[Eisfair] dehydrated mit Wildcard-Zertifkat
Rolf Bensch
azubi at bensch-net.de
Mo Jan 8 17:26:23 CET 2024
Hallo zusammen,
ich versuche aktuell ein Wildcard-Zertifikat mit dehydrated zu etablieren. Gegeben ist:
- Eis64 mit Certs-Paket. Das Certs-Paket ist "START_CERTS = no" gesetzt.
- dehydrated in der Version 1.1.9 stable
- Port 80 ist am Router dauerhaft zum Server hin geöffnet.
Konfiguriert ist:
DEHYDRATED_API_VERSION = 2 ("auto" funktioniert mit Wildcard-Zertifikaten nicht)
DEHYDRATED_CHALLENGE_TYPE = http-01
Mit
DEHYDRATED_DOMAIN_N = 1
│ DEHYDRATED_DOMAIN_1_ACTIVE = yes
│ DEHYDRATED_DOMAIN_1_NAME = www.myDomain.info
│ DEHYDRATED_DOMAIN_1_USAGE = apache2
kann ich problemlos eine Subdomain zertifizieren. Jetzt geht es darum dieses Zertifikat auf *.myDomain.info umzustellen. Entsprechend den Infos aus diesem Forum setze ich daher:
DEHYDRATED_DOMAIN_1_NAME = myDomain.info:*.myDomain.info:myDomain.info
Das erzeugt zur Aktualisierung einen Fehler:
Activate configuration now (y/n) [yes]?
version (eisfair-64): v1.1.9
creating domains.txt file ...
creating well-known configuration ...
creating index.html file ...
creating certs_dehydrated configuration ...
creating files/links required by eisfair ...
+ domain 'myDomain.info':
- skipped.
checking alpn server hook state ...
checking package usage definition ...
checking symbolic links to certificate ...
+ domain 'myDomain.info':
- skipped.
looking for dead symbolic link to certificate files ...
adding cronjob ...
creating logrotate configuration ...
Creating Apache2 configuration ...
activating modules...
done activating modules
phpSysInfo: Write domain 'www.myDomain.info/phpsysinfo' config ... [ OK ]
* Restarting Disk Cache Cleaning Daemon for Apache HTTP Server ... [ OK ]
* Stopping The Apache HTTP Server ... [ OK ]
* Starting The Apache HTTP Server ... [ OK ]
requesting/updating certificate(s) ...
# INFO: Using main config file /etc/dehydrated/config
Processing myDomain.info with alternative names: *.myDomain.info
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for myDomain.info
+ Handling authorization for myDomain.info
+ 2 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for myDomain.info authorization...
-> Executing hook script 'invalid_challenge' ...
+ Cleaning challenge tokens...
+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "No TXT record found at _acme-challenge.myDomain.info"
["error","status"] 403
["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"No TXT record found at _acme- challenge.myDomain.info","status":403}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/302078626256/4OhwcA"
["token"] "OXF9Qws7hRDsqeajy1R-kOuHbV0onz2JFCjHH8SJ9cQ"
["validated"] "2024-01-08T16:21:11Z")
-> Executing hook script 'exit_hook' ...
finished.
* Stopping certs_dehydrated.service ... [ OK ]
Press ENTER to continue
Wie bekomme ich das in den Griff?
Grüße
Rolf
Mehr Informationen über die Mailingliste Eisfair