Topic: smeserver-letsencrypt error 400

[john56]

#dehydrated -c -x 

Code: [Select]

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Error creating new order :: DNS name does not have enough labels",
  "status": 400
}

Have you any idea ?
Many thanks.

[ReetP]

Not without you telling us more about how you got there.

Please describe what you did and the vesrion that you are using.

If you do a search for your error you might find this:

https://community.letsencrypt.org/t/dns-name-does-not-have-enough-labels/67375


Also show the contents of

cat /etc/dehydrated/domains.txt
cat /etc/dehydrated/config

config show letsencrypt

[john56]

[root@buzz.buzz.kerplouz.com:~]# cat /etc/dehydrated/domains.txt
buzz.kerplouz.com buzz buzz.buzz buzz.buzz.kerplouz.com buzz.serveur ftp.buzz ftp.buzz.kerplouz.com ftp.serveur mail.buzz mail.buzz.kerplouz.com mail.serveur proxy.buzz proxy.buzz.kerplouz.com proxy.serveur wpad.buzz wpad.buzz.kerplouz.com wpad.serveur www.buzz www.buzz.kerplouz.com www.serveur buzz.kerplouz.com buzz.buzz buzz.buzz.kerplouz.com buzz.serveur ftp.buzz ftp.buzz.kerplouz.com ftp.serveur mail.buzz mail.buzz.kerplouz.com mail.serveur proxy.buzz proxy.buzz.kerplouz.com proxy.serveur wpad.buzz wpad.buzz.kerplouz.com wpad.serveur www.buzz www.buzz.kerplouz.com www.serveur orange.fr buzz.buzz buzz.buzz.kerplouz.com buzz.serveur ftp.buzz ftp.buzz.kerplouz.com ftp.serveur mail.buzz mail.buzz.kerplouz.com mail.serveur proxy.buzz proxy.buzz.kerplouz.com proxy.serveur wpad.buzz wpad.buzz.kerplouz.com wpad.serveur www.buzz www.buzz.kerplouz.com www.serveur serveur buzz.buzz buzz.buzz.kerplouz.com buzz.serveur ftp.buzz ftp.buzz.kerplouz.com ftp.serveur mail.buzz mail.buzz.kerplouz.com mail.serveur proxy.buzz proxy.buzz.kerplouz.com proxy.serveur wpad.buzz wpad.buzz.kerplouz.com wpad.serveur www.buzz www.buzz.kerplouz.com www.serveur
[root@buzz.buzz.kerplouz.com:~]# cat /etc/dehydrated/config
#!/bin/bash
WELLKNOWN="/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge"
CA="https://acme-staging-v02.api.letsencrypt.org/directory"

PARAM_ACCEPT_TERMS="yes"

[root@buzz.buzz.kerplouz.com:~]# config show letsencrypt
letsencrypt=service
    ACCEPT_TERMS=yes
    API=auto
    configure=all
    email=admin@buzz.kerplouz.com
    hookScript=enabled
    host=buzz.kerplouz.com
    path=/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge
    status=test
    user=root

[ReetP]

Well, I am not sure what documents you have been reading, but your config looks a bit of a mess.

First, what versions of letsencrypt and dehydrated are you using please?

Code: [Select]

rpm -qa |grep letsencrypt

Code: [Select]

rpm -qa |grep dehydrated
Your config:

letsencrypt=service

Do you understand what this does? it enables certificates for ALL hosts and domains. Are they all resolvable?

Code: [Select]

    configure=all
This is set but does not appear in your config file?

Code: [Select]

    email=admin@buzz.kerplouz.com
What is this for? You need to set required entries in the hosts and domains DBs, not here. Please remove it.

Code: [Select]

    host=buzz.kerplouz.com
Why is this set? It is fixed in the config file, and should be removed from here.

Code: [Select]

    path=/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge
At least one good thing

Code: [Select]

    status=test
Why is this set? It will not work and can be removed.

Code: [Select]

    user=root

cat /etc/dehydrated/domains.txt

As per the config item above, does every one of those host and domains resolve correctly ? If not you will get a failure.

Please go back and read the documentation.

https://wiki.contribs.org/Letsencrypt#Contrib_Installation_of_Dehydrated

https://wiki.contribs.org/Letsencrypt#Configuration

[john56]

Thanks for you answer

smeserver-letsencrypt-0.5-9.noarch
dehydrated-0.6.2-13.el6.sme.noarch

i don't know where i have to remove the lines i have to delete.

[ReetP]

Thanks for you answer

No worries.

[/quote]
smeserver-letsencrypt-0.5-9.noarch
dehydrated-0.6.2-13.el6.sme.noarch
[/quote]

Ok - looks about right.

i don't know where i have to remove the lines i have to delete.

Standard SME commands....

https://wiki.contribs.org/DB_Variables_Configuration

So...

Code: [Select]

config delprop letsencrypt path

Code: [Select]

config delprop letsencrypt user
etc.....

The decide on EXACTLY which domains and hosts you want certificates for. Make sure EACH host and domain is resolvable from the internet - if it isn't letsencrypt will fail.

Keep using test mode......

[john56]

With your help -->
" Signal events
All complete".

So Wait and see in 30 days ...
Many thanks.

[ReetP]

With your help -->
" Signal events
All complete".

OK

So Wait and see in 30 days ...

Did you run in test mode and all complete OK?
https://wiki.contribs.org/Letsencrypt#Enable_Test_Mode

Did you change to real mode and all complete OK?
https://wiki.contribs.org/Letsencrypt#Enable_Production_Mode

If both of those complete correctly then you should be OK.

If not then go back now and sort it out.