Dzisiaj jest 22 wrz 2020, 20:02

Strefa czasowa UTC+1godz. [letni]




Nowy temat Odpowiedz w temacie  [ Posty: 11 ] 
Autor Wiadomość
 Tytuł: Nieudane generowanie certyfikatu - letsencrypt
Post: 16 lip 2020, 22:46 
Offline
Użytkownik

Rejestracja: 13 sie 2013, 19:55
Posty: 67
Ze strony https://eko.one.pl/?p=openwrt-letsencrypt etap "Generowanie certyfikatu"

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option device 'tun0'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option name 'ssh'
        option src 'wan'
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '222'

config rule
        option name 'zarzadzanie_WAN'
        option src 'wan'
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '443'
        option enabled '0'

config rule 'vpn'
        option name 'Allow-OpenVPN'
        option src 'wan'
        option dest_port '1194'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option enabled '1'
        option target 'ACCEPT'
        option proto 'tcp udp'
        option dest_port '1234'
        option name 'znc'
        option src '*'

root@OpenWrt:~#


Thu Jul 16 18:49:24 2020 authpriv.info dropbear[25416]: Exit (root): Exited normally
Thu Jul 16 18:49:35 2020 daemon.warn znc[25232]: [root] failed to login from 81.97.86.xxx
Thu Jul 16 18:49:42 2020 daemon.warn znc[25232]: [xxx] failed to login from 81.97.86.xxx
Thu Jul 16 18:52:33 2020 daemon.warn znc[25232]: [xxx] failed to login from 81.97.86.xxx
Thu Jul 16 18:53:29 2020 daemon.warn znc[25232]: [yyy] failed to login from 81.97.86.xxx
Thu Jul 16 18:57:04 2020 daemon.warn znc[25232]: [yyy] failed to login from 81.97.86.xxx
Thu Jul 16 19:13:27 2020 daemon.warn dnsmasq[3236]: possible DNS-rebind attack detected: app.ee-share.com
Thu Jul 16 19:17:41 2020 daemon.warn znc[25232]: [yyy] failed to login from 81.97.86.xxx
Thu Jul 16 20:00:00 2020 cron.info crond[14524]: USER root pid 26463 cmd sh /update_IP/ip_check
Thu Jul 16 21:25:23 2020 daemon.warn dnsmasq[3236]: possible DNS-rebind attack detected: app.ee-share.com
Thu Jul 16 22:00:00 2020 cron.info crond[14524]: USER root pid 28046 cmd sh /update_IP/ip_check
Thu Jul 16 22:23:44 2020 daemon.warn znc[25232]: [xxx] failed to login from 81.97.86.xxx
Thu Jul 16 22:28:09 2020 authpriv.info dropbear[28401]: Child connection from 81.97.86.xxx:43021
Thu Jul 16 22:28:12 2020 authpriv.notice dropbear[28401]: Pubkey auth succeeded for 'root' with key sha1!! 70:a2:e2:ed:40:29:a2:92:2f:48:ct:41:6e:45:5b:3a:1k:6c:9b:11 from 81.97.86.xxx:43021
Thu Jul 16 22:28:21 2020 cron.info crond[28745]: crond (busybox 1.30.1) started, log level 8
Thu Jul 16 22:31:53 2020 daemon.info acme: Running pre checks for HOST.ddns.net.
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: acme: Running pre checks for HOST.ddns.net.
Thu Jul 16 22:31:53 2020 daemon.debug acme: port80 listens:
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: acme: port80 listens:
Thu Jul 16 22:31:53 2020 daemon.debug acme: v4 input_rule: Chain input_rule (1 references)  pkts bytes target     prot opt in     out     source               destination              0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 /* ACME */
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: acme: v4 input_rule: Chain input_rule (1 references)
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:  pkts bytes target     prot opt in     out     source               destination
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 /* ACME */
Thu Jul 16 22:31:53 2020 daemon.debug acme: v6 input_rule: Chain input_rule (1 references)  pkts bytes target     prot opt in     out     source               destination              0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:80 /* ACME */
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: acme: v6 input_rule: Chain input_rule (1 references)
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:  pkts bytes target     prot opt in     out     source               destination
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:     0     0 ACCEPT     tcp      *      *       ::/0                 ::/0                 tcp dpt:80 /* ACME */
Thu Jul 16 22:31:53 2020 daemon.info acme: Running ACME for HOST.ddns.net
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: acme: Running ACME for HOST.ddns.net
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: sh: out of range
Thu Jul 16 22:31:53 2020 daemon.info acme: Using standalone mode
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: acme: Using standalone mode
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: logger: unrecognized option: issue
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: BusyBox v1.30.1 () multi-call binary.
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: Usage: logger [OPTIONS] [MESSAGE]
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: Write MESSAGE (or stdin) to syslog
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:    -s      Log to stderr as well as the system log
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:    -t TAG  Log using the specified tag (defaults to user name)
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]:    -p PRIO Priority (numeric or facility.level pair)
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: Lets find script dir.
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: _SCRIPT_='/usr/lib/acme/acme.sh'
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: _script='/usr/lib/acme/acme.sh'
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: _script_home='/usr/lib/acme'
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: Using config home:/etc/acme
Thu Jul 16 22:31:53 2020 daemon.info run-acme[28800]: https://github.com/Neilpang/acme.sh
Thu Jul 16 22:31:53 2020 daemon.info run-acme[28800]: v2.8.5
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: Running cmd: issue
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: _main_domain='HOST.ddns.net'
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: _alt_domains='no'
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: Using config home:/etc/acme
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: DOMAIN_PATH='/etc/acme/HOST.ddns.net'
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: _init api for server: https://acme-v02.api.letsencrypt.org/directory
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: GET
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: url='https://acme-v02.api.letsencrypt.org/directory'
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: timeout=
Thu Jul 16 22:31:53 2020 daemon.err run-acme[28800]: _WGET='wget -q --content-on-error '
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ret='0'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_NEW_AUTHZ
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_VERSION='2'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: _on_before_issue
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: _chk_main_domain='HOST.ddns.net'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: _chk_alt_domains
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: Le_LocalAddress
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: d='HOST.ddns.net'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: Check for domain='HOST.ddns.net'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: _currentRoot='no'
Thu Jul 16 22:31:54 2020 daemon.info run-acme[28800]: Standalone mode.
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: _checkport='80'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: _checkaddr
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: Using: netstat
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: d
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: config file is empty, can not read CA_KEY_HASH
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: Using config home:/etc/acme
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: _init api for server: https://acme-v02.api.letsencrypt.org/directory
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: Use default length 2048
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: length='2048'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: Using config home:/etc/acme
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: Use length 2048
Thu Jul 16 22:31:54 2020 daemon.err run-acme[28800]: Using RSA: 2048
Thu Jul 16 22:31:55 2020 daemon.info run-acme[28800]: Create account key ok.
Thu Jul 16 22:31:55 2020 daemon.err run-acme[28800]: RSA key
Thu Jul 16 22:31:55 2020 daemon.info run-acme[28800]: Registering account
Thu Jul 16 22:31:55 2020 daemon.err run-acme[28800]: url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
Thu Jul 16 22:31:55 2020 daemon.err run-acme[28800]: payload='{"contact": ["mailto: email@example.org"], "termsOfServiceAgreed": true}'
Thu Jul 16 22:31:55 2020 daemon.err run-acme[28800]: HEAD
Thu Jul 16 22:31:55 2020 daemon.err run-acme[28800]: _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
Thu Jul 16 22:31:55 2020 daemon.err run-acme[28800]: _WGET='wget -q --content-on-error  --read-timeout=3.0  --tries=2  '
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: No -i support in sed
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: _ret='0'
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: POST
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: _WGET='wget -q --content-on-error '
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: wget returns 8, the server returns a 'Bad request' response, lets process the response later.
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: No -i support in sed
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: _ret='0'
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: code='400'
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: Register account Error: {
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]:   "type": "urn:ietf:params:acme:error:invalidEmail",
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]:   "detail": "Error creating new account :: invalid contact domain. Contact emails @example.org are forbidden",
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]:   "status": 400
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: }
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: _on_issue_err
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: Please add '--debug' or '--log' to check more details.
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]: See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: Diagnosis versions:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: openssl:openssl
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: OpenSSL 1.1.1f  31 Mar 2020
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: apache:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: apache doesn't exists.
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: nginx:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: nginx doesn't exists.
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: socat:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: Usage:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: socat [options] <bi-address> <bi-address>
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:    options:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -V     print version and feature information to stdout, and exit
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -h|-?  print a help text describing command line options and addresses
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -hh    like -h, plus a list of all common address option names
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -hhh   like -hh, plus a list of all available address option names
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -d[ddd]         increase verbosity (use up to 4 times; 2 are recommended)
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -D     analyze file descriptors before loop
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -ly[facility]  log to syslog, using facility (default is daemon)
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -lf<logfile>   log to file
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -ls            log to stderr (default if no other log)
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -lm[facility]  mixed log mode (stderr during initialization, then syslog)
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -lp<progname>  set the program name used for logging
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -lu            use microseconds for logging timestamps
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -lh            add hostname to log messages
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -v     verbose data traffic, text
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -x     verbose data traffic, hexadecimal
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -b<size_t>     set data buffer size (8192)
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -s     sloppy (continue on error)
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -t<timeout>    wait seconds before closing second channel
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -T<timeout>    total inactivity timeout in seconds
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -u     unidirectional mode (left to right)
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -U     unidirectional mode (right to left)
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -g     do not check option groups
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -L <lockfile>  try to obtain lock, or fail
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -W <lockfile>  try to obtain lock, or wait
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -4     prefer IPv4 if version is not explicitly specified
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       -6     prefer IPv6 if version is not explicitly specified
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:    bi-address:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       pipe[,<opts>]        groups=FD,FIFO
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       <single-address>!!<single-address>
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       <single-address>
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:    single-address:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       <address-head>[,<opts>]
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:    address-head:
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       abstract-client:<filename>   groups=FD,SOCKET,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       abstract-connect:<filename>  groups=FD,SOCKET,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       abstract-listen:<filename>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       abstract-recv:<filename>     groups=FD,SOCKET,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       abstract-sendto:<filename>   groups=FD,SOCKET,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       create:<filename>    groups=FD,REG,NAMED
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       exec:<command-line>  groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       fd:<num>     groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       gopen:<filename>     groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       interface:<interface>        groups=FD,SOCKET
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip-datagram:<host>:<protocol>        groups=FD,SOCKET,RANGE,IP4,IP6
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip-recv:<protocol>   groups=FD,SOCKET,RANGE,IP4,IP6
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip-recvfrom:<protocol>       groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip-sendto:<host>:<protocol>  groups=FD,SOCKET,IP4,IP6
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip4-datagram:<host>:<protocol>       groups=FD,SOCKET,RANGE,IP4
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip4-recv:<protocol>  groups=FD,SOCKET,RANGE,IP4
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip4-recvfrom:<protocol>      groups=FD,SOCKET,CHILD,RANGE,IP4
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip6-datagram:<host>:<protocol>       groups=FD,SOCKET,RANGE,IP6
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip6-recv:<protocol>  groups=FD,SOCKET,RANGE,IP6
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip6-recvfrom:<protocol>      groups=FD,SOCKET,CHILD,RANGE,IP6
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       open:<filename>      groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       pipe:<filename>      groups=FD,FIFO,NAMED,OPEN
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       proxy:<proxy-server>:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       pty  groups=FD,NAMED,TERMIOS,PTY
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       sctp-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       sctp-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       sctp4-connect:<host>:<port>  groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       sctp4-listen:<port>  groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       sctp6-connect:<host>:<port>  groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
Thu Jul 16 22:31:57 2020 daemon.err acme: Issuing cert for HOST.ddns.net failed. Moving state to /etc/acme/HOST.ddns.net.failed-1594931517
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       sctp6-listen:<port>  groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       socket-connect:<domain>:<protocol>:<remote-address>  groups=FD,SOCKET,CHILD,RETRY
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       socket-datagram:<domain>:<type>:<protocol>:<remote-address>  groups=FD,SOCKET,RANGE
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       socket-listen:<domain>:<protocol>:<local-address>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       socket-recv:<domain>:<type>:<protocol>:<local-address>       groups=FD,SOCKET,RANGE
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       socket-recvfrom:<domain>:<type>:<protocol>:<local-address>   groups=FD,SOCKET,CHILD,RANGE
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       socket-sendto:<domain>:<type>:<protocol>:<remote-address>    groups=FD,SOCKET
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       socks4:<socks-server>:<host>:<port>  groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       stderr       groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       stdin        groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       stdio        groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       stdout       groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       system:<shell-command>       groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       tcp-connect:<host>:<port>    groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       tcp-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       tcp4-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       tcp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       tcp6-connect:<host>:<port>   groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       tcp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       tun[:<ip-addr>/<bits>]       groups=FD,CHR,NAMED,OPEN,INTERFACE
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp-connect:<host>:<port>    groups=FD,SOCKET,IP4,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp-datagram:<host>:<port>   groups=FD,SOCKET,RANGE,IP4,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp-listen:<port>    groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp-recv:<port>      groups=FD,SOCKET,RANGE,IP4,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp-recvfrom:<port>  groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp-sendto:<host>:<port>     groups=FD,SOCKET,IP4,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp4-connect:<host>:<port>   groups=FD,SOCKET,IP4,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp4-datagram:<remote-address>:<port>        groups=FD,SOCKET,RANGE,IP4,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp4-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp4-recv:<port>     groups=FD,SOCKET,RANGE,IP4,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp4-recvfrom:<host>:<port>  groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp4-sendto:<host>:<port>    groups=FD,SOCKET,IP4,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp6-connect:<host>:<port>   groups=FD,SOCKET,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp6-datagram:<host>:<port>  groups=FD,SOCKET,RANGE,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp6-listen:<port>   groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp6-recv:<port>     groups=FD,SOCKET,RANGE,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       udp6-sendto:<host>:<port>    groups=FD,SOCKET,IP6,UDP
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       unix-client:<filename>       groups=FD,SOCKET,NAMED,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       unix-connect:<filename>      groups=FD,SOCKET,NAMED,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       unix-listen:<filename>       groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       unix-recvfrom:<filename>     groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]:       unix-sendto:<filename>       groups=FD,SOCKET,NAMED,RETRY,UNIX
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: acme: Issuing cert for HOST.ddns.net failed. Moving state to /etc/acme/HOST.ddns.net.failed-1594931517
Thu Jul 16 22:31:57 2020 daemon.info acme: Running post checks (cleanup).
Thu Jul 16 22:31:57 2020 daemon.err run-acme[28800]: acme: Running post checks (cleanup).
root@OpenWrt:~#

ps. starałem się wyedytować czułe dane typu klucz prywatny i host
@obsy czego zabrakło w poradniku?

Cel: interesuje mnie zielona 'kłódka' pod znc(interfejs WWW)/IRC(zaprzestanie narzekania klientów) i pod https przeglądarki (luci interfejs WWW)

[21:53] [Informacje] Szukanie serwera HOST.ddns.net (port 1234)...
[21:53] [Informacje] Serwer znaleziony, łączenie...
[21:53] [Ostrzeżenie połączenia SSL] Certyfikat SSL dla serwera HOST.ddns.net (port 1234) nie przeszedł sprawdzenia wierzytelności.
[21:53] [Informacje] Negocjowanie możliwości z serwerem...
[21:53] [Informacje] Żądanie możliwości: multi-prefix server-time userhost-in-names znc.in/server-time-iso
[21:54] [Informacje] Zamykanie negocjacji możliwości.
[21:54] [464] xxx Password required
[21:54] [Uwaga] -irc.znc.in- *** You need to send your password. Configure your client to send a server password.
[21:54] [Uwaga] -irc.znc.in- *** To connect now, you can use /quote PASS <username>:<password>, or /quote PASS <username>/<network>:<password> to connect to a specific network.


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 00:01 
Offline
Użytkownik

Rejestracja: 13 sie 2013, 19:55
Posty: 67
Thu Jul 16 22:31:56 2020 daemon.err run-acme[28800]:   "detail": "Error creating new account :: invalid contact domain. Contact emails @example.org are forbidden",

Próbowałem dodać manualnie, ale zdublowało wpis
uci set acme.example.account_email='adres@o2.pl'
uci commit acme


root@OpenWrt:~# cat /etc/config/acme

config acme
        option state_dir '/etc/acme'
        option account_email 'email@example.org'
        option debug '1'

config cert 'example'
        option keylength '2048'
        option update_uhttpd '1'
        option update_nginx '1'
        option enabled '1'
        list domains 'host.ddns.net'
        option account_email 'adres@o2.pl'



Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 06:15 
Offline
Administrator
Awatar użytkownika

Rejestracja: 10 kwie 2010, 00:28
Posty: 13756
Lokalizacja: Warszawa
W sekcji config acme ustaw adres. I nie ustawiaj update_nginx jeżeli nie masz nginixa.

_________________
http://eko.one.pl - prawie wszystko o OpenWrt


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 13:40 
Offline
Użytkownik

Rejestracja: 13 sie 2013, 19:55
Posty: 67
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: _currentRoot='no'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg","token":"1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0"'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: token='1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: keyauthorization='1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0.PWtfHc423B1j17hLi_cf3ii0jOtxSAzLEp12SeATmOI'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: dvlist='HOST.ddns.net#1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0.PWtfHc423B1j17hLi_cf3ii0jOtxSAzLEp12SeATmOI#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg#http-01#no'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: d
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: vlist='HOST.ddns.net#1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0.PWtfHc423B1j17hLi_cf3ii0jOtxSAzLEp12SeATmOI#https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg#http-01#no,'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: d='HOST.ddns.net'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: ok, let's start to verify
Fri Jul 17 13:33:09 2020 daemon.info run-acme[13754]: Verifying: HOST.ddns.net
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: d='HOST.ddns.net'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: keyauthorization='1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0.PWtfHc423B1j17hLi_cf3ii0jOtxSAzLEp12SeATmOI'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: _currentRoot='no'
Fri Jul 17 13:33:09 2020 daemon.info run-acme[13754]: Standalone mode server
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: content='1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0.PWtfHc423B1j17hLi_cf3ii0jOtxSAzLEp12SeATmOI'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: ncaddr
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: startserver: 13786
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: Le_HTTPPort='80'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: Le_Listen_V4
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: Le_Listen_V6='1'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: _content_len='87'
Fri Jul 17 13:33:09 2020 daemon.err run-acme[13754]: _NC='socat -6 TCP-LISTEN:80,crlf,reuseaddr,fork'
Fri Jul 17 13:33:10 2020 daemon.err run-acme[13754]: serverproc='14480'
Fri Jul 17 13:33:10 2020 daemon.err run-acme[13754]: url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:10 2020 daemon.err run-acme[13754]: payload='{}'
Fri Jul 17 13:33:10 2020 daemon.err run-acme[13754]: POST
Fri Jul 17 13:33:10 2020 daemon.err run-acme[13754]: _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:10 2020 daemon.err run-acme[13754]: _WGET='wget -q --content-on-error '
Fri Jul 17 13:33:11 2020 daemon.err run-acme[13754]: No -i support in sed
Fri Jul 17 13:33:11 2020 daemon.err run-acme[13754]: _ret='0'
Fri Jul 17 13:33:11 2020 daemon.err run-acme[13754]: code='200'
Fri Jul 17 13:33:11 2020 daemon.err run-acme[13754]: trigger validation code: 200
Fri Jul 17 13:33:11 2020 daemon.err run-acme[13754]: sleep 2 secs to verify
Fri Jul 17 13:33:13 2020 daemon.err run-acme[13754]: checking
Fri Jul 17 13:33:13 2020 daemon.err run-acme[13754]: url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:13 2020 daemon.err run-acme[13754]: payload
Fri Jul 17 13:33:13 2020 daemon.err run-acme[13754]: POST
Fri Jul 17 13:33:13 2020 daemon.err run-acme[13754]: _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:13 2020 daemon.err run-acme[13754]: _WGET='wget -q --content-on-error '
Fri Jul 17 13:33:14 2020 daemon.err run-acme[13754]: No -i support in sed
Fri Jul 17 13:33:14 2020 daemon.err run-acme[13754]: _ret='0'
Fri Jul 17 13:33:14 2020 daemon.err run-acme[13754]: code='200'
Fri Jul 17 13:33:14 2020 daemon.info run-acme[13754]: Pending
Fri Jul 17 13:33:14 2020 daemon.err run-acme[13754]: sleep 2 secs to verify
Fri Jul 17 13:33:16 2020 daemon.err run-acme[13754]: checking
Fri Jul 17 13:33:16 2020 daemon.err run-acme[13754]: url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:16 2020 daemon.err run-acme[13754]: payload
Fri Jul 17 13:33:16 2020 daemon.err run-acme[13754]: POST
Fri Jul 17 13:33:16 2020 daemon.err run-acme[13754]: _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:16 2020 daemon.err run-acme[13754]: _WGET='wget -q --content-on-error '
Fri Jul 17 13:33:17 2020 daemon.err run-acme[13754]: No -i support in sed
Fri Jul 17 13:33:17 2020 daemon.err run-acme[13754]: _ret='0'
Fri Jul 17 13:33:17 2020 daemon.err run-acme[13754]: code='200'
Fri Jul 17 13:33:17 2020 daemon.info run-acme[13754]: Pending
Fri Jul 17 13:33:17 2020 daemon.err run-acme[13754]: sleep 2 secs to verify
Fri Jul 17 13:33:19 2020 daemon.err run-acme[13754]: checking
Fri Jul 17 13:33:19 2020 daemon.err run-acme[13754]: url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:19 2020 daemon.err run-acme[13754]: payload
Fri Jul 17 13:33:19 2020 daemon.err run-acme[13754]: POST
Fri Jul 17 13:33:19 2020 daemon.err run-acme[13754]: _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:19 2020 daemon.err run-acme[13754]: _WGET='wget -q --content-on-error '
Fri Jul 17 13:33:20 2020 daemon.err run-acme[13754]: No -i support in sed
Fri Jul 17 13:33:20 2020 daemon.err run-acme[13754]: _ret='0'
Fri Jul 17 13:33:20 2020 daemon.err run-acme[13754]: code='200'
Fri Jul 17 13:33:20 2020 daemon.info run-acme[13754]: Pending
Fri Jul 17 13:33:20 2020 daemon.err run-acme[13754]: sleep 2 secs to verify
Fri Jul 17 13:33:22 2020 daemon.err run-acme[13754]: checking
Fri Jul 17 13:33:22 2020 daemon.err run-acme[13754]: url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:22 2020 daemon.err run-acme[13754]: payload
Fri Jul 17 13:33:22 2020 daemon.err run-acme[13754]: POST
Fri Jul 17 13:33:22 2020 daemon.err run-acme[13754]: _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936193738/Wgw8jg'
Fri Jul 17 13:33:22 2020 daemon.err run-acme[13754]: _WGET='wget -q --content-on-error '
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: No -i support in sed
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: _ret='0'
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: code='200'
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: HOST.ddns.net:Verify error:Fetching http://HOST.ddns.net/.well-known/acme-challenge/1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0: Timeout during connect (likely firewall problem)
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: Debug: get token url.
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: GET
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: url='http://HOST.ddns.net/.well-known/acme-challenge/1CmK_xveRtpVZzGhJvvBCp8qzOREE9SEuPXXy3Z50K0'
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: timeout=1
Fri Jul 17 13:33:24 2020 daemon.err run-acme[13754]: _WGET='wget -q --content-on-error  --timeout=1'
Fri Jul 17 13:33:25 2020 daemon.err run-acme[13754]: 2020/07/17 13:33:25 socat[14916] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:33:25 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:33:27 2020 daemon.err run-acme[13754]: 2020/07/17 13:33:27 socat[14920] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:33:27 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:33:30 2020 daemon.notice znc[25232]: [yyy/freenode] disconnected from IRC: chat.eu.freenode.net [:Closing Link: dynamic62-133-149-004.WP.pl (*** Banned )]
Fri Jul 17 13:33:30 2020 daemon.info znc[25232]: [yyy/freenode] disconnected from IRC
Fri Jul 17 13:33:34 2020 daemon.err run-acme[13754]: 2020/07/17 13:33:34 socat[14928] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:33:34 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:33:39 2020 daemon.err run-acme[13754]: 2020/07/17 13:33:39 socat[14932] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:33:39 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:33:45 2020 daemon.err run-acme[13754]: 2020/07/17 13:33:45 socat[14936] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:33:45 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:33:52 2020 daemon.err run-acme[13754]: 2020/07/17 13:33:52 socat[14940] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:33:52 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:34:00 2020 daemon.err run-acme[13754]: 2020/07/17 13:34:00 socat[14944] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:34:00 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:34:01 2020 daemon.notice znc[25232]: [yyy/freenode] disconnected from IRC: chat.eu.freenode.net [:Closing Link: dynamic62-133-149-004.WP.pl (*** Banned )]
Fri Jul 17 13:34:01 2020 daemon.info znc[25232]: [yyy/freenode] disconnected from IRC
Fri Jul 17 13:34:09 2020 daemon.err run-acme[13754]: 2020/07/17 13:34:09 socat[14948] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:34:09 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:34:19 2020 daemon.err run-acme[13754]: 2020/07/17 13:34:19 socat[14952] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:34:19 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:34:30 2020 daemon.notice znc[25232]: [yyy/freenode] disconnected from IRC: chat.eu.freenode.net [:Closing Link: dynamic62-133-149-004.WP.pl (*** Banned )]
Fri Jul 17 13:34:30 2020 daemon.info znc[25232]: [yyy/freenode] disconnected from IRC
Fri Jul 17 13:34:41 2020 daemon.err run-acme[13754]: 2020/07/17 13:34:41 socat[14960] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:34:41 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:34:52 2020 daemon.err run-acme[13754]: 2020/07/17 13:34:52 socat[14964] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:34:52 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:35:02 2020 daemon.notice znc[25232]: [xxx/freenode] disconnected from IRC: chat.eu.freenode.net [:Closing Link: dynamic62-133-149-004.WP.pl (*** Banned )]
Fri Jul 17 13:35:02 2020 daemon.info znc[25232]: [xxx/freenode] disconnected from IRC
Fri Jul 17 13:35:03 2020 daemon.err run-acme[13754]: 2020/07/17 13:35:03 socat[14968] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:35:03 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:35:14 2020 daemon.err run-acme[13754]: 2020/07/17 13:35:14 socat[14972] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:35:14 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
Fri Jul 17 13:35:25 2020 daemon.err run-acme[13754]: 2020/07/17 13:35:25 socat[14976] E write(6, 0x1a45010, 20): Broken pipe
Fri Jul 17 13:35:25 2020 daemon.err run-acme[13754]: sh: write error: Broken pipe
root@OpenWrt:/etc/acme#

https://www.yougetsignal.com/tools/open-ports/ - jak działa jakiś proces nasłuchujący to pokazuje że port jest otwarty, w przeciwnym razie jest zamknnięty, poradnik mówi, żeby za wszelką cenę wyłączyć uhttpd


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 13:56 
Offline
Administrator
Awatar użytkownika

Rejestracja: 10 kwie 2010, 00:28
Posty: 13756
Lokalizacja: Warszawa
Bo acme z moich czasach to uruchamiał. Włącz wiec zobacz co będzie.

_________________
http://eko.one.pl - prawie wszystko o OpenWrt


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 14:00 
Offline
Administrator
Awatar użytkownika

Rejestracja: 10 kwie 2010, 00:28
Posty: 13756
Lokalizacja: Warszawa
A ty w ogóle otworzyłeś sobie port 80 i 443 na firewallu na wanie?

_________________
http://eko.one.pl - prawie wszystko o OpenWrt


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 14:03 
Offline
Użytkownik

Rejestracja: 13 sie 2013, 19:55
Posty: 67
root@OpenWrt:/etc/acme#
root@OpenWrt:/etc/acme# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option device 'tun0'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option name 'ssh'
        option src 'wan'
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '222'

config rule
        option name 'zarzadzanie_WAN'
        option src 'wan'
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '443'
        option enabled '1'

config rule 'vpn'
        option name 'Allow-OpenVPN'
        option src 'wan'
        option dest_port '1194'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option enabled '1'
        option target 'ACCEPT'
        option proto 'tcp udp'
        option dest_port '1234'
        option name 'znc'
        option src '*'

config rule
        option src 'wan'
        option target 'ACCEPT'
        option proto 'tcp'
        option dest_port '80'
        option name 'osiemdziesiatka'
        option enabled '1'
root@OpenWrt:/etc/acme#

było też /etc/init.d/firewall restart

Fri Jul 17 14:05:06 2020 daemon.err run-acme[15638]: POST
Fri Jul 17 14:05:06 2020 daemon.err run-acme[15638]: _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5936602521/Y9qhmw'
Fri Jul 17 14:05:06 2020 daemon.err run-acme[15638]: _WGET='wget -q --content-on-error '
Fri Jul 17 14:05:06 2020 daemon.err run-acme[15638]: No -i support in sed
Fri Jul 17 14:05:06 2020 daemon.err run-acme[15638]: _ret='0'
Fri Jul 17 14:05:06 2020 daemon.err run-acme[15638]: code='200'
Fri Jul 17 14:05:07 2020 daemon.err run-acme[15638]: HOST.ddns.net:Verify error:Fetching http://HOST.ddns.net/.well-known/acme-challenge/lf-eq36x2xbuJUKQh9rD8QNNQNNS0fjExkW9qmD7l_0: Timeout during connect (likely firewall problem)
Fri Jul 17 14:05:07 2020 daemon.err run-acme[15638]: Debug: get token url.
Fri Jul 17 14:05:07 2020 daemon.err run-acme[15638]: GET
Fri Jul 17 14:05:07 2020 daemon.err run-acme[15638]: url='http://HOST.ddns.net/.well-known/acme-challenge/lf-eq36x2xbuJUKQh9rD8QNNQNNS0fjExkW9qmD7l_0'
Fri Jul 17 14:05:07 2020 daemon.err run-acme[15638]: timeout=1
Fri Jul 17 14:05:07 2020 daemon.err run-acme[15638]: _WGET='wget -q --content-on-error  --timeout=1'
Fri Jul 17 14:05:10 2020 daemon.err run-acme[15638]: 2020/07/17 14:05:10 socat[16805] E write(6, 0x955010, 20): Broken pipe
Fri Jul 17 14:05:10 2020 daemon.err run-acme[15638]: sh: write error: Broken pipe
Fri Jul 17 14:05:13 2020 daemon.err run-acme[15638]: 2020/07/17 14:05:13 socat[16810] E write(6, 0x955010, 20): Broken pipe
Fri Jul 17 14:05:13 2020 daemon.err run-acme[15638]: sh: write error: Broken pipe
Fri Jul 17 14:05:17 2020 daemon.err run-acme[15638]: 2020/07/17 14:05:17 socat[16814] E write(6, 0x955010, 20): Broken pipe
Fri Jul 17 14:05:17 2020 daemon.err run-acme[15638]: sh: write error: Broken pipe
Fri Jul 17 14:05:18 2020 daemon.notice znc[25232]: [xxx/freenode] disconnected from IRC: chat.eu.freenode.net [:Closing Link: dynamic62-133-149-004.WP.pl (*** Banned )]
Fri Jul 17 14:05:18 2020 daemon.info znc[25232]: [yyy/freenode] disconnected from IRC


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 15:10 
Offline
Użytkownik

Rejestracja: 13 sie 2013, 19:55
Posty: 67
@obsy

Da się wygenerować ten certyfikat jeżeli ISP zablokował port 80? bo 443 działa?


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 15:30 
Offline
Administrator
Awatar użytkownika

Rejestracja: 10 kwie 2010, 00:28
Posty: 13756
Lokalizacja: Warszawa
Nie, bo on po http to ściąga.

_________________
http://eko.one.pl - prawie wszystko o OpenWrt


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 16:26 
Offline
Użytkownik

Rejestracja: 13 sie 2013, 19:55
Posty: 67
Jakby postawić router za VPN to pomogło by to coś?
Nie rozumiem struktury sieci, da się ominąć blokadę portu 80 przez ISP?


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
 Tytuł: Re: Nieudane generowanie certyfikatu - letsencrypt
Post: 17 lip 2020, 16:46 
Offline
Administrator
Awatar użytkownika

Rejestracja: 10 kwie 2010, 00:28
Posty: 13756
Lokalizacja: Warszawa
Przez vpn, gdzie na drugą stroną vpna będzie wskazywał ten dyndns.

Lub zrób to na chwilę na dowolnym innym hoście na którego skierujesz dyndns. Tylko pamiętaj że za 3 miesiące będziesz musiał odświeżyć certyfikat w taki sam sposób.

_________________
http://eko.one.pl - prawie wszystko o OpenWrt


Na górę
 Wyświetl profil  
Odpowiedz z cytatem  
Wyświetl posty nie starsze niż:  Sortuj wg  
Nowy temat Odpowiedz w temacie  [ Posty: 11 ] 

Strefa czasowa UTC+1godz. [letni]


Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 9 gości


Nie możesz tworzyć nowych tematów
Nie możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów

Szukaj:
Przejdź do:  
designed by digi-led.pl
...Copyright © 2010-2013, Ekipa openrouter.info