search

danb35 / deploy-freenas

Python script to automate deploying TLS certificates to FreeNAS servers
GNU General Public License v3.0
203 stars 56 forks source link

Importing certificate fails, returns html page #54

Closed Roskott closed 2 years ago

Roskott commented 2 years ago

Using current truenas scale as of 7-27/2022 multi domain certificate issued by letsencrypt

in config, privkey, fullchain, and connect_host are specified. API is used.

After attempting to import certificate, I am notified it fails and receive the following?

root@truenasdomain[~/.acme.sh]#` acme.sh --install-cert -d subdomain.duckdns.org --reloadcmd "~/deploy-freenas/deploy_freenas.py" --debug
[Wed Jul 27 20:52:22 PDT 2022] Lets find script dir.
[Wed Jul 27 20:52:22 PDT 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed Jul 27 20:52:22 PDT 2022] _script='/root/.acme.sh/acme.sh'
[Wed Jul 27 20:52:22 PDT 2022] _script_home='/root/.acme.sh'
[Wed Jul 27 20:52:22 PDT 2022] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.5
[Wed Jul 27 20:52:22 PDT 2022] Running cmd: installcert
[Wed Jul 27 20:52:22 PDT 2022] Using config home:/root/.acme.sh
[Wed Jul 27 20:52:22 PDT 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Wed Jul 27 20:52:22 PDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Jul 27 20:52:22 PDT 2022] DOMAIN_PATH='/root/.acme.sh/subdomain.duckdns.org'
[Wed Jul 27 20:52:22 PDT 2022] Run reload cmd: ~/deploy-freenas/deploy_freenas.py
Error importing certificate!
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">

        <title>Not Found</title>

        <!-- Fonts -->
        <link rel="dns-prefetch" href="//fonts.gstatic.com">
        <link href="https://fonts.googleapis.com/css?family=Nunito" rel="stylesheet">

        <!-- Styles -->
        <style>
            html, body {
                background-color: #fff;
                color: #636b6f;
                font-family: 'Nunito', sans-serif;
                font-weight: 100;
                height: 100vh;
                margin: 0;
            }

            .full-height {
                height: 100vh;
            }

            .flex-center {
                align-items: center;
                display: flex;
                justify-content: center;
            }

            .position-ref {
                position: relative;
            }

            .code {
                border-right: 2px solid;
                font-size: 26px;
                padding: 0 15px 0 15px;
                text-align: center;
            }

            .message {
                font-size: 18px;
                text-align: center;
            }
        </style>
    </head>
    <body>
        <div class="flex-center position-ref full-height">
            <div class="code">
                404            </div>

            <div class="message" style="padding: 10px;">
                Not Found            </div>
        </div>
    </body>
</html>

[Wed Jul 27 20:52:23 PDT 2022] Reload error for :`

Using a different API key results solely in

`root@truenasdomain[~/.acme.sh]# acme.sh --install-cert -d subdomain.duckdns.org --reloadcmd "~/deploy-freenas/deploy_freenas.py" --debug
[Wed Jul 27 20:55:45 PDT 2022] Lets find script dir.
[Wed Jul 27 20:55:45 PDT 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Wed Jul 27 20:55:45 PDT 2022] _script='/root/.acme.sh/acme.sh'
[Wed Jul 27 20:55:45 PDT 2022] _script_home='/root/.acme.sh'
[Wed Jul 27 20:55:45 PDT 2022] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.5
[Wed Jul 27 20:55:45 PDT 2022] Running cmd: installcert
[Wed Jul 27 20:55:45 PDT 2022] Using config home:/root/.acme.sh
[Wed Jul 27 20:55:45 PDT 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Wed Jul 27 20:55:45 PDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Jul 27 20:55:45 PDT 2022] DOMAIN_PATH='/root/.acme.sh/subdomain.duckdns.org'
[Wed Jul 27 20:55:46 PDT 2022] Run reload cmd: ~/deploy-freenas/deploy_freenas.py
Error importing certificate!

[Wed Jul 27 20:55:46 PDT 2022] Reload error for :`

Roskott commented 2 years ago

After determining I'm an idiot and changing the port to the nonstandard one truenas scale is active at, I now get:

root@subdomain[~/.acme.sh]# acme.sh --install-cert -d subdomain.duckdns.org --dns dns_duckdns --reloadcmd /root/deploy-freenas/deploy_freenas.py --debug
[Thu Jul 28 22:25:36 PDT 2022] Lets find script dir.
[Thu Jul 28 22:25:36 PDT 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Thu Jul 28 22:25:36 PDT 2022] _script='/root/.acme.sh/acme.sh'
[Thu Jul 28 22:25:36 PDT 2022] _script_home='/root/.acme.sh'
[Thu Jul 28 22:25:36 PDT 2022] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.5
[Thu Jul 28 22:25:36 PDT 2022] Running cmd: installcert
[Thu Jul 28 22:25:36 PDT 2022] Using config home:/root/.acme.sh
[Thu Jul 28 22:25:36 PDT 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/directory'
[Thu Jul 28 22:25:36 PDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Jul 28 22:25:36 PDT 2022] DOMAIN_PATH='/root/.acme.sh/subdomain.duckdns.org'
[Thu Jul 28 22:25:36 PDT 2022] Run reload cmd: /root/deploy-freenas/deploy_freenas.py
Certificate import successful
Certificate list successful
Error searching for newly imported certificate in certificate list.
[Thu Jul 28 22:25:42 PDT 2022] Reload error for :

Poking around the code for the last hour, I still have no idea why it should not be finding the certificate in the list.

danb35 commented 2 years ago

This looks like it should have been fixed in #55; can you confirm?

Roskott commented 2 years ago

I'm not 100% certain. I revoked my certificates and immediately installed them after I reissued them. It managed to work, although it still wouldn't accept the apps enabled rag, so for now, I'm manually renewing and installing. I will reopen should I find out what caused it, or preferably a solution.