Certificates not being saved

[OscarKolsrud]

Hi there,

Due to some issues i faced with the letsencrypt CA i tried out the buypass acme APIs. They should work exactly the same way LE does. Documentation here: https://community.buypass.com/t/63d4ay/buypass-go-ssl-endpoints

But currently i am facing a problem with what seems like certificates not being saved.

See debug log (Edited for security and privacy):

2020-03-10 22:43:00,064:DEBUG:urllib3.connectionpool:428: https://api.test4.buypass.no:443 "POST /acme-v02/cert/m53XXXXO8 HTTP/1.1" 200 4896

2020-03-10 22:43:00,065:DEBUG:acme.client:1141: Received response:

HTTP 200

Date: Tue, 10 Mar 2020 22:42:59 GMT

Content-Type: application/pem-certificate-chain

Cache-Control: public

Expires: Tue, 10 Mar 2020 22:43:01 GMT

Link: <https://api.test4.buypass.no/acme/directory>; rel="index"

Replay-Nonce: NTAxYTI3NTAtZTlhOS00MTQ1LTlhMDItZWMxODNjYTJlYjc1

Vary: Accept

Access-Control-Allow-Origin: https://www.buypass.no

Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale

Access-Control-Allow-Credentials: false

Access-Control-Allow-Methods: GET,PUT,POST,OPTIONS,HEAD,DELETE

MDC-correlationId: 308e1697-088d-4f75-860e-6bf1fe76e125

Content-Length: 4896



-----BEGIN CERTIFICATE-----
CERTIFICATE INSIDE HERE


-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

CERTIFICATE INSIDE HERE


-----END CERTIFICATE-----




2020-03-10 22:43:00,066:DEBUG:acme.client:1170: Storing nonce: NTAxYTI3NTAXXXXXXXXXXXXXMxODNjYTJlYjc1

2020-03-10 22:43:00,066:DEBUG:simp_le:1098: Removing validation file at /usr/share/nginx/html/.well-known/acme-challenge/F7DEEAB31XXXXXXXXXX19D856AA3B6CF36B

Traceback (most recent call last):

  File "/usr/lib/python3.8/site-packages/simp_le.py", line 1565, in main

    return main_with_exceptions(cli_args)

  File "/usr/lib/python3.8/site-packages/simp_le.py", line 1549, in main_with_exceptions

    persist_new_data(args, existing_data)

  File "/usr/lib/python3.8/site-packages/simp_le.py", line 1451, in persist_new_data

    OpenSSL.crypto.FILETYPE_PEM, pems[0])),

IndexError: list index out of range



Unhandled error has happened, traceback is above



Debugging tips: -v improves output verbosity. Help is available under --help.

/app

Symlinked domains: 

Enabled domains: mydomain.no

Disabled domains: 

Sleep for 3600s

I simply do not understand very well what is failing. It seems like it is receiveing the certs, but failing on saving them. Could someone please help me get this working?

Sidenote: attempted to make this a bit nicer to read with a code block... Did not work out as intended

[buchdag]

Hi. simp_le (the ACME client used by this container) seems to have issues to with BuyPass, could you report your issue there ? zenhack/simp_le#133

[OscarKolsrud]

Just commented over there, but do you know a way this could be fixed? Buypass should behave the same as LE @buchdag

[buchdag]

Buypass should behave the same as LE

It should but it looks like it might not as simp_le is tested and works against both Boulder and Pebble.

Unfortunately there is no way to fix that short of fixing the issue in simp_le.

[OscarKolsrud]

Okay understandable, do you know of any other CA that is currently working. Had some problems getting LE working. Got some errors about a bad handshake or something. My server is behind a very strict firewall that I am not in control of so i need a CA that is not blocked (which buypass was not)

[OscarKolsrud]

This issue has been fixed on the master branch of simp_le

For now this docker image can be used if people need it urgently (no guarantees for reliability), it was used by me to test the fix: https://hub.docker.com/repository/docker/oscarkolsrud/le-companion-test

[buchdag]

fixed by #637