We're ALL busy!! But yes I am at the minute.
Cool. Let us know how you get along and ask if you get stuck.
We are on Rocket too if you want to chat/help......
Hi all
so far it didn't work. I've skimmed
https://forums.contribs.org/index.php/topic,53147.0.html and also done all the checks listed in the fault finding section without success so far.
I have an idea what it is but may be completely off-track. Bekow are the sanitised error from dehydrated and ditto http_error.
I suspect the problem is the server CommonName is not the DNS name of the domain it's trying to verify.
Am I on the right track?
Thanks for any suggestions or kicks.
MeJ
dehydrated
[root@serv1 dehydrated]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
Fetching missing account information from CA...
Processing mail.TLD.co.uk with alternative names: serv1.TLD.co.uk
+ Creating new directory /etc/dehydrated/certs/mail.TLD.co.uk ...
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ ERROR: An error occurred while sending get-request to
https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/38626606 (Status 405)
Details:
HTTP/1.1 405 Method Not Allowed
Server: nginx
Date: Wed, 12 Feb 2020 20:01:46 GMT
Content-Type: application/problem+json
Content-Length: 103
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Method not allowed",
"status": 405
}
[root@serv1 dehydrated]#
http_error
[Wed Feb 12 19:55:19 2020] [notice] caught SIGTERM, shutting down
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 19:55:19 2020] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Feb 12 19:55:19 2020] [notice] Digest: generating secret for digest authentication ...
[Wed Feb 12 19:55:19 2020] [notice] Digest: done
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 19:55:19 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 19:55:19 2020] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Feb 12 19:55:19 2020] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 12 19:58:43 2020] [error] [client 89.248.174.146] File does not exist: /home/e-smith/files/ibays/Primary/html/editBlackAndWhiteList
[Wed Feb 12 20:01:24 2020] [notice] caught SIGTERM, shutting down
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 20:01:24 2020] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Feb 12 20:01:24 2020] [notice] Digest: generating secret for digest authentication ...
[Wed Feb 12 20:01:24 2020] [notice] Digest: done
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 12 20:01:24 2020] [warn] RSA server certificate CommonName (CN) `serv1.TLD.co.uk' does NOT match server name!?
[Wed Feb 12 20:01:24 2020] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Feb 12 20:01:24 2020] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations