Dan Frantz's picture
New install of Wordpress 14.21
using confconsole to get cert.
Log output:
[2017-11-22 18:22:32] dehydrated-wrapper: WARNING: /etc/dehydrated/confconsole.config not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.config
[2017-11-22 18:22:32] dehydrated-wrapper: WARNING: /etc/dehydrated/confconsole.hook.sh not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.hook.sh
[2017-11-22 18:22:32] dehydrated-wrapper: WARNING: /etc/cron.daily/confconsole-dehydrated not found; copying default from /usr/share/confconsole/letsencrypt/dehydrated-confconsole.cron
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)
Details:
{
  "type": "urn:acme:error:malformed",
  "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] urn:acme:error:malformed [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
  "status": 400
}
[2017-11-22 18:22:35] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2017-11-22 18:22:35] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2017-11-22 18:22:36] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
 
Site 4dw.us Test site
Forum: 
Jeremy Davis's picture

Thanks so much for reporting this. It looks like Let's Encrypt have changed things so that our script no longer works. :(

I've lodged a bug report on our issue tracker. I'm at the tail end of a pretty important job, but once that's out of the way, I'll swing my attention to this. I hope to do some testing and hopefully should have at least a workaround, if not a proper fix, by sometime next week.

Thanks again for taking the time to post. Please feel free to bump this thread if you haven't heard anything and want an update.

Jeremy Davis's picture

The workaround is actually pretty easy. You just need to update the LICENSE variable. The easiest way to do that is to adjust the config file from the commandline:
echo 'LICENSE="https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"' >> /etc/dehydrated/confconsole.config
Then rerun confconsole:
confconsole
And try again. It should all just work. I just launched a fresh server to do a final test and that's all I did and I now have an SSL cert! Hopefully it works just as well for you! :)
Jeremy Davis's picture

Although you do raise a good point, my above command will only work once you've run it and it's failed.

In retrospect, I probably should have accounted for that possibility... I'll try to update the details later in the day...

-bash: /etc/dehydrated/confconsole.config: Permission denied

Any idea whats causing this ? clean 14.2 install and updated.


Jeremy Davis's picture

If so, that is very strange! Unless of course you are running an AWS Marketplace server...

AWS Marketplace require that root accounts be disabled so we comply (even though we don't agree). So most of the time, that means that you need to use sudo for most commands.

My guess is that had you prefixed it with sudo it would have worked.

I'm curious if I'm on the right track?

To fix the problem copy this line

LICENSE="https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"

  into the

/etc/dehydrated/confconsole.config

and

/etc/dehydrated/config

Jeremy Davis's picture

FWIW, that's what my oneliner above (starting with echo) does! (echos the line to the end of the file). As noted in my comments above, not having permission would suggest that you weren't root. Non-root users generally require sudo to edit files in /etc/.

Also as another aside, unless you plan to use Dehydrated in "stand-alone" mode, only /etc/dehydrated/confconsole.config needs to be modified. /etc/dehydrated/config is not used, unless you either invoke Dehydrated directly, or explicitly use it.

Regardless, thanks tons for taking the time to share what you discovered. Great work!

Add new comment