search

dlapiduz / certbot-s3front

Certbot CLI plugin for S3/CloudFront validation and installation
MIT License
584 stars 70 forks source link

Error while running on mac: Self-verify of challenge failed, authorization abandoned! #65

Closed mjc0608 closed 6 years ago

mjc0608 commented 6 years ago

$ cat run_certbot.sh

!/bin/bash

AWS_ACCESS_KEY_ID="<<REMOVED>>" \ AWS_SECRET_ACCESS_KEY="<<REMOVED>>" \ certbot --agree-tos -a certbot-s3front:auth \ --certbot-s3front:auth-s3-bucket <<REMOVED>> \ --certbot-s3front:auth-s3-region us-east-1 \ --certbot-s3front:auth-s3-directory "" \ -i certbot-s3front:installer \ --certbot-s3front:installer-cf-distribution-id <<REMOVED>> \ -d <<REMOVED>> -d <<REMOVED>>

$ sudo ./run_certbot.sh Password: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator certbot-s3front:auth, Installer certbot-s3front:installer Obtaining a new certificate Performing the following challenges: http-01 challenge for <<REMOVED>> http-01 challenge for <<REMOVED>> Found credentials in environment variables. Starting new HTTPS connection (1): s3.amazonaws.com Self-verify of challenge failed, authorization abandoned! Starting new HTTPS connection (1): s3.amazonaws.com Waiting for verification... Cleaning up challenges Starting new HTTPS connection (1): s3.amazonaws.com Incomplete authorizations

iainbryson commented 6 years ago

I'm seeing the same thing on first request.

This is what I see with -v:

2017-12-25 05:20:20,698:DEBUG:acme.challenges:Key authorization from response (u'ctP7-BYBH-wanluj2w0iFAXA_CRjFlPoX7b7H0PD024.oRG8R_Om6RY7sHiHu1ozyrUn6g1kc_1RlmPglWFa8dQ') doesn't match HTTP response (
u"<!DOCTYPE html>\n<html>\n<head>\n<meta content='text/html; charset=UTF-8' http-equiv='Content-Type'>\n<meta content='width=device-width, initial-scale=1.0' name='viewport'>\n<title></title>\n<meta name='description'>\n<meta name='keywords'>\n<style>\n  html {\n    overflow: auto;\n  }\n  \n  html, body, iframe {\n    margin: 0px;\n    padding: 0px;\n    height: 100%;\n    border: none;\n  }\n  \n  iframe {\n    display: block;\n    width: 100%;\n    border: none;\n    overflow: auto;\n  }\n</style>\n</head>\n<body>\n<iframe src='http://<MY_DOMAIN>.s3-website-us-east-1.amazonaws.com/.well-known/acme-challenge/ctP7-BYBH-wanluj2w0iFAXA_CRjFlPoX7b7H0PD024'></iframe>\n</body>\n</html>"
)
2017-12-25 05:20:20,699:ERROR:certbot_s3front.authenticator:Self-verify of challenge failed, authorization abandoned!
iainbryson commented 6 years ago

Well, if anyone is looking at this I figured out what my issue was: Hover domain forwarding evidently wraps each page in an iframe. That's what the error is; the challenge isn't what was expected or uploaded, it's just an iframe pointing to the .well-known/... challenge in the s3 bucket.