certgrinder icon indicating copy to clipboard operation
certgrinder copied to clipboard
verified publisher icon tykling

domain-list:

Open seannaswell opened this issue 3 years ago • 3 comments

Running into a weird issue that is most certainly user error, would greatly appreciate some feedback...

Running certgrinder -c ~/certgrinder.conf get certificate to test setup, which results in one of two errors, depending how domain-list: is formatted.

When formatted as

domain-list: "example.com"

I receive the following error:

[certgrinder@proxy /]$ certgrinder -c ~/certgrinder.conf get certificate Traceback (most recent call last): File "/usr/local/bin/certgrinder", line 33, in sys.exit(load_entry_point('certgrinder==0.17.2', 'console_scripts', 'certgrinder')()) File` "/usr/local/lib/python3.8/site-packages/certgrinder/certgrinder.py", line 2232, in main certgrinder.grind(args) File "/usr/local/lib/python3.8/site-packages/certgrinder/certgrinder.py", line 1799, in grind assert isinstance(self.conf["domain-list"], list) AssertionError

However, when formatted as

domain-list: - "example.com"

the following ssh error appears, apparently related to having an illegal "-" in the command.

[certgrinder@proxy /]$ certgrinder -c ~/certgrinder.conf get certificate 2022-05-17 06:12:50 -0600 certgrinder INFO Getting new certificate for domainset ['example.com'] ... 2022-05-17 06:12:50 -0600 certgrinder WARNING ssh: illegal option -- - ..... 2022-05-17 06:12:50 -0600 certgrinder ERROR Did not get any output, expected a certificate chain in stdout from certgrinderd

This is on FreeBSD 13.0, client has stock ssh/d_configs, server slightly modified but I'm not sure how that could cause this.

Any idea what I am doing wrong?

seannaswell avatar May 17 '22 06:05 seannaswell

Update: After further testing, it appears the issue is not the " - " in the domain-list directive.

Commenting out the domain-list: directive in certgrinder.conf, and instead issuing certgrinder -c ~/certgrinder.conf --domain-list example.com get certificate produces the same ssh error:

2022-05-17 19:43:20 -0600 certgrinder INFO Getting new certificate for domainset ['example.com'] ... 2022-05-17 19:43:20 -0600 certgrinder WARNING ssh: illegal option -- - ...... 2022-05-17 19:43:20 -0600 certgrinder ERROR Did not get any output, expected a certificate chain in stdout from certgrinderd

The certgrinder client can login to certgrinderd server, and the error stops the ssh process before attempting to connect to the server. Any idea what the ssh error might be referring to?

seannaswell avatar May 17 '22 20:05 seannaswell

Just FYI: Installed from pip, and the only directives configured in certgrinder.conf are path: and certgrinderd:, everything else commented out.

seannaswell avatar May 17 '22 20:05 seannaswell

And lastly, the output of debug:

2022-05-17 22:13:24 -0600 certgrinder DEBUG Certgrinder.run_certgrinderd():709: Running certgrinderd command: ['ssh', '[email protected]', '-T', '--log-level', 'DEBUG', '--acme-server-url', 'https://acme-staging-v02.api.letsencrypt.org/directory', '--preferred-chain', 'Fake_LE_Root_X1', 'get', 'certificate'] 2022-05-17 22:13:24 -0600 certgrinder WARNING Certgrinder.run_certgrinderd():745: ssh: illegal option -- - ..... 2022-05-17 22:13:24 -0600 certgrinder ERROR Certgrinder.get_certificate():888: Did not get any output, expected a certificate chain in stdout from certgrinderd

seannaswell avatar May 17 '22 22:05 seannaswell