Using dehydrated, cloudflare dns-01 cert renewal

kyndrylinforma · October 28, 2022, 1:47pm

Using cloudflare hook below, and receiving the certificates too.

[certman@lf01 dehydrated]$ ls -l certs/linuxfame.in/
total 24
-rw------- 1 certman certman 501 Oct 28 12:38 cert-1666960735.csr
-rw------- 1 certman certman 1602 Oct 28 12:39 cert-1666960735.pem
lrwxrwxrwx 1 certman certman 19 Oct 28 12:39 cert.csr -> cert-1666960735.csr
lrwxrwxrwx 1 certman certman 19 Oct 28 12:39 cert.pem -> cert-1666960735.pem
-rw------- 1 certman certman 3751 Oct 28 12:39 chain-1666960735.pem
lrwxrwxrwx 1 certman certman 20 Oct 28 12:39 chain.pem -> chain-1666960735.pem
-rw------- 1 certman certman 5353 Oct 28 12:39 fullchain-1666960735.pem
lrwxrwxrwx 1 certman certman 24 Oct 28 12:39 fullchain.pem -> fullchain-1666960735.pem
-rw------- 1 certman certman 288 Oct 28 12:38 privkey-1666960735.pem
lrwxrwxrwx 1 certman certman 22 Oct 28 12:39 privkey.pem -> privkey-1666960735.pem

I am looking for the certificate renewal process to automate.
While running the below command, am getting the error.
Someone please help me

[certman@lf01 dehydrated]$ /usr/bin/dehydrated --cron --ipv4 --config /home/certman/dehydrated/config --hook /home/certman/dehydrated/hooks/cloudflare/hook.py --out /home/certman/dehydrated/certs --challenge dns-01 --domain uname -n

INFO: Using main config file /home/certman/dehydrated/config

CloudFlare hook executing: startup_hook
Processing lf01.linuxfame.in
Signing domains...
Generating private key...
Generating signing request...
Requesting new certificate order from CA...
ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/new-order (Status 400)

Details:
HTTP/2 400
server: nginx
date: Fri, 28 Oct 2022 13:06:16 GMT
content-type: application/problem+json
content-length: 178
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: C400pW_3xIy-H0prwZ-G2BKCNTT4S4jlirn-8BO6lVnihYo

{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Malformed account ID in KeyID header URL: "https://acme-v02.api.letsencrypt.org/acme/acct/\"",
"status": 400
}

rg305 · October 28, 2022, 6:14pm

It seems that the problem is within the Acccount ID being used by dehydrated.
If there is a newer version of dehydrated, I would update to it and see if that corrects that problem.
If not corrected, I would look for help within their support channels and man pages.

system · November 27, 2022, 6:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.