Yannik / qnap-letsencrypt

Let's Encrypt on QNAP
318 stars 59 forks source link

Renew always fail #83

Closed aetasoul closed 4 years ago

aetasoul commented 4 years ago

Platform/Firmware Information

Platform = X86_BAYTRAIL
DISPLAY_NAME = TS-451

Model = TS-X51
Internal Model = TS-X51
Version = 4.4.2
Build Number = 20200529
Rsync Model = QNAP
Build Date = 2020-05-29

Is this the latest firmware for your device? YES

Issue Summary (provide relevant error messages and log output):

Can't renew the certificate, I have other 5 device with this script installed and worked without problems...

Port 80, 443 and 8080 are open. The Web Server is stopped and removed from port 80.

LOG ``` [/share/qnap-letsencrypt/qnap-letsencrypt] # ./renew_certificate.sh Checking whether to renew certificate on Sat, 27 Jun 2020 09:20:18 +0200 Renewing certificate... qnap-letsencrypt version: f758272 Using python path: python3 Stopping Qthttpd hogging port 80.. Shutting down Qthttpd services: OK. Killing old python process 18867 hogging port 80 Started python HTTP server with pid 20254 Parsing account key... Parsing CSR... Found domains: my.custom.domain Getting directory... Directory found! Registering account... Already registered! Creating new order... Order created! Verifying my.custom.domain... Traceback (most recent call last): File "acme-tiny/acme_tiny.py", line 141, in get_crt assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization) File "acme-tiny/acme_tiny.py", line 46, in _do_request raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data)) ValueError: Error: Url: http://my.custom.domain/.well-known/acme-challenge/w49aVv51L-TklqqN9fk76ZekgiQsfy6kuEawK-nFsbg Data: None Response Code: None Response: During handling of the above exception, another exception occurred: Traceback (most recent call last): File "acme-tiny/acme_tiny.py", line 198, in main(sys.argv[1:]) File "acme-tiny/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "acme-tiny/acme_tiny.py", line 143, in get_crt raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e)) ValueError: Wrote file to tmp-webroot/.well-known/acme-challenge/w49aVv51L-TklqqN9fk76ZekgiQsfy6kuEawK-nFsbg, but couldn't download http://my.custom.domain/.well-known/acme-challenge/w49aVv51L-TklqqN9fk76ZekgiQsfy6kuEawK-nFsbg: Error: Url: http://my.custom.domain/.well-known/acme-challenge/w49aVv51L-TklqqN9fk76ZekgiQsfy6kuEawK-nFsbg Data: None Response Code: None Response: An error occured. Restoring system state. ./renew_certificate.sh: line 11: 20254 Killed "$PYTHON" ../HTTPServer.py (wd: /share/CACHEDEV1_DATA/qnap-letsencrypt/qnap-letsencrypt/tmp-webroot) Start apache proxy: OK Starting Qthttpd services: Qthttpd. ```

Running the HTTPServer.py alone, the webpage displayed on my.custom.domain:80 report this error:

Error response
Error code: 404

Message: File not found.

Error code explanation: HTTPStatus.NOT_FOUND - Nothing matches the given URI.
aetasoul commented 4 years ago

UPDATE:

I can renew my certificate now, I have done as follow:

export http_proxy=my.proxy:myPort
./renew_certificate.sh

Set http_proxy on the QNAP, after that run the renew script, I think that my provider is blocking something that don't allow acme-tiny to verify my domain.

aetasoul commented 4 years ago

Solved.

There are some misconfiguration made by my provider, now is fixed.