From owner-freebsd-ports@freebsd.org Sun Jun 24 14:02:42 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74E881000A7C for ; Sun, 24 Jun 2018 14:02:42 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0CE598AEC4 for ; Sun, 24 Jun 2018 14:02:41 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id C50AB20F20 for ; Sun, 24 Jun 2018 10:02:41 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Sun, 24 Jun 2018 10:02:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zyxst.net; h= content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=ifbBvfiv+8C+4FqumXJZ5/nkQzFHHUpP8qOjWG/WJXA=; b=GcmtYI5Q JRykM22bBAkNLLSS9MHPTsJ4tMCXMX5czxvbsHbGB0aV3qxSVwCjL08wQZ7hHNLc z+6H4QP54aLBP2q0njX7QIoBN7QgntYc8KupL5LaXx7teBPxd10pcmgcTp7v09Ed aqFzJLVPyR3c1jaBuI9cIbe759GAJvD0sE+/5C1tKkO6DgH7/fsMPoG2RghqwJX+ AbWWbZw3xJCRAP0DBmEY3k3dEI29jTraZo91/zE2DJox1BmkyUfTj/lcFwl2HcQf cXQmZQp6brrMgMP2L1W4nGNfj/vh99cv1a97Qv/eKLENGcJJJrcFQ+RoEbTk63qK VU0FZ0WJ7TOXnQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=ifbBvfiv+8C+4FqumXJZ5/nkQzFHH UpP8qOjWG/WJXA=; b=GlpbMdWuZFolc3FUsEPUx8JebHlCsdoXYyR26rfLtz40R amKL/JslCJg9zGjkCDu9qQB7whce3lVnIQxAoYvOdyHfs/s0gWoSGyg5KFVkHtzh xotgcoqNPAdW+TkOV9MhHQEQUcoPPSDEzSxIFFltls+nrrgsgAN7pS2nP+YBOjY+ 57RBMH/jtghDO8rPD+EV9suk8rSk6qptI7TnGkI2i0vCjEgupLGYulZ8p+Goj9AF uoEidRnnMXsCtjtHdrTS3M8x6m5ZvETtnk0Y5Zj33JJsBzS6mUnmC6yLJPlF1Ehc wbrVze9fazSJColt93IUYz7xDOhyex5Ua8ZEEAudA== X-ME-Proxy: X-ME-Sender: Received: from desktop.local (parsley.growveg.org [82.70.91.97]) by mail.messagingengine.com (Postfix) with ESMTPA id 203CA1025D for ; Sun, 24 Jun 2018 10:02:41 -0400 (EDT) To: freebsd-ports@freebsd.org From: tech-lists Subject: security/py-certbot ignores --standalone Organization: none Message-ID: <75e3a742-a3b1-9448-0e3f-fd98b1ec4150@zyxst.net> Date: Sun, 24 Jun 2018 15:02:40 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2018 14:02:42 -0000 Hello, context is 12.0-CURRENT #0 r335317 and ports r473196 on amd64. I haven't got a webserver installed yet, so I install security/py-certbot and run it with the intention of spinning up its standalone server, to create/fetch the certs. But it always wants to verify the domain using the webroot method, no matter if I select standalone from the interactive option or --standalone to run it on one line. Is ports@ the right place to report this? ======================================================================== root@v007:/usr/ports/security/py-certbot# certbot certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? ------------------------------------------------------------------------------- 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Plugins selected: Authenticator standalone, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): [REDACTED] Obtaining a new certificate Performing the following challenges: http-01 challenge for [REDACTED] Waiting for verification... Cleaning up challenges Failed authorization procedure. [REDACTED] (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://[REDACTED]/.well-known/acme-challenge/x02YKwY5V0fWT_frDkJjJlUvZ5ErLZ38c41F2BJs-Uo: Connection refused IMPORTANT NOTES: - The following errors were reported by the server: Domain: [REDACTED] Type: connection Detail: Fetching http://[REDACTED]/.well-known/acme-challenge/x02YKwY5V0fWT_frDkJjJlUvZ5ErLZ38c41F2BJs-Uo: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. ========================================================================= thanks, -- J.