search

dominicletz / certmagex

Automatic SSL certs from Let's Encrypt for your Phoenix applications
MIT License
21 stars 0 forks source link

Acmev2 tries to get certificate for IPv6 address #1

Closed Hermanverschooten closed 7 months ago

Hermanverschooten commented 7 months ago

I've just put my site in production and notice some errors in the log. Apparently CertMagex is trying to generate a certificate for the IPv6 address of the site.

Mar 19 11:32:55 kinecorman kine_corman[41918]: 11:32:55.850 [error] GenServer CertMagex.Worker terminating
Mar 19 11:32:55 kinecorman kine_corman[41918]: ** (KeyError) key :authorizations not found in: %{
Mar 19 11:32:55 kinecorman kine_corman[41918]:   status: 400,
Mar 19 11:32:55 kinecorman kine_corman[41918]:   type: "urn:ietf:params:acme:error:rejectedIdentifier",
Mar 19 11:32:55 kinecorman kine_corman[41918]:   detail: "Error creating new order :: Cannot issue for \"2a03:a800:12:1::267:626\": Domain name contains an invalid character"
Mar 19 11:32:55 kinecorman kine_corman[41918]: }
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (zerossl 1.0.0) lib/acmev2.ex:764: Acmev2.do_gen_cert/2
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (certmagex 1.0.0) lib/certmagex/worker.ex:25: CertMagex.Worker.handle_call/3
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (stdlib 5.2.1) gen_server.erl:1131: :gen_server.try_handle_call/4
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (stdlib 5.2.1) gen_server.erl:1160: :gen_server.handle_msg/6
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (stdlib 5.2.1) proc_lib.erl:241: :proc_lib.init_p_do_apply/3
Mar 19 11:32:55 kinecorman kine_corman[41918]: Last message (from #PID<0.2526.0>): {:gen_cert, "2a03:a800:12:1::267:626"}
Mar 19 11:32:55 kinecorman kine_corman[41918]: 11:32:55.854 [error] GenServer #PID<0.2527.0> terminating
Mar 19 11:32:55 kinecorman kine_corman[41918]: ** (stop) exited in: :gen_statem.call(#PID<0.2526.0>, {:start, :infinity}, :infinity)
Mar 19 11:32:55 kinecorman kine_corman[41918]:     ** (EXIT) exited in: GenServer.call(CertMagex.Worker, {:gen_cert, "2a03:a800:12:1::267:626"}, :infinity)
Mar 19 11:32:55 kinecorman kine_corman[41918]:         ** (EXIT) an exception was raised:
Mar 19 11:32:55 kinecorman kine_corman[41918]:             ** (KeyError) key :authorizations not found in: %{
Mar 19 11:32:55 kinecorman kine_corman[41918]:   status: 400,
Mar 19 11:32:55 kinecorman kine_corman[41918]:   type: "urn:ietf:params:acme:error:rejectedIdentifier",
Mar 19 11:32:55 kinecorman kine_corman[41918]:   detail: "Error creating new order :: Cannot issue for \"2a03:a800:12:1::267:626\": Domain name contains an invalid character"
Mar 19 11:32:55 kinecorman kine_corman[41918]: }
Mar 19 11:32:55 kinecorman kine_corman[41918]:                 (zerossl 1.0.0) lib/acmev2.ex:764: Acmev2.do_gen_cert/2                                                                                                                                                                                                                                                                Mar 19 11:32:55 kinecorman kine_corman[41918]:                 (certmagex 1.0.0) lib/certmagex/worker.ex:25: CertMagex.Worker.handle_call/3                                                                                                                                                                                                                                           Mar 19 11:32:55 kinecorman kine_corman[41918]:                 (stdlib 5.2.1) gen_server.erl:1131: :gen_server.try_handle_call/4                                                                                                                                                                                                                                                      Mar 19 11:32:55 kinecorman kine_corman[41918]:                 (stdlib 5.2.1) gen_server.erl:1160: :gen_server.handle_msg/6                                                                                                                                                                                                                                                           Mar 19 11:32:55 kinecorman kine_corman[41918]:                 (stdlib 5.2.1) proc_lib.erl:241: :proc_lib.init_p_do_apply/3
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (stdlib 5.2.1) gen.erl:246: :gen.do_call/4
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (stdlib 5.2.1) gen_statem.erl:923: :gen_statem.call/3
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (ssl 11.1.2) ssl_gen_statem.erl:1319: :ssl_gen_statem.call/2
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (ssl 11.1.2) ssl_gen_statem.erl:253: :ssl_gen_statem.handshake/2
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (thousand_island 1.3.5) lib/thousand_island/transports/ssl.ex:94: ThousandIsland.Transports.SSL.handshake/1
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (thousand_island 1.3.5) lib/thousand_island/socket.ex:43: ThousandIsland.Socket.handshake/1
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (bandit 1.3.0) /home/runner/work/kinecorman/kinecorman/deps/thousand_island/lib/thousand_island/handler.ex:364: Bandit.DelegatingHandler.handle_info/2
Mar 19 11:32:55 kinecorman kine_corman[41918]:     (stdlib 5.2.1) gen_server.erl:1095: :gen_server.try_handle_info/3
Mar 19 11:32:55 kinecorman kine_corman[41918]: Last message: {:thousand_island_ready, {:sslsocket, {:gen_tcp, #Port<0.35>, :tls_connection, [option_tracker: #PID<0.2141.0>, session_tickets_tracker: :disabled, session_id_tracker: #PID<0.2142.0>]}, [#PID<0.2526.0>, #PID<0.2525.0>]}, %ThousandIsland.ServerConfig{port: 443, transport_module: ThousandIsland.Transports.SSL, tra
nsport_options: [{:versions, [:"tlsv1.2"]}, {:ciphers, [~c"ECDHE-RSA-AES256-GCM-SHA384", ~c"ECDHE-ECDSA-AES256-GCM-SHA384", ~c"ECDHE-RSA-AES128-GCM-SHA256", ~c"ECDHE-ECDSA-AES128-GCM-SHA256", ~c"DHE-RSA-AES256-GCM-SHA384", ~c"DHE-RSA-AES128-GCM-SHA256"]}, {:eccs, [:secp256r1, :secp384r1, :secp521r1]}, {:honor_cipher_order, true}, :inet6, {:secure_renegotiate, true}, {:reu
se_sessions, true}, {:log_level, :warning}, {:sni_fun, &CertMagex.sni_fun/1}, {:ip, {0, 0, 0, 0, 0, 0, 0, 0}}, {:alpn_preferred_protocols, ["h2", "http/1.1"]}], handler_module: Bandit.DelegatingHandler, handler_options: %{opts: %{http_1: [], http_2: [], websocket: []}, plug: {KineCormanWeb.Endpoint, []}, handler_module: Bandit.InitialHandler, http_1_enabled: true, http_2_
enabled: true, websocket_enabled: true}, genserver_options: [], supervisor_options: [], num_acceptors: 100, num_connections: 16384, max_connections_retry_count: 5, max_connections_retry_wait: 1000, read_timeout: 60000, shutdown_timeout: 15000, silent_terminate_on_error: false}, %ThousandIsland.Telemetry{span_name: :acceptor, telemetry_span_context: #Reference<0.2250291147
.404488193.33668>, start_time: -576460748908023325, start_metadata: %{telemetry_span_context: #Reference<0.2250291147.404488193.33668>, parent_telemetry_span_context: #Reference<0.2250291147.404488193.33150>}}, -576460684138008546}
dominicletz commented 7 months ago

I've added a check for IPv4 and IPv6 addresses to v1.0.1 here: 1b23c4e76347b28a9640770f264791f312236cc7

you can update with mix deps.update certmagex