Node-letsencrypt for dynamic certificates generator


#1

Hi everyone!

I’m actualy building a nodejs proxy. I would like my proxy can (re-)generate my certificates with a list of domains.
But, I don’t want to use my filesystem for challenge or for certs storage. someone already used this package ?
example provided by package don’t work for me :

I don’t understand .well-known url, can you explain me ?

le.challenges[http-01].loopback should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } and    
should prove (by external means) that the ACME serv      er challenge 'http-01' will succeed
le.challenges[tls-sni-01].loopback should be defined as function (opts, domain, token, keyAuthorization, cb) { ... } 
and should prove (by external means) that the ACME s      erver challenge 'tls-sni-01' will succeed
debug true
[le-store-certbot] certificates.check
Error: ENOENT: no such file or directory, open './certs/live/domain.fr/privkey.pem'
debug true
[le-store-certbot] certificates.check
Error: ENOENT: no such file or directory, open './certs/live/local.dev/cert.pem'
debug undefined
[le-store-certbot] success reading arg.accountsDir
[le-store-certbot] regrs.length 1
[le-store-certbot] accountId: 79bb71d189792737c85fac45d0f29030
This Let's Encrypt / ACME server has been updated with urls that this client doesn't understand
{ 'key-change': 'https://acme-staging.api.letsencrypt.org/acme/key-change',
  'new-authz': 'https://acme-staging.api.letsencrypt.org/acme/new-authz',
  'new-cert': 'https://acme-staging.api.letsencrypt.org/acme/new-cert',
  'new-reg': 'https://acme-staging.api.letsencrypt.org/acme/new-reg',
  'revoke-cert': 'https://acme-staging.api.letsencrypt.org/acme/revoke-cert' }
debug true
The CA was unable to validate the file you provisioned.
 - https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472472 [invalid]
Invalid response from http://domain.fr/.well-known/acme-challenge/xnSuSodlSkcAhyMwdzOFhi0ScxUIuHddq8i4Ray9Tu0: "something">clique"
- https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472473 [pending]
- https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472474 [pending] null { identifier: { type: 'dns', value: 'domain.fr' },
status: 'invalid',
expires: '2016-12-27T20:22:35Z',
challenges:
 [ { type: 'http-01',
   status: 'invalid',
   error: [Object],
   uri: 'https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472472',
   token: 'xnSuSodlSkcAhyMwdzOFhi0ScxUIuHddq8i4Ray9Tu0',
   keyAuthorization: 'xnSuSodlSkcAhyMwdzOFhi0ScxUIuHddq8i4Ray9Tu0.IvERhuKZFdFbNydLP6L_aG2Neg5zQiqS9mrk41SpaFs',
   validationRecord: [Object] },
 { type: 'tls-sni-01',
   status: 'pending',
   uri: 'https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472473',
   token: 'jlPXOYVnqONXMB_RTwzdRYk_FM2WBYZvXgXO0V-fHyg' },
 { type: 'dns-01',
   status: 'pending',
   uri: 'https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472474',
   token: 'ZBiMb_JbSmzvP9ZbiqdauJ7rphDgR5ESh2Mlvy7AR1Y' } ],
combinations: [ [ 1 ], [ 2 ], [ 0 ] ] }
[Error]:
Error: The CA was unable to validate the file you provisioned.
 - https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472472 
[invalid] Invalid response from http://domain.fr/.well-known/acme-challenge/xnSuSodlSkcAhyMwdzOFhi0ScxUIuHddq8i4Ray9Tu0: "something">clique"
 - https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472473 [pending]
 - https://acme-staging.api.letsencrypt.org/acme/challenge/zJ2wapBXv2QcPKSqg1eIF4TswDLsIs3IrHJgNl7IJdQ/18472474 [pending]
at handleErr (/home/m/test/node_modules/le-acme-core/lib/get-certificate.js:351:17)
at ensureValidation (/home/m/test/node_modules/le-acme-core/lib/get-certificate.js:226:16)
at Request._callback (/home/m/test/node_modules/le-acme-core/lib/get-certificate.js:208:13)
at Request.self.callback (/home/m/test/node_modules/request/request.js:186:22)
at emitTwo (events.js:106:13)
at Request.emit (events.js:191:7)
at Request.<anonymous> (/home/m/test/node_modules/request/request.js:1081:10)
at emitOne (events.js:96:13)
at Request.emit (events.js:188:7)
at IncomingMessage.<anonymous> (/home/m/test/node_modules/request/request.js:1001:12)
at IncomingMessage.g (events.js:292:16)
at emitNone (events.js:91:20)
at IncomingMessage.emit (events.js:185:7)
at endReadableNT (_stream_readable.js:974:12)
at _combinedTickCallback (internal/process/next_tick.js:74:11)
at process._tickCallback (internal/process/next_tick.js:98:9)

#2

Hi, I got the same problem. Did you work it out?

I was using letsencrypt-cluster. I got the following error message. And chrome browser says that “Certificate not found in store”.

In case you have fixed the problem, please share your experience.

Thank you very much!

Regards!

Error message from node js console:

This Let’s Encrypt / ACME server has been updated with urls that this client doesn’t understand
{ ‘key-change’: ‘https://acme-staging.api.letsencrypt.org/acme/key-change’,
‘new-authz’: ‘https://acme-staging.api.letsencrypt.org/acme/new-authz’,
‘new-cert’: ‘https://acme-staging.api.letsencrypt.org/acme/new-cert’,
‘new-reg’: ‘https://acme-staging.api.letsencrypt.org/acme/new-reg’,
‘revoke-cert’: ‘https://acme-staging.api.letsencrypt.org/acme/revoke-cert’ }
[pyconf] WARN index past array length:
68 68 undefined
unexpected duplicate key ‘keyPath’: '/root/letsencrypt/etc/live/www.causticsoda.com.au/privkey.pem’
unexpected duplicate key ‘checkpoints’: '0’
unexpected duplicate key ‘account’: ‘4fac1f4c99d116d26e1d8f689588036e’

[pyconf] WARN index past array length:
68 68 undefined
unexpected duplicate key ‘keyPath’: '/root/letsencrypt/etc/live/causticsoda.com.au/privkey.pem’
unexpected duplicate key ‘checkpoints’: '0’
unexpected duplicate key ‘account’: ‘4fac1f4c99d116d26e1d8f689588036e’


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.