Oui, c’est ce que j’avais déjà proposé ici https://dev.yunohost.org/issues/92#note-4
Après, comme d’hab : faut du monde pour faire ça ™
Pour le reste, comme dit @Lapineige
Oui, c’est ce que j’avais déjà proposé ici https://dev.yunohost.org/issues/92#note-4
Après, comme d’hab : faut du monde pour faire ça ™
Pour le reste, comme dit @Lapineige
Comme dit Bram, la priorité pour le moment est de tester et stabiliser la feature. Par la suite, il y a plusieurs solutions envisageables pour ce qui est de mettre le certificat LE automatiquement. (Par exemple, vérifier pendant l’installation du domaine si le DNS est déjà configuré, et tenter d’installer le certificat dans ce cas).
En l’état, la nouvelle gestion built-in propose d’installer le certif en seulement une ligne de commande (ou deux clics sur l’interface d’admin), ce qui est déjà un grand pas en avant comparé à la config manuelle et même l’installation de letsencrypt_ynh.
Ok donc les discussions sur des améliorations viendront par la suite
+1
Bonjour à tous,
Migration vers la version 2.5.0 sans souci mise à part l’installation du certificat avec cert-install. Cela ne fonctionne pas que ce soit avec la page web ou en ligne de commande.
Quelle est l’erreur ? (ou les logs si rien n’est renvoyé)
Bonsoir Lapineige,
Voici les dernieres ligne des logs:
2016-12-26 15:49:18,447 INFO moulinette.actionsmap process - processing action [1850.1]: yunohost.domain.cert-install
2016-12-26 15:49:18,450 INFO yunohost.certmanager _generate_account_key - [1850.1] Generating account key …
2016-12-26 15:49:19,180 INFO urllib3.connectionpool _new_conn - Starting new HTTP connection (1): xxx.xxx.xxx.xxx
2016-12-26 18:06:10,460 INFO yunohost.certmanager _certificate_install_letsencrypt - [1850.1] Now attempting install of certificate for domain ngef.ovh!
2016-12-26 18:06:10,837 INFO urllib3.connectionpool _new_conn - Starting new HTTP connection (1): xxx.xxx.xxx.xxx
2016-12-26 18:08:04,322 ERROR yunohost cli - Opération interrompue
Comme on peut le voir, j’ai interrompu le processus qui étrangement dure super longtemps. J’ai pas une machine de guerre comme PC mais quand meme
Edit: Lorsque je tape yunohost domain cert-install, rien ne se passe au bout de quelques heures, du coup je suis obligé d’arreter le processus.
Et avec cert-status idem mais avec un ctrl c, j’ai quand meme le resultat de la commande.
Salut @Lapineige @Bram @moul ,
Pour ceux qui souhaitent pouvoir tester la version 2.5.x sur une Raspberry Pi 3 B :
http://avignu.wiki.tuxfamily.org/doku.php?id=documentation:yunohost-jessie-v2.5.x-rpi3b
ppr
Hi,
For those who wish to test version 2.5.x on a Raspberry Pi 3 B:
http://avignu.wiki.tuxfamily.org/doku.php?id=documentation:yunohost-jessie-v2.5.x-rpi3b
ppr
Salut,
Pour fêter la nouvelle année (Bônânééééeee !!!), j’ai enfin franchi le pas, la mise à jour de ma Brique s’est faite comme sur des roulettes \o/
J’ai profité de l’occasion pour tester LE (j’étais encore en auto-certifié, bouh!) : c’est tout bon pour mon domaine principal, mais pour les sous-domaines j’ai des choses comme ça (même après redémarrage de ma Brique) :
# yunohost domain cert-install duniter.youpeek.net
Error: Wrote file to /tmp/acme-challenge-public/[blablabla], but couldn't download http://duniter.youpeek.net/.well-known/acme-challenge/[blablabla]
Error: Certificate installation for mypads.youpeek.net failed !
Une idée ? Un souci avec ma config DNS chez OVH peut-être ?
En tout cas bravo et merci pour le boulot abattu !
And after some a period of reduce activity we’ve made another testing release \o/
Hopefully this will be the last one before the stable (but you never know).
Here is the changelog:
Love
- [enh][love] Add CONTRIBUTORS.md
Let’s Encrypt / Certificate mangement
- [enh] Check acme challenge conf exists in nginx when renewing cert
- [fix] Fix a bad validity check when trying to renew
- [fix] Adding check that domain is resolved locally when installing a LE cert
- [fix] Fix a situation where a cert could end up with bad perms for metronome
Misc
- [fix] No more socket activation for rspamd
- [fix] fail2ban rules now take into account failed login attempts on ssowat
- [fix] Ignore dyndns option is not needed with small domain
- [enh] Add yaml syntax check in travis.yml
- [mod] Autopep8 on all files that aren’t concerned by a PR
- [fix] Add timeout to fetchlist’s wget
Thanks to all contributors: Aleks, Bram, ju, ljf, opi, zimo2001 and to the
people who are participating to the beta and giving us feedback <3
Things that would be cool for you to test:
@gpsqueeek additionally, can you try to see if you domain resolve inside your brique? (Do a ping domain.com
from inside the brique if you aren’t sure). Also can you show us the content of /etc/resolv.conf
please?
Thanks everyone for your help in testing those beta release
Hey you had the new version ready to shoot at me !
I tried again but I now have this error message :
Error: Certificate installation for duniter.youpeek.net failed !
Exception: not enough arguments for format string
I also pinged my domains and here are the results :
# ping youpeek.net
PING youpeek.net (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.229 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.214 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.215 ms
# ping duniter.youpeek.net
PING youpeek.net (80.67.177.93) 56(84) bytes of data.
64 bytes from reverse-177-93.fdn.fr (80.67.177.93): icmp_seq=1 ttl=64 time=1.02 ms
64 bytes from reverse-177-93.fdn.fr (80.67.177.93): icmp_seq=2 ttl=64 time=0.815 ms
64 bytes from reverse-177-93.fdn.fr (80.67.177.93): icmp_seq=3 ttl=64 time=0.806 ms
As you can see, the sub-domain seems not to be directly resolved locally. I have no idea if it works as it is supposed to, though (nooooobiiiiie!)
And here is the content of my resolv.conf file :
domain Home
search Home
nameserver 192.168.1.1
By the way my installation is quite old (it was shortly before the cube files were out in the wild if I remember well) and has been upgraded since then so there might be some remnant of these days. My subdomains are quite recent though, maybe four months or so. Dunno if it helps…
Edit : by the way, the self-certification is not an issue for MyPads, but my Duniter seems to have trouble displaying the interface since I upgraded to the beta and tried to switch to LE - Firefox says
The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
Eh, not cool … Any chance that you can provide the command you typed ? Can you retry by adding --debug
at the end ?
Sure, here is the full log :
# yunohost domain cert-install duniter.youpeek.net --debug
313 DEBUG loading actions map namespace 'yunohost'
350 DEBUG extra parameter classes loaded: ['ask', 'password', 'required', 'pattern']
351 DEBUG initializing base actions map parser for cli
357 DEBUG registering new callback action 'yunohost.utils.packages.ynh_packages_version' to ['-v', '--version']
753 DEBUG unable to load locale 'en' from '/usr/share/moulinette/locale'
755 DEBUG unable to load locale 'en' from '/usr/lib/moulinette/yunohost/locales'
911 DEBUG initialize authenticator 'ldap-anonymous' with: uri='ldap://localhost:389', base_dn='dc=yunohost,dc=org', user_rdn='None'
929 DEBUG lock has been acquired
8530 INFO processing action [2342.1]: yunohost.domain.cert-install with args={'no_checks': False, 'force': False, 'domain_list': ['duniter.youpeek.net'], 'self_signed': False, 'auth': <moulinette.authenticators.ldap.Authenticator object at 0xb6520d70>, 'staging': False}
11356 INFO Starting new HTTP connection (1): 80.67.177.93
11579 DEBUG "HEAD / HTTP/1.1" 501 0
11586 INFO Now attempting install of certificate for domain duniter.youpeek.net!12108 INFO Starting new HTTP connection (1): 80.67.177.93
12152 DEBUG "HEAD / HTTP/1.1" 501 0
12161 ERROR Certificate installation for duniter.youpeek.net failed !
Exception: not enough arguments for format string
12165 DEBUG action [2342.1] ended after 3.632s
12169 DEBUG lock has been released
Did you upgrade to 2.5.3 in the meantime ?
That’s my error, I’ve made a fucking stupid mistake. I’ve pushed a 2.5.3.1 that fix it -_-’
Hi there,
I upgraded from 2.5.3 to 2.5.3.1 and I am now back to the previous error ; here is the debug trace :
# yunohost domain cert-install duniter.youpeek.net
Error: Wrote file to /tmp/acme-challenge-public/VrrnxrOVcYLrcwXRjdBVcg4JxF5EKFyK_XjUidfL-Kc, but couldn't download http://duniter.youpeek.net/.well-known/acme-challenge/VrrnxrOVcYLrcwXRjdBVcg4JxF5EKFyK_XjUidfL-Kc
Error: Certificate installation for duniter.youpeek.net failed !
Exception: [Errno 22] Signing the new certificate failed
root@youpeek:/home/admin# yunohost domain cert-install duniter.youpeek.net --debug
314 DEBUG loading actions map namespace 'yunohost'
352 DEBUG extra parameter classes loaded: ['ask', 'password', 'required', 'pattern']
354 DEBUG initializing base actions map parser for cli
359 DEBUG registering new callback action 'yunohost.utils.packages.ynh_packages_version' to ['-v', '--version']
579 DEBUG unable to load locale 'en' from '/usr/share/moulinette/locale'
581 DEBUG unable to load locale 'en' from '/usr/lib/moulinette/yunohost/locales'
667 DEBUG initialize authenticator 'ldap-anonymous' with: uri='ldap://localhost:389', base_dn='dc=yunohost,dc=org', user_rdn='None'
678 DEBUG lock has been acquired
6863 INFO processing action [5311.1]: yunohost.domain.cert-install with args={'no_checks': False, 'force': False, 'domain_list':
['duniter.youpeek.net'], 'self_signed': False, 'auth': <moulinette.authenticators.ldap.Authenticator object at 0xb655bdd0>, 'staging': False}
8460 INFO Starting new HTTP connection (1): 80.67.177.93
8512 DEBUG "HEAD / HTTP/1.1" 501 0
8518 DEBUG Domain 'duniter.youpeek.net' ip is 80.67.177.93, except it to be 127.0.0.1 or 80.67.177.93
8520 INFO Now attempting install of certificate for domain duniter.youpeek.net!
8928 INFO Starting new HTTP connection (1): 80.67.177.93
8966 DEBUG "HEAD / HTTP/1.1" 501 0
8971 DEBUG Domain 'duniter.youpeek.net' ip is 80.67.177.93, except it to be 127.0.0.1 or 80.67.177.93
8975 INFO Nginx configuration file for ACME challenge already exists for domain, skipping.
8976 DEBUG Making sure tmp folders exists...
8980 INFO Prepare key and certificate signing request (CSR) for duniter.youpeek.net...
25438 INFO Saving to /tmp/acme-challenge-private/duniter.youpeek.net.csr.
25445 INFO Now using ACME Tiny to sign the certificate...
25448 INFO Parsing account key...
25513 INFO Parsing CSR...
25570 INFO Registering account...
26716 INFO Already registered!
26721 INFO Verifying duniter.youpeek.net...
28815 ERROR Wrote file to /tmp/acme-challenge-public/HLmDSR81DbO50fgiAPqczEy5nqBkWH0qVAR3pl8XZjU, but couldn't download http://duniter.youpeek.net/.well-known/acme-challenge/HLmDSR81DbO50fgiAPqczEy5nqBkWH0qVAR3pl8XZjU
28818 ERROR Certificate installation for duniter.youpeek.net failed !
Exception: [Errno 22] Signing the new certificate failed
28820 DEBUG action [5311.1] ended after 21.954s
28821 DEBUG lock has been released
I am surprised with line 8971 (I guess “except” is supposed to be “expected” ?)
Don’t be so hard with you Bram.
Only those who do nothing make no mistakes.
It seems you make a lot of mistakes or a lot of thinks, as you wish
And beta versions are here to detect and correct those mistakes. They have no impact on users, as we are not using a production server to test a beta version.
edit: what ? There’s no button to send some datalove here ?
Meh, c’est vraiment super bizarre et ce serait cool qu’on comprenne ce qu’il se passe … Est-ce que tu as moyen de tester les commandes suivantes ?
ls -l /tmp/acme-challenge-public
et
echo "plop" > /tmp/acme-challenge-public/toto
curl http://duniter.youpeek.net/.well-known/acme-challenge/toto
et éventuellement :
python -c "import requests; print(requests.get('http://duniter.youpeek.net/.well-known/acme-challenge/toto'))"
En fait ce serait plus simple si t’as moyen de venir directement sur le chat de dev ou de support, je dirais … Si tu as un client xmpp, c’est support@conference.yunohost.org. Sinon tu peux y accéder facilement depuis cette page, en cliquant sur le bidule en bas à droite !
Voilà les résultats des commandes :
# ls -l /tmp/acme-challenge-public
total 0
La suivante est assez encombrante…
#echo "plop" > /tmp/acme-challenge-public/toto
# curl http://duniter.youpeek.net/.well-known/acme-challenge/toto
<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta http-equiv="Pragma" content="no-cache">
<link rel="stylesheet" href='stylemain.css' type='text/css'>
<script language="javascript" src="aye_util.js"></script>
<title>D-Link ADSL Router</title>
<script language="javascript">
<!--
if(FAKEUI == true)
{
var Lang = [{'language':'en'}];
var passwdInfo = [{'username':'', 'timeout':'10','captcha':'0'}];
var accessInfo = [{'mode':'LAN', 'ipaddr':'192.168.0.1'}];
}
else
{
var Lang = eval("[{'language':'en'}]");
var passwdInfo = eval("[{'adminUserName':'admin','supportUserName':'support','userUserName':'user','timeout':'10','captcha':
'0'}]");
var accessInfo = eval("[{'mode':'WAN','ipaddr':''}]");
}
var time_out = passwdInfo[0].timeout;
var loginerrflag = false;
var regen_count = 0;
//check login authentication
if(typeof(aye_response) !== 'undefined' && aye_response != null) {
var msg1 = aye_response.split("!!");
if(msg1[0]!='Status:0'){
// Remove cookie
deleteAllCookies();
loginerrflag = true;
}else{
var sessionKey = aye_response.split("sessionkey=")[1];
Set_Cookie( 'sessionKey', sessionKey, '1', '/');
ayeSubmit('location=\'index.html\'');
}
}else{
// Remove cookie
deleteAllCookies();
}
language =( typeof(Lang[0].language) !== 'undefined' && Lang[0].language != 'unknown' && Lang != null ) ? Lang[0].language : 'en
' ;
Set_Cookie( 'MultiLingual', language, '1', '/');
if(accessInfo[0].mode != 'null' && accessInfo[0].ipaddr != 'null')
{
Set_Cookie('AccessMode',accessInfo[0].mode,'1','/');
}
document.write("<script language='javascript' charset='utf-8' src='js\/"+language+"\/glb_str.js'><\/script>");
document.write("<script language='javascript' charset='utf-8' src='js\/"+language+"\/login.js'><\/script>");
/*
* check client's ip-address and how comes from(WAN/LAN).
*/
function checkResult(){
if ((xmlRequest.readyState == 4) && (xmlRequest.status == 200)) {
var tmp = xmlRequest.responseText;
alert(tmp);
var rslt_info = eval(tmp);
var Result = new Array();
alert("!!!");
alert(rslt_info);
Result = eval(getAyeResult(rslt_info));
var tmp='';
var Result_Value = new Array();
for(var i=1; i<Result.length; i++)
tmp += Result[i];
Result_Value = eval(tmp);
alert(tmp);
}
}
function frmLoad(){
with ( document.forms[0] )
{
if(loginerrflag == true)
{
tryagain_btn.value = aye_btn(glb_try_again_btn);
document.getElementById('loginerror').style.display='';
document.getElementById('maincontent').style.display='none';
}
}
}
var captchaEnbl= passwdInfo[0].captcha;
if(typeof(UPNP_DEV_MODEL_DESCRIPTION) == 'undefined')
{
var ModemVer = 'undefined';
}
else
{
var ModemVer = UPNP_DEV_MODEL_DESCRIPTION;
}
if(typeof(AYECOM_AREA) == 'undefined' || typeof(AYECOM_FWVER) == 'undefined')
{
var FirmwareVer = 'undefined';
}
else
{
var FirmwareVer = AYECOM_AREA + '_' + AYECOM_FWVER;
}
if(typeof(AYECOM_HWVER) == 'undefined')
{
var HardwareVer = 'undefined';
}
else
{
var HardwareVer = AYECOM_HWVER;
}
var POL = "0";
function returnlogin() {
loc = 'login.html';
code = 'location="' + loc + '"';
ayeSubmit(code);
}
function convert(val)
// this converts a given char to url hex form
{
return "%" + decToHex(val.charCodeAt(0), 16);
}
function decToHex(num, radix)
// part of the hex-ifying functionality
{
var hexString = "";
while ( num >= radix ) {
temp = num % radix;
num = Math.floor(num / radix);
hexString += hexVals[temp];
}
hexString += hexVals[num];
return reversal(hexString);
}
function reversal(s)
// part of the hex-ifying functionality
{
var len = s.length;
var trans = "";
for (i = 0; i < len; i++)
trans = trans + s.substring(len-i-1, len-i);
s = trans;
return s;
}
var hexVals = new Array("0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
"A", "B", "C", "D", "E", "F");
var unsafeString = "\"<>%\\^[]`\+\$\,'#&";
// deleted these chars from the include list ";", "/", "?", ":", "@", "=", "&" and #
// so that we could analyze actual URLs
function isUnsafe(compareChar)
// this function checks to see if a char is URL unsafe.
// Returns bool result. True = unsafe, False = safe
{
if ( unsafeString.indexOf(compareChar) == -1 && compareChar.charCodeAt(0) > 32
&& compareChar.charCodeAt(0) < 123 )
return false; // found no unsafe chars, return false
else
return true;
}
function encodeUrl(val)
{
var len = val.length;
var i = 0;
var newStr = "";
var original = val;
var hasField = false;
(post trop gros, je le coupe en deux)