search

diafygi / acme-tiny

A tiny script to issue and renew TLS certs from Let's Encrypt
MIT License
4.73k stars 572 forks source link

List out of index error #247

Closed pupattan closed 4 years ago

pupattan commented 4 years ago

I am trying to create the certificate. I am getting the following error

Traceback (most recent call last): File "/root/docker_test/acme-tiny/acme_tiny.py", line 198, in main(sys.argv[1:]) File "/root/docker_test/acme-tiny/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "/root/docker_test/acme-tiny/acme_tiny.py", line 131, in get_crt challenge = [c for c in authorization['challenges'] if c['type'] == "http-01"][0] IndexError: list index out of range

order value is below

{u'status': u'ready', u'expires': u'2020-04-23T10:26:49Z', u'authorizations': [u'https://acme-v02.api.letsencrypt.org/acme/authz-v3/3952667423', u'https://acme-v02.api.letsencrypt.org/acme/authz-v3/3952667424'], u'finalize': u'https://acme-v02.api.letsencrypt.org/acme/finalize/83374546/3020394335', u'identifiers': [{u'type': u'dns', u'value': u'www.example.com'}, {u'type': u'dns', u'value': u'example.com'}]}

felixfontein commented 4 years ago

It looks like you either try to obtain a wildcard certificate (which requires DNS-01 challenges, which this script does not support), or you recently obtained a certificate for that domain with a DNS-01 challenge (the authz is still valid).

The authz (with domain name changed to example.com as in the issue itself):

$ curl https://acme-v02.api.letsencrypt.org/acme/authz-v3/3952667423
{
  "identifier": {
    "type": "dns",
    "value": "example.com"
  },
  "status": "valid",
  "expires": "2020-05-14T09:44:42Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3952667423/xBagmA",
      "token": "HN3zDTTyhAn1J_Sxaf3O27Xjh_Cg7o8XR8FCOJ94TlE",
      "validationRecord": [
        {
          "hostname": "example.com"
        }
      ]
    }
  ],
  "wildcard": true
}

It says "wildcard": true, so you're apparently requesting a wildcard certificate.

pupattan commented 4 years ago

OK. Will try for single domain

olmari commented 4 years ago

While closed, SAN/multiple domains are supported, wildcard domains are not.