[Solved] DNS name does not have enough labels - please show which one

The template below is filled in, what I would like to see in an error report would be the exact label failing. Current I don’t have a clue where to start searching. Given that all domain names ping and this was working before.

My domain is:

tile.openstreetmap.nl a.tile.openstreetmap.nl b.tile.openstreetmap.nl c.tile.openstreetmap.nl d.tile.openstreetmap.nl map.openstreetmap.nl maps.openstreetmap.nl overlay.openstreetmap.nl overlay.openstreet.nl

I ran this command:

acmetool want tile.openstreetmap.nl a.tile.openstreetmap.nl b.tile.openstreetmap.nl c.tile.openstreetmap.nl d.tile.openstreetmap.nl map.openstreetmap.nl maps.openstreetmap.nl overlay.openstreetmap.nl overlay.openstreet.nl

It produced this output:

20171031093234 [ERROR] acme.storageops: could not obtain authorization for help: HTTP error: 400 Bad Request
map[Server:[nginx] Content-Type:[application/problem+json] Expires:[Tue, 31 Oct 2017 08:32:34 GMT] Cache-Control:[max-age=0, no-cache, no-store] Pragma:[no-cache] Content-Length:[137] Boulder-Requester:[19835929] Replay-Nonce:[AwzNwl38J_QUdsOxCtodaiLR7h2LfADIVrJgW2UoMhA] Date:[Tue, 31 Oct 2017 08:32:34 GMT]]
{
“type”: “urn:acme:error:malformed”,
“detail”: “Error creating new authz :: DNS name does not have enough labels”,
“status”: 400
}

(forum software doesn’t allow me to place more than 20 links…)

My web server is (include version):

Cherokee - custom modified version.

The operating system my web server runs on is (include version):

Linux tile.openstreetmap.nl 4.12.5-gentoo

My hosting provider, if applicable, is:

Oxillion

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no.

Hi @skinkie,

I agree, the error message should show some info about what is the name causing issues.

The error usually means you have wrote a domain like openstreetmap without all the DNS labels or you left some space out there like tile .openstreetmap.nl

Checking the command you posted I can't see any obvious error:

acmetool want tile.openstreetmap.nl a.tile.openstreetmap.nl b.tile.openstreetmap.nl c.tile.openstreetmap.nl d.tile.openstreetmap.nl map.openstreetmap.nl maps.openstreetmap.nl overlay.openstreetmap.nl overlay.openstreet.nl

So I advise to write again the command but this time manually, just in case you copy/pasted it and some strange character left around.

If that doesn't work, maybe @jsha or @cpu could take a look to know what is the offending DNS label.

Good luck,
sahsanu

Sadly the manual retyping doesn’t work for me.

Hi @skinkie,

Sorry for the delay, I was busy ;).

Maybe, previously you tried to issue a cert with a malformed domain and acmetool seems saved it and it tries to issue a cert for it even you don’t specify it in your command line.

If that is the case, the output of the following command should show the offending “domain”:

grep '.' /var/lib/acme/desired/*

Cheers,
sahsanu

you mentioned the forum software doesn’t allow you to paste more than 20 links

hightly possible the errored domain is one you did not post

use the </> to paste code

Andrei

you have also issued a number of certificates over the last few days

https://crt.sh/?q=%openstreetmap.nl

so not sure why you are reporting an error as most of your domains seem to be fine?

Andrei

Offtopic note: your site includes non-HTTPS resources, so the browser gives an insecure page notification, not a green padlock…

There's an open issue for this - thanks for the reminder! I will try to see about fitting that into an upcoming sprint.

I wasn't able to find the requests producing this error in the logs with the information provided so far.

@skinkie What is your ACME account ID?

Thanks @sahsanu After removing the contents in the desired directory, acmetool now works without any problems. Lovely isn’t it

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.