Re: [Freeipa-users] Let's Encrypt Install: Made a bit of install progress, next error

2016-12-07 Thread Joseph Flynn 
Man, I feel silly.  I thought i had that set earlier by using the network
setup during the install.  Maybe different distributions handle that
differently.  I have it corrected via your suggestion Martin Thanks you!!

To the next stage...  Seems like partial success. Is there another step
needed to install the cert that appears to have been created in my home
directory?

[image: Inline image 1]
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /home/jjflynn22/0001_chain.pem. Your cert will expire on
   2017-03-07. To obtain a new or tweaked version of this certificate
   in the future, simply run certbot again. To non-interactively renew
   *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:https://eff.org/donate-le

certutil:  unable to open "/root/ipa-le/_cert.pem" for reading (-5950,
2).








On Wed, Dec 7, 2016 at 10:56 AM, Martin Basti  wrote:

> Please make sure you use `hostnamectl set-hostname FQDN` to set all
> hostnames on system (static, tentaive, current )
> Martin
>
> On 07.12.2016 16:52, Joseph Flynn wrote:
>
> Damn, I thought I already fixed that but didn't.  Hold while I rerun...
> I bet that was it.
>
> On Wed, Dec 7, 2016 at 10:50 AM, Martin Basti  wrote:
>
>> What does `hostname` command return?
>>
>> On 07.12.2016 16:37, Joseph Flynn wrote:
>>
>> Sorry, I wasn't clear in my earlier subject line.  This is related to the
>> Lets Encrypt installation.
>>
>> I tried to pull some more relevant items from the log below.  I don't
>> actually see all of the elements of my FQDN (ipa-a.kkgpitt.org) only
>> references to the host (ipa-a) in the log, but am not sure what a good log
>> should include.
>>
>> Thanks for any assistance,
>> Joe
>>
>>
>> On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn  wrote:
>>
>>> Volunteers,
>>>
>>> I moved over to a Fedora VM which was way more difficult than it should
>>> be.  All kinds of problems with Guest Additions and I ended up having to
>>> run server mode with no GUI.  Now I run an Ubuntu VM from which I ssh into
>>> my Fedora VM.  Anyway...
>>>
>>> The install made it a further step than before.  I get a quick blue
>>> screen pop up at the end then an error saying:
>>> [image: Inline image 1]
>>>
>>> An unexpected error occurred:
 The request message was malformed :: DNS name does not have enough
 labels
 Please see the logfiles in /var/log/letsencrypt for more details.

>>>
>>> When I run the cert checker util I get this
>>> https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org
>>>
>>> Full log below.
>>>
>>> Any suggestions?  Is it not pulling my proper hostname?
>>>
>>> Thanks,
>>> Joe
>>>
>>>
>>>
>>>
>>>
>>> [jjflynn22@ipa-a ~]$ cat /etc/hosts
>>> 192.168.1.211 ipa-a.kkgpitt.org ipa-a
>>> 127.0.0.1   localhost localhost.localdomain localhost4
>>> localhost4.localdomain4
>>> ::1 localhost localhost.localdomain localhost6
>>> localhost6.localdomain6
>>>
>>>
>>>
>>>
>>> [jjflynn22@ipa-a ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log
>>> [sudo] password for jjflynn22:
>>> 2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level set at 20
>>> 2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to
>>> /var/log/letsencrypt/letsencrypt.log
>>> 2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3
>>> 2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments: ['--standalone',
>>> '--csr', '/root/ipa-le/httpd-csr.der', '--email', 'xx...@gmail.com',
>>> '--agree-tos']
>>> 2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered plugins:
>>> PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#nu
>>> ll,PluginEntryPoint#manual,PluginEntryPoint#standalone)
>>> 2016-12-06 20:57:43,995:DEBUG:certbot.plugins.selection:Requested
>>> authenticator standalone and installer None
>>> 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Single
>>> candidate plugin: * standalone
>>> Description: Spin up a temporary webserver
>>> Interfaces: IAuthenticator, IPlugin
>>> Entry point: standalone = certbot.plugins.standalone:Authenticator
>>> Initialized: >> 0x7fc3dc6fccd0>
>>> Prep: True
>>> 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Selected
>>> authenticator >> 0x7fc3dc6fccd0> and installer None
>>> 2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account:
>>> 
>>> 2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to
>>> https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
>>> 2016-12-06 
>>> 20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting
>>> new HTTPS connection (1): acme-v01.api.letsencrypt.org
>>> 2016-12-06 20:57:44,500:DEBUG:requests.packages.urllib3.connectionpool:"GET
>>> /directory HTTP/1.1" 200 280
>>> 2016-12-06

Re: [Freeipa-users] Let's Encrypt Install: Made a bit of install progress, next error

2016-12-07 Thread Martin Basti 
Please make sure you use `hostnamectl set-hostname FQDN` to set all 
hostnames on system (static, tentaive, current )


Martin

On 07.12.2016 16:52, Joseph Flynn wrote:
Damn, I thought I already fixed that but didn't. Hold while I 
rerun...   I bet that was it.


On Wed, Dec 7, 2016 at 10:50 AM, Martin Basti > wrote:


What does `hostname` command return?


On 07.12.2016 16:37, Joseph Flynn wrote:

Sorry, I wasn't clear in my earlier subject line.  This is
related to the Lets Encrypt installation.

I tried to pull some more relevant items from the log below.  I
don't actually see all of the elements of my FQDN
(ipa-a.kkgpitt.org ) only references to
the host (ipa-a) in the log, but am not sure what a good log
should include.

Thanks for any assistance,
Joe


On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn > wrote:

Volunteers,

I moved over to a Fedora VM which was way more difficult than
it should be.  All kinds of problems with Guest Additions and
I ended up having to run server mode with no GUI.  Now I run
an Ubuntu VM from which I ssh into my Fedora VM.  Anyway...

The install made it a further step than before.  I get a
quick blue screen pop up at the end then an error saying:
Inline image 1

An unexpected error occurred:
The request message was malformed :: DNS name does not
have enough labels
Please see the logfiles in /var/log/letsencrypt for more
details.


When I run the cert checker util I get this
https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org



Full log below.

Any suggestions?  Is it not pulling my proper hostname?

Thanks,
Joe





[jjflynn22@ipa-a ~]$ cat /etc/hosts
192.168.1.211ipa-a.kkgpitt.org  ipa-a
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6




[jjflynn22@ipa-a ~]$ sudo cat
/var/log/letsencrypt/letsencrypt.log
[sudo] password for jjflynn22:
2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level
set at 20
2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to
/var/log/letsencrypt/letsencrypt.log
2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3
2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments:
['--standalone', '--csr', '/root/ipa-le/httpd-csr.der',
'--email', 'xx...@gmail.com ',
'--agree-tos']
2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered
plugins:

PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-12-06
20:57:43,995:DEBUG:certbot.plugins.selection:Requested
authenticator standalone and installer None
2016-12-06
20:57:44,019:DEBUG:certbot.plugins.selection:Single candidate
plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone =
certbot.plugins.standalone:Authenticator
Initialized: http://certbot.plugins.standalone.Au>thenticator object at
0x7fc3dc6fccd0>
Prep: True
2016-12-06
20:57:44,019:DEBUG:certbot.plugins.selection:Selected
authenticator http://certbot.plugins.standalone.Au>thenticator object at
0x7fc3dc6fccd0> and installer None
2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account:

2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to
https://acme-v01.api.letsencrypt.org/directory
. args: (),
kwargs: {}
2016-12-06
20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting
new HTTPS connection (1): acme-v01.api.letsencrypt.org

2016-12-06 20:57:44,500:DEBUG:requests.pa
ckages.urllib3.connectionpool:"GET
/directory HTTP/1.1" 200 280
2016-12-06 20:57:44,506:DEBUG:root:Received .
Headers: {'Content-Length': '280', 'Expires': 'Tue, 06 Dec
2016 20:57:46 GMT', 'Boulder-Request-Id':
'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
'Strict-Transport-Security': 'max-age=604800', 'Server':
'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache',
'Cache-Control': 'max-age=0, no-cache,

Re: [Freeipa-users] Let's Encrypt Install: Made a bit of install progress, next error

2016-12-07 Thread Joseph Flynn 
Damn, I thought I already fixed that but didn't.  Hold while I rerun...   I
bet that was it.

On Wed, Dec 7, 2016 at 10:50 AM, Martin Basti  wrote:

> What does `hostname` command return?
>
> On 07.12.2016 16:37, Joseph Flynn wrote:
>
> Sorry, I wasn't clear in my earlier subject line.  This is related to the
> Lets Encrypt installation.
>
> I tried to pull some more relevant items from the log below.  I don't
> actually see all of the elements of my FQDN (ipa-a.kkgpitt.org) only
> references to the host (ipa-a) in the log, but am not sure what a good log
> should include.
>
> Thanks for any assistance,
> Joe
>
>
> On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn  wrote:
>
>> Volunteers,
>>
>> I moved over to a Fedora VM which was way more difficult than it should
>> be.  All kinds of problems with Guest Additions and I ended up having to
>> run server mode with no GUI.  Now I run an Ubuntu VM from which I ssh into
>> my Fedora VM.  Anyway...
>>
>> The install made it a further step than before.  I get a quick blue
>> screen pop up at the end then an error saying:
>> [image: Inline image 1]
>>
>> An unexpected error occurred:
>>> The request message was malformed :: DNS name does not have enough labels
>>> Please see the logfiles in /var/log/letsencrypt for more details.
>>>
>>
>> When I run the cert checker util I get this
>> https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org
>>
>> Full log below.
>>
>> Any suggestions?  Is it not pulling my proper hostname?
>>
>> Thanks,
>> Joe
>>
>>
>>
>>
>>
>> [jjflynn22@ipa-a ~]$ cat /etc/hosts
>> 192.168.1.211 ipa-a.kkgpitt.org ipa-a
>> 127.0.0.1   localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>> ::1 localhost localhost.localdomain localhost6
>> localhost6.localdomain6
>>
>>
>>
>>
>> [jjflynn22@ipa-a ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log
>> [sudo] password for jjflynn22:
>> 2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level set at 20
>> 2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to
>> /var/log/letsencrypt/letsencrypt.log
>> 2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3
>> 2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments: ['--standalone',
>> '--csr', '/root/ipa-le/httpd-csr.der', '--email', 'xx...@gmail.com',
>> '--agree-tos']
>> 2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered plugins:
>> PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#
>> null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
>> 2016-12-06 20:57:43,995:DEBUG:certbot.plugins.selection:Requested
>> authenticator standalone and installer None
>> 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Single candidate
>> plugin: * standalone
>> Description: Spin up a temporary webserver
>> Interfaces: IAuthenticator, IPlugin
>> Entry point: standalone = certbot.plugins.standalone:Authenticator
>> Initialized: > 0x7fc3dc6fccd0>
>> Prep: True
>> 2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Selected
>> authenticator > 0x7fc3dc6fccd0> and installer None
>> 2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account:
>> 
>> 2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to
>> https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
>> 2016-12-06 
>> 20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting
>> new HTTPS connection (1): acme-v01.api.letsencrypt.org
>> 2016-12-06 20:57:44,500:DEBUG:requests.packages.urllib3.connectionpool:"GET
>> /directory HTTP/1.1" 200 280
>> 2016-12-06 20:57:44,506:DEBUG:root:Received . Headers:
>> {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'Boulder-Request-Id': 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
>> 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
>> 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
>> 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json',
>> 'Replay-Nonce': 'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}. Content:
>> '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n
>> "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n
>> "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n
>> "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert
>> "\n}'
>> 2016-12-06 20:57:44,506:DEBUG:acme.client:Received response > [200]> (headers: {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016
>> 20:57:46 GMT', 'Boulder-Request-Id': 
>> 'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
>> 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
>> 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
>> 'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016 20:57:46 GMT',
>> 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json',
>> 'Replay-Nonce':

Re: [Freeipa-users] Let's Encrypt Install: Made a bit of install progress, next error

2016-12-07 Thread Martin Basti 

What does `hostname` command return?


On 07.12.2016 16:37, Joseph Flynn wrote:
Sorry, I wasn't clear in my earlier subject line.  This is related to 
the Lets Encrypt installation.


I tried to pull some more relevant items from the log below.  I don't 
actually see all of the elements of my FQDN (ipa-a.kkgpitt.org 
) only references to the host (ipa-a) in the 
log, but am not sure what a good log should include.


Thanks for any assistance,
Joe


On Tue, Dec 6, 2016 at 4:15 PM, Joseph Flynn > wrote:


Volunteers,

I moved over to a Fedora VM which was way more difficult than it
should be.  All kinds of problems with Guest Additions and I ended
up having to run server mode with no GUI.  Now I run an Ubuntu VM
from which I ssh into my Fedora VM. Anyway...

The install made it a further step than before.  I get a quick
blue screen pop up at the end then an error saying:
Inline image 1

An unexpected error occurred:
The request message was malformed :: DNS name does not have
enough labels
Please see the logfiles in /var/log/letsencrypt for more details.


When I run the cert checker util I get this
https://www.sslshopper.com/ssl-checker.html#hostname=ipa-a.kkgpitt.org



Full log below.

Any suggestions?  Is it not pulling my proper hostname?

Thanks,
Joe





[jjflynn22@ipa-a ~]$ cat /etc/hosts
192.168.1.211ipa-a.kkgpitt.org  ipa-a
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6




[jjflynn22@ipa-a ~]$ sudo cat /var/log/letsencrypt/letsencrypt.log
[sudo] password for jjflynn22:
2016-12-06 20:57:43,982:DEBUG:certbot.main:Root logging level set
at 20
2016-12-06 20:57:43,983:INFO:certbot.main:Saving debug log to
/var/log/letsencrypt/letsencrypt.log
2016-12-06 20:57:43,991:DEBUG:certbot.main:certbot version: 0.9.3
2016-12-06 20:57:43,991:DEBUG:certbot.main:Arguments:
['--standalone', '--csr', '/root/ipa-le/httpd-csr.der', '--email',
'xx...@gmail.com ', '--agree-tos']
2016-12-06 20:57:43,992:DEBUG:certbot.main:Discovered plugins:

PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-12-06 20:57:43,995:DEBUG:certbot.plugins.selection:Requested
authenticator standalone and installer None
2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Single
candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: 
Prep: True
2016-12-06 20:57:44,019:DEBUG:certbot.plugins.selection:Selected
authenticator  and installer None
2016-12-06 20:57:44,115:DEBUG:certbot.main:Picked account:

2016-12-06 20:57:44,116:DEBUG:root:Sending GET request to
https://acme-v01.api.letsencrypt.org/directory
. args: (), kwargs: {}
2016-12-06
20:57:44,119:INFO:requests.packages.urllib3.connectionpool:Starting
new HTTPS connection (1): acme-v01.api.letsencrypt.org

2016-12-06
20:57:44,500:DEBUG:requests.packages.urllib3.connectionpool:"GET
/directory HTTP/1.1" 200 280
2016-12-06 20:57:44,506:DEBUG:root:Received .
Headers: {'Content-Length': '280', 'Expires': 'Tue, 06 Dec 2016
20:57:46 GMT', 'Boulder-Request-Id':
'mqxztXHk-k5DDBqftS_2vmB0sWVWVjS1twToXbIOdL0',
'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx',
'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control':
'max-age=0, no-cache, no-store', 'Date': 'Tue, 06 Dec 2016
20:57:46 GMT', 'X-Frame-Options': 'DENY', 'Content-Type':
'application/json', 'Replay-Nonce':
'sz4mf6DlGO-Iw1q8bOlAlisD3CKZlCZUA9JzmN3dcDk'}. Content: '{\n 
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz

",\n
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert
",\n
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg
",\n
"revoke-cert":
"https://acme-v01.api.letsencrypt.org/acme/revoke-cert
"\n}'
2016-12-06 20:57:44,506:DEBUG:acme.client:Received response
 (headers: {'Content-Length': '280', 'Expires':
'Tue, 06 Dec 2016 20:57:46 GMT', 'Boulder-Request-Id':