search

kchristensen / udm-le

Let's Encrypt support for Ubiquiti UniFi OS
MIT License
565 stars 79 forks source link

[BUG] R53 README seems out of date #79

Closed lantrix closed 1 year ago

lantrix commented 1 year ago

Describe the bug

The README.md mentions for AWS to use a .secrets still that used to be mounted into the container.

Yet this was removed in #70 specifically here.

Was this intended, with the intent to only have credentials in the main udm-le.env instead of mounted into the container now?

If so let me know and I'll be happy to clean up the docs, as I had to reinstall this after an update of the UDM to 3.x

To Reproduce

Steps to reproduce the behavior:

  1. Configure for AWS R53
  2. Put your credentials and config in /data/udm-le/.secrets
  3. Try to initialise

Expected behavior

Uses credentials as per README to use Route53 DNS validation for Lets Encrypt. Instead no credentials found in the container.

Screenshots

Log

root@UDM:/data/udm-le/.secrets# ls -la
total 16
drw-r--r-- 2 root root 4096 May 28 21:27 ./
drwxr-xr-x 6 root root 4096 May 28 21:43 ../
-rw-r--r-- 1 root root   34 May 28 21:27 config
-rw-r--r-- 1 root root  117 May 28 21:19 credentials
root@UDM:/data/udm-le/.secrets# /data/udm-le/udm-le.sh initial
install_lego(): Lego binary is already installed at /data/udm-le/lego, no operation necessary
create_services(): Creating udm-le systemd service and timer
initial(): Attempting certificate generation
initial(): /data/udm-le/lego --path "/data/udm-le/.lego" --dns route53 --email lantrix@mydomain.co.mx --key-type rsa2048 -d router.mydomain.co.mx --accept-tos run
2023/05/28 21:47:15 [INFO] [router.mydomain.co.mx] acme: Obtaining bundled SAN certificate
2023/05/28 21:47:16 [INFO] [router.mydomain.co.mx] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/231820946247
2023/05/28 21:47:16 [INFO] [router.mydomain.co.mx] acme: Could not find solver for: tls-alpn-01
2023/05/28 21:47:16 [INFO] [router.mydomain.co.mx] acme: Could not find solver for: http-01
2023/05/28 21:47:16 [INFO] [router.mydomain.co.mx] acme: use dns-01 solver
2023/05/28 21:47:16 [INFO] [router.mydomain.co.mx] acme: Preparing to solve DNS-01
2023/05/28 21:47:42 [INFO] [router.mydomain.co.mx] acme: Cleaning DNS-01 challenge
2023/05/28 21:47:55 [WARN] [router.mydomain.co.mx] acme: cleaning up failed: route53: NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors
2023/05/28 21:47:55 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/231820946247
2023/05/28 21:47:56 Could not obtain certificates:
    error: one or more domains had a problem:
[router.mydomain.co.mx] [router.mydomain.co.mx] acme: error presenting token: route53: NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors
initial(): Starting udm-le systemd timer

Version Information (please complete the following information):

lantrix commented 1 year ago

As a work around, adding them to the main .env still works. It's just that the docs are out of date.

kchristensen commented 1 year ago

Yeah, looks like we missed that. Since there's no longer any container, there's nothing to mount so feel free to toss up a PR updating that if you have time. Thanks!