[Eisfair] Certs_dehydrated dns-01 challenge mit Cloudflare

Christian Richter christian at richter-ch.de
Mi Nov 4 13:12:29 CET 2020 

Am 02.11.20 um 15:35 schrieb Juergen Edner:
> Hallo Christian,
> 
> der Absatz "Der Aufruf von Ereignisskripten" in der Dokumentation 
> beschreibt den Einsatz von individuellen Skriptem im Detail. Für
> den genannten Zwekc kommt vermutlich der "deploy_challenge" in Frage.
> Siehe:
> 
> http://www.eisfair.org/fileadmin/eisfair/doc/node23.html#SECTION002390000000000000000 
> 
> 

Hallo Jürgen,

vielen Dank für den Schubs in die richtige Richtung.
Zwar sind meine Bemühungen noch nicht von Erfolg gekrönt aber ich bin 
schon mal ein Stück weiter gekommen.
Weil aber beim speichern der Konfiguration immer wieder die 
'/var/install/bin/certs_dehydrated-hook' gesetzt wird und dadurch die 
cfhookbash hook irgentwie ignoriert wird, habe ich das in der Datei /var 
/install/config.d/certs_dehydrated.sh in Zeile 291 geändert.

Leider hänge ich jetzt nachdem ich die Konfiguration speicher und 
aktivere hier:

> Activate configuration now (y/n) [yes]? 
> 
> version (eisfair-64): v1.1.5
> creating domains.txt file ...
> creating well-known configuration ...
> creating certs_dehydrated configuration ...
> creating index.html file ...
> creating files/links required by eisfair ...
> + domain 'richter-ch.de':
>   - skipped.
> checking alpn server hook state ...
> checking package usage definition ...
> checking symbolic links to certificate ...
> + domain 'richter-ch.de':
>   - skipped.
> looking for dead symbolic link to certificate files ...
> adding cronjob ...
> creating logrotate configuration ...
> Creating Apache2 configuration ...
> activating modules...
> done activating modules
> requesting/updating certificate(s) ...
> # INFO: Using main config file /etc/dehydrated/config
> Processing richter-ch.de with alternative names: *.richter-ch.de 
>  + Signing domains...
>  + Generating private key...
>  + Generating signing request...
>  + Requesting new certificate order from CA...
>  + Received 2 authorizations URLs from the CA
>  + Handling authorization for richter-ch.de
>  + Found valid authorization for richter-ch.de
>  + Handling authorization for richter-ch.de
>  + 1 pending challenge(s)
>  + Deploying challenge tokens...
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                  Dload  Upload   Total   Spent    Left  Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.haxx.se/docs/sslcerts.html
> 
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
> +++ Wait for 10 seconds. +++
>  + Responding to challenge for richter-ch.de authorization...
>  + Cleaning challenge tokens...
> id: 
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                  Dload  Upload   Total   Spent    Left  Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.haxx.se/docs/sslcerts.html
> 
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
> ERROR: clean_challenge hook returned with non-zero exit code
> finished.
> Press ENTER to continue 


Mir gehen langsam die Ideen aus. Was sagt mir der Curl Fehler, da werde 
ich nicht schlau draus.


Gruß Christian

Mehr Informationen über die Mailingliste Eisfair