From owner-freebsd-ports@freebsd.org Sun Jun 24 14:06:47 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 734781000B86 for ; Sun, 24 Jun 2018 14:06:47 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0EC588AFAA for ; Sun, 24 Jun 2018 14:06:47 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id BFD78212AD for ; Sun, 24 Jun 2018 10:06:46 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Sun, 24 Jun 2018 10:06:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zyxst.net; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=BSFUfnJOyczLQkYBmki/7HZziuweW VUfGo1exuDrIcE=; b=cjYNpVuxPMGxfceQ1TC/KTy6HPQZuaaQwbeRB0i0IdxBs ejQlny0mav88RuCbnEQZaAWDd9jr1MUxxhZpCnt2vThTU2TLP6W+2UfoDxH+Q2FL orw6p6Hjk8SXru6tpBRZcqwbhkFo8kh65rgrDbv9ODwWtsacBfUttZAkCK7Zrqz8 43lRD8qR2voh/i5x56jETfgnKU2FFPXJ0Bu2RApuDuDoaPnDWXaLaDV9u66YcoQD SQaEE5BGj2GOr10dob3i9Jo3xNgx9OYyfEzdd2vb4SA+KeFIXmvJd73VWKWy7oDu M2XRpB84sjE7F/txBIWKrndUG0mhNqieKj7Tgsarg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=BSFUfn JOyczLQkYBmki/7HZziuweWVUfGo1exuDrIcE=; b=XRqM57wl0YHAxD/PA9ggqf CarpfGYK0vq0k3NUjPF7N2m8g5HYfxtgFpBkY+wEPHdyYIMmZzAQXTT6Ah9WqEz9 yFyJPX4byvotOikYs6QhuGe0AzrBdWfKL5/aJQRJDqgveGKMu0wRqR6EOjgDwntC mtukXoJnv16/R9rlEwk9fQIPznQ+vnN0LGmSC5Tmwj++Mis2PRqDW+NJEJV3R0H/ +IbtWk1J6bsdUXa53tKyCquzGsEuCg/3cIPOLQ1DZcoSM+Szvj9Yoadq3CeOauZE nhxugFm3PRPJpvhJKcsViFca+KjwgugQhveKRILO8kvTLrcOcE8d96BTFoSQIv1w == X-ME-Proxy: X-ME-Sender: Received: from desktop.local (parsley.growveg.org [82.70.91.97]) by mail.messagingengine.com (Postfix) with ESMTPA id 3403310261 for ; Sun, 24 Jun 2018 10:06:46 -0400 (EDT) Subject: Re: security/py-certbot ignores --standalone To: freebsd-ports@freebsd.org References: <75e3a742-a3b1-9448-0e3f-fd98b1ec4150@zyxst.net> From: tech-lists Organization: none Message-ID: <3fb388ff-c29c-104a-024d-1cf66e897365@zyxst.net> Date: Sun, 24 Jun 2018 15:06:45 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <75e3a742-a3b1-9448-0e3f-fd98b1ec4150@zyxst.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2018 14:06:47 -0000 aaagh please ignore... thought it'd operate on port 443 and not 80 (which was not allowed in pf.conf) sorry for the noise On 24/06/2018 15:02, tech-lists wrote: > Hello, > > context is 12.0-CURRENT #0 r335317 and ports r473196 on amd64. > > I haven't got a webserver installed yet, so I install > security/py-certbot and run it with the intention of spinning up its > standalone server, to create/fetch the certs. But it always wants to > verify the domain using the webroot method, no matter if I select > standalone from the interactive option or --standalone to run it on one > line. > > > Is ports@ the right place to report this? > > ======================================================================== > > root@v007:/usr/ports/security/py-certbot# certbot certonly > Saving debug log to /var/log/letsencrypt/letsencrypt.log > > How would you like to authenticate with the ACME CA? > ------------------------------------------------------------------------------- > > 1: Spin up a temporary webserver (standalone) > 2: Place files in webroot directory (webroot) > ------------------------------------------------------------------------------- > > Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 > > Plugins selected: Authenticator standalone, Installer None > Please enter in your domain name(s) (comma and/or space separated) > (Enter 'c' > to cancel): [REDACTED] > > Obtaining a new certificate > Performing the following challenges: > http-01 challenge for [REDACTED] > Waiting for verification... > Cleaning up challenges > Failed authorization procedure. [REDACTED] (http-01): > urn:acme:error:connection :: The server could not connect to the client > to verify the domain :: Fetching > http://[REDACTED]/.well-known/acme-challenge/x02YKwY5V0fWT_frDkJjJlUvZ5ErLZ38c41F2BJs-Uo: > Connection refused > > IMPORTANT NOTES: >  - The following errors were reported by the server: > >    Domain: [REDACTED] >    Type:   connection >    Detail: Fetching > > http://[REDACTED]/.well-known/acme-challenge/x02YKwY5V0fWT_frDkJjJlUvZ5ErLZ38c41F2BJs-Uo: > >    Connection refused > >    To fix these errors, please make sure that your domain name was >    entered correctly and the DNS A/AAAA record(s) for that domain >    contain(s) the right IP address. Additionally, please check that >    your computer has a publicly routable IP address and that no >    firewalls are preventing the server from communicating with the >    client. If you're using the webroot plugin, you should also verify >    that you are serving files from the webroot path you provided. > > ========================================================================= > > thanks, -- J.