Closed gbeifuss closed 1 year ago
Thank you, I haven't run into this issue. Did you tried the dev version? I do will take a look to your remark.
Hi, I'm seeing this with NS13.0: Build 47.24.nc.
2020-12-27 19:09:12:2855 INFO ORDERVALIDATION Configuring the ADC Responder Policies/Actions required for the validation.
2020-12-27 19:09:12:3323 INFO ORDERVALIDATION "site1.domain.com" is valid, nothing to configure.
2020-12-27 19:09:12:3480 INFO ORDERVALIDATION "site2.domain.com" is valid, nothing to configure.
2020-12-27 19:09:12:3636 INFO ORDERVALIDATION New validation required for "site3.domain.com", Start configuring the ADC.
2020-12-27 19:09:12:3792 INFO ORDERVALIDATION Add Responder Action "rsa_letsencrypt_40" to return "HTTP/1.0 200 OK\r\n\r\na1GVU7-Z7XmncC_L46np_nZhwsoqgA6l0HlDjPT8rz8.Xzh8xW43k44K9UxF2dcmHXOPzesZ0zIt4qsUt-oNI8E".
2020-12-27 19:09:12:4261 INFO ORDERVALIDATION Responder Action added successfully.
2020-12-27 19:09:12:4417 INFO ORDERVALIDATION Add Responder Policy "rsp_letsencrypt_40" to: "HTTP.REQ.URL.CONTAINS(".well-known/acme-challenge/a1GVU7-Z7XmncC_L46np_nZhwsoqgA6l0HlDjPT8rz8")"
2020-12-27 19:09:12:4730 INFO ORDERVALIDATION Responder Policy added successfully.
2020-12-27 19:09:12:4886 INFO ORDERVALIDATION Trying to bind the Responder Policy "rsp_letsencrypt_40" to LoadBalance VIP: "lb_letsencrypt_cert"
2020-12-27 19:09:12:5198 INFO ORDERVALIDATION Responder Policy successfully bound to Load Balance VIP.
2020-12-27 19:09:12:5511 INFO ORDERVALIDATION Sending acknowledgment to Let's Encrypt.
2020-12-27 19:09:12:7386 INFO ORDERVALIDATION Successfully send.
2020-12-27 19:09:12:7542 INFO ORDERVALIDATION Retrieving validation status.
2020-12-27 19:09:13:4574 ERROR ORDERVALIDATION Unfortunately there are invalid items.
2020-12-27 19:09:13:4730 ERROR ORDERVALIDATION Failed Records:
fqdn status expires HTTP01Status DNS01Status
---- ------ ------- ------------ -----------
site3.domain.com pending 2021-01-03T06:09:19Z pending pending
I change a lot of things and I think I also fixed the original issue v2.9.0 Also made some improvements to see more about error's generated by LE when failing the validations.
Can you check and validate if the issue still exists in latest dev version?
Hi John, unfortunately, I'm now at a new organization, and I don't have a Netscaler to administer so I'm not able to test this out.
Good luck on your new endeavor! For now I will close this issue.
Hi John,
I hope I'm posting this appropriately in github.
I run Netscaler NS12.1 57.18.nc and the 2.6.3 production release of your code has been problematic - it can never properly unbind the rsp_letsencrypt_10 policy:
According to the v.12 Citrix API documentation, all that's needed is the policy name when dealing with an unbind. The URI that's constructed needs to be of TYPE lbvserver_service_binding, not TYPE responderpolicy_binding, so I changed lines 1767-1769 as follows:
I took a look at your DEV branch which seems to be a significant rewrite. I don't see the syntax that's been problematic for me in there, so perhaps you've already revised this.
This has been a phenomenal script that's let me move to LE on our Netscaler - thanks!