certbot-dns-ispconfig icon indicating copy to clipboard operation
certbot-dns-ispconfig copied to clipboard

Published 20 hours ago verified publisher icon m42e

Error 111

Open edejin opened this issue 4 years ago • 8 comments

Can somebody help me with this error? log.txt

edejin avatar Jun 28 '21 16:06 edejin

Port correct? Localhost correct? HTTPS activated for localhost and the port?

m42e avatar Jun 28 '21 19:06 m42e

looks like correct. Is it possible that problem with ssl cert? I mean that my ssl cert not for local host.

# curl -L -k https://localhost:8078
<!DOCTYPE html>
<html lang='en'>
<head>
  <meta charset='utf-8' />

  <title>ISPConfig</title>

  ...

my script:

docker run --rm \
   -v /opt/certbot2/var_lib_letsencrypt:/var/lib/letsencrypt \
   -v /opt/certbot2/etc_letsencrypt:/etc/letsencrypt \
   -v /opt/certbot2/var_log_letsencrypt:/var/log/letsencrypt \
   --cap-drop=all \
   certbot/dns-ispconfig certonly \
   --authenticator certbot-dns-ispconfig:dns-ispconfig \
   --certbot-dns-ispconfig:dns-ispconfig-propagation-seconds 900 \
   --certbot-dns-ispconfig:dns-ispconfig-credentials \
       /etc/letsencrypt/creds.ini \
   --no-self-upgrade \
   --keep-until-expiring --non-interactive --expand \
   --server https://acme-v02.api.letsencrypt.org/directory \
   --agree-tos --email '[email protected]' \
   -d 'site.in' -d '*.site.in'

creds.ini:

# cat ./etc_letsencrypt/creds.ini
certbot_dns_ispconfig:dns_ispconfig_username = user
certbot_dns_ispconfig:dns_ispconfig_password = password
certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8078/remote/json.php

edejin avatar Jun 29 '21 01:06 edejin

Doesn't matter what protocol or domain name. All of the time same error

edejin avatar Jun 30 '21 07:06 edejin

So even if you use the host name the cert is for?

m42e avatar Jul 02 '21 03:07 m42e

Yes. Even without ssl. But I can login to ispconfig remote api by curl

# curl --header "Content-Type: application/json" --insecure --request POST --data '{"username":"user","password":"password"}' http://real.domain.com:8078/remote/json.php?login
{"code":"ok","message":"","response":"cc6b174d10f6fb40568071c9c994f605"}

edejin avatar Jul 02 '21 03:07 edejin

Localhost would for sure not work from within docker. Could you share a log from real domain? You could send it to [email protected] if you do not want to post it here

m42e avatar Jul 02 '21 03:07 m42e

In the log you sent me you get an error 500. You may want to check the ispconfig server/http logs for that. Is remote access enabled?

m42e avatar Jul 03 '21 06:07 m42e

At first I found an error in ispconfig After small var_dump I receive:

Incorrect datetime value: '' for column `dbispconfig`.`dns_rr`.`stamp` at row 1 INSERT INTO `dns_rr` (`server_id`, `zone`, `name`, `type`, `data`, `ttl`, `active`, `stamp`, `serial`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`) VALUES ('1', '5', '_acme-challenge', 'TXT', 'Eh4US3DYfHurtZ3yMQ5tPVbBHZ5wvqiIW8XcWXYPx4Y', '60', 'Y', '7/3/2021', '0', '', '', 'riud', 'riud', '')

and:

Incorrect integer value: '' for column `dbispconfig`.`dns_rr`.`sys_userid` at row 1 INSERT INTO `dns_rr` (`server_id`, `zone`, `name`, `type`, `data`, `ttl`, `active`, `stamp`, `serial`, `sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`) VALUES ('1', '5', '_acme-challenge', 'TXT', 'Eh4US3DYfHurtZ3yMQ5tPVbBHZ5wvqiIW8XcWXYPx4Y', '60', 'Y', '2021-07-03 08:45:40', '0', '', '', 'riud', 'riud', '')

For current ispconfig version (3.2.5) request should contain additional filed sys_userid (from dns_zone_get) and stamp in params with current time stamp (ex.: '2021-07-03 08:45:40')

Example request:

{
    session_id: "sdflkjhnm345",
    sys_userid: "100500",
    params: {
      stamp: '2021-07-03 08:45:40',
      server_id: 1,
      name: '_acme-challenge',
      active: 'Y',
      type: 'TXT',
      data: 'dfglkfdglkjsdfglkjsdfg',
      zone: 574,
      ttl: 60,
      update_serial: false
    }
  }

edejin avatar Jul 03 '21 09:07 edejin