86 cerró esta incidencia 2019-04-03 06:00:35 +00:00
Inicie sesión para unirse a esta conversación.
Ninguna Rama/Etiqueta especificada
Ramas Etiquetas
master
github
next
v4
npm
v3
wip
dns-challenge-regression-fix
v2.4
v2.5
v2.3
v2
v2.2
acmev2
v2.1
greenlock
v1
node-letsencrypt-python
v4.0.5
v4.0.4
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.1.5
v3.1.4
v3.1.3
v3.0.25
v3.0.24
v3.0.23
v3.0.21
v3.0.20
v3.0.19
v3.0.18
v3.0.17
v3.0.16
v3.0.15
v3.0.12
v3.0.11
v3.0.10
v3.0.9
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v2.8.8
v2.8.7
v2.8.6
v2.8.5
v2.8.4
v2.8.3
v2.8.2
v2.8.1
v2.8.0
v2.7.23
v2.7.22
v2.7.21
v2.7.20
v2.7.19
v2.7.18
v2.7.17
v2.7.16
v2.7.15
v2.7.14
v2.7.13
v2.7.12
v2.7.11
v2.7.10
v2.7.9
v2.7.8
v2.7.7
v2.7.6
v2.7.5
v2.7.4
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.10
v2.6.9
v2.6.8
v2.6.7
v2.6.6
v2.6.5
v2.6.4
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.10
v2.4.9
v2.4.8
v2.4.7
v2.4.2
v2.4.1
v2.4.0
v2.3.13
v2.3.12
v2.3.11
v2.3.10
v2.3.9
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.20
v2.2.19
v2.2.18
v2.2.17
v2.2.16
v2.2.15
v2.2.14
v2.2.13
v2.2.12
v2.2.11
v2.2.10
v2.2.8
v2.2.7
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.0
v2.1.19
v2.1.18
v2.1.17
v2.1.16
v2.1.15
v2.1.14
v2.1.13
v2.1.12
v2.1.11
v2.1.10
v2.1.9
v2.1.7
v2.1.6
v2.1.5
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v1.5.8
v2.0.5
v2.0.4
v1.5.7
v1.5.6
v1.5.5
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.0
v1.0.2
v1.0.0
v1.0.1
Etiquetas
Limpiar etiquetas
No hay elementos
Sin etiquetas
Milestone
Limpiar Milestone
No hay elementos
Sin Milestone
Asignados
Limpiar asignados
No asignados
2 participantes
Notificaciones
Fecha de vencimiento
La fecha de vencimiento es inválida o está fuera de rango. Por favor utilice el formato 'aaaa-mm-dd'.

Sin fecha de vencimiento.

Dependencias

No se han establecido dependencias.

Referencia: coolaj86/greenlock.js-ARCHIVED#33
No se ha proporcionado una descripción.
Eliminar rama "%!s(<nil>) "

Eliminar una rama es permanente. Aunque la rama eliminada puede continuar existiendo durante un corto tiempo antes de que sea eliminada, en la mayoría de los casos NO PUEDE deshacerse. ¿Continuar?