Troubleshooting a CSR request issue

bzed / bzed-letsencrypt

Puppet module for centralized CSR signing using Let’s Encrypt™ - keeping your keys safe on the host they belong to.

11 stars 14 forks source link

Troubleshooting a CSR request issue #10

Closed dpisano closed 8 years ago

dpisano commented 8 years ago

I'm running puppet 4.5.2 and puppetserver 2.4.0. I'm trying to get me puppet master to pull the CSR request from the client so that it can be sent to be signed. I have the following configuration on my client.

  require ::letsencrypt::params
  $myhostname = $::fqdn

  class { 'letsencrypt' :
      domains     => [ $myhostname ],
  }

On my master I have the following.

 class { 'letsencrypt' :
  hook_source                        => '/opt/letsencrypt/letsencrypt.sh/hooks/cloudflare',
  letsencrypt_ca                     => 'https://acme-staging.api.letsencrypt.org/directory',
  letsencrypt_contact_email   => 'letsencrypt@example.org',
 }

I see the CSR on the client, but I don't think the master is pulling it. Is there anything that I can run to help troubleshoot this? I have run puppet agent -t --debug on the master and don't see anything that points to the possible problem.

bzed commented 8 years ago

Are you sure that your exported ressources work as expected? https://docs.puppet.com/puppet/latest/reference/lang_exported.html

dpisano commented 8 years ago

I'm not sure. I'm new to puppet so I'm leaning as I go. I did not have puppetdb setup before. I now have it setup. I do see data for my client in my puppetdb export. I did noticed the following on my client when I was running tests.

Notice: no CSR from facter for domain test-host.example.org
Notice: /Stage[main]/Letsencrypt/Letsencrypt::Certificate[test-host.example.org]/Letsencrypt::Csr[test-host.example.org]/Notify[no CSR from facter for domain test-host.example.org]/message: defined 'message' as 'no CSR from facter for domain test-host.example.org'

dpisano commented 8 years ago

I might have found the problem. I also had the bellow in my manafest I was using from the example in the README.

    $base_dir = $::letsencrypt::params::base_dir
    $crt_dir  = $::letsencrypt::params::crt_dir
    $key_dir  = $::letsencrypt::params::key_dir

    $tls_key = "${key_dir}/${myhostname}.key"
    $tls_cert = "${crt_dir}/${myhostname}_fullchain.pem"

As soon as I commented it out it seem to start working.

dpisano commented 8 years ago

This seems to be working now. I'm having a problem with the hook now, but that is a separate issue. Thanks for your help.

bzed commented 8 years ago

Removing the snippets from the example did not solve whatever issue you had....

dpisano commented 8 years ago

Removing the following from the example solved the issue I was having.

    $base_dir = $::letsencrypt::params::base_dir
    $crt_dir  = $::letsencrypt::params::crt_dir
    $key_dir  = $::letsencrypt::params::key_dir

    $tls_key = "${key_dir}/${myhostname}.key"
    $tls_cert = "${crt_dir}/${myhostname}_fullchain.pem"

Don't know why is solved it, but it did.