globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.25k stars 274 forks source link

let's encrypt, internal server error during request #3793

Open amatteo78 opened 12 months ago

amatteo78 commented 12 months ago

What version of GlobaLeaks are you using?

GlobaLeaks version: 4.13.18 Database version: 66

What browser(s) are you seeing the problem on?

Chrome

What operating system(s) are you seeing the problem on?

Windows

Describe the issue

Hello, I'm trying request Let's Encrypt cert, I had back internal error, inside log found these:

2023-11-17 22:52:10+0100 [-] [E] exception mail suppressed for exception (<class 'acme.errors.ValidationError'>) [reason: special exception] 2023-11-17 22:54:41+0100 [-] [I] Created a new order for the issuance of a certificate for whistleblowing.****.eu 2023-11-17 22:54:41+0100 [-] [I] Exposing challenge on b3WdCMOOiLvqfmm-ybsRXoadYN2iLnd6oZHBViy0TMs 2023-11-17 22:54:41+0100 [-] [D] Acme CA responded to challenge request with: ChallengeResource(body=ChallengeBody(chall=HTTP01(token=b'ou\\x9d\\x08\\xc3\\x8e\\x88\\xbb\\xea~i\\xbe\\xc9\\xbb\\x11^\\x86\\x9d\xdd\xa2.wz\xa1\x91\xc1V,\xb4L\xcb'), uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/284832189026/O3PLpg', _url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/284832189026/O3PLpg', status=Status(pending), validated=None, error=None), authzr_uri='https://acme-v02.api.letsencrypt.org/acme/authz-v3/284832189026') 2023-11-17 22:54:42+0100 [-] [E] exception mail suppressed for exception (<class 'acme.errors.ValidationError'>) [reason: special exception]`

Proposed solution

No response

evilaliv3 commented 12 months ago

@amatteo78:

Ensure to open both ports 80 and 443, and expose globaleaks directly on a dedicated domain/ip. The error that you are receiving tells that some of the above aspects are not implemented.

amatteo78 commented 12 months ago

@evilaliv3 thanks very much, behind globaleaks server I have netscaler, it works like reverse proxy and forward only 443 (ssl_forward), enabled 80 and now let's encrypt request works, sorry for my mistake but on firwall behind netscaler I had both 80 and 443 open, so I forget forward on netscaler.

evilaliv3 commented 12 months ago

I see. Please consider that the usage of a third party in the context of whistlebowing and in general of the private information would require precise appointment of the provider as subprocessor. We discourage it in general and the topic is typically undervalued.

amatteo78 commented 12 months ago

ok I know, so you suggest put online without protection ? do we have a better place to talk about these things ? maybe here we're going offtopics.

evilaliv3 commented 12 months ago

community.globaleaks.org

amatteo78 commented 12 months ago

sure but I can't access, can you give me invitiation link ? thanks