Open mfeske opened 11 months ago
github-actions[bot]
commented
11 months ago Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
mfeske
commented
11 months ago was uptodate, log with --debug 2 is in attachment of the post. acme.sh --upgrade [Wed Oct 4 10:21:23 AM CEST 2023] Already uptodate! [Wed Oct 4 10:21:23 AM CEST 2023] Upgrade success!
Radiotic
commented
10 months ago Same issue here with Fritz Box 7580 on FRITZ!OS: 07.30
berndy2001
commented
10 months ago same on 7590 Firmware 07.57
root@cAcme:~# acme.sh --deploy -d *.domain.com --deploy-hook fritzbox --debug 2
[Fri Nov 10 20:17:50 UTC 2023] Lets find script dir.
[Fri Nov 10 20:17:50 UTC 2023] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Nov 10 20:17:50 UTC 2023] _script='/root/.acme.sh/acme.sh'
[Fri Nov 10 20:17:50 UTC 2023] _script_home='/root/.acme.sh'
[Fri Nov 10 20:17:50 UTC 2023] Using config home:/root/.acme.sh
[Fri Nov 10 20:17:50 UTC 2023] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.7
[Fri Nov 10 20:17:50 UTC 2023] Running cmd: deploy
[Fri Nov 10 20:17:50 UTC 2023] Using config home:/root/.acme.sh
[Fri Nov 10 20:17:50 UTC 2023] default_acme_server
[Fri Nov 10 20:17:50 UTC 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Nov 10 20:17:50 UTC 2023] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri Nov 10 20:17:50 UTC 2023] _ACME_SERVER_PATH='v2/DV90'
[Fri Nov 10 20:17:50 UTC 2023] The domain '*.domain.com' seems to have a ECC cert already, lets use ecc cert.
[Fri Nov 10 20:17:50 UTC 2023] DOMAIN_PATH='/root/.acme.sh/*.domain.com_ecc'
[Fri Nov 10 20:17:50 UTC 2023] DOMAIN_CONF='/root/.acme.sh/*.domain.com_ecc/*.domain.com.conf'
[Fri Nov 10 20:17:50 UTC 2023] _deployApi='/root/.acme.sh/deploy/fritzbox.sh'
[Fri Nov 10 20:17:50 UTC 2023] _cdomain='*.domain.com'
[Fri Nov 10 20:17:50 UTC 2023] _ckey='/root/.acme.sh/*.domain.com_ecc/*.domain.com.key'
[Fri Nov 10 20:17:50 UTC 2023] _ccert='/root/.acme.sh/*.domain.com_ecc/*.domain.com.cer'
[Fri Nov 10 20:17:51 UTC 2023] _cca='/root/.acme.sh/*.domain.com_ecc/ca.cer'
[Fri Nov 10 20:17:51 UTC 2023] _cfullchain='/root/.acme.sh/*.domain.com_ecc/fullchain.cer'
[Fri Nov 10 20:17:51 UTC 2023] DEPLOY_FRITZBOX_URL='https://192.168.1.1'
[Fri Nov 10 20:17:51 UTC 2023] DEPLOY_FRITZBOX_USERNAME='admin'
[Fri Nov 10 20:17:51 UTC 2023] DEPLOY_FRITZBOX_PASSWORD='[hidden](please add '--output-insecure' to see this value)'
[Fri Nov 10 20:17:51 UTC 2023] Log in to the FRITZ!Box
[Fri Nov 10 20:17:51 UTC 2023] GET
[Fri Nov 10 20:17:51 UTC 2023] url='https://192.168.1.1/login_sid.lua'
[Fri Nov 10 20:17:51 UTC 2023] timeout=
[Fri Nov 10 20:17:51 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.e1ElGbjfXF -g --insecure '
[Fri Nov 10 20:17:52 UTC 2023] ret='0'
[Fri Nov 10 20:17:52 UTC 2023] GET
[Fri Nov 10 20:17:52 UTC 2023] url='https://192.168.1.1/login_sid.lua?sid=0000000000000000&username=admin&response=6140341e-040d0c8857f230a93f82859fec406e89'
[Fri Nov 10 20:17:52 UTC 2023] timeout=
[Fri Nov 10 20:17:52 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.4XijmRIoYt -g --insecure '
[Fri Nov 10 20:17:54 UTC 2023] ret='0'
[Fri Nov 10 20:17:54 UTC 2023] Generate form POST request
[Fri Nov 10 20:17:54 UTC 2023] Upload certificate to the FRITZ!Box
[Fri Nov 10 20:17:54 UTC 2023] POST
[Fri Nov 10 20:17:54 UTC 2023] _post_url='https://192.168.1.1/cgi-bin/firmwarecfg'
[Fri Nov 10 20:17:54 UTC 2023] body='-----------------------------20231110201754
Content-Disposition: form-data; name="sid"
b1aa8b6e181b5a5f
-----------------------------20231110201754
Content-Disposition: form-data; name="BoxCertPassword"
-----------------------------20231110201754
Content-Disposition: form-data; name="BoxCertImportFile"; filename="BoxCert.pem"
Content-Type: application/octet-stream
-----BEGIN EC PRIVATE KEY-----
(removed)
-----END EC PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(removed)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(removed)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(removed)
-----END CERTIFICATE-----
-----------------------------20231110201754--'
[Fri Nov 10 20:17:54 UTC 2023] _postContentType
[Fri Nov 10 20:17:54 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.XcWhL8suvl -g --insecure '
[Fri Nov 10 20:17:55 UTC 2023] _ret='0'
[Fri Nov 10 20:17:55 UTC 2023] Upload failed
[Fri Nov 10 20:17:55 UTC 2023] Error deploy for domain:*.domain.com
[Fri Nov 10 20:17:55 UTC 2023] Deploy error.
I would like to solve:
fritzbox wants to have an rsa certificate, but the default is apparently now ec-256. therefore simply add --keylength 4096 (or 2048 which was default) and optionally --force and it will work.
Steps to reproduce
Hello everyone, The creation of the certificate is successful, but the import into the Fritz!Box 7590 with Fritz!OS 7.57 fails.
I created a user LetsEncrypt and the password has no special characters. I can also log in with the user from the Internet via the Fritz interface (I have released everything for the user). According to the Fritz!Box event log, the user LetsEncrypt also logs in, which also comes from the web server IP where the script is running. The correct data is stored in the config file of the certificate. When I use --output-insecure, the correct data is also contained there, but appears in the output
There is also the message:
Debug log
see attachment acme_home_deploy_20231004_0854.log