search

certbot / certbot

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Other
31.16k stars 3.38k forks source link

Dont work on hosts with public ipv6 and privat rfc1918 ipv4 address dns entry #3359

Closed tioan closed 7 years ago

tioan commented 7 years ago

2016-07-30 21:30:47,694:DEBUG:certbot.main:Root logging level set at 30 2016-07-30 21:30:47,694:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2016-07-30 21:30:47,695:DEBUG:certbot.main:certbot version: 0.8.1 2016-07-30 21:30:47,695:DEBUG:certbot.main:Arguments: ['--standalone', '-d', 'unifi.srv.in.ffho.net'] 2016-07-30 21:30:47,695:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone) 2016-07-30 21:30:47,697:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None 2016-07-30 21:30:47,925:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone Description: Automatically use a temporary webserver Interfaces: IAuthenticator, IPlugin Entry point: standalone = certbot.plugins.standalone:Authenticator Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f644b04cc90> Prep: True 2016-07-30 21:30:47,926:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f644b04cc90> and installer None 2016-07-30 21:31:15,929:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {} 2016-07-30 21:31:15,943:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2016-07-30 21:33:23,639:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280 2016-07-30 21:33:23,640:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Sat, 30 Jul 2016 21:33:23 GMT', 'Boulder-Request-Id': 'setNOtOONpsuMcf0jCkoJ7pIyf8Jo3phGXf6LPL5MxI', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 30 Jul 2016 21:33:23 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'JkL2WfdnF7gv_emk8jTztJuocLggvGRngHtoxXRwocE'}. Content: '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}' 2016-07-30 21:33:23,640:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Sat, 30 Jul 2016 21:33:23 GMT', 'Boulder-Request-Id': 'setNOtOONpsuMcf0jCkoJ7pIyf8Jo3phGXf6LPL5MxI', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 30 Jul 2016 21:33:23 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'JkL2WfdnF7gv_emk8jTztJuocLggvGRngHtoxXRwocE'}): '{\n "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}' 2016-07-30 21:33:23,640:DEBUG:root:Requesting fresh nonce 2016-07-30 21:33:23,640:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-reg. args: (), kwargs: {} 2016-07-30 21:33:23,829:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-reg HTTP/1.1" 405 0 2016-07-30 21:33:23,829:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id': '6_24pAuxWbAoCUd-MToj_j2rzX5YzB9L7ThimuamrhE', 'Expires': 'Sat, 30 Jul 2016 21:33:23 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sat, 30 Jul 2016 21:33:23 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'pv_UdlIz9jYwFXSd6scNDpOS8nL0l_JCLIfQumro10g'}. Content: '' 2016-07-30 21:33:23,830:DEBUG:acme.client:Storing nonce: '\xa6\xff\xd4vR3\xf660\x15t\x9d\xea\xc7\r\x0e\x93\x92\xf2r\xf4\x97\xf2B,\x87\xd0\xbaj\xe8\xd7H' 2016-07-30 21:33:23,830:DEBUG:acme.jose.json_util:Omitted empty fields: agreement=None, certificates=None, authorizations=None, key=None 2016-07-30 21:33:23,830:DEBUG:acme.client:Serialized JSON: {"contact": ["mailto:kontakt@ffho.net"], "resource": "new-reg"} 2016-07-30 21:33:23,831:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, alg=None, jku=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None, jwk=None 2016-07-30 21:33:23,833:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None 2016-07-30 21:33:23,833:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-reg. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "y9oWmOUI6cOiyoH9WW3cKCS78ZQHciaG6zmFHF9H9TmayD9lu1jhyxEqnvWC9_5Ddy56iNBYvulF-4a_v4gdQsZuvrJAxheF0_v5uieURva3h5QeNoT9TPHFn-zL1jmzPN-45XtVRBrazwmcKNKSYx1CkVGBXgIrw-rdV5SC4JHPeRUpXoWdHwZG2j0Q8D60ZuOfOl52jZTwRt6WIN53iRGmF5DTzDSLMg8bhlNKiZ8nE96cLnT1ONfbTA7BG18tfIeBrvWMvtVnuUuVyoNTb_mH2wI1e8D64keQ-Vl1K7qCN_wWSqEmwThrXEf-3G0O4Wv_SHXTWhZTqG4xwCRbYw"}}, "protected": "eyJub25jZSI6ICJwdl9VZGxJejlqWXdGWFNkNnNjTkRwT1M4bkwwbF9KQ0xJZlF1bXJvMTBnIn0", "payload": "eyJjb250YWN0IjogWyJtYWlsdG86a29udGFrdEBmZmhvLm5ldCJdLCAicmVzb3VyY2UiOiAibmV3LXJlZyJ9", "signature": "se2zgDJ-XR2V2zacTTG4dFBEOcKNqRpdmb0e7IS4TRnfR7OEVVTWmHfteCa4qvPCEE8DsepQ1yNCUTsUggOi8S3hxfUo-qnpQ1FcvuUtePz7Wj30en0C4INQbVH56xauDNcxofI9RUYWv3j7uaveYovdADKwdoeMIgLDWxYBvggBehWOJ2gu7FT6_o33bF1-m9sOwSjfPoJvh_a5YmBzhgjv5R6BPu-ZK45SRTHmHXdSl4xF1kvvB0NB4GtqR94Tj-e-6Q-sn1B-HZOeTo1y4erIgZxXqYc5rml4i9NOoB_h3g6Se7GhflHH3NDpqm-T1y0NdQi38ardph6ZK_Cp_Q"}'} 2016-07-30 21:33:24,547:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-reg HTTP/1.1" 201 564 2016-07-30 21:33:24,548:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '564', 'Expires': 'Sat, 30 Jul 2016 21:33:24 GMT', 'Boulder-Request-Id': 'QrYbXqdBgixN5ekTiAetpyH13B8_lNKXKKLGG8mFjFA', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-authz;rel="next", https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf;rel="terms-of-service"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/reg/2838049', 'Pragma': 'no-cache', 'Boulder-Requester': '2838049', 'Date': 'Sat, 30 Jul 2016 21:33:24 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'mUW1ka8rEiYF3u2DDXopqYd2UssAvjAOsq4x9uKHEXE'}. Content: '{\n "id": 2838049,\n "key": {\n "kty": "RSA",\n "n": "y9oWmOUI6cOiyoH9WW3cKCS78ZQHciaG6zmFHF9H9TmayD9lu1jhyxEqnvWC9_5Ddy56iNBYvulF-4a_v4gdQsZuvrJAxheF0_v5uieURva3h5QeNoT9TPHFn-zL1jmzPN-45XtVRBrazwmcKNKSYx1CkVGBXgIrw-rdV5SC4JHPeRUpXoWdHwZG2j0Q8D60ZuOfOl52jZTwRt6WIN53iRGmF5DTzDSLMg8bhlNKiZ8nE96cLnT1ONfbTA7BG18tfIeBrvWMvtVnuUuVyoNTb_mH2wI1e8D64keQ-Vl1K7qCN_wWSqEmwThrXEf-3G0O4Wv_SHXTWhZTqG4xwCRbYw",\n "e": "AQAB"\n },\n "contact": [\n "mailto:kontakt@ffho.net"\n ],\n "initialIp": "2a03:2260:2342:ff00::9",\n "createdAt": "2016-07-30T21:33:24.381452911Z"\n}' 2016-07-30 21:33:24,548:DEBUG:acme.client:Storing nonce: '\x99E\xb5\x91\xaf+\x12&\x05\xde\xed\x83\rz)\xa9\x87vR\xcb\x00\xbe0\x0e\xb2\xae1\xf6\xe2\x87\x11q' 2016-07-30 21:33:24,548:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '564', 'Expires': 'Sat, 30 Jul 2016 21:33:24 GMT', 'Boulder-Request-Id': 'QrYbXqdBgixN5ekTiAetpyH13B8_lNKXKKLGG8mFjFA', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': 'https://acme-v01.api.letsencrypt.org/acme/new-authz;rel="next", https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf;rel="terms-of-service"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/reg/2838049', 'Pragma': 'no-cache', 'Boulder-Requester': '2838049', 'Date': 'Sat, 30 Jul 2016 21:33:24 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'mUW1ka8rEiYF3u2DDXopqYd2UssAvjAOsq4x9uKHEXE'}): '{\n "id": 2838049,\n "key": {\n "kty": "RSA",\n "n": "y9oWmOUI6cOiyoH9WW3cKCS78ZQHciaG6zmFHF9H9TmayD9lu1jhyxEqnvWC9_5Ddy56iNBYvulF-4a_v4gdQsZuvrJAxheF0_v5uieURva3h5QeNoT9TPHFn-zL1jmzPN-45XtVRBrazwmcKNKSYx1CkVGBXgIrw-rdV5SC4JHPeRUpXoWdHwZG2j0Q8D60ZuOfOl52jZTwRt6WIN53iRGmF5DTzDSLMg8bhlNKiZ8nE96cLnT1ONfbTA7BG18tfIeBrvWMvtVnuUuVyoNTb_mH2wI1e8D64keQ-Vl1K7qCN_wWSqEmwThrXEf-3G0O4Wv_SHXTWhZTqG4xwCRbYw",\n "e": "AQAB"\n },\n "contact": [\n "mailto:kontakt@ffho.net"\n ],\n "initialIp": "2a03:2260:2342:ff00::9",\n "createdAt": "2016-07-30T21:33:24.381452911Z"\n}' 2016-07-30 21:33:30,168:DEBUG:acme.jose.json_util:Omitted empty fields: certificates=None, authorizations=None 2016-07-30 21:33:30,168:DEBUG:acme.client:Serialized JSON: {"contact": ["mailto:kontakt@ffho.net"], "resource": "reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf", "key": {"e": "AQAB", "kty": "RSA", "n": "y9oWmOUI6cOiyoH9WW3cKCS78ZQHciaG6zmFHF9H9TmayD9lu1jhyxEqnvWC9_5Ddy56iNBYvulF-4a_v4gdQsZuvrJAxheF0_v5uieURva3h5QeNoT9TPHFn-zL1jmzPN-45XtVRBrazwmcKNKSYx1CkVGBXgIrw-rdV5SC4JHPeRUpXoWdHwZG2j0Q8D60ZuOfOl52jZTwRt6WIN53iRGmF5DTzDSLMg8bhlNKiZ8nE96cLnT1ONfbTA7BG18tfIeBrvWMvtVnuUuVyoNTb_mH2wI1e8D64keQ-Vl1K7qCN_wWSqEmwThrXEf-3G0O4Wv_SHXTWhZTqG4xwCRbYw"}} 2016-07-30 21:33:30,169:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, alg=None, jku=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None, jwk=None 2016-07-30 21:33:30,170:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), typ=None, jku=None, nonce=None, cty=None, x5t=None, kid=None, x5tS256=None, x5u=None 2016-07-30 21:33:30,171:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/reg/2838049. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "y9oWmOUI6cOiyoH9WW3cKCS78ZQHciaG6zmFHF9H9TmayD9lu1jhyxEqnvWC9_5Ddy56iNBYvulF-4a_v4gdQsZuvrJAxheF0_v5uieURva3h5QeNoT9TPHFn-zL1jmzPN-45XtVRBrazwmcKNKSYx1CkVGBXgIrw-rdV5SC4JHPeRUpXoWdHwZG2j0Q8D60ZuOfOl52jZTwRt6WIN53iRGmF5DTzDSLMg8bhlNKiZ8nE96cLnT1ONfbTA7BG18tfIeBrvWMvtVnuUuVyoNTb_mH2wI1e8D64keQ-Vl1K7qCN_wWSqEmwThrXEf-3G0O4Wv_SHXTWhZTqG4xwCRbYw"}}, "protected": "eyJub25jZSI6ICJtVVcxa2E4ckVpWUYzdTJERFhvcHFZZDJVc3NBdmpBT3NxNHg5dUtIRVhFIn0", "payload": "eyJjb250YWN0IjogWyJtYWlsdG86a29udGFrdEBmZmhvLm5ldCJdLCAicmVzb3VyY2UiOiAicmVnIiwgImFncmVlbWVudCI6ICJodHRwczovL2xldHNlbmNyeXB0Lm9yZy9kb2N1bWVudHMvTEUtU0EtdjEuMC4xLUp1bHktMjctMjAxNS5wZGYiLCAia2V5IjogeyJlIjogIkFRQUIiLCAia3R5IjogIlJTQSIsICJuIjogInk5b1dtT1VJNmNPaXlvSDlXVzNjS0NTNzhaUUhjaWFHNnptRkhGOUg5VG1heUQ5bHUxamh5eEVxbnZXQzlfNURkeTU2aU5CWXZ1bEYtNGFfdjRnZFFzWnV2ckpBeGhlRjBfdjV1aWVVUnZhM2g1UWVOb1Q5VFBIRm4tekwxam16UE4tNDVYdFZSQnJhendtY0tOS1NZeDFDa1ZHQlhnSXJ3LXJkVjVTQzRKSFBlUlVwWG9XZEh3WkcyajBROEQ2MFp1T2ZPbDUyalpUd1J0NldJTjUzaVJHbUY1RFR6RFNMTWc4YmhsTktpWjhuRTk2Y0xuVDFPTmZiVEE3QkcxOHRmSWVCcnZXTXZ0Vm51VXVWeW9OVGJfbUgyd0kxZThENjRrZVEtVmwxSzdxQ05fd1dTcUVtd1RoclhFZi0zRzBPNFd2X1NIWFRXaFpUcUc0eHdDUmJZdyJ9fQ", "signature": "ymX_s_I0lSYbjm2Jrth4yROJRdv956OwV_4Nx1OfpzLqQ16e-g8tSaoNS0eMkv8eydt8L6n313sCDrrrU7ReT29IN5RXLAFbX2whS1li2QYBrDWSErTCg465e_mt6FzUim_MYMKSuAW3KLGyFvyizCJQH9unK9nW5VNguGm66CcN9IKHVEOCpxYcu1vvW7lP8CIjfkfml7-taaMEz0cVoxCOcjyb0k9x98RrYZSL-jzbZrgGk-cu7mT2udWfWBMAOy-jGV6QkYUv8D6IOP7tj8XNJ2qwf5iL7E7RyvuhUp87qkeMMQL4AADHulQt1UTNrKOHZR3iy3VMg20-jYM51Q"}'} 2016-07-30 21:38:24,833:DEBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 9, in load_entry_point('certbot==0.8.1', 'console_scripts', 'certbot')() File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 744, in main return config.func(config, plugins) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 550, in obtain_cert le_client = _init_le_client(config, auth, installer) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 360, in _init_le_client acc, acme = _determine_account(config) File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 345, in _determine_account config, account_storage, tos_cb=_tos_cb) File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 127, in register regr = acme.agree_to_tos(regr) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 164, in agree_to_tos regr.update(body=regr.body.update(agreement=regr.terms_of_service))) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 137, in update_registration regr, body=messages.UpdateRegistration(_dict(update))) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 112, in _send_recv_regr response = self.net.post(regr.uri, body) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 654, in post response = self._send_request('POST', url, data=data, _kwargs) File "/usr/lib/python2.7/dist-packages/acme/client.py", line 613, in _send_request response = self.session.request(method, url, _args, _kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request resp = self.send(prep, _send_kwargs) File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send r = adapter.send(request, *_kwargs) File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 412, in send raise ConnectionError(err, request=request) ConnectionError: ('Connection aborted.', BadStatusLine("''",))

dig unifi.srv.in.ffho.net ANY +short 10.132.251.21 2a03:2260:2342:f251::21

pde commented 7 years ago

This is a duplicate of #1466