csmith / docker-letsencrypt-lexicon Goto Github PK

I'm getting this error and all the certificates are now invalid.
Hope it's a simple fix.
Thanks

+ Challenge is valid!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
  + ERROR: An error occurred while sending get-request to http://cert.int-x3.letsencrypt.org/ (Status 301)

Details:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Thanks for your Docker and it is a great idea and implementation!

But the docker currently generates EC Keys for the certs. Is there anyway to have regular RSA keys instead?

It makes it much easier for importing the certs and keys to other apps......

Hello,

I'm trying to get my certificates using your docker image.

I put my lexicon account, and my domains.txt seems to be taken.

When starting the container, some directory are created.
( archive, certs, accounts )
So it looks like my parameters are well passed to the container.

But inside certs, I found a directory name with my domain.
And inside that some files a generated :

-rw------- 1 root root  538 Oct 11 10:24 cert-1539246254.csr
-rw------- 1 root root    0 Oct 11 10:24 cert-1539246254.pem
-rw------- 1 root root  359 Oct 11 10:24 privkey-1539246254.pem

But the cert-*.pem is empty.

When i'm using certbot with the manual generation of my certificate, here's what I obtain:

-rw-r--r-- 1 root root 2179 Oct 10 17:19 cert1.pem
-rw-r--r-- 1 root root 1647 Oct 10 17:19 chain1.pem
-rw-r--r-- 1 root root 3826 Oct 10 17:19 fullchain1.pem
-rw-r--r-- 1 root root 1708 Oct 10 17:19 privkey1.pem

So with certbot the files are much bigger (and I have 4 of them), wherease with your docker, I get 3 files, and one of them is empty.

So I suppose that the certs generation as failed, but how can I get sure of that ?
Is there any log of action somewhere ?

At the moment trying to request a wildcard cert results in the following error:

+ ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-authz (Status 400)

Details:
{
  "type": "urn:acme:error:malformed",
  "detail": "Error creating new authz :: Wildcard names not supported",
  "status": 400
}

I think we probably need to update our dependencies to support ACMEv2

When I use this container, it throws an error...

ERROR: Problem connecting to server (get for https://acme-v01.api.letsencrypt.org/directory; curl returned with 6)

At a guess, I would say the scripts are out of date and need to switch to use dehydate?
Thanks

Hi,

During testing I set the environment variables to:

    environment:
      - [email protected]
      - STAGING=true # any value equals true. Leave blank for false
      - ACCEPT_CA_TERMS=true # any value equals true. Leave blank for false
      - PROVIDER=cloudflare
      - [email protected]
      - LEXICON_CLOUDFLARE_TOKEN=supersecrettoken

The test cert was issued and I tested the website with it. It works but it's signed by Fake LE Intermediate X1

I thought that I just had to amend the environment variable of stanging to be empty and re-compose but the certs don't regenerate against a non-stages LE CA.

    environment:
      - [email protected]
      - STAGING= # any value equals true. Leave blank for false
      - ACCEPT_CA_TERMS=true # any value equals true. Leave blank for false
      - PROVIDER=cloudflare
      - [email protected]
      - LEXICON_CLOUDFLARE_TOKEN=supersecrettoken

any help greatly appreciated.

Thanks,

Tom

Would you mind updating to a later version of lexicon?

Apparently, the container doesn’t support mythicbeasts yet:

Although it does look to be supported according to lexicon.