search

j-c-m / ubnt-letsencrypt

Let's Encrypt setup instructions for Ubiquiti EdgeRouter
470 stars 68 forks source link

ZeroSSL requires registration #39

Closed uniquepurpose closed 3 years ago

uniquepurpose commented 3 years ago

Hi,

when running renew.acme.sh we run into this error:

$ sudo /config/scripts/renew.acme.sh -d ***** [Mon Jun 21 13:14:14 CEST 2021] Stopping GUI service. [Mon Jun 21 13:14:15 CEST 2021] Starting temporary ACME challenge service. [Mon Jun 21 13:14:18 CEST 2021] Using CA: https://acme.zerossl.com/v2/DV90 [Mon Jun 21 13:14:28 CEST 2021] Create account key ok. [Mon Jun 21 13:14:28 CEST 2021] No EAB credentials found for ZeroSSL, let's get one [Mon Jun 21 13:14:28 CEST 2021] acme.sh is using ZeroSSL as default CA now. [Mon Jun 21 13:14:28 CEST 2021] Please update your account with an email address first. [Mon Jun 21 13:14:28 CEST 2021] acme.sh --register-account -m my@example.com [Mon Jun 21 13:14:28 CEST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA [Mon Jun 21 13:14:28 CEST 2021] Please add '--debug' or '--log' to check more details. [Mon Jun 21 13:14:28 CEST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon Jun 21 13:14:29 CEST 2021] Stopping temporary ACME challenge service. [Mon Jun 21 13:14:30 CEST 2021] Starting GUI service.

Didn't experience this in the past. Apparently acme.sh has switched to ZeroSSL by default. renew.acme.sh needs to be adjusted to use Lets Encrypt, instead of ZeroSSL.

Thanks, Christoph

j-c-m commented 3 years ago

Looks like the default CA was changed on the underlying acme.sh script. I will update the wrapper here to use LetsEncrypt.

From: Christoph Holas @.> Sent: Monday, June 21, 2021 6:18 AM To: j-c-m/ubnt-letsencrypt @.> Cc: Subscribed @.***> Subject: [j-c-m/ubnt-letsencrypt] ZeroSSL requires registration (#39)

Hi,

when running renew.acme.sh we run into this error:

$ sudo /config/scripts/renew.acme.sh -d *** [Mon Jun 21 13:14:14 CEST 2021] Stopping GUI service. [Mon Jun 21 13:14:15 CEST 2021] Starting temporary ACME challenge service. [Mon Jun 21 13:14:18 CEST 2021] Using CA: https://acme.zerossl.com/v2/DV90 [Mon Jun 21 13:14:28 CEST 2021] Create account key ok. [Mon Jun 21 13:14:28 CEST 2021] No EAB credentials found for ZeroSSL, let's get one [Mon Jun 21 13:14:28 CEST 2021] acme.sh is using ZeroSSL as default CA now. [Mon Jun 21 13:14:28 CEST 2021] Please update your account with an email address first. [Mon Jun 21 13:14:28 CEST 2021] acme.sh --register-account -m *@*.**@*.***> [Mon Jun 21 13:14:28 CEST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA [Mon Jun 21 13:14:28 CEST 2021] Please add '--debug' or '--log' to check more details. [Mon Jun 21 13:14:28 CEST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mon Jun 21 13:14:29 CEST 2021] Stopping temporary ACME challenge service. [Mon Jun 21 13:14:30 CEST 2021] Starting GUI service.

Didn't experience this in the past. The registration needs to be addressed within first run.

Thanks, Christoph

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/j-c-m/ubnt-letsencrypt/issues/39, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABLFTFYYZ37B7PMRVBRWYNTTT4NXTANCNFSM47BL4TKQ.

j-c-m commented 3 years ago

Should be fixed now in 74a78c7a , re-run the install command to get the update.

curl https://raw.githubusercontent.com/j-c-m/ubnt-letsencrypt/master/install.sh | sudo bash
ozphb commented 3 years ago

there is a minor problem with the new --force option. I tested it, and got this:

:~$ sudo /config/scripts/renew.acme.sh -d example.domain.com.au [Tue Jun 22 08:02:30 AEST 2021] Stopping GUI service. [Tue Jun 22 08:02:32 AEST 2021] Starting temporary ACME challenge service. [Tue Jun 22 08:02:34 AEST 2021] Domains not changed. [Tue Jun 22 08:02:34 AEST 2021] Skip, Next renewal time is: Thu Aug 5 00:25:49 UTC 2021 [Tue Jun 22 08:02:34 AEST 2021] Add '--force' to force to renew. [Tue Jun 22 08:02:34 AEST 2021] Stopping temporary ACME challenge service. [Tue Jun 22 08:02:35 AEST 2021] Starting GUI service. :~$ sudo /config/scripts/renew.acme.sh -d example.domain.com.au --force /config/scripts/renew.acme.sh: illegal option -- - Usage: /config/scripts/renew.acme.sh -d <mydomain.com> [-d <additionaldomain.com>]

It works if I use -f

j-c-m commented 3 years ago

I'll update the usage, it will only accept "-f" for force, not the long option.

uniquepurpose commented 3 years ago

I'll update the usage, it will only accept "-f" for force, not the long option.

I just tried the whole procedure and it works with Let's Encrypt as expected. Thank you!