Pb connexion externe - DuckDNS - Certificat

cedsib · Avril 27, 2022, 5:50

Oui avec plaisir.
Je les avais postés sur le Githib de HA (sans succès), mais je les remets en ligne ci-dessous :

Ma configuration

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
  algo: secp384r1
token: MY-TOKEN
domains:
  - MY-DUCK-SUBDOMAIN.duckdns.org
aliases:
  - domain: MY-ALIAS-DOMAIN
    alias: MY-DUCK-SUBDOMAIN.duckdns.org
seconds: 300

Et les logs du renouvellement qui foire

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
# INFO: Using main config file /data/workdir/config
+ Account already registered!
[08:19:09] INFO: OK
MY-IP
NOCHANGE
[08:19:10] INFO: Renew certificate for domains: MY-DUCK-SUBDOMAIN.duckdns.org and aliases: 
MY-ALIAS-DOMAIN
# INFO: Using main config file /data/workdir/config
Processing MY-ALIAS-DOMAIN with alternative names: MY-DUCK-SUBDOMAIN.duckdns.org
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Apr 26 20:45:47 2022 GMT (Less than 30 days). Renewing!
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 2 authorizations URLs from the CA
 + Handling authorization for MY-DUCK-SUBDOMAIN.duckdns.org
 + Handling authorization for MY-ALIAS-DOMAIN
 + 2 pending challenge(s)
 + Deploying challenge tokens...
OKOK + Responding to challenge for MY-DUCK-SUBDOMAIN.duckdns.org authorization...
 + Cleaning challenge tokens...
OKOK + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]	"dns-01"
["status"]	"invalid"
["error","type"]	"urn:ietf:params:acme:error:unauthorized"
["error","detail"]	"Incorrect TXT record \"l85ABxSY9hYxErA51rQkRztfCHVk3R6zMc8sGpTEWeQ\" found at _acme-challenge.MY-DUCK-SUBDOMAIN.duckdns.org"
["error","status"]	403
["error"]	{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect TXT record \"l85ABxSY9hYxErA51rQkRztfCHVk3R6zMc8sGpTEWeQ\" found at _acme-challenge.MY-DUCK-SUBDOMAIN.duckdns.org","status":403}
["url"]	"https://acme-v02.api.letsencrypt.org/acme/chall-v3/92196492480/t4hUOg"
["token"]	"P4xOxZnHYC6i7PAWnT9YQ9WRROsjxGS3srikPRF8rZU"
["validated"]	"2022-03-28T06:19:25Z")

Et au final :

quand je modifie le fichier de conf pour supprimer l’alias personnel « MY-ALIAS-DOMAIN »
puis quand je renouvelle le domaine « Duck » : MY-DUCK-SUBDOMAIN.duckdns.org
ça passe sans problème
et ensuite je remets la config avec « MY-ALIAS-DOMAIN »
et ça passe aussi.

Bref, c’est relou

Merci pour votre aide !