[Eisfair] dehydrated mit Wildcard-Zertifkat

Marcus Röckrath marcus.roeckrath at gmx.de
Di Jan 9 07:55:55 CET 2024 

Hallo Olaf,

Olaf Jaehrling wrote:

>> Das wäre am schönsten. Ich teste das mal demnächst und gebe Rückmeldung,
>> damit Jürgen das evtl mit einbauen kann.
> 
> Ich habe das mal getestet.
> In der Datei /var/install/bin/certs_dehydrated-hook Zeile 142
> folgende Zeilen hinzugefügt (lt Tachtler)
> 
>      # Tachtler
>      echo ""
>      echo "Add the following to the zone definition of ${DOMAIN}:"
>      echo "_acme-challenge.${DOMAIN}. 60 IN TXT \"${TOKEN_VALUE}\""
>      echo ""
>      echo -n "Press enter to continue..."
>      read tmp
>      echo ""
> 
> Danach habe ich das setup aufgerufen und auf dns-01 und api-version 2
> umgestellt, sowie DEHYDRATED_DOMAIN_1_NAME entsprechend angepasst.
> Danach habe ich die Konfig abgespeichert und als die Meldung für den
> DNS-Eintrag kam habe ich den eingetragen. Da bei meinem Provider 60
> Sekunden nicht möglich sind (min 300 Sek) habe ich die 5 Minuten
> gewartet und dann Enter gedrückt. Und siehe da, es hat funktioniert. Ggf
> muss man die Symlinks nochmal prüfen, damit die nicht auf *.domain
> zeigen. Das funktioniert nämlich nicht.

Laut dem schon angesprochenen Thread certs_dehydrated Wildcard-Zertifikat
und speziell darim dem Beitrag von Detlef Paschke vom 06.11.2023, 16:44:46
soll es auch mit einem unveränderten certs_dehydrated funktionieren:

[Zitat]
2023-09-03 02:15:00 - crontab update requested ...
environment: live
challenge : dns-01
# INFO: Using main config file /etc/dehydrated/config
Moving unused file to archive directory: schabau.eu/cert-1688256901.csr
Moving unused file to archive directory: schabau.eu/cert-1688256901.pem
Moving unused file to archive directory: schabau.eu/chain-1688256901.pem
Moving unused file to archive directory: schabau.eu/fullchain-1688256901.pem
Moving unused file to archive directory: schabau.eu/privkey-1688256901.pem
Moving unused file to archive directory: schabau.eu/ocsp-1687652101.der
Moving unused file to archive directory: schabau.eu/ocsp-1688256945.der
Moving unused file to archive directory: schabau.eu/ocsp-1688861701.der
Moving unused file to archive directory: schabau.eu/ocsp-1689466501.der
Moving unused file to archive directory: schabau.eu/ocsp-1690071301.der
Moving unused file to archive directory: schabau.eu/ocsp-1690676101.der
Moving unused file to archive directory: schabau.eu/ocsp-1691280901.der
Moving unused file to archive directory: schabau.eu/ocsp-1691885701.der
Moving unused file to archive directory: schabau.eu/ocsp-1692490501.der
# INFO: Using main config file /etc/dehydrated/config
Processing schabau.eu with alternative names: *.schabau.eu
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Sep 29 23:15:37 2023 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for schabau.eu
+ Handling authorization for schabau.eu
+ 2 pending challenge(s)
+ Deploying challenge tokens...
-> Executing hook script 'deploy_challenge' ...
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
100 51 0 51 0 0 69 0 --:--:-- --:--:-- --:--:--
69
{
"success": true,
"domain": "schabau.eu"
}
Warte 10 Sekunden...
-> Executing hook script 'deploy_challenge' ...
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
100 51 0 51 0 0 71 0 --:--:-- --:--:-- --:--:--
71
{
"success": true,
"domain": "schabau.eu"
}
Warte 10 Sekunden...
+ Responding to challenge for schabau.eu authorization...
+ Challenge is valid!
+ Responding to challenge for schabau.eu authorization...
+ Challenge is valid!
+ Cleaning challenge tokens...
-> Executing hook script 'clean_challenge' ...
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
100 51 0 51 0 0 81 0 --:--:-- --:--:-- --:--:--
81
{
"success": true,
"domain": "schabau.eu"
}
-> Executing hook script 'clean_challenge' ...
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
100 51 0 51 0 0 112 0 --:--:-- --:--:-- --:--:--
111
100 51 0 51 0 0 111 0 --:--:-- --:--:-- --:--:--
111
{
"success": true,
"domain": "schabau.eu"
}
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
-> Executing hook script 'deploy_cert' ...
creating files/links required by eisfair ...
+ domain 'schabau.eu':
- link '/usr/local/ssl/csr/schabau.eu.csr' created/updated.
- link '/usr/local/ssl/private/schabau.eu.key' created/updated.
- link '/usr/local/ssl/newcerts/schabau.eu.crt' created/updated.
- file '/usr/local/ssl/newcerts/schabau.eu.dh' exists.
- file '/usr/local/ssl/certs/schabau.eu.pem' created.
updating hashes '/usr/local/ssl/certs' ...
checking package usage definition ...
checking symbolic links to certificate ...
# INFO: Using main config file /etc/dehydrated/config
Moving unused file to archive directory: schabau.eu/cert-1688256901.csr
Moving unused file to archive directory: schabau.eu/cert-1688256901.pem
Moving unused file to archive directory: schabau.eu/chain-1688256901.pem
Moving unused file to archive directory: schabau.eu/fullchain-1688256901.pem
Moving unused file to archive directory: schabau.eu/privkey-1688256901.pem
Moving unused file to archive directory: schabau.eu/ocsp-1687652101.der
Moving unused file to archive directory: schabau.eu/ocsp-1688256945.der
Moving unused file to archive directory: schabau.eu/ocsp-1688861701.der
Moving unused file to archive directory: schabau.eu/ocsp-1689466501.der
Moving unused file to archive directory: schabau.eu/ocsp-1690071301.der
Moving unused file to archive directory: schabau.eu/ocsp-1690676101.der
Moving unused file to archive directory: schabau.eu/ocsp-1691280901.der
Moving unused file to archive directory: schabau.eu/ocsp-1691885701.der
Moving unused file to archive directory: schabau.eu/ocsp-1692490501.der
+ Done!
+ Updating OCSP stapling file
-> Executing hook script 'exit_hook' ...
[/Zitat]

-- 
Gruß Marcus
[eisfair-Team]

Mehr Informationen über die Mailingliste Eisfair