buypass
certbot verbuggt
Written by georg on November 13, 2020
# /usr/bin/certbot renew --force-renewal Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/domain.tld.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for www.domain.tld http-01 challenge for domain.tld Cleaning up challenges Attempting to renew cert (domain.tld) from /etc/letsencrypt/renewal/domain.tld.conf produced an unexpected error: Missing command line flag or config entry for this setting: Input the webroot for www.domain.tld:. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/domain.tld/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/domain.tld/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s)
Ein Bug in Certbot 0.31… vielleicht nur in Ubuntu… die Option fürs Webroot „vergessen“.
/etc/letsencrypt/renewal/domain.tld.conf
# Options used in the renewal process [renewalparams] account = XXX authenticator = webroot webroot_path = /var/www/html, # Der Teil hat gefehlt. Nach dem Renewal wurde der Beistrich von certbot angefügt server = https://api.buypass.com/acme/directory [[webroot_map]] # Der Abschnitt wurde vom Certbot anschließend automatisch erstellt www.domain.tld = /var/www/html domain.tld = /var/www/html
# /usr/bin/certbot renew --force-renewal Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/domain.tld.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for www.domain.tld http-01 challenge for domain.tld Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/domain.tld/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/domain.tld/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Glitch: Let’s Encrypt
Written by georg on März 6, 2020
Revoked auch mein Zertifikat
Revoked doch nicht Nur nicht verwendete Zertifikate werden Revoked?
Gut dass ich Buypass ausprobiert habe
Let’s Encrypt Alternative Buypass
Written by georg on März 1, 2020
Es gibt eine Alternative zu Let’s Encrypt (LE): Buypass
Nichts gegen LE, aber eine Backup CA zu haben kann nicht verkehrt sein.
Einen vorhandenen Certbot von LE kann man recht einfach umstellen, erklärt unter Certbot basic usage
Recht schnell zeigt sich, dass hier keinen Umleitungen gefolgt wird und man HTTP auf Port 80 offen braucht.
Fehlermeldung im Certbot Log:
{"type":"compound","detail":"Errors during validation","subproblems":[{"type":"urn:ietf:params:acme:error:connection","detail":"The server could not connect to validation target","code":0}
Problembeschreibung im Buypass Forum
Auch LE empfiehlt Port 80 offen zu haben