search

ocelotconsulting / node-acme-lambda

Use AWS Lambda to manage SSL certificates for ACME providers like Let's Encrypt.
http://www.ocelotconsulting.com/2016/10/07/letsencrypt-lambda.html
ISC License
123 stars 47 forks source link

S3 new regions only support Signature Version 4 #9

Closed phoenix-zhu closed 7 years ago

phoenix-zhu commented 7 years ago

Hi There,

I created a bucket in Asia Pacific (Seoul) and the code raised an error like the following.

[ { err: true, msg: 'Updating cert for api.local.gm.chatops.in, received err InvalidRequest: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256., InvalidRequest: The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256.\n at Request.extractError (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/services/s3.js:524:35)\n at Request.callListeners (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/sequential_executor.js:105:20)\n at Request.emit (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/sequential_executor.js:77:10)\n at Request.emit (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/request.js:661:14)\n at Request.transition (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request.<anonymous> (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/request.js:38:9)\n at Request.<anonymous> (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/request.js:663:12)\n at Request.callListeners (/Users/XXX/node-letsencrypt-lambda/node_modules/aws-sdk/lib/sequential_executor.js:115:18)' } ]

It should be the module's issue since this region only supports Signature Version 4(http://docs.aws.amazon.com/de_de/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version) and it worked fine in old regions. Although I updated the aws-sdk to the latest version 2.17.0, it still has the same error, could you please kindly find a way to solve this?

Cheers.

larryboymi commented 7 years ago

It looks like in 2.4.12 they reverted the setting back to v2 as the default. I'll go ahead and specify the version for v4.... but if others experience an error going forward, I'll have to add region-specific code (which I would like to avoid).

larryboymi commented 7 years ago

Let me know if b11e779e fixes your problem, and I'll close this issue. I've also contacted AWS to fix their documentation. Thanks!

phoenix-zhu commented 7 years ago

It works fine now. Thanks for so quick response. BTW, is there any way I can apply one cert includes several domains? Do you need I create a new thread for this topic?

larryboymi commented 7 years ago

I've created a new issue to track that request. Thanks!