Hi
To access the Internet from our servers, we need to use a proxy. So that we don’t have to specify username and password, we have to predefine the hostnames, that are to be allowed.
I had our proxy team add acme-v01.api.letsencrypt.org to the list of allowed target sites. And when I use wget/curl, I can connect just fine from this Ubuntu 14.04 (yep… still…) system:
$ env https_proxy=http://192.168.177.23:8080 wget https://acme-v01.api.letsencrypt.org
--2016-09-12 15:19:54-- https://acme-v01.api.letsencrypt.org/
Connecting to 192.168.177.23:8080... connected.
Proxy request sent, awaiting response... 200 OK
Length: 2175 (2.1K) [text/html]
Saving to: ‘index.html.6’
100%[========================>] 2'175 --.-K/s in 0s
2016-09-12 15:19:55 (35.6 MB/s) - ‘index.html.6’ saved [2175/2175]
But when I try to use certbot-auto
, it fails like this:
# env {http{s,}_proxy,HTTP{S,}_PROXY}=http://192.168.177.23:8080 certbot-auto --non-interactive certonly --webroot --expand -w "/var/www/well-known/$domain" -d "$domain" --no-self-upgrade
…
libssl-dev is already the newest version.
python-virtualenv is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Creating virtual environment...
Installing Python packages...
Traceback (most recent call last):
File "/tmp/tmp.xtexkTalQu/pipstrap.py", line 146, in <module>
exit(main())
File "/tmp/tmp.xtexkTalQu/pipstrap.py", line 130, in main
for url, digest in PACKAGES]
File "/tmp/tmp.xtexkTalQu/pipstrap.py", line 112, in hashed_download
response = opener().open(url)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error Tunnel connection failed: 407 Proxy Authorization Required>
What’s happening there? What URL is certbot-auto
trying to connect to?
And it was also visible, that it did do an “apt update
”. What for? How to make it NOT do this?
Thanks,
Alexander