409 Already Registered doesn't have a reason property

thomaswilburn commented 8 years ago

I don't know enough Python to fix this effectively, but when I ran the script on my server (CentOS running Python 2.6.6), the HTTPError object that I got back when checking if my account had been registered didn't have a reason property. As a result, it crashed on line 62 (https://github.com/diafygi/acme-tiny/blob/master/acme_tiny.py#L62) when it tries to return the result.

I got around this by just replacing the second call to getattr() with a string literal, but since the result isn't actually used anywhere in the script that I can see, other than for debugging logs (everything else branches off the status code), maybe it could be eliminated? Or the e.reason.__str__ default could be wrapped in another call to getattr() with a sensible default?

diafygi commented 8 years ago

Hmmm, HTTPError should have a .reason in python 2.6. Is it reproducible? Can you please post a full traceback?

thomaswilburn commented 8 years ago

Sure, here we go:

Traceback (most recent call last):
  File "acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=
args.ca)
  File "acme_tiny.py", line 85, in get_crt
    "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf",
  File "acme_tiny.py", line 62, in _send_signed_request
    return getattr(e, "code", None), getattr(e, "read", e.reason.__str__)()
AttributeError: 'HTTPError' object has no attribute 'reason'

priyadi commented 8 years ago

I get the same error with Python 2.6. Using 3.3 from IUS repo appears to fix the problem.

oarmstrong commented 8 years ago

It was d3c6451a4f5d260a2845117d4b3ff22924bf9f4e which caused the error. Not entirely sure why d3c6451a4f5d260a2845117d4b3ff22924bf9f4e or its follow up 69a457269a6392ac31b629b4e103e8ea7dd282c9 was needed though. I reverted to 7f2325e49fc57b304d203a651224c5264c7bfd64 and it works fine with Python 2.6.6 on CentOS 6.6.

diafygi commented 8 years ago

Fell back to just including the string representation of the error itself.

deanet commented 8 years ago

doesnt work with python 2.7.5 centos 7

diafygi commented 8 years ago

@deanet can you please post a full output and error traceback?

deanet commented 8 years ago

@diafygi

here..

[root@atm ~]# curl "https://gist.githubusercontent.com/deanet/4754b3c2497e39669f17/raw/15989a546be09789419f1cc7b979f5bcc06fc966/gen-le-ssl.sh" > gen-le-ssl.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1651  100  1651    0     0   6070      0 --:--:-- --:--:-- --:--:--  6092
[root@atm ~]# 
[root@atm ~]# python --version
Python 2.7.5  
[root@atm ~]# bash -x gen-le-ssl.sh
+ '[' -d ./acme-tiny ']'
+ mkdir ./acme-tiny
+ curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9150  100  9150    0     0  69943      0 --:--:-- --:--:-- --:--:-- 70384
+ echo -n 'Enter DN or FQDN: '
Enter DN or FQDN: + read domain
atm.dgprasetya.com
+ echo -n 'Enter Full Path www: '
Enter Full Path www: + read fullpath
/home/admin/web/atm.dgprasetya.com/public_html
+ echo atm.dgprasetya.com
atm.dgprasetya.com
+ echo /home/admin/web/atm.dgprasetya.com/public_html
/home/admin/web/atm.dgprasetya.com/public_html
+ rm -rf atm.dgprasetya.com
+ echo 'mkdir working directory...'
mkdir working directory...
+ mkdir atm.dgprasetya.com
++ pwd
+ workdir=/root/atm.dgprasetya.com/
+ echo 'generate account key for atm.dgprasetya.com ..'
generate account key for atm.dgprasetya.com ..
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
.............................................................................++
......................................................................................................................................++
e is 65537 (0x10001)
+ echo 'generate domain private key....'
generate domain private key....
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
.......................................................................................................................................................................
.........................................++
.......................................................................................................................................................................
.........................................................................................................................................................++
e is 65537 (0x10001)
+ echo 'generate csr..'
generate csr..
+ openssl req -new -sha256 -key /root/atm.dgprasetya.com//atm.dgprasetya.com.key -subj /CN=atm.dgprasetya.com
+ echo 'create directory acmi at /home/admin/web/atm.dgprasetya.com/public_html..'
create directory acmi at /home/admin/web/atm.dgprasetya.com/public_html..
+ mkdir -p /home/admin/web/atm.dgprasetya.com/public_html/.well-known/acme-challenge
+ echo 'create file verification at /home/admin/web/atm.dgprasetya.com/public_html/.well-known/acme-challenge/..'
create file verification at /home/admin/web/atm.dgprasetya.com/public_html/.well-known/acme-challenge/..
+ echo 'Get a signed certificate..'
Get a signed certificate..
+ python acme-tiny/acme_tiny.py --account-key /root/atm.dgprasetya.com//atm.dgprasetya.com_account.key --csr /root/atm.dgprasetya.com//atm.dgprasetya.com.csr --acme-dir /home/admin/web/atm.dgprasetya.com/public_html/.well-known/acme-challenge/
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying atm.dgprasetya.com...
Traceback (most recent call last):
  File "acme-tiny/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme-tiny/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme-tiny/acme_tiny.py", line 123, in get_crt
    wellknown_path, wellknown_url))
ValueError: Wrote file to /home/admin/web/atm.dgprasetya.com/public_html/.well-known/acme-challenge/nS1pKKy4t4BtJUVNtJNNTdV07qHylHmlyNUSThtSJGQ, but couldn't download http://atm.dgprasetya.com/.well-known/acme-challenge/nS1pKKy4t4BtJUVNtJNNTdV07qHylHmlyNUSThtSJGQ
+ wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
--2016-01-04 10:50:43--  https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
Resolving letsencrypt.org (letsencrypt.org)... 23.217.10.168, 2a02:26f0:f4:193::2a1f, 2a02:26f0:f4:199::2a1f
Connecting to letsencrypt.org (letsencrypt.org)|23.217.10.168|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1675 (1.6K) [application/x-x509-ca-cert]
Saving to: ‘STDOUT’

100%[=============================================================================================================================>] 1,675       --.-K/s   in 0s      

2016-01-04 10:50:43 (142 MB/s) - written to stdout [1675/1675]

+ cat /root/atm.dgprasetya.com//signed.crt /root/atm.dgprasetya.com//intermediate.pem
+ echo 'File atm.dgprasetya.com/chained.crt = Signed + Intermediate Cert'
File atm.dgprasetya.com/chained.crt = Signed + Intermediate Cert
+ echo 'File atm.dgprasetya.com/signed.crt = Signed Cert'
File atm.dgprasetya.com/signed.crt = Signed Cert
+ echo 'File atm.dgprasetya.com/atm.dgprasetya.com.key = Private key'
File atm.dgprasetya.com/atm.dgprasetya.com.key = Private key
[root@atm ~]# ls atm.dgprasetya.com/;python --version
atm.dgprasetya.com_account.key  atm.dgprasetya.com.csr  atm.dgprasetya.com.key  chained.crt  intermediate.pem  signed.crt
Python 2.7.5
[root@atm ~]#

deanet commented 8 years ago

works well with python 2.7.3 at debian 7 :confused:

root@djaja:~# bash -x gen-le-ssl.sh
+ '[' -d ./acme-tiny ']'
+ mkdir ./acme-tiny
+ curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9150  100  9150    0     0  37979      0 --:--:-- --:--:-- --:--:-- 47409
+ echo -n 'Enter DN or FQDN: '
Enter DN or FQDN: + read domain
www.abc.com
+ echo -n 'Enter Full Path www: '
Enter Full Path www: + read fullpath
/srv/st
+ echo www.abc.com
www.abc.com
+ echo /srv/st
/srv/st
+ rm -rf www.abc.com
+ echo 'mkdir working directory...'
mkdir working directory...
+ mkdir www.abc.com
++ pwd
+ workdir=/root/www.abc.com/
+ echo 'generate account key for www.abc.com ..'
generate account key for www.abc.com ..
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................................................................................................................++
........................................................................................++
e is 65537 (0x10001)
+ echo 'generate domain private key....'
generate domain private key....
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
................................................++
...........................++
e is 65537 (0x10001)
+ echo 'generate csr..'
generate csr..
+ openssl req -new -sha256 -key /root/www.abc.com//www.abc.com.key -subj /CN=www.abc.com
+ echo 'create directory acmi at /srv/st..'
create directory acmi at /srv/st..
+ mkdir -p /srv/st/.well-known/acme-challenge
+ echo 'create file verification at /srv/st/.well-known/acme-challenge/..'
create file verification at /srv/st/.well-known/acme-challenge/..
+ echo 'Get a signed certificate..'
Get a signed certificate..
+ python acme-tiny/acme_tiny.py --account-key /root/www.abc.com//www.abc.com_account.key --csr /root/www.abc.com//www.abc.com.csr --acme-dir /srv/st/.well-known/acme-challenge/
Parsing account key...
Parsing CSR...
Registering account...
Registered!   
Verifying www.abc.com...
www.abc.com verified!
Signing certificate...
Certificate signed!
+ wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
--2016-01-06 03:07:05--  https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
Resolving letsencrypt.org (letsencrypt.org)... 23.195.140.215, 2a02:26f0:b7:188::2a1f, 2a02:26f0:b7:187::2a1f
Connecting to letsencrypt.org (letsencrypt.org)|23.195.140.215|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1675 (1.6K) [application/x-x509-ca-cert]
Saving to: `STDOUT'

100%[==============================================================================================================================>] 1,675       --.-K/s   in 0s

2016-01-06 03:07:08 (19.1 MB/s) - written to stdout [1675/1675]

+ cat /root/www.abc.com//signed.crt /root/www.abc.com//intermediate.pem
+ echo 'File www.abc.com/chained.crt = Signed + Intermediate Cert'
File www.abc.com/chained.crt = Signed + Intermediate Cert
+ echo 'File www.abc.com/signed.crt = Signed Cert'
File www.abc.com/signed.crt = Signed Cert
+ echo 'File www.abc.com/www.abc.com.key = Private key'
File www.abc.com/www.abc.com.key = Private key
root@djaja:~#

deanet commented 8 years ago

solved with commented out https://github.com/diafygi/acme-tiny/issues/11#issuecomment-162134072 .

diafygi / acme-tiny

409 Already Registered doesn't have a reason property #58