Tim_L
September 24, 2019, 9:49am
1
Hello,
My domain is: expatinsaigon.com
My web server is (include version): nginx version: nginx/1.14.0
The operating system my web server runs on is (include version): FreeBSD 11.2-RELEASE-p8
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine: Yes
I’m using a control panel to manage my site: No
The version of my client is: getssl V2.10
I ran this command: sslconfig expatinsaigon.com
sslconfig script:
#!/usr/bin/env bash
DOMAIN=$1DOMAIN/"
CONFIGFILE=" {DOCROOT}/getssl.cfg"
mkdir -p ${DOCROOT}
(cat <<- EOF https://acme-v01.api.letsencrypt.org ”{DOMAIN}"
ACL=('/var/www/letsencrypt/.well-known/acme-challenge')
USE_SINGLE_ACL="true"
DOMAIN_CERT_LOCATION="/usr/local/etc/nginx/certs/ {DOMAIN}.crt”{DOMAIN}.key"
CA_CERT_LOCATION="/usr/local/etc/nginx/certs/chain.crt"
DOMAIN_PEM_LOCATION="/usr/local/etc/nginx/certs/ {DOMAIN}.pem"EOF
/root/bin/getssl ${DOMAIN}
It produced this output:
root@web01~ #sslconfig expatinsaigon.com expatinsaigon.com : Certificate on remote domain does not match, ignoring remote certificate
Thank you in advance for your assistance!
_az
September 24, 2019, 9:51am
2
Open this line:
if [[ ${_USE_DEBUG} -eq 1 ]]; then
CURL="$CURL --trace-ascii $dp "
fi
# convert payload to url base 64
payload64="$(printf '%s' "${payload}" | urlbase64)"
debug payload64 "$payload64"
# get nonce from ACME server
nonceurl="$CA/directory"
nonce=$($CURL -I $nonceurl | grep "^Replay-Nonce:" | awk '{print $2}' | tr -d '\r\n ')
debug nonce "$nonce"
# Build header with just our public key and algorithm information
header='{"alg": "'"$jwkalg"'", "jwk": '"$jwk"'}'
# Build another header which also contains the previously received nonce and encode it as urlbase64
protected='{"alg": "'"$jwkalg"'", "jwk": '"$jwk"', "nonce": "'"${nonce}"'", "url": "'"${url}"'"}'
protected64="$(printf '%s' "${protected}" | urlbase64)"
debug protected "$protected"
change it to:
nonce=$($CURL -I $nonceurl | grep -i "^Replay-Nonce:" | awk '{print $2}' | tr -d '\r\n ')
Tim_L
September 24, 2019, 10:03am
3
Hi _az,
root@web01~ #sslconfig expatinsaigon.com expatinsaigon.com : Certificate on remote domain does not match, ignoring remote certificateexpatinsaigon.com expatinsaigon.com is already validatedwww.expatinsaigon.com www.expatinsaigon.com is already validated
_az
September 24, 2019, 10:07am
4
Hmm. It looks like there’s a few places in getssl that are affected by this new bug.
Rather than fixing each of them, it might be easier to change line 1138 from:
CURL="curl --silent --dump-header $CURL_HEADER "
to
CURL="curl --http1.1 --silent --dump-header $CURL_HEADER "
That will revert the HTTP headers back to the old (upper-case) style, which should get you going again.
But this should be reported to the getssl project.
Tim_L
September 24, 2019, 10:17am
5
Thank you _az, that did the trick. I appreciate your assistance.
Tim
system
October 24, 2019, 10:25am
6
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.