Closed spierepf closed 7 years ago
zenhack
commented
7 years ago First, what version fo simp_le are you running? pip list |grep simp_le should tell you -- there's a --version flag, but I just noticed it's broken (pushed a fix).
Second, if you kill simp_le with ctrl+c, it should print a stack trace, which should help figure out where it's getting stuck. Could you do that and paste it here?
spierepf
commented
7 years ago My docker container doesn't have pip installed. However, according to simp_le --version, I'm running simp_le 0.2.1.dev1+g6c8e035
Stack trace: ^CTraceback (most recent call last): File "/opt/simp_le/simp_le.py", line 1403, in main return main_with_exceptions(cli_args) File "/opt/simp_le/simp_le.py", line 1388, in main_with_exceptions persist_new_data(args, existing_data) File "/opt/simp_le/simp_le.py", line 1302, in persist_new_data challb.chall, name, client.key.public_key()) File "/opt/simp_le/venv/local/lib/python2.7/site-packages/acme/challenges.py", line 309, in simple_verify http_response = requests.get(uri) File "/opt/simp_le/venv/local/lib/python2.7/site-packages/requests/api.py", line 72, in get return request('get', url, params=params, kwargs) File "/opt/simp_le/venv/local/lib/python2.7/site-packages/requests/api.py", line 58, in request return session.request(method=method, url=url, kwargs) File "/opt/simp_le/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 518, in request resp = self.send(prep, send_kwargs) File "/opt/simp_le/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 639, in send r = adapter.send(request, kwargs) File "/opt/simp_le/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 438, in send timeout=timeout File "/opt/simp_le/venv/local/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/opt/simp_le/venv/local/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 379, in _make_request httplib_response = conn.getresponse(buffering=True) File "/usr/lib/python2.7/httplib.py", line 1121, in getresponse response.begin() File "/usr/lib/python2.7/httplib.py", line 438, in begin version, status, reason = self._read_status() File "/usr/lib/python2.7/httplib.py", line 394, in _read_status line = self.fp.readline(_MAXLINE + 1) File "/usr/lib/python2.7/socket.py", line 480, in readline data = self._sock.recv(self._rbufsize) KeyboardInterrupt
Unhandled error has happened, traceback is above
Debugging tips: -v improves output verbosity. Help is available under --help.
zenhack
commented
7 years ago How are you installing simp_le? the version you posted references a git commit that isn't in the history of the repository, so that's odd.
spierepf
commented
7 years ago I'm using the following Dockerfile:
FROM nginx
RUN apt-get update \
&& apt-get install -y --no-install-recommends git ca-certificates \
&& cd /opt \
&& git clone https://github.com/zenhack/simp_le/ \
&& cd simp_le \
&& ./bootstrap.sh \
&& ./venv.sh \
&& ln -s $(pwd)/venv/bin/simp_le /usr/local/sbin/simp_leAh, nevermind, that is master; The g at the front apparently stands for git (if I'd thought about it I would have realized it couldn't be part of the hash, which is hexidecimal...)
Sorry for disappearing for a while. I've been unable to easily test this; the only place I currently have the ability to listen publicly on port 80 is the machine hosting zenhack.net, which is running freebsd so setting up docker is ...problematic. So I'm not entirely sure how to proceed. I might be able to wrangle access to a system somewhere, but might take a little while to sort out.
dschaper
commented
7 years ago I've got some spare space on an Ubuntu based VPS, would be happy to set up an SSH account for you if that would help with the development.
zenhack
commented
7 years ago That would be useful, thanks! I think you can fetch my ssh key from my github profile.
dschaper
commented
7 years ago Got two of them, and the server is tuttle.pi-hole.net, using the same username. Ports 80 and 443 are open, nothing really running on the box and latest docker from the repos, with the latest docker-compose. Will add your user to the docker group. Any questions please email me over at dan.schaper@pi-hole.net and I'll get you what you need.
zenhack
commented
7 years ago @spierepf, got this set up on the box @dschaper provided. It actually worked for me, though I had to add EXPOSE 80 to the Dockerfile. Some other notes:
docker run --name simp-le-debug-1 -p 80:80 -d simp_le-debugdocker execDoes the above match what you did? Does the EXPOSE line help? Can't do much else without being able to reproduce it.
@dschaper, thanks again.
dschaper
commented
7 years ago Offer stands open, so use it as you need it!
spierepf
commented
7 years ago @zenhack Sorry for the delay in my response. I've added EXPOSE 80 to my Dockerfile:
FROM nginx
EXPOSE 80
RUN apt-get update \
&& apt-get install -y --no-install-recommends git ca-certificates \
&& cd /opt \
&& git clone https://github.com/zenhack/simp_le/ \
&& cd simp_le \
&& ./bootstrap.sh \
&& ./venv.sh \
&& ln -s $(pwd)/venv/bin/simp_le /usr/local/sbin/simp_leI've used this Dockerfile to create a new image:
$ docker build -t simp_le-debug .Started the image:
$ docker run --name simp-le-debug-1 -p 80:80 -d simp_le-debugEntered the image:
$ docker exec -it simp-le-debug-1 bashAnd invoked simp_le:
# simp_le --verbose --email spierepf@hotmail.com -f account_key.json -f fullchain.pem -f key.pem -d spierepf.ddns.net:/usr/share/nginx/html
2017-06-09 12:12:18,594:DEBUG:simp_le:1373: ('--verbose', '--email', 'spierepf@hotmail.com', '-f', 'account_key.json', '-f', 'fullchain.pem', '-f', 'key.pem', '-d', 'spierepf.ddns.net:/usr/share/nginx/html') parsed as Namespace(account_key_public_exponent=65537, account_key_size=4096, cert_key_size=4096, default_root=None, email='spierepf@hotmail.com', help=False, integration_test=False, ioplugins=['account_key.json', 'fullchain.pem', 'key.pem'], reuse_key=False, revoke=False, server='https://acme-v01.api.letsencrypt.org/directory', test=False, tos_sha256='6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221', user_agent='simp_le/0.2.1.dev7+g0179dd8', valid_min=2592000, verbose=True, version=False, vhosts=[Vhost(name='spierepf.ddns.net', root='/usr/share/nginx/html')])
2017-06-09 12:12:18,594:DEBUG:simp_le:369: Loading account_key.json
2017-06-09 12:12:18,595:DEBUG:simp_le:369: Loading fullchain.pem
2017-06-09 12:12:18,595:DEBUG:simp_le:369: Loading key.pem
2017-06-09 12:12:18,595:DEBUG:simp_le:1282: Computed roots: {'spierepf.ddns.net': '/usr/share/nginx/html'}
2017-06-09 12:12:18,595:INFO:simp_le:1213: Generating new account key
2017-06-09 12:12:18,953:DEBUG:root:626: Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-06-09 12:12:18,954:DEBUG:urllib3.connectionpool:818: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-06-09 12:12:19,227:DEBUG:urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 352
2017-06-09 12:12:19,229:DEBUG:acme.client:641: Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: gBn_b5MtbxdKfk5ZBW3_U9yogdIKiPd1kNC4LAGsRs8
Replay-Nonce: uYhVe0vpK4eTzaWj4cQl9PBxVQEBVP49ZzcBPu9VEHs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 09 Jun 2017 12:12:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jun 2017 12:12:19 GMT
Connection: keep-alive
{
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-06-09 12:12:19,229:DEBUG:root:673: Requesting fresh nonce
2017-06-09 12:12:19,230:DEBUG:root:626: Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-reg.
2017-06-09 12:12:19,316:DEBUG:urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-reg HTTP/1.1" 405 0
2017-06-09 12:12:19,317:DEBUG:acme.client:641: Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: EmeBeRNQYvr7ph2rxOzONW85tjMFg53ZEiIrh8xXRU8
Replay-Nonce: OwNpSvyLrv4rY9mO5KK6nu6DKtZq0gnFQ5bx3XsgajI
Expires: Fri, 09 Jun 2017 12:12:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jun 2017 12:12:19 GMT
Connection: keep-alive
2017-06-09 12:12:19,317:DEBUG:acme.client:666: Storing nonce: OwNpSvyLrv4rY9mO5KK6nu6DKtZq0gnFQ5bx3XsgajI
2017-06-09 12:12:19,317:DEBUG:acme.client:547: JWS payload:
{
"contact": [
"mailto:spierepf@hotmail.com"
],
"resource": "new-reg"
}
2017-06-09 12:12:19,337:DEBUG:root:624: Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-reg:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "nMJwbwQ1iJbB5GWILZbRIFKq4e-QPkTWFCMZ61rsECnjBvxPSkhJWIWYL0lhF7lA2bs6OaFr9OvpKHd3hyr_T9azUkvD8YQELY6-_s0DjcLV34pMMHnp1Gym88XlYjkxqxh5mQVQzDcgxTAnxASrAiwV4ZoHjeeoXk_68FScee0WllBk7fprvE5SgZ68CMjBs8yXYnImfda61ZO_LfKi0RNlM44dhSap920dJOyyQ6i5Fjr_lLVg-AV6SO9guoEhNgyg-Tl4PB0Tz5f-EE16m4mxAtWU9HEYaxFxAWOx0pZFZVQl16PLkzZ3aBlYvlpk7Zl1L7wL0r0-I8t_k6XhzPL6mKwDkbh7m3q2dYvM8BmEOEx-UhioV5dTeh3vFvUxTmfUqLiEhQbQHAgMbpBQtWuL063Y9ubTHqD2bTTkHLW6ciu1xEHTGFqnLT53fgAKp5nJdl2_afj7MStZwylN6_WOMdpmFBeyAP36B3Zo6f1mG3S_dmBF_m18707DO5jThtVclpTdiPHSymlPBL0VmWaZriU981JuQC4E010pSxYOKfIP5XVW8QQoJvX-9nQ1ypsRX47deZYNnQNgqdM_SN_m7EZZ6mFIGdDCWnPaXlZTmLkebMAoRaGhIBC-7aZX89r6a4-IADnX5HPpHZqlokKJalAkbYf4EIJmWM8aaJE"
}
},
"protected": "eyJub25jZSI6ICJPd05wU3Z5THJ2NHJZOW1PNUtLNm51NkRLdFpxMGduRlE1YngzWHNnYWpJIn0",
"payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpzcGllcmVwZkBob3RtYWlsLmNvbSIKICBdLCAKICAicmVzb3VyY2UiOiAibmV3LXJlZyIKfQ",
"signature": "HkiTbuAlCbecA13_NH25dBgRJxCOVY8LTmT844jqQTllP5Hmja5qSWEgclfPEVnrUahuJcpJw0CquN3AuSVx0Kmy--MrNB8owMfEv140KCNKcsDax5ggvbPnGStKrgHFn8Cty7ewyxfVnxCjlxoOzf9Y9CkJ58n7OpxCKjUDXqw5adhcKcc_Oo6z0-SapRadD7fDsL61tQ2P8SJF4N2iz4_JezG2_G_gwLzd9reKQId6gbyr5mOgQedCG9qUN2PM2SoSZGN4xImbZPbx8exeC6bkLzTVq7Uc8qLwIf7efcco5P3Uau3Q8drht44SAOs0XM-kmusHXS1QxvlEkgIxGZIh3I8OIRO6ockVQ7su0algXrnbCHdl--iW6HE64EH3RfSMruqZSzfV0UIDpZWZ_ktL-NB0ttlBUB-wr3B0txyBthpK4CILOORFrb5EczsLChWD6PEGRPM1TxFlkWTkL5BUYehwySaH2aL4nB-0dW46MY-bIHc9eWITpkoC4Z8Ii5nuONXrwCI9xr3gHXeuvxQRdWepcu-7FIWZ_uA-hFw4Aa5OcW9yfnEXqkPERQGqJzAGz_DHYwiSEPLzqQUYcCpg-NxR0TmsNgxTnN7nHeQ5Hnyn9zbFuBHUQ0ER0IdotQf_bSGw4NU4N-MMSmhiZNpfvKIWuStkBRahz1urxUo"
}
2017-06-09 12:12:19,612:DEBUG:urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-reg HTTP/1.1" 201 920
2017-06-09 12:12:19,614:DEBUG:acme.client:641: Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 920
Boulder-Request-Id: pcn97XXDeovv-6SvyJ0Cymiw9HUEWPHeQQRyixxwo5Y
Boulder-Requester: 16691211
Link: <https://acme-v01.api.letsencrypt.org/acme/new-authz>;rel="next", <https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf>;rel="terms-of-service"
Location: https://acme-v01.api.letsencrypt.org/acme/reg/16691211
Replay-Nonce: H7qKZ8tp8sb3Mawmvw2t6f4oHlCzpzylZMdLHorDpk0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 09 Jun 2017 12:12:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jun 2017 12:12:19 GMT
Connection: keep-alive
{
"id": 16691211,
"key": {
"kty": "RSA",
"n": "nMJwbwQ1iJbB5GWILZbRIFKq4e-QPkTWFCMZ61rsECnjBvxPSkhJWIWYL0lhF7lA2bs6OaFr9OvpKHd3hyr_T9azUkvD8YQELY6-_s0DjcLV34pMMHnp1Gym88XlYjkxqxh5mQVQzDcgxTAnxASrAiwV4ZoHjeeoXk_68FScee0WllBk7fprvE5SgZ68CMjBs8yXYnImfda61ZO_LfKi0RNlM44dhSap920dJOyyQ6i5Fjr_lLVg-AV6SO9guoEhNgyg-Tl4PB0Tz5f-EE16m4mxAtWU9HEYaxFxAWOx0pZFZVQl16PLkzZ3aBlYvlpk7Zl1L7wL0r0-I8t_k6XhzPL6mKwDkbh7m3q2dYvM8BmEOEx-UhioV5dTeh3vFvUxTmfUqLiEhQbQHAgMbpBQtWuL063Y9ubTHqD2bTTkHLW6ciu1xEHTGFqnLT53fgAKp5nJdl2_afj7MStZwylN6_WOMdpmFBeyAP36B3Zo6f1mG3S_dmBF_m18707DO5jThtVclpTdiPHSymlPBL0VmWaZriU981JuQC4E010pSxYOKfIP5XVW8QQoJvX-9nQ1ypsRX47deZYNnQNgqdM_SN_m7EZZ6mFIGdDCWnPaXlZTmLkebMAoRaGhIBC-7aZX89r6a4-IADnX5HPpHZqlokKJalAkbYf4EIJmWM8aaJE",
"e": "AQAB"
},
"contact": [
"mailto:spierepf@hotmail.com"
],
"initialIp": "24.138.24.95",
"createdAt": "2017-06-09T12:12:19.56256694Z",
"Status": "valid"
}
2017-06-09 12:12:19,614:DEBUG:acme.client:666: Storing nonce: H7qKZ8tp8sb3Mawmvw2t6f4oHlCzpzylZMdLHorDpk0
2017-06-09 12:12:19,619:DEBUG:urllib3.connectionpool:818: Starting new HTTPS connection (1): letsencrypt.org
2017-06-09 12:12:19,872:DEBUG:urllib3.connectionpool:395: https://letsencrypt.org:443 "GET /documents/LE-SA-v1.1.1-August-1-2016.pdf HTTP/1.1" 200 134243
2017-06-09 12:12:20,182:DEBUG:simp_le:1239: TOS hash: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221
2017-06-09 12:12:20,183:DEBUG:acme.client:547: JWS payload:
{
"contact": [
"mailto:spierepf@hotmail.com"
],
"resource": "reg",
"agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
"key": {
"e": "AQAB",
"kty": "RSA",
"n": "nMJwbwQ1iJbB5GWILZbRIFKq4e-QPkTWFCMZ61rsECnjBvxPSkhJWIWYL0lhF7lA2bs6OaFr9OvpKHd3hyr_T9azUkvD8YQELY6-_s0DjcLV34pMMHnp1Gym88XlYjkxqxh5mQVQzDcgxTAnxASrAiwV4ZoHjeeoXk_68FScee0WllBk7fprvE5SgZ68CMjBs8yXYnImfda61ZO_LfKi0RNlM44dhSap920dJOyyQ6i5Fjr_lLVg-AV6SO9guoEhNgyg-Tl4PB0Tz5f-EE16m4mxAtWU9HEYaxFxAWOx0pZFZVQl16PLkzZ3aBlYvlpk7Zl1L7wL0r0-I8t_k6XhzPL6mKwDkbh7m3q2dYvM8BmEOEx-UhioV5dTeh3vFvUxTmfUqLiEhQbQHAgMbpBQtWuL063Y9ubTHqD2bTTkHLW6ciu1xEHTGFqnLT53fgAKp5nJdl2_afj7MStZwylN6_WOMdpmFBeyAP36B3Zo6f1mG3S_dmBF_m18707DO5jThtVclpTdiPHSymlPBL0VmWaZriU981JuQC4E010pSxYOKfIP5XVW8QQoJvX-9nQ1ypsRX47deZYNnQNgqdM_SN_m7EZZ6mFIGdDCWnPaXlZTmLkebMAoRaGhIBC-7aZX89r6a4-IADnX5HPpHZqlokKJalAkbYf4EIJmWM8aaJE"
}
}
2017-06-09 12:12:20,195:DEBUG:root:624: Sending POST request to https://acme-v01.api.letsencrypt.org/acme/reg/16691211:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "nMJwbwQ1iJbB5GWILZbRIFKq4e-QPkTWFCMZ61rsECnjBvxPSkhJWIWYL0lhF7lA2bs6OaFr9OvpKHd3hyr_T9azUkvD8YQELY6-_s0DjcLV34pMMHnp1Gym88XlYjkxqxh5mQVQzDcgxTAnxASrAiwV4ZoHjeeoXk_68FScee0WllBk7fprvE5SgZ68CMjBs8yXYnImfda61ZO_LfKi0RNlM44dhSap920dJOyyQ6i5Fjr_lLVg-AV6SO9guoEhNgyg-Tl4PB0Tz5f-EE16m4mxAtWU9HEYaxFxAWOx0pZFZVQl16PLkzZ3aBlYvlpk7Zl1L7wL0r0-I8t_k6XhzPL6mKwDkbh7m3q2dYvM8BmEOEx-UhioV5dTeh3vFvUxTmfUqLiEhQbQHAgMbpBQtWuL063Y9ubTHqD2bTTkHLW6ciu1xEHTGFqnLT53fgAKp5nJdl2_afj7MStZwylN6_WOMdpmFBeyAP36B3Zo6f1mG3S_dmBF_m18707DO5jThtVclpTdiPHSymlPBL0VmWaZriU981JuQC4E010pSxYOKfIP5XVW8QQoJvX-9nQ1ypsRX47deZYNnQNgqdM_SN_m7EZZ6mFIGdDCWnPaXlZTmLkebMAoRaGhIBC-7aZX89r6a4-IADnX5HPpHZqlokKJalAkbYf4EIJmWM8aaJE"
}
},
"protected": "eyJub25jZSI6ICJIN3FLWjh0cDhzYjNNYXdtdncydDZmNG9IbEN6cHp5bFpNZExIb3JEcGswIn0",
"payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpzcGllcmVwZkBob3RtYWlsLmNvbSIKICBdLCAKICAicmVzb3VyY2UiOiAicmVnIiwgCiAgImFncmVlbWVudCI6ICJodHRwczovL2xldHNlbmNyeXB0Lm9yZy9kb2N1bWVudHMvTEUtU0EtdjEuMS4xLUF1Z3VzdC0xLTIwMTYucGRmIiwgCiAgImtleSI6IHsKICAgICJlIjogIkFRQUIiLCAKICAgICJrdHkiOiAiUlNBIiwgCiAgICAibiI6ICJuTUp3YndRMWlKYkI1R1dJTFpiUklGS3E0ZS1RUGtUV0ZDTVo2MXJzRUNuakJ2eFBTa2hKV0lXWUwwbGhGN2xBMmJzNk9hRnI5T3ZwS0hkM2h5cl9UOWF6VWt2RDhZUUVMWTYtX3MwRGpjTFYzNHBNTUhucDFHeW04OFhsWWpreHF4aDVtUVZRekRjZ3hUQW54QVNyQWl3VjRab0hqZWVvWGtfNjhGU2NlZTBXbGxCazdmcHJ2RTVTZ1o2OENNakJzOHlYWW5JbWZkYTYxWk9fTGZLaTBSTmxNNDRkaFNhcDkyMGRKT3l5UTZpNUZqcl9sTFZnLUFWNlNPOWd1b0VoTmd5Zy1UbDRQQjBUejVmLUVFMTZtNG14QXRXVTlIRVlheEZ4QVdPeDBwWkZaVlFsMTZQTGt6WjNhQmxZdmxwazdabDFMN3dMMHIwLUk4dF9rNlhoelBMNm1Ld0RrYmg3bTNxMmRZdk04Qm1FT0V4LVVoaW9WNWRUZWgzdkZ2VXhUbWZVcUxpRWhRYlFIQWdNYnBCUXRXdUwwNjNZOXViVEhxRDJiVFRrSExXNmNpdTF4RUhUR0ZxbkxUNTNmZ0FLcDVuSmRsMl9hZmo3TVN0Wnd5bE42X1dPTWRwbUZCZXlBUDM2QjNabzZmMW1HM1NfZG1CRl9tMTg3MDdETzVqVGh0VmNscFRkaVBIU3ltbFBCTDBWbVdhWnJpVTk4MUp1UUM0RTAxMHBTeFlPS2ZJUDVYVlc4UVFvSnZYLTluUTF5cHNSWDQ3ZGVaWU5uUU5ncWRNX1NOX203RVpaNm1GSUdkRENXblBhWGxaVG1Ma2ViTUFvUmFHaElCQy03YVpYODlyNmE0LUlBRG5YNUhQcEhacWxva0tKYWxBa2JZZjRFSUptV004YWFKRSIKICB9Cn0",
"signature": "beaKGkOouyZsBflhqMaIaYx46WYyxAFeHsZfgvuqFAvdxweG4HcmHZrNbNTZYvQ2PUFnbH0O5Ecq_eejBo_HLn9f8E0Evc5bctVFPyYorN7F4OYS1Yc4Hfg69OPuN9tCSGSCTykPw08nCtuTqhYYf45SRTm8qXrHHBTRVq0kcIsR9hwJ8nlhRk35BofpFCPLECT978tsh8qZNbbXC0vn1kBi7zsfbJEZmGlp66MdMN_RmhcfuqobBbk_48BWpybWXgZ0wXbJUijhQe5iLxofL4s37lFNpfYZPAlOUIDDT8VOcFy0R3nDXv7s5urAZC38j4m2xNV-31ks2IOIe1v2WrGNjtV06MkIRRWGoqYj_hEV6s2py1HCC8T7VqWwhpgzbpEXgJV82wDXCRZQSWdtPvlz9SPAaihDyg9evBiNWaflLfKe8HFe1J1wYlGz57ENZ8O6HuS2s1LASndoLk3K7LukF8np4QWcE1bW3w5OfgZJgF0ixPY-xDJKlUYfkmI2HWWHszKUwRjlBS0xbh6DmjQ5G1KMTca3ApfIZSiAu7LkzEMEWNx1A_QBVSYgI6IPi9Uldwj1kDvzGovCie5PNzpQBM_94RRz5G8ttVU_wxN6pkcPjEbdrmyPDve8Na5sGGQGnTsmeMnisB-6M5g6rjKImd3izn3Aw0p2QYgHL8c"
}
2017-06-09 12:12:20,399:DEBUG:urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "POST /acme/reg/16691211 HTTP/1.1" 202 994
2017-06-09 12:12:20,400:DEBUG:acme.client:641: Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 994
Boulder-Request-Id: MQKxWiFQLNt-3QOF0w4whY0N0Onq7KrhdZdhPpvAWUM
Boulder-Requester: 16691211
Link: <https://acme-v01.api.letsencrypt.org/acme/new-authz>;rel="next", <https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf>;rel="terms-of-service"
Replay-Nonce: zpD-8fgRwnE3qqwQ3d46tR2peQTNXUb3PLLJ4JdP3pI
Expires: Fri, 09 Jun 2017 12:12:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jun 2017 12:12:20 GMT
Connection: keep-alive
{
"id": 16691211,
"key": {
"kty": "RSA",
"n": "nMJwbwQ1iJbB5GWILZbRIFKq4e-QPkTWFCMZ61rsECnjBvxPSkhJWIWYL0lhF7lA2bs6OaFr9OvpKHd3hyr_T9azUkvD8YQELY6-_s0DjcLV34pMMHnp1Gym88XlYjkxqxh5mQVQzDcgxTAnxASrAiwV4ZoHjeeoXk_68FScee0WllBk7fprvE5SgZ68CMjBs8yXYnImfda61ZO_LfKi0RNlM44dhSap920dJOyyQ6i5Fjr_lLVg-AV6SO9guoEhNgyg-Tl4PB0Tz5f-EE16m4mxAtWU9HEYaxFxAWOx0pZFZVQl16PLkzZ3aBlYvlpk7Zl1L7wL0r0-I8t_k6XhzPL6mKwDkbh7m3q2dYvM8BmEOEx-UhioV5dTeh3vFvUxTmfUqLiEhQbQHAgMbpBQtWuL063Y9ubTHqD2bTTkHLW6ciu1xEHTGFqnLT53fgAKp5nJdl2_afj7MStZwylN6_WOMdpmFBeyAP36B3Zo6f1mG3S_dmBF_m18707DO5jThtVclpTdiPHSymlPBL0VmWaZriU981JuQC4E010pSxYOKfIP5XVW8QQoJvX-9nQ1ypsRX47deZYNnQNgqdM_SN_m7EZZ6mFIGdDCWnPaXlZTmLkebMAoRaGhIBC-7aZX89r6a4-IADnX5HPpHZqlokKJalAkbYf4EIJmWM8aaJE",
"e": "AQAB"
},
"contact": [
"mailto:spierepf@hotmail.com"
],
"agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
"initialIp": "24.138.24.95",
"createdAt": "2017-06-09T12:12:19Z",
"Status": "valid"
}
2017-06-09 12:12:20,401:DEBUG:acme.client:666: Storing nonce: zpD-8fgRwnE3qqwQ3d46tR2peQTNXUb3PLLJ4JdP3pI
2017-06-09 12:12:20,402:DEBUG:acme.client:547: JWS payload:
{
"identifier": {
"type": "dns",
"value": "spierepf.ddns.net"
},
"resource": "new-authz"
}
2017-06-09 12:12:20,421:DEBUG:root:624: Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "nMJwbwQ1iJbB5GWILZbRIFKq4e-QPkTWFCMZ61rsECnjBvxPSkhJWIWYL0lhF7lA2bs6OaFr9OvpKHd3hyr_T9azUkvD8YQELY6-_s0DjcLV34pMMHnp1Gym88XlYjkxqxh5mQVQzDcgxTAnxASrAiwV4ZoHjeeoXk_68FScee0WllBk7fprvE5SgZ68CMjBs8yXYnImfda61ZO_LfKi0RNlM44dhSap920dJOyyQ6i5Fjr_lLVg-AV6SO9guoEhNgyg-Tl4PB0Tz5f-EE16m4mxAtWU9HEYaxFxAWOx0pZFZVQl16PLkzZ3aBlYvlpk7Zl1L7wL0r0-I8t_k6XhzPL6mKwDkbh7m3q2dYvM8BmEOEx-UhioV5dTeh3vFvUxTmfUqLiEhQbQHAgMbpBQtWuL063Y9ubTHqD2bTTkHLW6ciu1xEHTGFqnLT53fgAKp5nJdl2_afj7MStZwylN6_WOMdpmFBeyAP36B3Zo6f1mG3S_dmBF_m18707DO5jThtVclpTdiPHSymlPBL0VmWaZriU981JuQC4E010pSxYOKfIP5XVW8QQoJvX-9nQ1ypsRX47deZYNnQNgqdM_SN_m7EZZ6mFIGdDCWnPaXlZTmLkebMAoRaGhIBC-7aZX89r6a4-IADnX5HPpHZqlokKJalAkbYf4EIJmWM8aaJE"
}
},
"protected": "eyJub25jZSI6ICJ6cEQtOGZnUnduRTNxcXdRM2Q0NnRSMnBlUVROWFViM1BMTEo0SmRQM3BJIn0",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAic3BpZXJlcGYuZGRucy5uZXQiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ",
"signature": "YarGyaFK_vdNY9Pn1pPPjhPePKXQxQHCx5oO2wR1ifdpLQiBrGO397MUjKSj1a51UjqyMBTYQA0JoYKfeiZY0Mz-46-xEpGOB-qO-tgayey8bqCxLqJb0mZ2ZgChyL2ASlyB4C5NiuIlVNqC5VOZdSCxqa-qK1utAlhu_TzHN4C0PKVQZJqFg2TrgtqwLecxRl_9cqWfRL7R1rZvIYhGHC1OkKkIeCuYFO5vEmP16_h2XjlzoufYMsxNgmTwBHQ9_CQIQZrN35K86TOj19kiI2iT-skVt65AavOGHNTMFqs8qNWK2ZEoSwUOrnBWn9mfbiOybys-X5UnMNEGUEZeVViYlJlzFfPX9N4Blhz5XnJTrp05e6By1_zInb90-o04VdDbdMHfxONDJX-rEOxhNtQzCwYatIHWVEqD8HDTIILtO67ZaLssvoiGey7nb7p3LHL_sneJcpAplpIqzO0x4zvimmb3IDdOBj25c1l2dC6W3oQzQHinHQ6zLGpYeFMwTjryKxdAjne-445wr-9K2YDUYvErphawQquFw1QLWYNXlGUdTO6YOVjkqg3KS8PWn8qKynT3Wkbh3gdzCeaUyo39CjuWCDgdhPxP-KzW6BzXanB_DNXEwNH4LwTkizZPqPsEk-JNWrodY2QFdkhnuJ90J9pWVM83lmhPqeconZ0"
}
2017-06-09 12:12:20,571:DEBUG:urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1005
2017-06-09 12:12:20,572:DEBUG:acme.client:641: Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1005
Boulder-Request-Id: zw7FGr1bUr13UJmmlptrSQtWSrxANgRaaYbAdljHJ1g
Boulder-Requester: 16691211
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/niOsUgSyIieJTr1T97StQfPxXJGrJtk7cU5KrZ9XuvA
Replay-Nonce: TwZ61D7zbchdr4d5gLufZVBZ58mp_l6d6XB0MNG0h7k
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Fri, 09 Jun 2017 12:12:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Jun 2017 12:12:20 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "spierepf.ddns.net"
},
"status": "pending",
"expires": "2017-06-16T12:12:20.486740414Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/niOsUgSyIieJTr1T97StQfPxXJGrJtk7cU5KrZ9XuvA/1306543970",
"token": "8F2BfWIHWTjNTGrzUKtsbLJeontqO7gtglO9131vJOw"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/niOsUgSyIieJTr1T97StQfPxXJGrJtk7cU5KrZ9XuvA/1306543971",
"token": "OddIyF6NN0O0humigcU1JMC9M2yPJRFmk52ujqd-jJ0"
},
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/niOsUgSyIieJTr1T97StQfPxXJGrJtk7cU5KrZ9XuvA/1306543972",
"token": "A7AM0NUhMwHElhVurbqg83JagbZQFjuh1jjjBGd4WYU"
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}
2017-06-09 12:12:20,572:DEBUG:acme.client:666: Storing nonce: TwZ61D7zbchdr4d5gLufZVBZ58mp_l6d6XB0MNG0h7k
2017-06-09 12:12:20,584:DEBUG:simp_le:985: Saving validation (u'A7AM0NUhMwHElhVurbqg83JagbZQFjuh1jjjBGd4WYU.c6Gu2lgLgsBAUEKTBbJaVjjjeVx1UGpAxSzZeMiCoGk') at /usr/share/nginx/html/.well-known/acme-challenge/A7AM0NUhMwHElhVurbqg83JagbZQFjuh1jjjBGd4WYU
2017-06-09 12:12:20,585:DEBUG:acme.challenges:307: Verifying http-01 at http://spierepf.ddns.net/.well-known/acme-challenge/A7AM0NUhMwHElhVurbqg83JagbZQFjuh1jjjBGd4WYU...
2017-06-09 12:12:20,586:DEBUG:urllib3.connectionpool:207: Starting new HTTP connection (1): spierepf.ddns.netBut it just seems to hang at that point?
zenhack
commented
7 years ago What it looks like is happening is that simp_le is getting to the step where it self-verifies, i.e. it checks that the challenge is available via HTTP as expected (before bugging letsencrypt about it), and it's just blocking on a read from the response. Can you verify that the docker container can actually reach its own HTTP server? i.e, get a shell in the container and do curl http://spierepf.ddns.net. It seems to work fine from where I am, but I'm wondering if there's some odd networking issue on your end (overly restrictive firewall rule maybe?)
I should probably add a timeout, so users hitting stuff like this get an error message in a more reasonable amount of time.
zenhack
commented
7 years ago I'm going to close this, since I can't reproduce and haven't heard back from @spierepf; feel free to reopen.
This is a copy of: https://community.letsencrypt.org/t/using-the-simp-le-client-in-a-docker-container-hangs-during-http-challenge/33694
Please fill out the fields below so we can help you better.
My domain is: spierepf.ddns.net
I ran this command: simp_le --verbose --email spierepf@hotmail.com -f account_key.json -f fullchain.pem -f key.pem -d spierepf.ddns.net:/usr/share/nginx/html
It produced this output: 2017-05-09 11:02:57,239:DEBUG:simp_le:1371: ['--verbose', '--email', 'spierepf@hotmail.com', '-f', 'account_key.json', '-f', 'fullchain.pem', '-f', 'key.pem', '-d', 'spierepf.ddns.net:/usr/share/nginx/html'] parsed as Namespace(account_key_public_exponent=65537, account_key_size=4096, cert_key_size=4096, default_root=None, email='spierepf@hotmail.com', help=False, integration_test=False, ioplugins=['account_key.json', 'fullchain.pem', 'key.pem'], reuse_key=False, revoke=False, server='https://acme-v01.api.letsencrypt.org/directory', test=False, tos_sha256='6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221', user_agent='simp_le/0', valid_min=2592000, verbose=True, version=False, vhosts=[Vhost(name='spierepf.ddns.net', root='/usr/share/nginx/html')]) 2017-05-09 11:02:57,240:DEBUG:simp_le:367: Loading account_key.json 2017-05-09 11:02:57,241:DEBUG:simp_le:367: Loading fullchain.pem 2017-05-09 11:02:57,241:DEBUG:simp_le:367: Loading key.pem 2017-05-09 11:02:57,241:DEBUG:simp_le:1280: Computed roots: {'spierepf.ddns.net': '/usr/share/nginx/html'} 2017-05-09 11:02:57,241:INFO:simp_le:1211: Generating new account key 2017-05-09 11:02:58,092:DEBUG:root:626: Sending GET request to https://acme-v01.api.letsencrypt.org/directory. 2017-05-09 11:02:58,093:DEBUG:requests.packages.urllib3.connectionpool:818: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2017-05-09 11:02:58,463:DEBUG:requests.packages.urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 352 2017-05-09 11:02:58,463:DEBUG:acme.client:641: Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 352 Boulder-Request-Id: 5Gt0mK2cujd1E2NzzAzLcLdKJHy61c5ALjnR-5CqZ14 Replay-Nonce: kvQL2iK2qX3fANQqzb8Z2GeVZ1JPCnB4r81IRmBq4Ws X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 09 May 2017 11:02:58 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 09 May 2017 11:02:58 GMT Connection: keep-alive
{ "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert" } 2017-05-09 11:02:58,464:DEBUG:root:673: Requesting fresh nonce 2017-05-09 11:02:58,464:DEBUG:root:626: Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-reg. 2017-05-09 11:02:58,575:DEBUG:requests.packages.urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-reg HTTP/1.1" 405 0 2017-05-09 11:02:58,576:DEBUG:acme.client:641: Received response: HTTP 405 Server: nginx Content-Type: application/problem+json Content-Length: 91 Allow: POST Boulder-Request-Id: sQruqSb4Xolet7A6PdNylnohcS7FUjPVc9-yD_XKo1A Replay-Nonce: osB4PUfnI8Bh4fNUZy34vyEFWxuVvzm4evCLDVvHoQo Expires: Tue, 09 May 2017 11:02:58 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 09 May 2017 11:02:58 GMT Connection: keep-alive
2017-05-09 11:02:58,576:DEBUG:acme.client:666: Storing nonce: osB4PUfnI8Bh4fNUZy34vyEFWxuVvzm4evCLDVvHoQo 2017-05-09 11:02:58,577:DEBUG:acme.client:547: JWS payload: { "contact": [ "mailto:spierepf@hotmail.com" ], "resource": "new-reg" } 2017-05-09 11:02:58,595:DEBUG:root:624: Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-reg: { "header": { "alg": "RS256", "jwk": { "e": "AQAB", "kty": "RSA", "n": "wfH95WbCxJgy1NC1wMR2A_AqCYmHftHbh3xKLlgCaa3hVUZLfOEQ09GRr8OLNRsaWi6d-wmfI8cb89POKhX_gKLtfarrsdch_eyptWMc5v2HXxb5tGe48zShyRq4f9v4xJD0pIInoBFZZGIAPcHM6e1KTTS4AUEX7mv_zej_p5Dz6crWdYToM7RpxgmkrHGdNJd4wzNo_1nUVj911zETGfuBADEbRizf_CDIznDVLupWYLCL9-aSjVq9fcNQo_zfyUdZCwHxVJh3v0DrC0eDTQfFnREZ-jeyC1o7Bb1uylF4ZercrHsbogOyK5cwIXShymBb0-tySwoHtk66Wk56bFcRQr9sHAvJwZTu10o6hEgtnOEh7209v1u1KDPoDYPscSS2E4iRwwq8OgUj_EyTyO4EGFKo2ghOyDCxtpJGFzoKWOe1qxY17348oMAepDJ6wbDprM2ubGcd4dwer5NcCQor6fMLgZQKtMgjjx_OU6nk1cRAVlPQzB-ZI0pAOrOYtMVNGh-meuJGqCq0HFP-nEoM-ngn9Drkcli_T9IabmLlKrHE4c3sTOcXfnSNwetrDKYKBONobqPPDssQ1bUhtJcj3ojVkDQ8MkZIoK1VZglLOeYx1YLWh3IJEZJ63GFwGBWBorlSsbzrRaaGRt7zlCswJJwuL-3dzxRx-qXM" } }, "protected": "eyJub25jZSI6ICJvc0I0UFVmbkk4Qmg0Zk5VWnkzNHZ5RUZXeHVWdnptNGV2Q0xEVnZIb1FvIn0", "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpzcGllcmVwZkBob3RtYWlsLmNvbSIKICBdLCAKICAicmVzb3VyY2UiOiAibmV3LXJlZyIKfQ", "signature": "UTyQBEbmZs0TDHyl-jQvUmV7M_Iv6IWGZ0zmJwNJDIMbOdIZSrmTkpmwz9n47wnU1JNMGjEx4sLdTxG2gsL7SaJC8ZqrYZy2raz8lfuDz352-4zpvPBnyzujoAqllGdH20vNzKSIiXN-v9rwmjtU9tIlxE6645sCkvKPtG9C1O-ZslaPcWUnAoZ7-CIEq7DjUbV9WkmXk4kBNbusmx8xnLlg7bRbVGif0SZ-G7EOZFHR-Tcdahq89DZw51-C47bqpzlJRD-MvqW_12AEaydsBzaTENRY0gHWMjgogvp9wzsuL4YwbkkYT07NHi4MY1mj2BjwOIpUxPELY7WPE1AqrGtWKx_2wNnySWyOR2Jpr3QnWyHE6P3ZPkOvfg27F5HfRdDGuOUkEBmJAl6dRYFTtwy8e-uMz3MmEr-Ch-qJxbclikxauL3fZTBI7bXUbgEqS0-t8EfAn46cy1tgb39fCFyAXhn7J1yCKMUeLwx-m0caSkmdiiDojU0vXdrII1XIaJrLvSUNV4NYXH4coerdvdBLDHFEVj-2hC8YcV90wRT3T6dIpYQ3VSnzrphkRo77yypEUsE1JEuRxBuowGUkiCRSWcP4aTKXs5aublN_wQNRsAScI_RnUKxN20bjCIOWZzzCW7l3vGw4-9Fk5Ng3NQ5I5ZRtPE4zPajcfMDzoQ" } 2017-05-09 11:02:58,893:DEBUG:requests.packages.urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-reg HTTP/1.1" 201 921 2017-05-09 11:02:58,895:DEBUG:acme.client:641: Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 921 Boulder-Request-Id: 1tCRAWU3T4i85DTcDgSp-2vUFEwkpz95en4TCqBxWaI Boulder-Requester: 14246951 Link: https://acme-v01.api.letsencrypt.org/acme/new-authz;rel="next", https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf;rel="terms-of-service" Location: https://acme-v01.api.letsencrypt.org/acme/reg/14246951 Replay-Nonce: gEhkKCXqB9rp5etAXqWJYNpaphZYM_MCd9SLJTeEK0U X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 09 May 2017 11:02:58 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 09 May 2017 11:02:58 GMT Connection: keep-alive
{ "id": 14246951, "key": { "kty": "RSA", "n": "wfH95WbCxJgy1NC1wMR2A_AqCYmHftHbh3xKLlgCaa3hVUZLfOEQ09GRr8OLNRsaWi6d-wmfI8cb89POKhX_gKLtfarrsdch_eyptWMc5v2HXxb5tGe48zShyRq4f9v4xJD0pIInoBFZZGIAPcHM6e1KTTS4AUEX7mv_zej_p5Dz6crWdYToM7RpxgmkrHGdNJd4wzNo_1nUVj911zETGfuBADEbRizf_CDIznDVLupWYLCL9-aSjVq9fcNQo_zfyUdZCwHxVJh3v0DrC0eDTQfFnREZ-jeyC1o7Bb1uylF4ZercrHsbogOyK5cwIXShymBb0-tySwoHtk66Wk56bFcRQr9sHAvJwZTu10o6hEgtnOEh7209v1u1KDPoDYPscSS2E4iRwwq8OgUj_EyTyO4EGFKo2ghOyDCxtpJGFzoKWOe1qxY17348oMAepDJ6wbDprM2ubGcd4dwer5NcCQor6fMLgZQKtMgjjx_OU6nk1cRAVlPQzB-ZI0pAOrOYtMVNGh-meuJGqCq0HFP-nEoM-ngn9Drkcli_T9IabmLlKrHE4c3sTOcXfnSNwetrDKYKBONobqPPD_ssQ1bUhtJcj3ojVkDQ8MkZIoK1VZglLOeYx1YLWh3IJEZJ63GFwGBWBorlSsbzrRaaGRt7zlCswJJwuL-3dzxRx-qXM", "e": "AQAB" }, "contact": [ "mailto:spierepf@hotmail.com" ], "initialIp": "24.138.24.95", "createdAt": "2017-05-09T11:02:58.795671648Z", "Status": "valid" } 2017-05-09 11:02:58,895:DEBUG:acme.client:666: Storing nonce: gEhkKCXqB9rp5etAXqWJYNpaphZYM_MCd9SLJTeEK0U 2017-05-09 11:02:58,900:DEBUG:requests.packages.urllib3.connectionpool:818: Starting new HTTPS connection (1): letsencrypt.org 2017-05-09 11:02:59,121:DEBUG:requests.packages.urllib3.connectionpool:395: https://letsencrypt.org:443 "GET /documents/LE-SA-v1.1.1-August-1-2016.pdf HTTP/1.1" 200 134243 2017-05-09 11:02:59,431:DEBUG:simp_le:1237: TOS hash: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221 2017-05-09 11:02:59,431:DEBUG:acme.client:547: JWS payload: { "contact": [ "mailto:spierepf@hotmail.com" ], "resource": "reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf", "key": { "e": "AQAB", "kty": "RSA", "n": "wfH95WbCxJgy1NC1wMR2A_AqCYmHftHbh3xKLlgCaa3hVUZLfOEQ09GRr8OLNRsaWi6d-wmfI8cb89POKhX_gKLtfarrsdch_eyptWMc5v2HXxb5tGe48zShyRq4f9v4xJD0pIInoBFZZGIAPcHM6e1KTTS4AUEX7mv_zej_p5Dz6crWdYToM7RpxgmkrHGdNJd4wzNo_1nUVj911zETGfuBADEbRizf_CDIznDVLupWYLCL9-aSjVq9fcNQo_zfyUdZCwHxVJh3v0DrC0eDTQfFnREZ-jeyC1o7Bb1uylF4ZercrHsbogOyK5cwIXShymBb0-tySwoHtk66Wk56bFcRQr9sHAvJwZTu10o6hEgtnOEh7209v1u1KDPoDYPscSS2E4iRwwq8OgUj_EyTyO4EGFKo2ghOyDCxtpJGFzoKWOe1qxY17348oMAepDJ6wbDprM2ubGcd4dwer5NcCQor6fMLgZQKtMgjjx_OU6nk1cRAVlPQzB-ZI0pAOrOYtMVNGh-meuJGqCq0HFP-nEoM-ngn9Drkcli_T9IabmLlKrHE4c3sTOcXfnSNwetrDKYKBONobqPPD_ssQ1bUhtJcj3ojVkDQ8MkZIoK1VZglLOeYx1YLWh3IJEZJ63GFwGBWBorlSsbzrRaaGRt7zlCswJJwuL-3dzxRx-qXM" } } 2017-05-09 11:02:59,444:DEBUG:root:624: Sending POST request to https://acme-v01.api.letsencrypt.org/acme/reg/14246951: { "header": { "alg": "RS256", "jwk": { "e": "AQAB", "kty": "RSA", "n": "wfH95WbCxJgy1NC1wMR2A_AqCYmHftHbh3xKLlgCaa3hVUZLfOEQ09GRr8OLNRsaWi6d-wmfI8cb89POKhX_gKLtfarrsdch_eyptWMc5v2HXxb5tGe48zShyRq4f9v4xJD0pIInoBFZZGIAPcHM6e1KTTS4AUEX7mv_zej_p5Dz6crWdYToM7RpxgmkrHGdNJd4wzNo_1nUVj911zETGfuBADEbRizf_CDIznDVLupWYLCL9-aSjVq9fcNQo_zfyUdZCwHxVJh3v0DrC0eDTQfFnREZ-jeyC1o7Bb1uylF4ZercrHsbogOyK5cwIXShymBb0-tySwoHtk66Wk56bFcRQr9sHAvJwZTu10o6hEgtnOEh7209v1u1KDPoDYPscSS2E4iRwwq8OgUj_EyTyO4EGFKo2ghOyDCxtpJGFzoKWOe1qxY17348oMAepDJ6wbDprM2ubGcd4dwer5NcCQor6fMLgZQKtMgjjx_OU6nk1cRAVlPQzB-ZI0pAOrOYtMVNGh-meuJGqCq0HFP-nEoM-ngn9Drkcli_T9IabmLlKrHE4c3sTOcXfnSNwetrDKYKBONobqPPD_ssQ1bUhtJcj3ojVkDQ8MkZIoK1VZglLOeYx1YLWh3IJEZJ63GFwGBWBorlSsbzrRaaGRt7zlCswJJwuL-3dzxRx-qXM" } }, "protected": "eyJub25jZSI6ICJnRWhrS0NYcUI5cnA1ZXRBWHFXSllOcGFwaFpZTV9NQ2Q5U0xKVGVFSzBVIn0", "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpzcGllcmVwZkBob3RtYWlsLmNvbSIKICBdLCAKICAicmVzb3VyY2UiOiAicmVnIiwgCiAgImFncmVlbWVudCI6ICJodHRwczovL2xldHNlbmNyeXB0Lm9yZy9kb2N1bWVudHMvTEUtU0EtdjEuMS4xLUF1Z3VzdC0xLTIwMTYucGRmIiwgCiAgImtleSI6IHsKICAgICJlIjogIkFRQUIiLCAKICAgICJrdHkiOiAiUlNBIiwgCiAgICAibiI6ICJ3Zkg5NVdiQ3hKZ3kxTkMxd01SMkFfQXFDWW1IZnRIYmgzeEtMbGdDYWEzaFZVWkxmT0VRMDlHUnI4T0xOUnNhV2k2ZC13bWZJOGNiODlQT0toWF9nS0x0ZmFycnNkY2hfZXlwdFdNYzV2MkhYeGI1dEdlNDh6U2h5UnE0Zjl2NHhKRDBwSUlub0JGWlpHSUFQY0hNNmUxS1RUUzRBVUVYN212X3plal9wNUR6NmNyV2RZVG9NN1JweGdta3JIR2ROSmQ0d3pOb18xblVWajkxMXpFVEdmdUJBREViUml6Zl9DREl6bkRWTHVwV1lMQ0w5LWFTalZxOWZjTlFvX3pmeVVkWkN3SHhWSmgzdjBEckMwZURUUWZGblJFWi1qZXlDMW83QmIxdXlsRjRaZXJjckhzYm9nT3lLNWN3SVhTaHltQmIwLXR5U3dvSHRrNjZXazU2YkZjUlFyOXNIQXZKd1pUdTEwbzZoRWd0bk9FaDcyMDl2MXUxS0RQb0RZUHNjU1MyRTRpUnd3cThPZ1VqX0V5VHlPNEVHRktvMmdoT3lEQ3h0cEpHRnpvS1dPZTFxeFkxNzM0OG9NQWVwREo2d2JEcHJNMnViR2NkNGR3ZXI1TmNDUW9yNmZNTGdaUUt0TWdqanhfT1U2bmsxY1JBVmxQUXpCLV9aSTBwQU9yT1l0TVZOR19oLW1ldUpHcUNxMEhGUC1uRW9NLW5nbjlEcmtjbGlfVDlJYWJtTGxLckhFNGMzc1RPY1hmblNOd2V0ckRLWUtCT05vYnFQUERfc3NRMWJVaHRKY2ozb2pWa0RROE1rWklvSzFWWmdsTE9lWXgxWUxXaDNJSkVaSjYzR0Z3R0JXQm9ybFNzYnpyUmFhR1J0N3psQ3N3Skp3dUwtM2R6eFJ4LXFYTSIKICB9Cn0", "signature": "NQdegiSVsxn4h_wjcO9LkjaRCj63LJGNXNmbUh40X5c1k28BlETDGUTCxMJUhlYEneIkhMU3kwk8YnoLLTbsI1fVWKHAgbx8uUI_WKemFg7TEnkkAYxz5MaKt47N-TA-RjY0zpBH8wvPEFdW5wTVhqmoxw1JhjUaAhard4wiWmWJhah7H5ixFj4_rSY7qn8ruU3i6d9Gby5EcQuo0mogxvI1IWJ_Ip8EEw48uNwM0Jp79DVumKrUC5jN7_dh5KY-WhpBYLpJ4wBao9BRtVja079D-Xhzv_HKoxWjS_KI4XQSyM65yFMC03ONMceFj8M8tSvQdrFy_JikgjxFj8TgX1HOdGlkwl9cfWW2AbuZ911qCG_2QReJIpTZ4JOUsHrNXw6PCQGds6HlQC-URXUTdkowzXZk_nrOHuBUcccy6XrmnMbhcRNgWjnydYWKvlN72A2VhpoV4gOulKm-aXJJDF6S8QJ0KFWYNjkgQ9nFQS0be1-cTkF9lfKR57WzYTnkvXlpZm0jI5xzwhMP926J7eggCcGk_nZcH65McSbAo0E3Z5vUnwvzllzM6oiroehM1HxYGehxHcl0DIRbfmAnxJ4-CpArQNCzaGqNO_s4wddkhcD8qUKfaU_xgHYNlBqMCcRi1Uu2OQ8Ny-l4ljhIvKTF7HMW5mrJXrqBtZF0o4E" } 2017-05-09 11:02:59,590:DEBUG:requests.packages.urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "POST /acme/reg/14246951 HTTP/1.1" 202 994 2017-05-09 11:02:59,590:DEBUG:acme.client:641: Received response: HTTP 202 Server: nginx Content-Type: application/json Content-Length: 994 Boulder-Request-Id: SoFiO2rh5K_0cHWvAU9id7N2nIk5Ic6LrsdeUUVrmvw Boulder-Requester: 14246951 Link: https://acme-v01.api.letsencrypt.org/acme/new-authz;rel="next", https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf;rel="terms-of-service" Replay-Nonce: INmxqMPEdZA5qo1KJ_D7_IkQp0lK_6X4A6_mAmsuNvs Expires: Tue, 09 May 2017 11:02:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 09 May 2017 11:02:59 GMT Connection: keep-alive
{ "id": 14246951, "key": { "kty": "RSA", "n": "wfH95WbCxJgy1NC1wMR2A_AqCYmHftHbh3xKLlgCaa3hVUZLfOEQ09GRr8OLNRsaWi6d-wmfI8cb89POKhX_gKLtfarrsdch_eyptWMc5v2HXxb5tGe48zShyRq4f9v4xJD0pIInoBFZZGIAPcHM6e1KTTS4AUEX7mv_zej_p5Dz6crWdYToM7RpxgmkrHGdNJd4wzNo_1nUVj911zETGfuBADEbRizf_CDIznDVLupWYLCL9-aSjVq9fcNQo_zfyUdZCwHxVJh3v0DrC0eDTQfFnREZ-jeyC1o7Bb1uylF4ZercrHsbogOyK5cwIXShymBb0-tySwoHtk66Wk56bFcRQr9sHAvJwZTu10o6hEgtnOEh7209v1u1KDPoDYPscSS2E4iRwwq8OgUj_EyTyO4EGFKo2ghOyDCxtpJGFzoKWOe1qxY17348oMAepDJ6wbDprM2ubGcd4dwer5NcCQor6fMLgZQKtMgjjx_OU6nk1cRAVlPQzB-ZI0pAOrOYtMVNGh-meuJGqCq0HFP-nEoM-ngn9Drkcli_T9IabmLlKrHE4c3sTOcXfnSNwetrDKYKBONobqPPD_ssQ1bUhtJcj3ojVkDQ8MkZIoK1VZglLOeYx1YLWh3IJEZJ63GFwGBWBorlSsbzrRaaGRt7zlCswJJwuL-3dzxRx-qXM", "e": "AQAB" }, "contact": [ "mailto:spierepf@hotmail.com" ], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf", "initialIp": "24.138.24.95", "createdAt": "2017-05-09T11:02:58Z", "Status": "valid" } 2017-05-09 11:02:59,590:DEBUG:acme.client:666: Storing nonce: INmxqMPEdZA5qo1KJ_D7_IkQp0lK_6X4A6_mAmsuNvs 2017-05-09 11:02:59,591:DEBUG:acme.client:547: JWS payload: { "identifier": { "type": "dns", "value": "spierepf.ddns.net" }, "resource": "new-authz" } 2017-05-09 11:02:59,604:DEBUG:root:624: Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { "header": { "alg": "RS256", "jwk": { "e": "AQAB", "kty": "RSA", "n": "wfH95WbCxJgy1NC1wMR2A_AqCYmHftHbh3xKLlgCaa3hVUZLfOEQ09GRr8OLNRsaWi6d-wmfI8cb89POKhX_gKLtfarrsdch_eyptWMc5v2HXxb5tGe48zShyRq4f9v4xJD0pIInoBFZZGIAPcHM6e1KTTS4AUEX7mv_zej_p5Dz6crWdYToM7RpxgmkrHGdNJd4wzNo_1nUVj911zETGfuBADEbRizf_CDIznDVLupWYLCL9-aSjVq9fcNQo_zfyUdZCwHxVJh3v0DrC0eDTQfFnREZ-jeyC1o7Bb1uylF4ZercrHsbogOyK5cwIXShymBb0-tySwoHtk66Wk56bFcRQr9sHAvJwZTu10o6hEgtnOEh7209v1u1KDPoDYPscSS2E4iRwwq8OgUj_EyTyO4EGFKo2ghOyDCxtpJGFzoKWOe1qxY17348oMAepDJ6wbDprM2ubGcd4dwer5NcCQor6fMLgZQKtMgjjx_OU6nk1cRAVlPQzB-ZI0pAOrOYtMVNGh-meuJGqCq0HFP-nEoM-ngn9Drkcli_T9IabmLlKrHE4c3sTOcXfnSNwetrDKYKBONobqPPD_ssQ1bUhtJcj3ojVkDQ8MkZIoK1VZglLOeYx1YLWh3IJEZJ63GFwGBWBorlSsbzrRaaGRt7zlCswJJwuL-3dzxRx-qXM" } }, "protected": "eyJub25jZSI6ICJJTm14cU1QRWRaQTVxbzFLSl9EN19Ja1FwMGxLXzZYNEE2X21BbXN1TnZzIn0", "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAic3BpZXJlcGYuZGRucy5uZXQiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ", "signature": "vgdu3c0O-JMkpP7z32s6snZKGB8Mk6jz94ipQt06Qe6CywvInxUbVpQzSLI67aT2txq5_lVDYEaY_66AnsrhCLpAZVH4NPUOdgWy85o4GS2B2h5I9W3oErYCuHIZn4N8iNjrxQU5sCLIwz_ipYQ35NND1r9eWllxjiyVOTeA1vCvGjoTz3YmzcG3TuYoOLg1ax1miYDYpr91SYPcSzmXdltgUMQxq9C9UE1ZYj2dwM8i5yrIgtySWN1RC8CAjD4E1IkUa3a233TXpb9NJxbkVB7xw60l8bJQsAs2iewH1RKueng2tBTBRfW6EengGw4iTHTjn45vcgQ8LrG2Y8feHj-3UEB7TaGXJyosD4Rju61UMpg2_6GZ0EVo7Ye3OPY0691-9lRlNMfwSvmpMFNVJG7zV2Mf35m6kYKU1P97D0kZnnfpHQE2G9IxFMhiB568Nx0Zm_MmSp24Nj3gFyM4ZXWnoJ2zEPtIXJKB44-BYIrCZZoXIMff5yXiSQCip75TVnKmapBLG-eLI982LT9JQrl__zYkMQprU09tUp-XRuZ6_RBZRo8nBioA_NDBLNGxOcEx-9mfMFfad2eiun6fI1cbnMvm6h-ijejghPP0p6AXeD0nS2QKikG-CvYPgkhIp-ialqFQUIo8QLudVFry-yBGWwZ3ASeZsIpGI2KmyxQ" } 2017-05-09 11:02:59,759:DEBUG:requests.packages.urllib3.connectionpool:395: https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1005 2017-05-09 11:02:59,761:DEBUG:acme.client:641: Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 1005 Boulder-Request-Id: bd8fjnaFIvtKDJktInIK2GjxTU1FhZXJlQjNvR_8oys Boulder-Requester: 14246951 Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next" Location: https://acme-v01.api.letsencrypt.org/acme/authz/-W53XG9N-PcoaR9gPZ9q4TH44ZM09jZBCReJarr4Chk Replay-Nonce: l32017LQENMLtMdf6v0ioS2giErAS0Os-kwJH9TWDgo X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Tue, 09 May 2017 11:02:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 09 May 2017 11:02:59 GMT Connection: keep-alive
{ "identifier": { "type": "dns", "value": "spierepf.ddns.net" }, "status": "pending", "expires": "2017-05-16T11:02:59.656179074Z", "challenges": [ { "type": "http-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-W53XG9N-PcoaR9gPZ9q4TH44ZM09jZBCReJarr4Chk/1147834376", "token": "kf4rYPPgBT-ubAsVA1ZhVGqPUOSZMGFyzDytWmAd2tg" }, { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-W53XG9N-PcoaR9gPZ9q4TH44ZM09jZBCReJarr4Chk/1147834377", "token": "5KYEb5AK0D9dx34UySKr7dcA6rnVaTBa6A9bj4tgZto" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-W53XG9N-PcoaR9gPZ9q4TH44ZM09jZBCReJarr4Chk/1147834378", "token": "nU8dsB75TqTrHlZrqaALaGLSKVjvBdMZg_ML5jEUiPk" } ], "combinations": [ [ 2 ], [ 0 ], [ 1 ] ] } 2017-05-09 11:02:59,761:DEBUG:acme.client:666: Storing nonce: l32017LQENMLtMdf6v0ioS2giErAS0Os-kwJH9TWDgo 2017-05-09 11:02:59,773:DEBUG:simp_le:983: Saving validation (u'kf4rYPPgBT-ubAsVA1ZhVGqPUOSZMGFyzDytWmAd2tg.63543MRgFiPVD1DrDWJwI6bU8T-0U7DruBu_VUZaRIM') at /usr/share/nginx/html/.well-known/acme-challenge/kf4rYPPgBT-ubAsVA1ZhVGqPUOSZMGFyzDytWmAd2tg 2017-05-09 11:02:59,775:DEBUG:acme.challenges:307: Verifying http-01 at http://spierepf.ddns.net/.well-known/acme-challenge/kf4rYPPgBT-ubAsVA1ZhVGqPUOSZMGFyzDytWmAd2tg... 2017-05-09 11:02:59,776:DEBUG:requests.packages.urllib3.connectionpool:207: Starting new HTTP connection (1): spierepf.ddns.net nginx_1 | 24.138.24.95 - - [09/May/2017:11:02:59 +0000] "GET /.well-known/acme-challenge/kf4rYPPgBT-ubAsVA1ZhVGqPUOSZMGFyzDytWmAd2tg HTTP/1.1" 200 87 "-" "python-requests/2.13.0" "-"
My operating system is (include version): I'm using the official nginx image on docker hub. The Dockerfile is:
github.com nginxinc/docker-nginx/blob/53da9a295dfa6c666630a72d9c03dfbd1d2eb37d/mainline/stretch/Dockerfile
FROM debian:stretch-slim
MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com"
ENV NGINX_VERSION 1.13.0-1~stretch ENV NJS_VERSION 1.13.0.0.1.10-1~stretch
RUN apt-get update \ && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 \ && \ NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \ found=''; \ for server in \ ha.pool.sks-keyservers.net \ hkp://keyserver.ubuntu.com:80 \ hkp://p80.pool.sks-keyservers.net:80 \ pgp.mit.edu \ ; do \ echo "Fetching GPG key $NGINX_GPGKEY from $server"; \ apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \ This file has been truncated. show original So it looks like debian stretch-slim
My web server is (include version): 1.13.0-1~stretch (see above)
My hosting provider, if applicable, is: Eastlink
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
If you look closely at the last line of the output, you'll notice the nginx log message where the webserver responds to the challenge. This suggests to me that that specific challenge was successful. For some reason however, the simp_le client hangs at that point. I've left it running for more than six hours with no resolution. I would think that the client would terminate with failure after some point.