Date: Sun, 24 Jun 2018 15:06:45 +0100 From: tech-lists <tech-lists@zyxst.net> To: freebsd-ports@freebsd.org Subject: Re: security/py-certbot ignores --standalone Message-ID: <3fb388ff-c29c-104a-024d-1cf66e897365@zyxst.net> In-Reply-To: <75e3a742-a3b1-9448-0e3f-fd98b1ec4150@zyxst.net> References: <75e3a742-a3b1-9448-0e3f-fd98b1ec4150@zyxst.net>
next in thread | previous in thread | raw e-mail | index | archive | help
aaagh please ignore... thought it'd operate on port 443 and not 80 (which was not allowed in pf.conf) sorry for the noise On 24/06/2018 15:02, tech-lists wrote: > Hello, > > context is 12.0-CURRENT #0 r335317 and ports r473196 on amd64. > > I haven't got a webserver installed yet, so I install > security/py-certbot and run it with the intention of spinning up its > standalone server, to create/fetch the certs. But it always wants to > verify the domain using the webroot method, no matter if I select > standalone from the interactive option or --standalone to run it on one > line. > > > Is ports@ the right place to report this? > > ======================================================================== > > root@v007:/usr/ports/security/py-certbot# certbot certonly > Saving debug log to /var/log/letsencrypt/letsencrypt.log > > How would you like to authenticate with the ACME CA? > ------------------------------------------------------------------------------- > > 1: Spin up a temporary webserver (standalone) > 2: Place files in webroot directory (webroot) > ------------------------------------------------------------------------------- > > Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 > > Plugins selected: Authenticator standalone, Installer None > Please enter in your domain name(s) (comma and/or space separated) > (Enter 'c' > to cancel): [REDACTED] > > Obtaining a new certificate > Performing the following challenges: > http-01 challenge for [REDACTED] > Waiting for verification... > Cleaning up challenges > Failed authorization procedure. [REDACTED] (http-01): > urn:acme:error:connection :: The server could not connect to the client > to verify the domain :: Fetching > http://[REDACTED]/.well-known/acme-challenge/x02YKwY5V0fWT_frDkJjJlUvZ5ErLZ38c41F2BJs-Uo: > Connection refused > > IMPORTANT NOTES: > - The following errors were reported by the server: > > Domain: [REDACTED] > Type: connection > Detail: Fetching > > http://[REDACTED]/.well-known/acme-challenge/x02YKwY5V0fWT_frDkJjJlUvZ5ErLZ38c41F2BJs-Uo: > > Connection refused > > To fix these errors, please make sure that your domain name was > entered correctly and the DNS A/AAAA record(s) for that domain > contain(s) the right IP address. Additionally, please check that > your computer has a publicly routable IP address and that no > firewalls are preventing the server from communicating with the > client. If you're using the webroot plugin, you should also verify > that you are serving files from the webroot path you provided. > > ========================================================================= > > thanks, -- J.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3fb388ff-c29c-104a-024d-1cf66e897365>