search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.59k stars 4.99k forks source link

TrueNAS not updating the SSL as ot was before #5130

Open gustavohellwig opened 6 months ago

gustavohellwig commented 6 months ago

Steps to reproduce

TrueNAS Core Version: TrueNAS-13.0-U6.1

Script:

export DEPLOY_TRUENAS_APIKEY="apias the /ui/apikeys provided"
export DEPLOY_TRUENAS_SCHEME="https"
export DEPLOY_TRUENAS_HOSTNAME="localhost.localdomain"
acme.sh --deploy -d localdomain --deploy-hook truenas --debug 2

Debug log

[Thu May  2 13:05:34 CDT 2024] Lets find script dir.
[Thu May  2 13:05:34 CDT 2024] _SCRIPT_='/opt/scripts/acmesh/acme.sh'
[Thu May  2 13:05:34 CDT 2024] _script='/opt/scripts/acmesh/acme.sh'
[Thu May  2 13:05:34 CDT 2024] _script_home='/opt/scripts/acmesh'
[Thu May  2 13:05:34 CDT 2024] Using config home:/opt/scripts/acmesh/data
[Thu May  2 13:05:34 CDT 2024] LE_WORKING_DIR='/opt/scripts/acmesh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Thu May  2 13:05:34 CDT 2024] Running cmd: deploy
[Thu May  2 13:05:34 CDT 2024] Using config home:/opt/scripts/acmesh/data
[Thu May  2 13:05:34 CDT 2024] default_acme_server
[Thu May  2 13:05:34 CDT 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Thu May  2 13:05:34 CDT 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Thu May  2 13:05:34 CDT 2024] _ACME_SERVER_PATH='v2/DV90'
[Thu May  2 13:05:34 CDT 2024] DOMAIN_PATH='/opt/scripts/acmesh/certs/localdomain'
[Thu May  2 13:05:34 CDT 2024] DOMAIN_CONF='/opt/scripts/acmesh/certs/localdomain/localdomain.conf'
[Thu May  2 13:05:34 CDT 2024] _deployApi='/opt/scripts/acmesh/deploy/truenas.sh'
[Thu May  2 13:05:34 CDT 2024] _cdomain='localdomain'
[Thu May  2 13:05:34 CDT 2024] _ckey='/opt/scripts/acmesh/certs/localdomain/localdomain.key'
[Thu May  2 13:05:34 CDT 2024] _ccert='/opt/scripts/acmesh/certs/localdomain/localdomain.cer'
[Thu May  2 13:05:34 CDT 2024] _cca='/opt/scripts/acmesh/certs/localdomain/ca.cer'
[Thu May  2 13:05:34 CDT 2024] _cfullchain='/opt/scripts/acmesh/certs/localdomain/fullchain.cer'
[Thu May  2 13:05:34 CDT 2024] DEPLOY_TRUENAS_APIKEY='[hidden](please add '--output-insecure' to see this value)'
[Thu May  2 13:05:34 CDT 2024] DEPLOY_TRUENAS_HOSTNAME='localhost.localdomain'
[Thu May  2 13:05:34 CDT 2024] DEPLOY_TRUENAS_SCHEME='https'
[Thu May  2 13:05:34 CDT 2024] _api_url='https://localhost.localdomain/api/v2.0'
[Thu May  2 13:05:34 CDT 2024] Testing Connection TrueNAS
[Thu May  2 13:05:34 CDT 2024] GET
[Thu May  2 13:05:34 CDT 2024] url='https://localhost.localdomain/api/v2.0/system/state'
[Thu May  2 13:05:34 CDT 2024] timeout=
[Thu May  2 13:05:34 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.wWjeBDBGsi  -g  --insecure  '
[Thu May  2 13:05:35 CDT 2024] ret='0'
[Thu May  2 13:05:35 CDT 2024] TrueNAS system state: "READY".
[Thu May  2 13:05:35 CDT 2024] Getting current active certificate from TrueNAS
[Thu May  2 13:05:35 CDT 2024] GET
[Thu May  2 13:05:35 CDT 2024] url='https://localhost.localdomain/api/v2.0/system/general'
[Thu May  2 13:05:35 CDT 2024] timeout=
[Thu May  2 13:05:35 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.nU6nlsOLt6  -g  --insecure  '
[Thu May  2 13:05:35 CDT 2024] ret='0'
[Thu May  2 13:05:35 CDT 2024] Active_UI_Certificate_ID='11'
[Thu May  2 13:05:35 CDT 2024] Active_UI_Certificate_Name='Letsencrypt_2024-05-02_180447'
[Thu May  2 13:05:35 CDT 2024] Active_UI_http_redirect='true'
[Thu May  2 13:05:35 CDT 2024] Uploading new certificate to TrueNAS
[Thu May  2 13:05:35 CDT 2024] POST
[Thu May  2 13:05:35 CDT 2024] _post_url='https://localhost.localdomain/api/v2.0/certificate'
[Thu May  2 13:05:35 CDT 2024] body='{"create_type": "CERTIFICATE_CREATE_IMPORTED", "name": "Letsencrypt_2024-05-02_180535", "certificate": "-----BEGIN CERTIFICATE-----\nMIIFFTCCA/BLAHBLAHBLAH\n-----END CERTIFICATE-----\n\n-----BEGIN CERTIFICATE-----\nBLAHBLAHBLAH==\n-----END CERTIFICATE-----\n", "privatekey": "-----BEGIN RSA PRIVATE KEY-----\nBLAHBLAHBLAH\n-----END RSA PRIVATE KEY-----\n"}'
[Thu May  2 13:05:35 CDT 2024] _postContentType='application/json'
[Thu May  2 13:05:35 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.SwFW3N0oSD  -g  --insecure  '
[Thu May  2 13:05:35 CDT 2024] _ret='0'
[Thu May  2 13:05:35 CDT 2024] Fetching list of installed certificates
[Thu May  2 13:05:35 CDT 2024] GET
[Thu May  2 13:05:35 CDT 2024] url='https://localhost.localdomain/api/v2.0/system/general/ui_certificate_choices'
[Thu May  2 13:05:35 CDT 2024] timeout=
[Thu May  2 13:05:35 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.01O7hTx1Ie  -g  --insecure  '
[Thu May  2 13:05:35 CDT 2024] ret='0'
[Thu May  2 13:05:35 CDT 2024] Current activate certificate ID: 12
[Thu May  2 13:05:35 CDT 2024] PUT
[Thu May  2 13:05:35 CDT 2024] _post_url='https://localhost.localdomain/api/v2.0/system/general'
[Thu May  2 13:05:35 CDT 2024] body='{"ui_certificate": "12"}'
[Thu May  2 13:05:35 CDT 2024] _postContentType='application/json'
[Thu May  2 13:05:35 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.EjOBEL4Bqc  -g  --insecure  '
[Thu May  2 13:05:36 CDT 2024] _ret='0'
[Thu May  2 13:05:36 CDT 2024] Checking if WebDAV certificate is the same as the TrueNAS web UI
[Thu May  2 13:05:36 CDT 2024] GET
[Thu May  2 13:05:36 CDT 2024] url='https://localhost.localdomain/api/v2.0/webdav'
[Thu May  2 13:05:36 CDT 2024] timeout=
[Thu May  2 13:05:36 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.83D9DcoTBp  -g  --insecure  '
[Thu May  2 13:05:36 CDT 2024] ret='0'
[Thu May  2 13:05:36 CDT 2024] WebDAV certificate is not configured or is not the same as TrueNAS web UI
[Thu May  2 13:05:36 CDT 2024] Checking if FTP certificate is the same as the TrueNAS web UI
[Thu May  2 13:05:36 CDT 2024] GET
[Thu May  2 13:05:36 CDT 2024] url='https://localhost.localdomain/api/v2.0/ftp'
[Thu May  2 13:05:36 CDT 2024] timeout=
[Thu May  2 13:05:36 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.7CdwmSvXb8  -g  --insecure  '
[Thu May  2 13:05:36 CDT 2024] ret='0'
[Thu May  2 13:05:36 CDT 2024] FTP certificate is not configured or is not the same as TrueNAS web UI
[Thu May  2 13:05:36 CDT 2024] Checking if S3 certificate is the same as the TrueNAS web UI
[Thu May  2 13:05:36 CDT 2024] GET
[Thu May  2 13:05:36 CDT 2024] url='https://localhost.localdomain/api/v2.0/s3'
[Thu May  2 13:05:36 CDT 2024] timeout=
[Thu May  2 13:05:36 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.FgIXchAaIe  -g  --insecure  '
[Thu May  2 13:05:36 CDT 2024] ret='0'
[Thu May  2 13:05:36 CDT 2024] S3 certificate is not configured or is not the same as TrueNAS web UI
[Thu May  2 13:05:36 CDT 2024] Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required
[Thu May  2 13:05:36 CDT 2024] Query all chart release
[Thu May  2 13:05:36 CDT 2024] GET
[Thu May  2 13:05:36 CDT 2024] url='https://localhost.localdomain/api/v2.0/chart/release'
[Thu May  2 13:05:36 CDT 2024] timeout=
[Thu May  2 13:05:36 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.rEY4cepSFJ  -g  --insecure  '
[Thu May  2 13:05:36 CDT 2024] ret='0'
parse error: Expected string key before ':' at line 1, column 4
[Thu May  2 13:05:36 CDT 2024] Found  related chart release in list: 
[Thu May  2 13:05:36 CDT 2024] Deleting old certificate
[Thu May  2 13:05:36 CDT 2024] DELETE
[Thu May  2 13:05:36 CDT 2024] _post_url='https://localhost.localdomain/api/v2.0/certificate/id/11'
[Thu May  2 13:05:36 CDT 2024] body
[Thu May  2 13:05:36 CDT 2024] _postContentType='application/json'
[Thu May  2 13:05:36 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.5HnWMetEax  -g  --insecure  '
[Thu May  2 13:05:36 CDT 2024] _ret='0'
[Thu May  2 13:05:36 CDT 2024] Reloading TrueNAS web UI
[Thu May  2 13:05:36 CDT 2024] GET
[Thu May  2 13:05:36 CDT 2024] url='https://localhost.localdomain/api/v2.0/system/general/ui_restart'
[Thu May  2 13:05:36 CDT 2024] timeout=
[Thu May  2 13:05:36 CDT 2024] _CURL='curl --silent --dump-header /opt/scripts/acmesh/data/http.header  -L  --trace-ascii /tmp/tmp.w7dspklTaQ  -g  --insecure  '
[Thu May  2 13:05:37 CDT 2024] ret='0'
[Thu May  2 13:05:37 CDT 2024] _restart_UI='null'
[Thu May  2 13:05:37 CDT 2024] Success
github-actions[bot] commented 6 months ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

gustavohellwig commented 6 months ago

the same error after run the:

acme.sh --upgrade

Also, I have manually updated the certificate, applied and worked. So the problem is just with the script and not with the certificate.

croneter commented 6 months ago

Same issue here

croneter commented 4 months ago

No luck...?

M0NsTeRRR commented 2 weeks ago

Hello guys,

You might take a look at the PR I've submitted here https://github.com/acmesh-official/acme.sh/pull/6089 I've updated the script to work with truenas scale 24.10, I can't fix it for core or 23.X as I'm not using it.